Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log file. Am I safe?


  • This topic is locked This topic is locked
30 replies to this topic

#1 josh_j357

josh_j357

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 01 May 2011 - 06:22 PM

Hey can some one help me? this is my log file I scanned in safe mode if that makes a difference.



ComboFix 11-04-30.06 - Home 01/05/2011 16:07:18.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.1790.1128 [GMT -7:00]
Running from: c:\users\Home\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 23:12 . 2011-05-01 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-01 23:05 . 2011-05-01 23:05 -------- d-----w- C:\32788R22FWJFW
2011-05-01 09:28 . 2011-05-01 09:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-01 02:19 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-01 01:50 . 2011-05-01 01:50 -------- d-----w- c:\program files\GreedyTorrent
2011-05-01 00:42 . 2011-05-01 02:19 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-01 00:34 . 2011-05-01 00:35 -------- d-----w- c:\program files\Google
2011-05-01 00:34 . 2011-05-01 02:18 -------- d-----w- c:\programdata\Lavasoft
2011-04-29 20:34 . 2011-04-29 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-04-29 20:34 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 20:34 . 2011-04-29 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-29 20:34 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 22:54 . 2011-05-01 23:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-28 22:54 . 2011-05-01 23:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-27 23:13 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 23:13 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 23:13 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 23:13 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 23:13 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 23:13 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 23:13 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 23:13 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 23:13 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 23:13 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 23:12 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 23:12 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-27 06:39 . 2011-04-27 17:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-04-27 06:36 . 2011-04-27 23:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-04-27 06:36 . 2011-04-27 06:36 -------- d-----w- c:\windows\system32\Macromed
2011-04-27 06:28 . 2011-04-30 02:59 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-27 03:55 . 2011-04-27 03:55 -------- d-----w- C:\$AVG
2011-04-27 01:33 . 2011-04-27 01:33 -------- d-----w- c:\windows\ulead.dat
2011-04-26 19:47 . 2011-04-26 19:47 -------- d-----w- c:\program files\Photodex Presenter
2011-04-26 19:47 . 2011-04-26 19:47 -------- d-----w- c:\program files\Photodex
2011-04-26 19:46 . 2011-04-26 19:47 -------- d-----w- c:\programdata\Photodex
2011-04-23 20:59 . 2011-04-23 20:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-17 19:33 . 2011-04-17 19:36 -------- d-----w- c:\programdata\TuneUp Software
2011-04-17 19:33 . 2011-04-17 19:33 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-16 07:00 . 2011-04-16 07:00 -------- d-----w- c:\users\Public\CyberLink
2011-04-15 22:48 . 2009-06-27 00:35 18048 ----a-w- c:\windows\system32\drivers\plturbo.sys
2011-04-15 22:43 . 2007-10-23 03:01 139264 ----a-w- c:\windows\system\VmixP6.dll
2011-04-15 22:43 . 2001-11-23 19:08 712704 ----a-w- c:\windows\system\a3d.dll
2011-04-15 22:42 . 2008-01-25 23:26 241664 ----a-w- c:\windows\system32\CmiInstallResAll.dll
2011-04-15 22:42 . 2006-10-06 12:47 319968 ----a-w- c:\windows\difxapi.dll
2011-04-15 22:21 . 2011-04-15 22:22 -------- d-----w- C:\Temp
2011-04-15 22:21 . 2011-04-15 22:21 -------- d-----w- c:\program files\USBFast
2011-04-15 22:17 . 2011-04-15 22:22 -------- d-----w- c:\program files\CyberLink
2011-04-15 22:06 . 2011-04-15 22:22 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2011-04-15 22:06 . 2001-08-30 04:00 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2011-04-15 22:06 . 1998-07-22 07:00 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2011-04-15 22:06 . 1998-07-22 07:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2011-04-15 22:06 . 1998-06-24 07:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-04-15 22:06 . 2011-04-15 22:22 -------- d-----w- c:\program files\lg_fwupdate
2011-04-15 21:31 . 2011-04-16 07:00 -------- d-----w- c:\programdata\CyberLink
2011-04-15 21:26 . 2011-04-27 01:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-04-15 21:26 . 2011-04-15 21:32 -------- d-----w- c:\programdata\Ulead Systems
2011-04-15 21:26 . 2011-04-27 01:36 -------- d-----w- c:\program files\Common Files\InstallShield
2011-04-15 21:11 . 2011-04-15 21:11 -------- d-----w- c:\windows\CheckSur
2011-04-15 20:39 . 2011-04-15 20:39 -------- d-----w- c:\windows\system32\Wat
2011-04-15 20:38 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-04-15 20:38 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-15 20:38 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-15 19:43 . 2011-04-15 19:43 -------- d-----w- c:\program files\Logon Controller
2011-04-15 19:34 . 2011-04-27 06:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-04-15 19:33 . 2011-04-23 20:59 -------- d-----w- c:\program files\DivX
2011-04-15 19:32 . 2011-04-23 20:57 -------- d-----w- c:\programdata\DivX
2011-04-15 10:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-15 10:01 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-15 10:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-15 01:35 . 2011-04-15 01:35 -------- d-----w- c:\users\Wendy
2011-04-15 01:17 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 01:17 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-04-15 01:17 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-04-15 01:17 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 01:17 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-04-15 01:17 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-04-15 01:16 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-04-15 01:16 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-04-15 01:14 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-04-15 01:14 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-04-15 01:12 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-04-15 01:12 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-04-15 01:12 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-04-15 01:12 . 2011-03-29 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-04-15 01:12 . 2011-03-24 19:35 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-15 01:12 . 2011-03-24 19:28 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-15 01:12 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-04-15 01:12 . 2011-04-15 01:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-04-15 01:10 . 2011-04-15 01:10 -------- d-----w- c:\program files\Microsoft.NET
2011-04-15 01:07 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-15 01:07 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-15 01:07 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-15 01:07 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-15 01:07 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-15 00:52 . 2011-04-15 00:02 -------- d-----w- c:\windows\Panther
2011-04-15 00:42 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-15 00:31 . 2011-04-15 00:31 -------- d--h--w- c:\programdata\Common Files
2011-04-15 00:29 . 2011-05-01 22:36 -------- d-----w- c:\programdata\AVG10
2011-04-15 00:28 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 00:28 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-15 00:28 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-15 00:28 . 2011-04-17 19:11 -------- d-----w- c:\program files\AVG
2011-04-15 00:26 . 2011-05-01 23:00 -------- d-sh--w- c:\windows\Installer
2011-04-15 00:26 . 2011-04-15 00:28 -------- d-----w- c:\programdata\MFAData
2011-04-15 00:25 . 2011-04-27 01:33 -------- d-----w- c:\program files\CCleaner
2011-04-15 00:24 . 2011-04-15 00:24 -------- d-----w- c:\program files\7-Zip
2011-04-15 00:23 . 2011-03-23 17:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{682072CA-4C7C-4C58-AF06-A6A610179703}\mpengine.dll
2011-04-15 00:23 . 2011-02-03 01:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-15 00:21 . 2011-04-15 00:21 -------- d-----w- c:\program files\uTorrent
2011-04-15 00:09 . 2011-05-01 23:09 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-15 00:04 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-04-15 00:04 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-04-15 00:02 . 2011-04-27 02:00 -------- d-----w- c:\users\Home
2011-04-15 00:02 . 2011-04-15 00:02 -------- d-----w- C:\Recovery
2011-04-14 20:57 . 2011-04-14 20:57 -------- d-----w- c:\programdata\Hewlett-Packard
2011-04-14 20:56 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-04-29 22:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GreedyTorrent"="c:\program files\GreedyTorrent\GTor.exe" [2007-03-08 2526661]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun
"CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-15 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2009-06-27 18048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 00:34]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 00:34]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM
IE: Download with IDM
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qjm101iz.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST325082 rev.3.AD -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x847E9ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x859af879; SUB DWORD [EBP-0x4], 0x859af135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x81C3F448] -> \Device\Harddisk0\DR0[0x849AD030]
3 CLASSPNP[0x8758659E] -> ntkrnlpa!IofCallDriver[0x81C3F448] -> [0x848E0700]
5 ACPI[0x823B33B2] -> ntkrnlpa!IofCallDriver[0x81C3F448] -> \00000053[0x843D2C68]
[0x849CD030] -> IRP_MJ_CREATE -> 0x847E9ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000053 -> \??\SCSI#Disk&Ven_ST325082&Prod_0AS#4&134f60d7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-01 16:14:11
ComboFix-quarantined-files.txt 2011-05-01 23:14
.
Pre-Run: 212,442,652,672 bytes free
Post-Run: 211,965,624,320 bytes free
.
- - End Of File - - 43A6C8985E9DB6959BD0768AD2E6A124

Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:00 PM

Posted 07 May 2011 - 02:23 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 josh_j357

josh_j357
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 07 May 2011 - 03:14 PM

Thank You. My computer was reformatted about a month and a half ago and is running Windows 7 Ultimate

Running TDSSKiller no issues were reported.

Running OTL


OTL logfile created on: 07/05/2011 1:09:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Home\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.73 Gb Total Space | 181.07 Gb Free Space | 77.80% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 13:06:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
PRC - [2011/04/28 03:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/26 12:47:31 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/26 16:34:52 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/04/12 01:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 13:06:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/26 12:47:31 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/04/15 13:39:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/09/26 16:34:52 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/09/26 16:34:52 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Disabled | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/05/01 18:53:16 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\Windows\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010/04/12 01:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 15:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/26 17:35:14 | 000,018,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\plturbo.sys -- (PLTurbo)
DRV - [2009/06/10 14:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/05/01 22:53:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 15:46:16 | 000,000,000 | ---D | M]

[2011/04/29 15:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2011/04/30 17:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\qjm101iz.default\extensions
[2011/05/01 18:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 18:55:06 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/05/01 18:55:04 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
() (No name found) -- C:\USERS\HOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QJM101IZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/26 23:27:43 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2015/04/01 00:23:13 | 000,020,392 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\ElRawDsk.sys
[2011/05/06 16:38:29 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Car
[2011/05/06 08:24:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\vlc
[2011/05/06 01:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/06 01:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/03 12:58:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/03 11:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/03 11:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/05/03 11:44:01 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011/05/03 11:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/05/03 11:42:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/03 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/05/03 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/05/03 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/05/03 11:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/03 11:19:20 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJINT35.DLL
[2011/05/03 11:09:21 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJTER35.DLL
[2011/05/03 11:09:20 | 000,000,000 | ---D | C] -- C:\Windows\MSApps
[2011/05/03 11:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Individual Software
[2011/05/02 15:54:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/05/02 15:32:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/02 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Microsoft Help
[2011/05/02 15:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/02 15:14:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/02 14:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/05/02 14:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/05/01 23:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
[2011/05/01 23:04:33 | 002,233,016 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator.dll
[2011/05/01 23:04:33 | 000,087,688 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2011/05/01 23:04:27 | 000,009,341 | ---- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\Windows\System32\drivers\filedisk.sys
[2011/05/01 23:04:13 | 000,029,696 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
[2011/05/01 23:04:13 | 000,011,776 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
[2011/05/01 23:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2011/05/01 23:02:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\iolo
[2011/05/01 23:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2011/05/01 22:47:06 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/05/01 22:47:06 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/05/01 22:47:06 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/05/01 22:45:44 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/05/01 22:45:44 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/05/01 22:45:40 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/05/01 22:45:40 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/05/01 22:45:31 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/05/01 22:45:31 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/05/01 22:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/05/01 22:45:19 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/05/01 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/01 22:45:11 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\PC Tools
[2011/05/01 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/01 22:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/01 18:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/05/01 18:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/05/01 18:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/05/01 18:53:16 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/05/01 18:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/05/01 18:25:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Systweak
[2011/05/01 16:13:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/01 16:05:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/01 16:05:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/01 16:05:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/01 16:05:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/01 16:05:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/01 16:05:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/01 15:44:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/01 15:32:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 02:28:11 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/30 19:19:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/04/30 18:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreedyTorrent
[2011/04/30 18:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\GreedyTorrent
[2011/04/30 17:42:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/04/30 17:42:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Sunbelt Software
[2011/04/30 17:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/04/30 17:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/04/30 17:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/04/29 15:46:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Mozilla
[2011/04/29 15:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/29 15:18:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\DMCache
[2011/04/29 13:34:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2011/04/29 13:34:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/29 13:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/29 13:34:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/29 13:34:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/28 15:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/28 15:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/28 05:32:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\ElevatedDiagnostics
[2011/04/27 16:13:26 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/04/27 16:13:26 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/04/27 16:13:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/04/27 16:13:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/04/27 16:12:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/27 16:12:46 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/26 23:39:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Adobe
[2011/04/26 23:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/04/26 23:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/26 23:36:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/04/26 23:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/04/26 23:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/26 23:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/26 18:33:32 | 000,000,000 | ---D | C] -- C:\Windows\ulead.dat
[2011/04/26 12:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold
[2011/04/26 12:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2011/04/26 12:47:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Netscape
[2011/04/26 12:47:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Mozilla
[2011/04/26 12:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex
[2011/04/26 12:46:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Photodex
[2011/04/26 12:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex
[2011/04/23 13:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011/04/23 13:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/04/18 14:20:29 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Media Player Classic
[2011/04/18 14:20:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\DivX
[2011/04/17 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TuneUp Software
[2011/04/17 12:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/04/17 12:33:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/15 15:48:26 | 000,018,048 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\plturbo.sys
[2011/04/15 15:43:12 | 000,712,704 | ---- | C] (Sensaura Ltd) -- C:\Windows\System\a3d.dll
[2011/04/15 15:42:35 | 000,319,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2011/04/15 15:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\USBFast
[2011/04/15 15:21:29 | 000,000,000 | ---D | C] -- C:\Temp
[2011/04/15 15:19:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\CyberLink
[2011/04/15 15:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2011/04/15 15:18:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2011/04/15 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/04/15 15:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2011/04/15 15:06:42 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011/04/15 15:06:42 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vb6stkit.dll
[2011/04/15 15:06:42 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6KO.DLL
[2011/04/15 15:06:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemdisp.tlb
[2011/04/15 15:06:42 | 000,016,384 | ---- | C] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2011/04/15 15:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\lg_fwupdate
[2011/04/15 14:32:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Ulead Systems
[2011/04/15 14:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/04/15 14:26:58 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/04/15 14:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/04/15 14:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/04/15 14:11:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/04/15 13:52:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Diagnostics
[2011/04/15 13:39:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/04/15 13:38:21 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/04/15 13:38:21 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/04/15 12:43:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\MurGeeMon
[2011/04/15 12:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logon Controller
[2011/04/15 12:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Logon Controller
[2011/04/15 12:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/04/15 12:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/04/15 12:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/04/15 03:18:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 03:18:14 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 03:18:14 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 03:18:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 03:18:13 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 03:18:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 03:18:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 03:18:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 03:18:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 03:01:05 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/04/14 18:18:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/14 18:18:20 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/14 18:18:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/14 18:18:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/04/14 18:17:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/14 18:17:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/14 18:17:08 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/14 18:17:06 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2011/04/14 18:17:06 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/04/14 18:16:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/04/14 18:16:58 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/04/14 18:14:17 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/04/14 18:12:44 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\mp3fhg.acm
[2011/04/14 18:12:43 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2011/04/14 18:12:42 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011/04/14 18:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/04/14 18:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/04/14 18:07:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/04/14 18:07:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/04/14 18:07:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/04/14 17:52:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/04/14 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Windows-7-Themes.com
[2011/04/14 17:43:12 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/04/14 17:43:10 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/04/14 17:43:09 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/04/14 17:43:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/04/14 17:43:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/14 17:43:06 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/04/14 17:43:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/04/14 17:43:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/14 17:43:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/04/14 17:43:03 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/04/14 17:43:02 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/04/14 17:43:02 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/04/14 17:42:53 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/04/14 17:42:53 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/04/14 17:42:52 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/04/14 17:42:52 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/04/14 17:42:52 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/04/14 17:42:52 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/04/14 17:42:51 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/04/14 17:42:47 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/04/14 17:42:46 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/04/14 17:42:46 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/04/14 17:42:44 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/14 17:42:43 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/04/14 17:42:43 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/04/14 17:42:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/04/14 17:42:43 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/04/14 17:42:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/04/14 17:42:40 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/04/14 17:42:40 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/04/14 17:42:39 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/04/14 17:42:39 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/04/14 17:42:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/04/14 17:42:38 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/04/14 17:42:38 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/04/14 17:42:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/04/14 17:42:36 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/04/14 17:42:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/04/14 17:42:35 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/04/14 17:42:31 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/14 17:42:31 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/14 17:42:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/04/14 17:42:21 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/14 17:42:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/04/14 17:42:17 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/04/14 17:42:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/04/14 17:42:17 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/04/14 17:42:14 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/04/14 17:42:12 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/04/14 17:42:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/04/14 17:42:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/04/14 17:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/14 17:32:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\AVG10
[2011/04/14 17:31:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/14 17:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/14 17:28:53 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/04/14 17:28:53 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/04/14 17:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/14 17:26:52 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/04/14 17:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/14 17:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/14 17:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/04/14 17:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/14 17:23:48 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/04/14 17:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/04/14 17:21:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\uTorrent
[2011/04/14 17:12:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Macromedia
[2011/04/14 17:12:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Adobe
[2011/04/14 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Google
[2011/04/14 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/14 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Home\Searches
[2011/04/14 17:02:41 | 000,000,000 | R--D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/14 17:02:41 | 000,000,000 | -H-D | C] -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/04/14 17:02:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Identities
[2011/04/14 17:02:31 | 000,000,000 | R--D | C] -- C:\Users\Home\Contacts
[2011/04/14 17:02:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\VirtualStore
[2011/04/14 17:02:24 | 000,000,000 | --SD | C] -- C:\Users\Home\AppData\Roaming\Microsoft
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Videos
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Saved Games
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Pictures
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Music
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Links
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Favorites
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Downloads
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Documents
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\Desktop
[2011/04/14 17:02:24 | 000,000,000 | R--D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\AppData\Local\Temporary Internet Files
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Templates
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Start Menu
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\SendTo
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Recent
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\PrintHood
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\NetHood
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Documents\My Videos
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Documents\My Pictures
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Documents\My Music
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\My Documents
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Local Settings
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\AppData\Local\History
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Cookies
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\Application Data
[2011/04/14 17:02:24 | 000,000,000 | -HSD | C] -- C:\Users\Home\AppData\Local\Application Data
[2011/04/14 17:02:24 | 000,000,000 | -H-D | C] -- C:\Users\Home\AppData
[2011/04/14 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Temp
[2011/04/14 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Microsoft
[2011/04/14 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Media Center Programs
[2011/04/14 17:02:07 | 000,000,000 | ---D | C] -- C:\Recovery
[2011/04/14 13:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/04/14 13:56:29 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/04/14 13:54:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/04/14 13:53:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/04/08 23:02:04 | 000,390,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll

========== Files - Modified Within 30 Days ==========

[2011/05/07 12:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 12:10:34 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 11:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\ASOService.job
[2011/05/07 07:16:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 01:00:02 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/05/07 01:00:02 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/05/07 01:00:02 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/05/07 01:00:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/05/07 01:00:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/05/07 01:00:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/05/07 01:00:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/05/07 01:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/05/07 01:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/05/07 01:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/05/07 01:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/05/07 01:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/05/07 01:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/05/07 01:00:01 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/05/07 01:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/05/07 01:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/05/07 01:00:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/05/07 01:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/05/07 01:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/05/07 01:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/05/07 01:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/05/07 01:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/05/07 01:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/05/07 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/05/07 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/05/07 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/05/06 20:59:51 | 000,000,158 | -HS- | M] () -- C:\Windows\KLIF.spi
[2011/05/06 17:47:21 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 17:47:21 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 12:06:55 | 000,429,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/02 15:55:21 | 001,222,752 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/02 01:20:17 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 01:20:17 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 23:13:03 | 000,000,406 | ---- | M] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2011/05/01 23:02:35 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[2011/05/01 19:20:37 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011/05/01 19:20:37 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011/05/01 18:53:16 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011/05/01 02:30:07 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/05/01 02:30:07 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/05/01 02:28:10 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/30 17:49:04 | 000,013,737 | ---- | M] () -- C:\Users\Home\Documents\bookmarks.html
[2011/04/30 17:35:52 | 000,002,185 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/29 15:50:01 | 000,001,789 | ---- | M] () -- C:\Users\Home\Documents\Firefox Sync Key.html
[2011/04/29 13:34:24 | 000,001,091 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/26 18:36:41 | 000,000,382 | ---- | M] () -- C:\Windows\ULEAD32.INI
[2011/04/21 07:26:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/04/19 13:37:40 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit.INI
[2011/04/15 15:47:42 | 000,000,136 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2011/04/15 15:22:10 | 000,000,266 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011/04/15 15:22:03 | 000,016,384 | ---- | M] (BitLeader) -- C:\Windows\System32\lgfwunis.exe
[2011/04/14 17:21:33 | 000,000,937 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/04/14 13:57:27 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/04/14 13:55:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/04/08 23:02:04 | 000,390,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipcoin815.dll

========== Files Created - No Company Name ==========

[2011/05/06 20:59:51 | 000,000,158 | -HS- | C] () -- C:\Windows\KLIF.spi
[2011/05/02 18:56:56 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/05/02 18:56:56 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/05/02 18:56:55 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/05/02 18:56:54 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/05/02 18:56:53 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/05/02 18:56:34 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/05/02 18:56:34 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/05/02 18:56:33 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/05/02 18:56:33 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/05/02 18:56:32 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/05/02 18:55:47 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/05/02 18:55:46 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/05/02 18:55:46 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/05/02 18:55:45 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/05/02 18:55:45 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/05/02 18:55:32 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/05/02 18:55:30 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/05/02 18:55:30 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/05/02 18:55:29 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/05/02 18:55:28 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/05/02 18:53:26 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/05/02 18:53:25 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/05/02 18:53:24 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/05/02 18:53:23 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/05/02 18:53:22 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/05/02 15:35:18 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/05/02 15:35:15 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/05/02 15:35:10 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/05/02 15:35:07 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/05/02 15:35:05 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/05/02 15:32:27 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/05/02 15:32:19 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/05/02 15:32:12 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/05/02 15:32:04 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/05/02 15:31:47 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/05/01 23:13:03 | 000,000,406 | ---- | C] () -- C:\Windows\System32\ioloBootDefrag.cfg
[2011/05/01 23:02:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/05/01 22:47:06 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/05/01 22:47:06 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2011/05/01 22:47:06 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/05/01 22:47:06 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/05/01 22:47:06 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/05/01 22:45:45 | 001,222,752 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/01 18:54:52 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/05/01 18:54:52 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/05/01 18:26:42 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\ASOService.job
[2011/05/01 16:05:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/01 16:05:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/01 16:05:34 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/01 16:05:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/01 16:05:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/01 02:28:52 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/01 02:28:52 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/30 17:49:04 | 000,013,737 | ---- | C] () -- C:\Users\Home\Documents\bookmarks.html
[2011/04/30 17:35:52 | 000,002,185 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/30 17:35:06 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 17:35:03 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 19:59:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/29 15:49:59 | 000,001,789 | ---- | C] () -- C:\Users\Home\Documents\Firefox Sync Key.html
[2011/04/29 15:46:18 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 13:34:24 | 000,001,091 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/26 23:36:51 | 000,001,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/04/26 23:36:33 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/04/26 23:31:38 | 000,001,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
[2011/04/21 07:26:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/04/15 15:43:12 | 000,139,264 | ---- | C] () -- C:\Windows\System\VmixP6.dll
[2011/04/15 15:43:12 | 000,000,136 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2011/04/15 15:42:36 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011/04/15 15:21:29 | 000,001,558 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBFast.lnk
[2011/04/15 15:09:12 | 000,000,266 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/04/15 14:34:28 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI
[2011/04/15 14:28:57 | 000,000,382 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011/04/14 18:12:45 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/04/14 18:12:44 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/14 18:12:42 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/14 18:12:42 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/14 18:12:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/14 17:21:33 | 000,000,937 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/04/14 17:02:24 | 000,000,290 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/14 17:02:24 | 000,000,272 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/04/14 13:55:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,429,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,628,024 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,110,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 259 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:00 PM

Posted 07 May 2011 - 03:20 PM

Hi!

Thanks for the information.

I can see we still have some work to do.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Windows\tasks\At*.job
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 josh_j357

josh_j357
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 07 May 2011 - 03:34 PM

OTL Fix Log


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
< type "C:\ComboFix.txt" /c >
ComboFix 11-04-30.06 - Home 01/05/2011 16:07:18.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.1790.1128 [GMT -7:00]
Running from: c:\users\Home\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-05-01 23:12 . 2011-05-01 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-01 23:05 . 2011-05-01 23:05 -------- d-----w- C:\32788R22FWJFW
2011-05-01 09:28 . 2011-05-01 09:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-01 02:19 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-01 01:50 . 2011-05-01 01:50 -------- d-----w- c:\program files\GreedyTorrent
2011-05-01 00:42 . 2011-05-01 02:19 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-01 00:34 . 2011-05-01 00:35 -------- d-----w- c:\program files\Google
2011-05-01 00:34 . 2011-05-01 02:18 -------- d-----w- c:\programdata\Lavasoft
2011-04-29 20:34 . 2011-04-29 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-04-29 20:34 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 20:34 . 2011-04-29 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-29 20:34 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 22:54 . 2011-05-01 23:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-28 22:54 . 2011-05-01 23:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-27 23:13 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 23:13 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 23:13 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 23:13 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 23:13 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 23:13 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 23:13 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 23:13 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 23:13 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 23:13 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 23:12 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 23:12 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-27 06:39 . 2011-04-27 17:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-04-27 06:36 . 2011-04-27 23:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-04-27 06:36 . 2011-04-27 06:36 -------- d-----w- c:\windows\system32\Macromed
2011-04-27 06:28 . 2011-04-30 02:59 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-27 03:55 . 2011-04-27 03:55 -------- d-----w- C:\$AVG
2011-04-27 01:33 . 2011-04-27 01:33 -------- d-----w- c:\windows\ulead.dat
2011-04-26 19:47 . 2011-04-26 19:47 -------- d-----w- c:\program files\Photodex Presenter
2011-04-26 19:47 . 2011-04-26 19:47 -------- d-----w- c:\program files\Photodex
2011-04-26 19:46 . 2011-04-26 19:47 -------- d-----w- c:\programdata\Photodex
2011-04-23 20:59 . 2011-04-23 20:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-17 19:33 . 2011-04-17 19:36 -------- d-----w- c:\programdata\TuneUp Software
2011-04-17 19:33 . 2011-04-17 19:33 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-16 07:00 . 2011-04-16 07:00 -------- d-----w- c:\users\Public\CyberLink
2011-04-15 22:48 . 2009-06-27 00:35 18048 ----a-w- c:\windows\system32\drivers\plturbo.sys
2011-04-15 22:43 . 2007-10-23 03:01 139264 ----a-w- c:\windows\system\VmixP6.dll
2011-04-15 22:43 . 2001-11-23 19:08 712704 ----a-w- c:\windows\system\a3d.dll
2011-04-15 22:42 . 2008-01-25 23:26 241664 ----a-w- c:\windows\system32\CmiInstallResAll.dll
2011-04-15 22:42 . 2006-10-06 12:47 319968 ----a-w- c:\windows\difxapi.dll
2011-04-15 22:21 . 2011-04-15 22:22 -------- d-----w- C:\Temp
2011-04-15 22:21 . 2011-04-15 22:21 -------- d-----w- c:\program files\USBFast
2011-04-15 22:17 . 2011-04-15 22:22 -------- d-----w- c:\program files\CyberLink
2011-04-15 22:06 . 2011-04-15 22:22 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2011-04-15 22:06 . 2001-08-30 04:00 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2011-04-15 22:06 . 1998-07-22 07:00 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2011-04-15 22:06 . 1998-07-22 07:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2011-04-15 22:06 . 1998-06-24 07:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-04-15 22:06 . 2011-04-15 22:22 -------- d-----w- c:\program files\lg_fwupdate
2011-04-15 21:31 . 2011-04-16 07:00 -------- d-----w- c:\programdata\CyberLink
2011-04-15 21:26 . 2011-04-27 01:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-04-15 21:26 . 2011-04-15 21:32 -------- d-----w- c:\programdata\Ulead Systems
2011-04-15 21:26 . 2011-04-27 01:36 -------- d-----w- c:\program files\Common Files\InstallShield
2011-04-15 21:11 . 2011-04-15 21:11 -------- d-----w- c:\windows\CheckSur
2011-04-15 20:39 . 2011-04-15 20:39 -------- d-----w- c:\windows\system32\Wat
2011-04-15 20:38 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-04-15 20:38 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-15 20:38 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-15 19:43 . 2011-04-15 19:43 -------- d-----w- c:\program files\Logon Controller
2011-04-15 19:34 . 2011-04-27 06:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-04-15 19:33 . 2011-04-23 20:59 -------- d-----w- c:\program files\DivX
2011-04-15 19:32 . 2011-04-23 20:57 -------- d-----w- c:\programdata\DivX
2011-04-15 10:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-04-15 10:01 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-04-15 10:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-15 01:35 . 2011-04-15 01:35 -------- d-----w- c:\users\Wendy
2011-04-15 01:17 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 01:17 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-04-15 01:17 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2011-04-15 01:17 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 01:17 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2011-04-15 01:17 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2011-04-15 01:16 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-04-15 01:16 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-04-15 01:14 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-04-15 01:14 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2011-04-15 01:12 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-04-15 01:12 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-04-15 01:12 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-04-15 01:12 . 2011-03-29 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-04-15 01:12 . 2011-03-24 19:35 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-04-15 01:12 . 2011-03-24 19:28 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-04-15 01:12 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-04-15 01:12 . 2011-04-15 01:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-04-15 01:10 . 2011-04-15 01:10 -------- d-----w- c:\program files\Microsoft.NET
2011-04-15 01:07 . 2009-11-25 19:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-15 01:07 . 2009-11-25 19:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-15 01:07 . 2009-11-25 19:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-15 01:07 . 2009-11-25 19:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-15 01:07 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-15 00:52 . 2011-04-15 00:02 -------- d-----w- c:\windows\Panther
2011-04-15 00:42 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-15 00:31 . 2011-04-15 00:31 -------- d--h--w- c:\programdata\Common Files
2011-04-15 00:29 . 2011-05-01 22:36 -------- d-----w- c:\programdata\AVG10
2011-04-15 00:28 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 00:28 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-15 00:28 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-04-15 00:28 . 2011-04-17 19:11 -------- d-----w- c:\program files\AVG
2011-04-15 00:26 . 2011-05-01 23:00 -------- d-sh--w- c:\windows\Installer
2011-04-15 00:26 . 2011-04-15 00:28 -------- d-----w- c:\programdata\MFAData
2011-04-15 00:25 . 2011-04-27 01:33 -------- d-----w- c:\program files\CCleaner
2011-04-15 00:24 . 2011-04-15 00:24 -------- d-----w- c:\program files\7-Zip
2011-04-15 00:23 . 2011-03-23 17:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{682072CA-4C7C-4C58-AF06-A6A610179703}\mpengine.dll
2011-04-15 00:23 . 2011-02-03 01:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-15 00:21 . 2011-04-15 00:21 -------- d-----w- c:\program files\uTorrent
2011-04-15 00:09 . 2011-05-01 23:09 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-15 00:04 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-04-15 00:04 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-04-15 00:02 . 2011-04-27 02:00 -------- d-----w- c:\users\Home
2011-04-15 00:02 . 2011-04-15 00:02 -------- d-----w- C:\Recovery
2011-04-14 20:57 . 2011-04-14 20:57 -------- d-----w- c:\programdata\Hewlett-Packard
2011-04-14 20:56 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-04-29 22:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GreedyTorrent"="c:\program files\GreedyTorrent\GTor.exe" [2007-03-08 2526661]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun
"CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-15 1343400]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2009-06-27 18048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 00:34]
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 00:34]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM
IE: Download with IDM
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qjm101iz.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST325082 rev.3.AD -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x847E9ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x859af879; SUB DWORD [EBP-0x4], 0x859af135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x81C3F448] -> \Device\Harddisk0\DR0[0x849AD030]
3 CLASSPNP[0x8758659E] -> ntkrnlpa!IofCallDriver[0x81C3F448] -> [0x848E0700]
5 ACPI[0x823B33B2] -> ntkrnlpa!IofCallDriver[0x81C3F448] -> \00000053[0x843D2C68]
[0x849CD030] -> IRP_MJ_CREATE -> 0x847E9ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000053 -> \??\SCSI#Disk&Ven_ST325082&Prod_0AS#4&134f60d7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-01 16:14:11
ComboFix-quarantined-files.txt 2011-05-01 23:14
.
Pre-Run: 212,442,652,672 bytes free
Post-Run: 211,965,624,320 bytes free
.
- - End Of File - - 43A6C8985E9DB6959BD0768AD2E6A124
C:\Users\Home\Downloads\cmd.bat deleted successfully.
C:\Users\Home\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Home\Downloads\cmd.bat deleted successfully.
C:\Users\Home\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 2848 bytes
->Temporary Internet Files folder emptied: 809015 bytes
->FireFox cache emptied: 58794692 bytes
->Google Chrome cache emptied: 356446621 bytes
->Flash cache emptied: 13814 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Wendy
->Temp folder emptied: 36483 bytes
->Temporary Internet Files folder emptied: 1753531 bytes
->Google Chrome cache emptied: 90222794 bytes
->Flash cache emptied: 67620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 407515 bytes
RecycleBin emptied: 25723 bytes

Total Files Cleaned = 485.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Home
->Flash cache emptied: 0 bytes

User: Public

User: Wendy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05072011_132747

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\fb_2256.lck not found!
File\Folder C:\Windows\temp\kls8D83.tmp not found!

Registry entries deleted on Reboot...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:00 PM

Posted 07 May 2011 - 07:57 PM

Hi!

Did you download a new copy of TDSSKiller and run a new scan with it? If so, can you please post that log for me to review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 josh_j357

josh_j357
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 07 May 2011 - 08:07 PM

2011/05/07 18:06:11.0719 1260 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 18:06:12.0278 1260 ================================================================================
2011/05/07 18:06:12.0278 1260 SystemInfo:
2011/05/07 18:06:12.0278 1260
2011/05/07 18:06:12.0278 1260 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/07 18:06:12.0278 1260 Product type: Workstation
2011/05/07 18:06:12.0279 1260 ComputerName: HOME-PC
2011/05/07 18:06:12.0279 1260 UserName: Home
2011/05/07 18:06:12.0279 1260 Windows directory: C:\Windows
2011/05/07 18:06:12.0279 1260 System windows directory: C:\Windows
2011/05/07 18:06:12.0279 1260 Processor architecture: Intel x86
2011/05/07 18:06:12.0279 1260 Number of processors: 2
2011/05/07 18:06:12.0279 1260 Page size: 0x1000
2011/05/07 18:06:12.0279 1260 Boot type: Normal boot
2011/05/07 18:06:12.0279 1260 ================================================================================
2011/05/07 18:06:13.0216 1260 Initialize success
2011/05/07 18:06:15.0608 0520 ================================================================================
2011/05/07 18:06:15.0608 0520 Scan started
2011/05/07 18:06:15.0608 0520 Mode: Manual;
2011/05/07 18:06:15.0608 0520 ================================================================================
2011/05/07 18:06:16.0861 0520 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/07 18:06:16.0955 0520 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/07 18:06:17.0135 0520 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/07 18:06:17.0225 0520 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/07 18:06:17.0261 0520 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/07 18:06:17.0304 0520 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/07 18:06:17.0381 0520 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/07 18:06:17.0429 0520 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/07 18:06:17.0475 0520 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/07 18:06:17.0546 0520 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/07 18:06:17.0612 0520 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
2011/05/07 18:06:17.0666 0520 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/07 18:06:17.0725 0520 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/07 18:06:17.0774 0520 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/07 18:06:17.0868 0520 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/07 18:06:17.0969 0520 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/05/07 18:06:18.0005 0520 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/07 18:06:18.0093 0520 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/05/07 18:06:18.0159 0520 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/07 18:06:18.0239 0520 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/07 18:06:18.0312 0520 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/07 18:06:18.0369 0520 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 18:06:18.0445 0520 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/07 18:06:18.0575 0520 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/07 18:06:18.0707 0520 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/07 18:06:18.0865 0520 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/07 18:06:18.0927 0520 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/07 18:06:19.0043 0520 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 18:06:19.0091 0520 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/07 18:06:19.0136 0520 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/07 18:06:19.0184 0520 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/07 18:06:19.0257 0520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/07 18:06:19.0299 0520 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/07 18:06:19.0345 0520 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/07 18:06:19.0408 0520 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/07 18:06:19.0498 0520 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 18:06:19.0549 0520 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 18:06:19.0603 0520 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/07 18:06:19.0669 0520 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/07 18:06:19.0747 0520 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/07 18:06:19.0785 0520 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/07 18:06:19.0900 0520 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/07 18:06:19.0982 0520 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/07 18:06:20.0044 0520 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/07 18:06:20.0090 0520 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/07 18:06:20.0170 0520 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/07 18:06:20.0266 0520 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 18:06:20.0352 0520 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/07 18:06:20.0411 0520 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/07 18:06:20.0513 0520 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 18:06:20.0588 0520 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 18:06:20.0749 0520 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/07 18:06:20.0887 0520 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
2011/05/07 18:06:20.0966 0520 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/07 18:06:21.0007 0520 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/07 18:06:21.0108 0520 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/07 18:06:21.0148 0520 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 18:06:21.0202 0520 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/07 18:06:21.0306 0520 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\Windows\system32\drivers\FileDisk.sys
2011/05/07 18:06:21.0354 0520 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/07 18:06:21.0392 0520 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/07 18:06:21.0454 0520 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/07 18:06:21.0500 0520 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/07 18:06:21.0559 0520 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/07 18:06:21.0641 0520 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/07 18:06:21.0700 0520 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/07 18:06:21.0746 0520 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/07 18:06:21.0806 0520 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/07 18:06:21.0874 0520 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/07 18:06:21.0952 0520 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/07 18:06:22.0016 0520 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/07 18:06:22.0039 0520 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/07 18:06:22.0063 0520 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/07 18:06:22.0130 0520 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/07 18:06:22.0318 0520 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/07 18:06:22.0453 0520 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/07 18:06:22.0516 0520 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/07 18:06:22.0564 0520 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/07 18:06:22.0626 0520 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/05/07 18:06:22.0715 0520 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/07 18:06:22.0937 0520 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/07 18:06:23.0044 0520 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/07 18:06:23.0091 0520 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/07 18:06:23.0174 0520 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/07 18:06:23.0274 0520 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/07 18:06:23.0333 0520 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/07 18:06:23.0392 0520 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/07 18:06:23.0443 0520 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/07 18:06:23.0497 0520 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/07 18:06:23.0532 0520 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/07 18:06:23.0567 0520 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/07 18:06:23.0652 0520 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
2011/05/07 18:06:23.0678 0520 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
2011/05/07 18:06:23.0729 0520 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
2011/05/07 18:06:23.0929 0520 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
2011/05/07 18:06:23.0969 0520 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/05/07 18:06:24.0016 0520 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/07 18:06:24.0092 0520 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/07 18:06:24.0164 0520 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/07 18:06:24.0200 0520 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/07 18:06:24.0282 0520 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/07 18:06:24.0327 0520 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/07 18:06:24.0368 0520 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/07 18:06:24.0409 0520 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/07 18:06:24.0442 0520 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/07 18:06:24.0482 0520 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/07 18:06:24.0529 0520 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/07 18:06:24.0590 0520 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/07 18:06:24.0611 0520 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/07 18:06:24.0655 0520 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/07 18:06:24.0669 0520 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/07 18:06:24.0693 0520 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/07 18:06:24.0722 0520 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/07 18:06:24.0749 0520 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/07 18:06:24.0771 0520 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/07 18:06:24.0803 0520 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/07 18:06:24.0864 0520 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/07 18:06:24.0910 0520 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/07 18:06:24.0973 0520 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/07 18:06:25.0007 0520 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/07 18:06:25.0037 0520 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/07 18:06:25.0065 0520 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/07 18:06:25.0088 0520 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/07 18:06:25.0115 0520 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/07 18:06:25.0142 0520 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/07 18:06:25.0195 0520 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/07 18:06:25.0217 0520 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/07 18:06:25.0289 0520 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/07 18:06:25.0360 0520 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/07 18:06:25.0400 0520 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/07 18:06:25.0423 0520 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/07 18:06:25.0464 0520 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/07 18:06:25.0505 0520 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/07 18:06:25.0569 0520 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/07 18:06:25.0620 0520 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/07 18:06:25.0671 0520 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/07 18:06:25.0741 0520 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/07 18:06:25.0786 0520 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/07 18:06:25.0822 0520 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/07 18:06:25.0846 0520 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/07 18:06:25.0927 0520 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/07 18:06:25.0972 0520 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/07 18:06:26.0019 0520 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/07 18:06:26.0115 0520 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/07 18:06:26.0191 0520 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/07 18:06:26.0254 0520 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/05/07 18:06:26.0528 0520 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/07 18:06:26.0853 0520 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/05/07 18:06:26.0886 0520 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/05/07 18:06:26.0916 0520 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/07 18:06:26.0939 0520 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/07 18:06:27.0013 0520 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/07 18:06:27.0099 0520 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/07 18:06:27.0160 0520 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/07 18:06:27.0193 0520 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/07 18:06:27.0275 0520 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/07 18:06:27.0329 0520 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/07 18:06:27.0436 0520 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
2011/05/07 18:06:27.0684 0520 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/05/07 18:06:27.0785 0520 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/05/07 18:06:27.0819 0520 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/07 18:06:27.0854 0520 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/07 18:06:27.0969 0520 PLTurbo (6854e9962a69c2a954b0d49f2e52a792) C:\Windows\system32\drivers\plturbo.sys
2011/05/07 18:06:28.0006 0520 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/07 18:06:28.0036 0520 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/07 18:06:28.0085 0520 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/07 18:06:28.0144 0520 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/07 18:06:28.0223 0520 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/07 18:06:28.0291 0520 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/07 18:06:28.0340 0520 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/07 18:06:28.0389 0520 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/07 18:06:28.0466 0520 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/07 18:06:28.0527 0520 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/07 18:06:28.0553 0520 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/07 18:06:28.0576 0520 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/07 18:06:28.0605 0520 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/07 18:06:28.0636 0520 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/07 18:06:28.0671 0520 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/07 18:06:28.0723 0520 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/07 18:06:28.0859 0520 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/07 18:06:28.0911 0520 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/07 18:06:28.0978 0520 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/07 18:06:29.0013 0520 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/07 18:06:29.0066 0520 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/05/07 18:06:29.0118 0520 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/07 18:06:29.0153 0520 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/07 18:06:29.0185 0520 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/07 18:06:29.0259 0520 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/05/07 18:06:29.0290 0520 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/07 18:06:29.0372 0520 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/07 18:06:29.0418 0520 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/07 18:06:29.0448 0520 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/07 18:06:29.0483 0520 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/07 18:06:29.0577 0520 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/07 18:06:29.0622 0520 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/07 18:06:29.0648 0520 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/07 18:06:29.0679 0520 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/07 18:06:29.0715 0520 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/07 18:06:29.0744 0520 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/07 18:06:29.0782 0520 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/07 18:06:29.0810 0520 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/07 18:06:29.0878 0520 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/07 18:06:29.0972 0520 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/07 18:06:30.0044 0520 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/07 18:06:30.0082 0520 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/07 18:06:30.0143 0520 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/07 18:06:30.0188 0520 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/07 18:06:30.0213 0520 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/07 18:06:30.0245 0520 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/07 18:06:30.0319 0520 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/07 18:06:30.0419 0520 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/07 18:06:30.0485 0520 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/07 18:06:30.0532 0520 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/07 18:06:30.0564 0520 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/07 18:06:30.0602 0520 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/07 18:06:30.0679 0520 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/07 18:06:30.0732 0520 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/07 18:06:30.0775 0520 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/07 18:06:30.0812 0520 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/07 18:06:30.0842 0520 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/07 18:06:30.0880 0520 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/07 18:06:30.0905 0520 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/07 18:06:30.0920 0520 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/07 18:06:30.0963 0520 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/07 18:06:31.0044 0520 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/07 18:06:31.0083 0520 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/07 18:06:31.0112 0520 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/07 18:06:31.0134 0520 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/07 18:06:31.0164 0520 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/07 18:06:31.0208 0520 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/07 18:06:31.0251 0520 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/07 18:06:31.0283 0520 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/07 18:06:31.0323 0520 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/07 18:06:31.0356 0520 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/07 18:06:31.0380 0520 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/07 18:06:31.0420 0520 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/07 18:06:31.0463 0520 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/07 18:06:31.0497 0520 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/07 18:06:31.0544 0520 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/07 18:06:31.0611 0520 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/07 18:06:31.0652 0520 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/07 18:06:31.0682 0520 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/07 18:06:31.0703 0520 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/07 18:06:31.0730 0520 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/07 18:06:31.0785 0520 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/07 18:06:31.0841 0520 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/05/07 18:06:31.0902 0520 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/07 18:06:31.0968 0520 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/07 18:06:32.0019 0520 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/07 18:06:32.0065 0520 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 18:06:32.0075 0520 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 18:06:32.0138 0520 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/07 18:06:32.0171 0520 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/07 18:06:32.0216 0520 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/07 18:06:32.0260 0520 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/07 18:06:32.0332 0520 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/07 18:06:32.0459 0520 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/07 18:06:32.0518 0520 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/07 18:06:32.0558 0520 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/07 18:06:32.0619 0520 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/07 18:06:32.0720 0520 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/07 18:06:32.0851 0520 ================================================================================
2011/05/07 18:06:32.0852 0520 Scan finished
2011/05/07 18:06:32.0852 0520 ================================================================================

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:00 PM

Posted 07 May 2011 - 08:34 PM

Hi!

I was expecting to see a different result in the TDSSKiller log.

Lets try a different tool:


Running aswMBR.exe

Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it.


Click the "Scan" button to start scan.


Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply.


Posted Image

Edited by SweetTech, 07 May 2011 - 08:38 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 josh_j357

josh_j357
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 07 May 2011 - 09:24 PM

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-07 19:22:33
-----------------------------
19:22:33.746 OS Version: Windows 6.1.7600
19:22:33.747 Number of processors: 2 586 0x4B02
19:22:33.748 ComputerName: HOME-PC UserName: Home
19:22:35.324 Initialize success
19:22:37.873 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
19:22:37.876 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
19:22:39.938 Disk 0 MBR read successfully
19:22:39.938 Disk 0 MBR scan
19:22:39.945 Disk 0 Windows 7 default MBR code
19:22:41.965 Disk 0 scanning sectors +488278016
19:22:41.994 Disk 0 scanning C:\Windows\system32\drivers
19:22:48.379 Service scanning
19:22:49.819 Disk 0 trace - called modules:
19:22:49.834 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
19:22:49.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fba030]
19:22:49.845 3 CLASSPNP.SYS[8939459e] -> nt!IofCallDriver -> [0x85fa7678]
19:22:49.851 5 PCTCore.sys[88690099] -> nt!IofCallDriver -> [0x850ea700]
19:22:49.856 7 ACPI.sys[836233b2] -> nt!IofCallDriver -> \Device\0000005b[0x850eec68]
19:22:49.864 Scan finished successfully
19:23:33.302 Disk 0 MBR has been saved successfully to "C:\Users\Home\Downloads\MBR.dat"
19:23:33.312 The log file has been saved successfully to "C:\Users\Home\Downloads\aswMBR.txt"

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:00 PM

Posted 08 May 2011 - 07:36 AM

Please delete the current copy of ComboFix from your desktop and follow these instructions below:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 josh_j357

josh_j357
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 08 May 2011 - 02:34 PM

ComboFix 11-05-07.03 - Home 08/05/2011 11:51:45.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.1790.1254 [GMT -7:00]
Running from: c:\users\Home\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2015-04-01 07:23 . 2008-12-09 17:59 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-05-08 19:00 . 2011-05-08 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-08 02:11 . 2010-12-31 16:36 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-08 02:11 . 2010-12-31 16:36 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-08 02:11 . 2010-12-31 16:36 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-08 01:53 . 2011-05-08 01:59 -------- d-----w- C:\INCINERATE
2011-05-07 22:38 . 2011-05-08 02:51 -------- d-----w- c:\program files\WinWay Resume
2011-05-07 22:09 . 2011-05-07 22:09 974848 ----a-w- c:\windows\system32\mfc70.dll
2011-05-07 22:07 . 2011-05-07 22:07 54784 ----a-w- c:\windows\system32\msvci70.dll
2011-05-07 22:07 . 2011-05-07 22:07 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-05-07 21:55 . 2011-05-07 21:55 964608 ----a-w- c:\windows\system32\mfc70u.dll
2011-05-07 21:41 . 2011-05-07 21:41 103744 ----a-w- c:\windows\system32\mscomm32.ocx
2011-05-07 21:41 . 2011-05-07 21:41 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-05-07 21:41 . 2011-05-07 21:41 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2011-05-07 20:27 . 2011-05-07 20:27 -------- d-----w- C:\_OTL
2011-05-06 08:44 . 2011-05-06 08:44 -------- d-----w- c:\program files\VideoLAN
2011-05-03 18:44 . 2011-05-03 18:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-05-03 18:44 . 2011-05-03 18:44 -------- d-----w- c:\windows\SHELLNEW
2011-05-03 18:43 . 2011-05-03 18:43 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-05-03 18:42 . 2011-05-03 18:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-05-03 18:42 . 2011-05-03 18:42 -------- d-----w- c:\windows\PCHEALTH
2011-05-03 18:42 . 2011-05-03 18:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-05-03 18:42 . 2011-05-03 18:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-05-03 18:19 . 2001-08-10 04:50 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2011-05-03 18:09 . 2001-08-10 04:50 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2011-05-03 18:09 . 2011-05-03 18:09 -------- d-----w- c:\windows\MSApps
2011-05-03 18:09 . 2011-05-03 18:09 -------- d-----w- c:\programdata\Individual Software
2011-05-02 22:54 . 2011-05-02 22:54 -------- d-----w- c:\windows\system32\RTCOM
2011-05-02 22:54 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-05-02 22:32 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-02 22:14 . 2011-05-08 17:57 -------- d-----w- c:\programdata\Microsoft Help
2011-05-02 22:14 . 2011-05-02 22:14 -------- d-----r- C:\MSOCache
2011-05-02 21:37 . 2011-05-02 21:37 -------- d-----w- c:\program files\PowerISO
2011-05-02 06:04 . 2010-09-23 20:29 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-05-02 06:04 . 2010-09-26 23:43 87688 ----a-w- c:\windows\system32\IncContxMenu.dll
2011-05-02 06:04 . 2010-09-26 23:35 2233016 ----a-w- c:\windows\system32\Incinerator.dll
2011-05-02 06:04 . 2010-06-30 01:30 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2011-05-02 06:04 . 2010-09-26 23:43 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-05-02 06:04 . 2010-09-26 23:43 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-05-02 06:04 . 2011-05-02 06:04 -------- d-----w- c:\program files\iolo
2011-05-02 06:02 . 2011-05-02 06:02 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-05-02 06:02 . 2011-05-02 06:33 -------- d-----w- c:\programdata\iolo
2011-05-02 05:47 . 2011-01-07 21:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-05-02 05:47 . 2011-01-07 21:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-05-02 05:47 . 2011-01-07 21:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-05-02 05:47 . 2011-01-07 21:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-05-02 05:45 . 2010-07-16 21:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-05-02 05:45 . 2010-07-16 21:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-05-02 05:45 . 2011-01-17 16:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-05-02 05:45 . 2010-12-16 15:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-05-02 05:45 . 2010-12-10 23:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-05-02 05:45 . 2010-12-10 20:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-05-02 05:45 . 2010-12-16 15:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-05-02 05:45 . 2011-05-08 17:59 -------- d-----w- c:\program files\PC Tools Security
2011-05-02 05:45 . 2011-05-02 07:58 -------- d-----w- c:\program files\Common Files\PC Tools
2011-05-02 05:43 . 2011-05-08 02:11 -------- d-----w- c:\programdata\PC Tools
2011-05-02 04:56 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64625586-02D3-4840-874F-0D1194F63895}\mpengine.dll
2011-05-02 01:54 . 2011-05-02 02:20 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-02 01:54 . 2011-05-02 02:20 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-02 01:53 . 2011-05-08 18:47 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-02 01:53 . 2011-05-02 01:53 -------- d-----w- c:\program files\Kaspersky Lab
2011-05-02 01:51 . 2011-05-02 01:51 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-05-02 00:55 . 2011-05-02 00:55 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-05-01 09:28 . 2011-05-01 09:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-01 02:19 . 2010-12-03 09:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-01 01:50 . 2011-05-01 01:50 -------- d-----w- c:\program files\GreedyTorrent
2011-05-01 00:42 . 2011-05-01 02:19 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-01 00:34 . 2011-05-01 00:35 -------- d-----w- c:\program files\Google
2011-05-01 00:34 . 2011-05-01 02:18 -------- d-----w- c:\programdata\Lavasoft
2011-04-29 20:34 . 2011-04-29 20:34 -------- d-----w- c:\programdata\Malwarebytes
2011-04-29 20:34 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 20:34 . 2011-04-29 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-29 20:34 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-28 22:54 . 2011-05-01 23:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-28 22:54 . 2011-05-01 23:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-27 23:13 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 23:13 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 23:13 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 23:13 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 23:13 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 23:13 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 23:13 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 23:13 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 23:13 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 23:13 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 23:12 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 23:12 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-27 06:39 . 2011-04-27 17:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-04-27 06:36 . 2011-04-27 23:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-04-27 06:36 . 2011-04-27 06:36 -------- d-----w- c:\windows\system32\Macromed
2011-04-27 06:28 . 2011-04-30 02:59 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-27 01:33 . 2011-04-27 01:33 -------- d-----w- c:\windows\ulead.dat
2011-04-26 19:47 . 2011-04-26 19:47 -------- d-----w- c:\program files\Photodex Presenter
2011-04-26 19:47 . 2011-04-26 19:47 -------- d-----w- c:\program files\Photodex
2011-04-26 19:46 . 2011-04-26 19:47 -------- d-----w- c:\programdata\Photodex
2011-04-23 20:59 . 2011-04-23 20:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-17 19:33 . 2011-04-17 19:36 -------- d-----w- c:\programdata\TuneUp Software
2011-04-17 19:33 . 2011-04-17 19:33 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-16 07:00 . 2011-04-16 07:00 -------- d-----w- c:\users\Public\CyberLink
2011-04-15 22:48 . 2009-06-27 00:35 18048 ----a-w- c:\windows\system32\drivers\plturbo.sys
2011-04-15 22:43 . 2007-10-23 03:01 139264 ----a-w- c:\windows\system\VmixP6.dll
2011-04-15 22:43 . 2001-11-23 19:08 712704 ----a-w- c:\windows\system\a3d.dll
2011-04-15 22:42 . 2008-01-25 23:26 241664 ----a-w- c:\windows\system32\CmiInstallResAll.dll
2011-04-15 22:42 . 2006-10-06 12:47 319968 ----a-w- c:\windows\difxapi.dll
2011-04-15 22:21 . 2011-04-15 22:22 -------- d-----w- C:\Temp
2011-04-15 22:21 . 2011-04-15 22:21 -------- d-----w- c:\program files\USBFast
2011-04-15 22:17 . 2011-04-15 22:22 -------- d-----w- c:\program files\CyberLink
2011-04-15 22:06 . 2011-04-15 22:22 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2011-04-15 22:06 . 2001-08-30 04:00 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2011-04-15 22:06 . 1998-07-22 07:00 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2011-04-15 22:06 . 1998-07-22 07:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2011-04-15 22:06 . 1998-06-24 07:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-04-15 22:06 . 2011-04-15 22:22 -------- d-----w- c:\program files\lg_fwupdate
2011-04-15 21:31 . 2011-04-16 07:00 -------- d-----w- c:\programdata\CyberLink
2011-04-15 21:26 . 2011-04-27 01:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-04-15 21:26 . 2011-04-15 21:32 -------- d-----w- c:\programdata\Ulead Systems
2011-04-15 21:26 . 2011-05-03 18:48 -------- d-----w- c:\program files\Common Files\InstallShield
2011-04-15 21:11 . 2011-04-15 21:11 -------- d-----w- c:\windows\CheckSur
2011-04-15 20:39 . 2011-04-15 20:39 -------- d-----w- c:\windows\system32\Wat
2011-04-15 20:38 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-04-15 20:38 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-04-15 20:38 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-15 19:43 . 2011-04-15 19:43 -------- d-----w- c:\program files\Logon Controller
2011-04-15 19:34 . 2011-04-27 06:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-04-15 19:33 . 2011-04-23 20:59 -------- d-----w- c:\program files\DivX
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-04-29 22:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]
2007-03-08 18:09 2526661 ----a-w- c:\program files\GreedyTorrent\GTor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
2010-09-26 23:35 434360 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 01:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2011-01-07 21:54 108496 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" blrun
"CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 136176]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-09-26 724152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-12-16 70536]
R3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys [2009-06-27 18048]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-31 33552]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-15 1343400]
R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2010-09-26 724152]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-31 51984]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-31 69392]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2011-01-17 251560]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 00:34]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 00:34]
.
.
------- Supplementary Scan -------
.
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Download all links with IDM
IE: Download with IDM
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qjm101iz.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-08 12:02:59
ComboFix-quarantined-files.txt 2011-05-08 19:02
ComboFix2.txt 2011-05-01 23:14
.
Pre-Run: 200,361,361,408 bytes free
Post-Run: 200,564,764,672 bytes free
.
- - End Of File - - FCE0A504F27F211F4F4198C3577D8712

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:00 PM

Posted 08 May 2011 - 02:47 PM

Hi!

That log looks good!


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 josh_j357

josh_j357
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 08 May 2011 - 04:47 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6533

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/05/2011 2:47:32 PM
mbam-log-2011-05-08 (14-47-32).txt

Scan type: Quick scan
Objects scanned: 154015
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:00 PM

Posted 08 May 2011 - 04:55 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 josh_j357

josh_j357
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 08 May 2011 - 06:44 PM

Does ESET normally take over 2 hours?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users