Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

backdoor:Win32/pasurlts


  • This topic is locked This topic is locked
35 replies to this topic

#1 GranPaSmurf

GranPaSmurf

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 13 June 2011 - 06:54 PM

Sorry I have come at this backwards. When I decided I was hijacked, probably a couple of days late, I downloaded and ran ComboFix in Safe Mode as administrator. Then ran MalwareBytes with clean results. When I ran a full scan with MS Security Essentials it found, quarantined, then I removed backdoor:Win32/pasurlts. When I opened browsers I got error start messages, so I know there is some redirect code still there. I ran HijackThis and came to this forum for advice.
Now I see I shouldn't have got ahead of the plan. Nonetheless I ran DDS. I know the Malware was in a particular folder which was a copy of a DVD that contained pirated software, located on an external USB HD. It has been on my machine for about 4 years and never has a scan picked it up. I was running MS Security Essentials on a regular schedule but it never picked it up until today. I must have always done quick scan rather than including external storage USB HDD. I used Shredder from SlimCleaner and got rid of the whole folder that had the Malware, (and the software I should not have copied in the first place.)
Today I ran Defogger and DDS, (below). As i said earlier, Sorry for coming at this backward but I would appreciate your help being sure I have a clean machine going forward.
Thanks,
Donald Krebs (GranPaSmurf)

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by GranPaSmurf at 12:27:55 on 2011-06-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3248.2048 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Synergy\synergys.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Soluto\soluto.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\StikyNot.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GranPaSmurf\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?refresh=1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
uRun: [C32BAEAE618CA48D7B1C51C41655BDF8D1A4E953._service_run] "C:\Users\GranPaSmurf\AppData\Local\Google\Chrome SxS\Application

\chrome.exe" --type=service
uRun: [Google Update] "C:\Users\GranPaSmurf\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [C1A2E05DCF3CC6D9CF27D6722BF353B7894344A7._service_run] "C:\Users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe"

--type=service
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
StartupFolder: C:\Users\GRANPA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common

Files\LogiShrd\eReg\SetPoint\eReg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{02853E13-F875-4E89-8DF2-96E84E6AF4BF} : DhcpNameServer = 192.168.15.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GranPaSmurf\AppData\Roaming\Mozilla\Firefox\Profiles\y0x89ot9.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://lastpass.com/index.php?&ac=1&fromwebsite=1|http://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://stp.startnow.com/s/?

src=addrbar&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=&toolbar_id=200&toolbar

_version=2.1.0&install_country=US&install_date=20110610&user_guid=54A041E118214C1B8BF5A8C5B2990F34&machine_id=5428c7b70780a4afebd6f3f9a

468bae5&browser=FF&os=win&os_version=6.1-x64-SP0&q=
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\GranPaSmurf\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\GranPaSmurf\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\GranPaSmurf\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SI3112r;SiI-3512 SATARaid Controller;C:\Windows\system32\DRIVERS\SI3112r.sys --> C:\Windows\system32\DRIVERS\SI3112r.sys [?]
R0 SI3114;SiI-3114 SATALink Controller;C:\Windows\system32\DRIVERS\SI3114.sys --> C:\Windows\system32\DRIVERS\SI3114.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-7 366640]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-5-24 376352]
R2 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe [2011-1-19 996352]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

[2010-3-18 138576]
S3 AMDAC97;AMD AC'97 Audio Driver (WDM);C:\Windows\system32\drivers\AMDAC97.sys --> C:\Windows\system32\drivers\AMDAC97.sys [?]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S3 CrossLoopService;CrossLoop Service;C:\Users\GranPaSmurf\AppData\Local\CrossLoop\CrossLoopService.exe [2011-5-17 560880]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS

\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 tvnserver;TightVNC Server;C:\Users\GranPaSmurf\AppData\Local\CrossLoop\tvnserver.exe [2011-5-17 814080]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-06-13 17:05:29 388096 ----a-r- C:\Users\GranPaSmurf\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-

12FCBA4883D7}\HiJackThis.exe
2011-06-13 17:05:28 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-13 11:30:42 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{551603CF-790B-4C63-A761-

B0A4E6DEA100}\mpengine.dll
2011-06-13 01:12:29 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-13 00:59:24 -------- d-----w- C:\Users\GranPaSmurf\AppData\Local\temp
2011-06-13 00:47:29 98816 ----a-w- C:\Windows\sed.exe
2011-06-13 00:47:29 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-13 00:47:29 256512 ----a-w- C:\Windows\PEV.exe
2011-06-13 00:47:29 208896 ----a-w- C:\Windows\MBR.exe
2011-06-13 00:47:16 -------- d-s---w- C:\myComboFix
2011-06-12 14:34:58 9331400 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-06-12 13:07:32 -------- d-----w- C:\Program Files\Synergy
2011-06-10 22:31:04 53248 ----a-r- C:\Users\GranPaSmurf\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-

83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-10 22:29:52 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2011-06-10 21:30:01 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-06-10 21:23:03 -------- d-----w- C:\Users\GranPaSmurf\AppData\Roaming\Logishrd
2011-06-10 14:06:43 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-06-08 12:17:48 -------- d-----w- C:\Program Files (x86)\SlimCleaner
2011-06-06 21:45:09 475648 ----a-w- C:\Windows\AlcUpd64.exe
2011-06-06 21:45:09 323104 ----a-w- C:\Windows\AlcRmv64.exe
2011-06-06 21:44:59 -------- d-----w- C:\Program Files (x86)\Realtek AC97
2011-06-06 18:41:45 -------- d-----w- C:\Users\GranPaSmurf\AppData\Roaming\IcoFX
2011-06-06 18:41:31 -------- d-----w- C:\Program Files (x86)\IcoFX 1.6
2011-06-05 21:04:57 -------- d-----w- C:\Program Files (x86)\QSynergy
2011-06-05 21:04:07 -------- d-----w- C:\Program Files (x86)\Synergy
2011-06-05 17:25:51 -------- d-----w- C:\Program Files (x86)\SlimDrivers
2011-06-05 16:32:44 369152 ----a-w- C:\Windows\System32\NVUNINST.EXE
2011-06-01 12:54:29 10975264 ----a-w- C:\Windows\SysWow64\RTLCPL.EXE
2011-06-01 12:54:26 19036704 ----a-w- C:\Windows\SysWow64\ALSNDMGR.CPL
2011-06-01 12:54:23 604704 ----a-w- C:\Windows\SOUNDMAN.EXE
2011-06-01 12:54:23 3491616 ----a-w- C:\Windows\System32\drivers\RTKVAC64.SYS
2011-06-01 12:54:22 154144 ----a-w- C:\Windows\SysWow64\RTLCPAPI.dll
2011-06-01 12:54:20 149536 ----a-w- C:\Windows\System32\RtkCfg64.dll
2011-06-01 12:54:20 141856 ----a-w- C:\Windows\SysWow64\RtkCfg.dll
2011-06-01 12:54:20 1063456 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-06-01 12:54:19 1519136 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-06-01 12:54:18 44064 ----a-w- C:\Windows\CPLUtl64.exe
2011-06-01 12:42:17 319488 ----a-w- C:\Windows\HideWin.exe
2011-06-01 12:42:15 524288 ----a-w- C:\Windows\RtlExUpd.dll
2011-06-01 12:42:06 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-06-01 12:42:04 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-06-01 12:42:03 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-06-01 12:42:03 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-06-01 12:42:02 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-06-01 12:41:59 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-06-01 12:41:53 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-06-01 12:41:52 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-06-01 12:37:24 93184 ----a-w- C:\Windows\System32\esxcwiad.dll
2011-06-01 12:37:24 -------- d-----w- C:\Program Files (x86)\epson
2011-06-01 12:31:02 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2011-06-01 11:10:35 -------- d-----w- C:\Users\GranPaSmurf\AppData\Local\SlimWare Utilities Inc
2011-06-01 11:05:58 -------- d-----w- C:\Program Files (x86)\Downloaded Installers
2011-05-31 14:38:03 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-05-27 10:34:20 -------- d-----w- C:\Users\GranPaSmurf\AppData\Roaming\Soluto
2011-05-26 22:36:25 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2011-05-26 22:35:47 -------- d-----w- C:\Program Files\Soluto
2011-05-26 22:34:17 -------- d-----w- C:\ProgramData\Soluto
2011-05-25 12:46:14 -------- d-----w- C:\Users\GranPaSmurf\New folder
2011-05-25 11:31:00 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 04:24:38 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 04:24:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-20 11:33:29 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-05-20 11:33:08 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AAFBC583-A041-423A-AB8D-

5272524F1D8F}\gapaengine.dll
2011-05-18 18:02:06 -------- d-----w- C:\Users\GranPaSmurf\AppData\Roaming\UltraVNC
2011-05-15 11:44:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-29 14:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-29 11:19:09 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-04-29 11:19:08 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-04-29 11:19:08 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-29 11:19:07 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2011-04-29 11:19:07 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-29 11:19:07 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2011-04-29 11:19:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-04-29 11:19:06 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2011-04-29 11:19:06 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2011-04-29 11:19:06 367104 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-13 20:04:38 45432 ----a-w- C:\Windows\System32\drivers\point64.sys
2011-04-13 20:04:38 23960 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2011-04-13 20:04:38 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2011-04-12 18:01:38 52632 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 04:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll
2011-04-01 10:10:46 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-04-01 10:10:24 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2011-04-01 10:08:36 301664 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2011-04-01 10:07:54 4184672 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2011-04-01 10:07:30 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll
2011-04-01 10:07:08 767584 ----a-w- C:\Windows\System32\LVUI64.dll
2011-04-01 10:07:02 10877272 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2011-04-01 10:07:02 10877272 ----a-w- C:\Windows\System32\LogiDPP.dll
2011-04-01 10:07:02 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2011-04-01 10:07:02 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2011-04-01 10:06:56 331608 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2011-04-01 10:06:56 331608 ----a-w- C:\Windows\System32\DevManagerCore.dll
2011-04-01 10:05:38 261728 ----a-w- C:\Windows\System32\lvco13251014.dll
2011-04-01 10:05:16 172128 ----a-w- C:\Windows\System32\lvcod64.dll
2011-03-25 03:23:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-03-25 03:23:03 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-03-25 03:23:03 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-03-25 03:22:57 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-03-25 03:22:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-03-25 03:22:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-03-25 03:22:51 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-03-23 05:02:22 15192 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll
.
============= FINISH: 12:28:48.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:50 AM

Posted 22 June 2011 - 12:34 PM

Hello GranPaSmurf and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. :thumbup2:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

I downloaded and ran ComboFix in Safe Mode as administrator


ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that in mind, let's move on to the following :wink: :

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 22 June 2011 - 04:07 PM

D-FRED-BROWN,
Thanks for your help.
dk
2011/06/22 14:49:10.0958 3624 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/22 14:49:11.0490 3624 ================================================================================
2011/06/22 14:49:11.0490 3624 SystemInfo:
2011/06/22 14:49:11.0490 3624
2011/06/22 14:49:11.0490 3624 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/22 14:49:11.0490 3624 Product type: Workstation
2011/06/22 14:49:11.0490 3624 ComputerName: JOYUSVIDBEAST02
2011/06/22 14:49:11.0490 3624 UserName: Administrator
2011/06/22 14:49:11.0490 3624 Windows directory: C:\Windows
2011/06/22 14:49:11.0490 3624 System windows directory: C:\Windows
2011/06/22 14:49:11.0490 3624 Running under WOW64
2011/06/22 14:49:11.0490 3624 Processor architecture: Intel x64
2011/06/22 14:49:11.0490 3624 Number of processors: 2
2011/06/22 14:49:11.0490 3624 Page size: 0x1000
2011/06/22 14:49:11.0490 3624 Boot type: Normal boot
2011/06/22 14:49:11.0490 3624 ================================================================================
2011/06/22 14:49:22.0302 3624 Initialize success
2011/06/22 14:49:36.0208 4224 ================================================================================
2011/06/22 14:49:36.0208 4224 Scan started
2011/06/22 14:49:36.0208 4224 Mode: Manual;
2011/06/22 14:49:36.0208 4224 ================================================================================
2011/06/22 14:49:39.0740 4224 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/22 14:49:40.0333 4224 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/22 14:49:40.0849 4224 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/22 14:49:41.0474 4224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/22 14:49:42.0177 4224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/22 14:49:42.0755 4224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/22 14:49:43.0458 4224 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/06/22 14:49:44.0068 4224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/22 14:49:45.0943 4224 ALCXWDM (853ad8bd8ca940d0f5ac2679a6ed439b) C:\Windows\system32\drivers\RTKVAC64.SYS
2011/06/22 14:49:47.0818 4224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/22 14:49:48.0302 4224 AMDAC97 (5464089a97687a7db6d7f66f53931474) C:\Windows\system32\drivers\AMDAC97.sys
2011/06/22 14:49:48.0693 4224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/22 14:49:49.0115 4224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/22 14:49:49.0490 4224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/22 14:49:49.0927 4224 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/06/22 14:49:50.0396 4224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/22 14:49:50.0849 4224 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/06/22 14:49:51.0287 4224 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/22 14:49:51.0755 4224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/22 14:49:52.0177 4224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/22 14:49:52.0568 4224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/22 14:49:52.0927 4224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/22 14:49:53.0552 4224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/22 14:49:54.0349 4224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/22 14:49:54.0896 4224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/22 14:49:55.0318 4224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/22 14:49:55.0755 4224 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/22 14:49:56.0162 4224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/22 14:49:56.0521 4224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/22 14:49:56.0990 4224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/22 14:49:57.0474 4224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/22 14:49:57.0833 4224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/22 14:49:58.0177 4224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/22 14:49:58.0646 4224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/22 14:49:59.0130 4224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/22 14:49:59.0583 4224 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/22 14:50:00.0068 4224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/22 14:50:00.0568 4224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/22 14:50:01.0146 4224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/22 14:50:01.0490 4224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/22 14:50:02.0021 4224 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/22 14:50:02.0583 4224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/22 14:50:02.0958 4224 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/22 14:50:03.0490 4224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/22 14:50:04.0193 4224 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/06/22 14:50:04.0818 4224 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
2011/06/22 14:50:05.0271 4224 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/06/22 14:50:05.0708 4224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/22 14:50:06.0115 4224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/22 14:50:06.0583 4224 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/22 14:50:07.0005 4224 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/22 14:50:07.0365 4224 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/06/22 14:50:07.0755 4224 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/22 14:50:08.0224 4224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/22 14:50:09.0130 4224 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/22 14:50:11.0318 4224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/22 14:50:13.0474 4224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/22 14:50:14.0162 4224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/22 14:50:14.0630 4224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/22 14:50:15.0130 4224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/22 14:50:15.0583 4224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/22 14:50:15.0990 4224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/22 14:50:16.0427 4224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/22 14:50:16.0771 4224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/22 14:50:17.0255 4224 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/22 14:50:17.0755 4224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/22 14:50:18.0115 4224 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/22 14:50:18.0583 4224 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/22 14:50:19.0052 4224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/22 14:50:19.0443 4224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/22 14:50:19.0849 4224 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/22 14:50:20.0271 4224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/22 14:50:20.0662 4224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/22 14:50:21.0068 4224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/22 14:50:21.0552 4224 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/22 14:50:21.0958 4224 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/22 14:50:22.0708 4224 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/22 14:50:23.0365 4224 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/22 14:50:23.0755 4224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/22 14:50:24.0333 4224 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/06/22 14:50:24.0880 4224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/22 14:50:25.0255 4224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/22 14:50:25.0646 4224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/22 14:50:26.0162 4224 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/22 14:50:26.0646 4224 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/22 14:50:27.0068 4224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/22 14:50:27.0474 4224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/22 14:50:27.0833 4224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/22 14:50:28.0271 4224 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/22 14:50:28.0740 4224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/22 14:50:29.0255 4224 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/22 14:50:29.0646 4224 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/22 14:50:30.0099 4224 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/22 14:50:30.0521 4224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/22 14:50:30.0990 4224 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/22 14:50:31.0412 4224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/22 14:50:31.0802 4224 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/22 14:50:32.0255 4224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/22 14:50:32.0677 4224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/22 14:50:33.0099 4224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/22 14:50:33.0521 4224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/22 14:50:33.0974 4224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/22 14:50:34.0412 4224 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/06/22 14:50:34.0927 4224 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
2011/06/22 14:50:35.0427 4224 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/06/22 14:50:35.0943 4224 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/06/22 14:50:38.0193 4224 LVUVC64 (dbed5efeb1a5f51a233a4fd494302c7d) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/06/22 14:50:40.0349 4224 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/22 14:50:40.0740 4224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/22 14:50:41.0255 4224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/22 14:50:41.0740 4224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/22 14:50:42.0115 4224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/22 14:50:42.0490 4224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/22 14:50:42.0943 4224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/22 14:50:43.0349 4224 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/22 14:50:43.0927 4224 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/22 14:50:44.0412 4224 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/22 14:50:44.0865 4224 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/22 14:50:45.0240 4224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/22 14:50:45.0677 4224 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/22 14:50:46.0208 4224 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/22 14:50:46.0755 4224 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/22 14:50:47.0271 4224 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/22 14:50:47.0677 4224 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/22 14:50:48.0099 4224 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/22 14:50:48.0537 4224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/22 14:50:48.0896 4224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/22 14:50:49.0240 4224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/22 14:50:49.0615 4224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/22 14:50:50.0099 4224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/22 14:50:50.0443 4224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/22 14:50:50.0927 4224 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/22 14:50:51.0443 4224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/22 14:50:51.0802 4224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/22 14:50:52.0162 4224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/22 14:50:52.0552 4224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/22 14:50:53.0052 4224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/22 14:50:53.0927 4224 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/22 14:50:54.0708 4224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/22 14:50:55.0068 4224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/22 14:50:55.0458 4224 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/22 14:50:55.0865 4224 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/22 14:50:56.0318 4224 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/22 14:50:56.0677 4224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/22 14:50:57.0146 4224 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/22 14:50:57.0677 4224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/22 14:50:58.0083 4224 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/22 14:50:58.0505 4224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/22 14:50:58.0865 4224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/22 14:50:59.0912 4224 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/06/22 14:51:01.0005 4224 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/22 14:51:01.0365 4224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/22 14:51:04.0193 4224 nvlddmkm (d9c8515cdd95aa2e951db10e91fa4728) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/22 14:51:07.0068 4224 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
2011/06/22 14:51:07.0505 4224 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/06/22 14:51:07.0990 4224 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/06/22 14:51:08.0537 4224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/22 14:51:08.0990 4224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/22 14:51:09.0490 4224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/22 14:51:09.0974 4224 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/22 14:51:10.0521 4224 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/22 14:51:11.0021 4224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/22 14:51:11.0583 4224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/22 14:51:12.0208 4224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/22 14:51:12.0849 4224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/22 14:51:13.0599 4224 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
2011/06/22 14:51:14.0052 4224 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/22 14:51:14.0458 4224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/22 14:51:14.0912 4224 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/22 14:51:15.0943 4224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/22 14:51:16.0990 4224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/22 14:51:17.0412 4224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/22 14:51:17.0755 4224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/22 14:51:18.0146 4224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/22 14:51:18.0568 4224 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/22 14:51:19.0052 4224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/22 14:51:19.0490 4224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/22 14:51:19.0990 4224 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/22 14:51:20.0474 4224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/22 14:51:20.0849 4224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/22 14:51:21.0271 4224 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/06/22 14:51:21.0677 4224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/22 14:51:22.0021 4224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/22 14:51:22.0474 4224 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/22 14:51:22.0990 4224 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/22 14:51:23.0505 4224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/22 14:51:23.0943 4224 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/22 14:51:24.0349 4224 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/22 14:51:24.0724 4224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/22 14:51:25.0130 4224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/22 14:51:25.0521 4224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/22 14:51:25.0896 4224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/22 14:51:26.0318 4224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/22 14:51:26.0677 4224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/22 14:51:27.0052 4224 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/22 14:51:27.0412 4224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/22 14:51:27.0818 4224 SI3112 (900a3be57b9f061edac9ebd9532fdf23) C:\Windows\system32\DRIVERS\SI3112.sys
2011/06/22 14:51:28.0240 4224 SI3112r (e2a4c2d2d57058b2911cabf3c10d18d8) C:\Windows\system32\DRIVERS\SI3112r.sys
2011/06/22 14:51:28.0677 4224 SI3114 (499547f665a8cee8416284ab025775c1) C:\Windows\system32\DRIVERS\SI3114.sys
2011/06/22 14:51:29.0099 4224 SI3114r (15613c3ae0f173b3b4c8d448e76e6a36) C:\Windows\system32\DRIVERS\SI3114r.sys
2011/06/22 14:51:29.0505 4224 SiFilter (d053f8045c8a556ac985b7c3d38380a9) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2011/06/22 14:51:29.0896 4224 SiRemFil (a39a47183fe9ae97544ebf0f41e013f5) C:\Windows\system32\DRIVERS\SiRemFil.sys
2011/06/22 14:51:30.0271 4224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/22 14:51:30.0662 4224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/22 14:51:31.0099 4224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/22 14:51:31.0568 4224 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\DRIVERS\Soluto.sys
2011/06/22 14:51:31.0990 4224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/22 14:51:32.0583 4224 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/06/22 14:51:33.0287 4224 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/22 14:51:33.0880 4224 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/22 14:51:34.0349 4224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/22 14:51:34.0802 4224 SWDUMon (0cd5e2c59264fad184685d2a61ad8473) C:\Windows\system32\DRIVERS\SWDUMon.sys
2011/06/22 14:51:35.0162 4224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/22 14:51:36.0349 4224 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/06/22 14:51:38.0318 4224 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/22 14:51:38.0693 4224 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/22 14:51:39.0068 4224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/22 14:51:39.0412 4224 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/22 14:51:39.0818 4224 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/22 14:51:40.0224 4224 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/22 14:51:40.0662 4224 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/22 14:51:41.0083 4224 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/22 14:51:41.0537 4224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/22 14:51:42.0052 4224 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/22 14:51:42.0599 4224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/22 14:51:42.0990 4224 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/22 14:51:43.0349 4224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/22 14:51:43.0802 4224 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/06/22 14:51:44.0224 4224 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/22 14:51:44.0646 4224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/22 14:51:45.0068 4224 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/22 14:51:45.0583 4224 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/22 14:51:46.0083 4224 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/22 14:51:46.0474 4224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/22 14:51:46.0865 4224 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/22 14:51:47.0287 4224 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/22 14:51:47.0662 4224 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
2011/06/22 14:51:48.0177 4224 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/22 14:51:48.0630 4224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/22 14:51:49.0021 4224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/22 14:51:49.0380 4224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/22 14:51:49.0818 4224 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/22 14:51:50.0255 4224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/22 14:51:50.0630 4224 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/22 14:51:51.0146 4224 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/22 14:51:51.0771 4224 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/22 14:51:52.0349 4224 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/06/22 14:51:52.0818 4224 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/06/22 14:51:53.0240 4224 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/06/22 14:51:53.0771 4224 vpcvmm (510d250a08c09850f5c78ca2011b3b62) C:\Windows\system32\drivers\vpcvmm.sys
2011/06/22 14:51:54.0349 4224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/22 14:51:54.0771 4224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/22 14:51:55.0130 4224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/22 14:51:55.0521 4224 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/22 14:51:55.0615 4224 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/22 14:51:56.0005 4224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/22 14:51:56.0646 4224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/22 14:51:57.0318 4224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/22 14:51:57.0677 4224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/22 14:51:58.0162 4224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/22 14:51:58.0568 4224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/22 14:51:58.0990 4224 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/22 14:51:59.0474 4224 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/22 14:51:59.0615 4224 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk2\DR2
2011/06/22 14:51:59.0740 4224 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/22 14:51:59.0755 4224 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/06/22 14:51:59.0787 4224 MBR (0x1B8) (e4897edfaf4d5bff648a2728a7d0b61b) \Device\Harddisk3\DR3
2011/06/22 14:52:00.0568 4224 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
2011/06/22 14:52:00.0583 4224 ================================================================================
2011/06/22 14:52:00.0583 4224 Scan finished
2011/06/22 14:52:00.0583 4224 ================================================================================
2011/06/22 14:52:00.0615 3424 Detected object count: 0
2011/06/22 14:52:00.0615 3424 Actual detected object count: 0
2011/06/22 14:53:18.0708 2756 Deinitialize success


ComboFix 11-06-22.02 - Administrator 06/22/2011 15:10:13.3.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3248.1622 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GranPaSmurf\AppData\Local\temp\ugqyiaog.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-22 20:19 . 2011-06-22 20:19 -------- d-----w- c:\users\GranPaSmurf\AppData\Local\temp
2011-06-22 20:19 . 2011-06-22 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 13:13 . 2011-06-22 13:13 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-06-22 13:13 . 2011-06-22 13:13 -------- d-----w- c:\users\Administrator\AppData\Local\SlimWare Utilities Inc
2011-06-22 12:56 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-22 12:56 . 2011-06-22 13:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-22 12:29 . 2011-06-22 12:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\Logitech
2011-06-22 12:11 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{143BBC74-8B75-4271-B941-71BDF7409B3C}\mpengine.dll
2011-06-21 11:47 . 2011-06-21 11:48 -------- d-----w- c:\users\Slim
2011-06-18 10:55 . 2011-06-18 11:02 -------- d-----w- c:\users\GranPaSmurf\AppData\Local\Adobe
2011-06-18 03:45 . 2011-04-23 01:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-18 03:45 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-18 03:45 . 2011-04-25 15:29 141104 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2011-06-18 03:45 . 2011-04-25 16:41 174384 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-18 03:44 . 2011-04-23 01:29 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-06-18 03:44 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-06-17 18:59 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 18:59 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-17 18:59 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 18:59 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 18:59 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 18:58 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 18:58 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 18:58 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 18:58 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-17 18:58 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-17 18:58 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 18:58 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 18:58 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 18:58 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-17 12:00 . 2011-06-22 20:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-17 00:15 . 2011-06-17 00:15 53248 ----a-r- c:\users\GranPaSmurf\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-15 12:28 . 2011-06-15 12:28 -------- d-----w- c:\program files (x86)\Synergy
2011-06-13 17:05 . 2011-06-13 17:05 388096 ----a-r- c:\users\GranPaSmurf\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-13 17:05 . 2011-06-13 17:05 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-13 01:23 . 2011-06-13 01:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-06-13 00:47 . 2011-06-13 01:12 -------- d-----w- C:\myComboFix
2011-06-12 14:34 . 2011-06-12 14:35 9331400 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2011-06-10 22:30 . 2011-06-10 22:30 -------- d-----w- c:\programdata\Logitech
2011-06-10 22:29 . 2011-06-17 00:09 -------- d-----w- c:\program files (x86)\Common Files\LWS
2011-06-10 22:28 . 2011-06-17 00:15 -------- d-----w- c:\program files (x86)\Logitech
2011-06-10 21:30 . 2011-06-19 11:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-06-10 21:23 . 2011-06-10 22:42 -------- d-----w- c:\users\GranPaSmurf\AppData\Roaming\Logitech
2011-06-10 21:23 . 2011-06-10 21:23 -------- d-----w- c:\users\GranPaSmurf\AppData\Roaming\Logishrd
2011-06-08 12:17 . 2011-06-17 11:09 -------- d-----w- c:\program files (x86)\SlimCleaner
2011-06-06 21:45 . 2011-06-06 21:42 323104 ----a-w- c:\windows\AlcRmv64.exe
2011-06-06 21:45 . 2011-06-06 21:41 475648 ----a-w- c:\windows\AlcUpd64.exe
2011-06-06 21:44 . 2011-06-06 21:45 -------- d-----w- c:\program files (x86)\Realtek AC97
2011-06-06 20:42 . 2011-06-22 13:12 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2011-06-06 18:41 . 2011-06-06 18:50 -------- d-----w- c:\users\GranPaSmurf\AppData\Roaming\IcoFX
2011-06-06 18:41 . 2011-06-06 18:41 -------- d-----w- c:\program files (x86)\IcoFX 1.6
2011-06-05 17:25 . 2011-06-05 17:25 -------- d-----w- c:\program files (x86)\SlimDrivers
2011-06-05 16:32 . 2009-03-27 13:14 502304 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-06-01 12:54 . 2000-01-01 00:00 10975264 ----a-w- c:\windows\SysWow64\RTLCPL.EXE
2011-06-01 12:54 . 2000-01-01 00:00 19036704 ----a-w- c:\windows\SysWow64\ALSNDMGR.CPL
2011-06-01 12:54 . 2000-01-01 00:00 604704 ----a-w- c:\windows\SOUNDMAN.EXE
2011-06-01 12:54 . 2000-01-01 00:00 3491616 ----a-w- c:\windows\system32\drivers\RTKVAC64.SYS
2011-06-01 12:54 . 2000-01-01 00:00 154144 ----a-w- c:\windows\SysWow64\RTLCPAPI.dll
2011-06-01 12:54 . 2000-01-01 00:00 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2011-06-01 12:54 . 2000-01-01 00:00 141856 ----a-w- c:\windows\SysWow64\RtkCfg.dll
2011-06-01 12:54 . 2000-01-01 00:00 1063456 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-06-01 12:54 . 2000-01-01 00:00 1519136 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-06-01 12:54 . 2000-01-01 00:00 44064 ----a-w- c:\windows\CPLUtl64.exe
2011-06-01 12:42 . 2011-06-06 21:43 319488 ----a-w- c:\windows\HideWin.exe
2011-06-01 12:42 . 2000-01-01 00:00 524288 ----a-w- c:\windows\RtlExUpd.dll
2011-06-01 12:42 . 2006-02-07 20:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-06-01 12:42 . 2006-02-07 20:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-06-01 12:42 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-06-01 12:42 . 2006-02-07 20:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-06-01 12:42 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-06-01 12:41 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-06-01 12:41 . 2011-06-01 12:41 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-06-01 12:41 . 2011-06-01 12:41 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-06-01 12:37 . 2011-06-01 12:37 -------- d-----w- c:\program files (x86)\epson
2011-06-01 12:37 . 2006-10-13 05:00 93184 ----a-w- c:\windows\system32\esxcwiad.dll
2011-06-01 11:10 . 2011-06-01 12:30 -------- d-----w- c:\users\GranPaSmurf\AppData\Local\SlimWare Utilities Inc
2011-06-01 11:05 . 2011-06-08 12:17 -------- d-----w- c:\program files (x86)\Downloaded Installers
2011-05-31 14:38 . 2011-05-31 14:38 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-05-27 10:34 . 2011-05-27 10:34 -------- d-----w- c:\users\GranPaSmurf\AppData\Roaming\Soluto
2011-05-26 22:36 . 2011-05-25 04:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-05-26 22:36 . 2011-05-26 22:36 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-26 22:35 . 2011-05-26 22:36 -------- d-----w- c:\program files\Soluto
2011-05-26 22:34 . 2011-05-27 10:26 -------- d-----w- c:\programdata\Soluto
2011-05-26 04:05 . 2011-05-26 04:05 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2011-05-26 04:05 . 2011-05-26 04:05 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2011-05-26 04:05 . 2011-05-26 04:05 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2011-05-26 04:05 . 2011-05-26 04:05 333336 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2011-05-26 04:05 . 2011-05-26 04:05 333336 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-05-26 04:05 . 2011-05-26 04:05 10879000 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2011-05-26 04:05 . 2011-05-26 04:05 10879000 ----a-w- c:\windows\system32\LogiDPP.dll
2011-05-26 04:05 . 2011-05-26 04:05 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2011-05-26 04:05 . 2011-05-26 04:05 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-05-26 04:02 . 2011-05-26 04:02 769312 ----a-w- c:\windows\system32\LVUI64.dll
2011-05-26 04:02 . 2011-05-26 04:02 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2011-05-26 04:02 . 2011-05-26 04:02 4186528 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2011-05-26 04:02 . 2011-05-26 04:02 263456 ----a-w- c:\windows\system32\lvco13271018.dll
2011-05-26 04:02 . 2011-05-26 04:02 176416 ----a-w- c:\windows\system32\lvcod64.dll
2011-05-25 12:46 . 2011-05-25 12:46 -------- d-----w- c:\users\GranPaSmurf\New folder
2011-05-25 11:31 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 04:24 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 04:24 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 18:45 . 2011-05-15 11:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 17:10 . 2010-11-06 01:08 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 14:11 . 2010-12-07 11:19 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-30 07:02 . 2011-05-20 11:33 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-30 07:02 . 2011-05-20 11:33 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAFBC583-A041-423A-AB8D-5272524F1D8F}\gapaengine.dll
2011-04-29 11:19 . 2011-04-29 11:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-29 11:19 . 2011-04-29 11:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-29 11:19 . 2011-04-29 11:19 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-29 11:19 . 2011-04-29 11:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-29 11:19 . 2011-04-29 11:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-29 11:19 . 2011-04-29 11:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-29 11:19 . 2011-04-29 11:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-29 11:19 . 2011-04-29 11:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-29 11:19 . 2011-04-29 11:19 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-29 11:18 . 2011-04-29 11:18 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-29 11:18 . 2011-04-29 11:18 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-29 11:18 . 2011-04-29 11:18 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-29 11:18 . 2011-04-29 11:18 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-29 11:18 . 2011-04-29 11:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-29 11:18 . 2011-04-29 11:18 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-29 11:18 . 2011-04-29 11:18 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-29 11:18 . 2011-04-29 11:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-29 11:18 . 2011-04-29 11:18 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-29 11:18 . 2011-04-29 11:18 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-29 11:18 . 2011-04-29 11:18 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-29 11:18 . 2011-04-29 11:18 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-29 11:18 . 2011-04-29 11:18 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-29 11:18 . 2011-04-29 11:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-29 11:18 . 2011-04-29 11:18 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-29 11:18 . 2011-04-29 11:18 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-29 11:18 . 2011-04-29 11:18 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-29 11:18 . 2011-04-29 11:18 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-29 11:18 . 2011-04-29 11:18 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-29 11:18 . 2011-04-29 11:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-29 11:18 . 2011-04-29 11:18 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-29 11:18 . 2011-04-29 11:18 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-29 11:18 . 2011-04-29 11:18 448512 ----a-w- c:\windows\system32\html.iec
2011-04-29 11:18 . 2011-04-29 11:18 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-29 11:18 . 2011-04-29 11:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-29 11:18 . 2011-04-29 11:18 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-29 11:18 . 2011-04-29 11:18 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-29 11:18 . 2011-04-29 11:18 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-29 11:18 . 2011-04-29 11:18 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-29 10:16 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-13 20:04 . 2011-04-13 20:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
2011-04-13 20:04 . 2011-04-13 20:04 23960 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-13 20:04 . 2011-04-13 20:04 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-04-12 18:01 . 2011-04-12 18:01 52632 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-11 06:21 . 2011-04-29 11:58 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-04-09 06:45 . 2011-05-11 01:48 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 01:48 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 01:48 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 04:00 . 2011-04-09 04:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-01 10:05 . 2011-04-01 10:05 261728 ----a-w- c:\windows\system32\lvco13251014.dll
2011-03-25 03:23 . 2011-05-11 01:47 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:23 . 2011-05-11 01:47 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:23 . 2011-05-11 01:47 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:22 . 2011-05-11 01:47 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:22 . 2011-05-11 01:47 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:22 . 2011-05-11 01:47 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:22 . 2011-05-11 01:47 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-17_11.52.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-04-29 11:18 . 2011-04-29 11:18 96256 c:\windows\system32\mshtmled.dll
+ 2011-06-18 03:45 . 2011-04-23 01:19 96256 c:\windows\system32\mshtmled.dll
- 2011-04-29 00:13 . 2011-06-13 01:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-29 00:13 . 2011-06-22 12:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-29 00:13 . 2011-06-13 01:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-29 00:13 . 2011-06-22 12:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-29 00:13 . 2011-06-22 12:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-29 00:13 . 2011-06-13 01:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-18 03:44 . 2011-04-23 01:20 818176 c:\windows\system32\jscript.dll
- 2011-04-29 11:18 . 2011-04-29 11:18 818176 c:\windows\system32\jscript.dll
+ 2011-06-18 03:44 . 2011-04-23 01:17 248320 c:\windows\system32\ieui.dll
- 2011-04-29 11:18 . 2011-04-29 11:18 248320 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2011-06-10 18:29 353216 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-06-18 10:16 353216 c:\windows\system32\FNTCACHE.DAT
+ 2011-06-18 03:44 . 2011-04-23 01:23 1344000 c:\windows\system32\urlmon.dll
- 2011-04-29 11:18 . 2011-04-29 11:18 1344000 c:\windows\system32\urlmon.dll
- 2011-04-29 11:18 . 2011-04-29 11:18 2136064 c:\windows\system32\iertutil.dll
+ 2011-06-18 03:45 . 2011-04-23 01:19 2136064 c:\windows\system32\iertutil.dll
+ 2011-06-18 03:44 . 2011-04-23 01:37 17773568 c:\windows\system32\mshtml.dll
+ 2010-11-04 22:53 . 2011-06-18 04:18 49454024 c:\windows\system32\MRT.exe
+ 2011-06-18 03:44 . 2011-04-23 01:27 10885632 c:\windows\system32\ieframe.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C1A2E05DCF3CC6D9CF27D6722BF353B7894344A7._service_run"="c:\users\GranPaSmurf\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-06-13 1011768]
"C32BAEAE618CA48D7B1C51C41655BDF8D1A4E953._service_run"="c:\users\GranPaSmurf\AppData\Local\Google\Chrome SxS\Application\chrome.exe" [2011-06-18 1018424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\GranPaSmurf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-05-25 376352]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [x]
R3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz135;cpuz135;c:\users\GRANPA~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 CrossLoopService;CrossLoop Service;c:\users\GranPaSmurf\AppData\Local\CrossLoop\CrossLoopService.exe [2011-04-07 560880]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 tvnserver;TightVNC Server;c:\users\GranPaSmurf\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SI3112r;SiI-3512 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [x]
S0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\DRIVERS\SI3114.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-05-26 442656]
S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225152523-1155453076-3467337038-1001Core.job
- c:\users\GranPaSmurf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 01:28]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225152523-1155453076-3467337038-1001UA.job
- c:\users\GranPaSmurf\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 01:28]
.
2011-06-22 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\slimdrivers\SlimDrivers.exe [2011-05-10 15:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\GranPaSmurf\AppData\Roaming\Mozilla\Firefox\Profiles\y0x89ot9.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://lastpass.com/index.php?&ac=1&fromwebsite=1|http://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxp://stp.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z087&partner_id=681&product_id=691&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110610&user_guid=54A041E118214C1B8BF5A8C5B2990F34&machine_id=5428c7b70780a4afebd6f3f9a468bae5&browser=FF&os=win&os_version=6.1-x64-SP0&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Google Chrome - c:\users\GranPaSmurf\AppData\Local\Google\Chrome\Application\11.0.696.77\Installer\setup.exe
AddRemove-Google Chrome SxS - c:\users\GranPaSmurf\AppData\Local\Google\Chrome SxS\Application\14.0.785.0\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-225152523-1155453076-3467337038-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,3b,1b,d3,40,7b,
83,4d,0a,31,03,89,a7,46,82,c0,a5,c0,fd
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cf,
04,9b,be,ee,0a,bb,9e,a5,0b,8d,68,fd,db
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,20,
8c,34,1a,d2,02,90,c4,0e,38,77,4e,23,de
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,3b,1b,e5,f0,c9,
89,7b,7c,3d,0d,a0,41,2f,88,2e,37,69,76
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,15,
e3,6c,9a,43,06,a1,33,c9,b5,28,90,15,1b
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fa,
a1,53,94,bd,59,a2,e5,5f,fc,c8,4c,f5,17
.
[HKEY_USERS\S-1-5-21-225152523-1155453076-3467337038-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:f8,f8,2b,81,54,1c,cc,01
.
[HKEY_USERS\S-1-5-21-225152523-1155453076-3467337038-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,49,7d,34,c2,a4,e3,47,aa,ad,de,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,49,7d,34,c2,a4,e3,47,aa,ad,de,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"


"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-06-22 15:45:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-22 20:44
ComboFix2.txt 2011-06-17 12:00
.
Pre-Run: 42,246,647,808 bytes free
Post-Run: 41,448,931,328 bytes free
.
- - End Of File - - B525918EEFB58D3CE7D6F36CFB4DE6B9


Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
SlimCleaner
Adobe Flash Player 10.3.181.22
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:50 AM

Posted 22 June 2011 - 05:05 PM

Thanks for your help.

You are welcome. :thumbup2:

I have a feeling that your redirections are a result of the StartNow Toolbar, which is installed on your computer. If so, please do the following :wink: :


Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller and select StartNow or StartNow Toolbar

Please click Uninstall icon to uninstall the selected program.
Posted Image

Please choose Advanced.
Posted Image

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.)
Posted Image
to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so immediately.

---------

Next, please do the following :):

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::
C:\myComboFix

Reglock::
[HKEY_USERS\S-1-5-21-225152523-1155453076-3467337038-500\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\S-1-5-21-225152523-1155453076-3467337038-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\S-1-5-21-225152523-1155453076-3467337038-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please post the newly-created C:\ComboFix.txt in your next reply, and let me know of any problems you may be encountering. :)

Edited by D-FRED-BROWN, 22 June 2011 - 05:05 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 23 June 2011 - 11:55 AM

attached last combofix log.
Still when Chrome starts it tries to go to StartNow and Malwarebytes announces it has blocked an attempt to send data to 64.20.54.67 thru port 49401.

Attached Files



#6 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 23 June 2011 - 11:58 AM

also, there is no "startnow" toolbar on any of my browsers. Revo Uninstaller did not find any instance of one.

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:50 AM

Posted 23 June 2011 - 12:05 PM

Are you experiencing these issues with just Firefox, Internet Explorer, or both?

Also, for future reference, please post the logs rather than uploading them as attachments - it makes them easier for me to read if they're posted. :wink:
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 23 June 2011 - 12:33 PM

Firefox 5.0, Chrome 14.0.801.0 canary build, and I.E.9.0.8112.16421 all start normally.

#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:50 AM

Posted 23 June 2011 - 12:35 PM

I think we misunderstood each other :P

Are you getting the StartNow redirects in all of your browsers (Firefox, IE, Chrome), or just one or two?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 23 June 2011 - 12:49 PM

I am only getting redirects on Google Chrome 12.0.742.100. the others in the earlier message work as intended.

#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:50 AM

Posted 23 June 2011 - 01:30 PM

Hello again,

Sorry about the confusion earlier.

I noticed there's still a remnant in Firefox. This should fix it :wink: :

Please open Firefox.
In the address bar, type the following (in bold): about:config
Select I'll be carefull, I promise!

In the top left-hand corner of the newly loaded page, copy and paste each of the following entries (in black bold). (ignore the ---- lines)


keyword.URL ---------------------------------- http://bing.com/results.aspx?q=


Right-Click, and select Modify on each of the Preference Names I have included above..
When the popup titled Enter String Value appears, copy and paste each respective Value located to the left of each Preference Name (in blue bold).

You will have to do this for each of the entries I have listed.

When you have finished, please restart Firefox. Let me know if that helps.

------------

For Chrome, please do the following:

Visit this webpage for instructions on how to reset your Home Page.

Let me know if these steps help. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 23 June 2011 - 02:59 PM

There are no more re-directs from any of my browsers.

#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:50 AM

Posted 23 June 2011 - 03:32 PM

There are no more re-directs from any of my browsers.

That is good news! I am thrilled to hear that! :)

Let's run an online scan just to make sure everything is clean :wink::

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 GranPaSmurf

GranPaSmurf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Near San Antonio, Texas
  • Local time:12:50 AM

Posted 25 June 2011 - 02:33 PM

Eset Online Scan found no threats.
Sorry for the delay, the press of other commitments.
Are we there yet? Huh,huh, are we there yet? Huh?
dk

#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:50 AM

Posted 25 June 2011 - 02:38 PM

Sorry for the delay, the press of other commitments.

No worries, I understand. :)

Are we there yet? Huh,huh, are we there yet? Huh?

Yes, we're almost done :wink: .

First thing, let's update some of your programs.
Please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again.

--------

Firefox is out of date. Using an outdated version of a web browser leaves you very vulnerable to malware!
Please visit Mozilla site and update it to the latest version.

--------

You are using Internet Explorer version 8. Since you are using Windows 7, you qualify for the latest version, which is 9. Using an outdated version of a web browser leaves you extremley vulnerable to malware!
Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

--------

Please let me know how the updates went, as failed updates may indicate additional malware. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users