Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a Zombie Computer


  • This topic is locked This topic is locked
20 replies to this topic

#1 qwertyui

qwertyui

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 13 June 2011 - 11:52 PM

I was infected with Win 7. Initially, I had the BSoD and a svchost.exe trojan. As instructed, I used FixNCR.reg, RKill, MBAM, TDSSKiller, and ESET Scan. I just now created a DDS log and a GMER log.

I appreciate the help!

Here is the DDS log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 23:47:20 on 2011-06-13
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2037.1333 [GMT -4:00]
.
AV: Microsoft Forefront Client Security *Enabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Users\Administrator\Desktop\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AIM\aim.exe
C:\Users\Administrator\Desktop\PSI\psi_tray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Administrator\Desktop\PSI\sua.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VMware Tools] "c:\program files\vmware\vmware tools\VMwareTray.exe"
mRun: [VMware User Process] "c:\program files\vmware\vmware tools\VMwareUser.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
dRun: [KB284842.exe] "c:\windows\system32\config\systemprofile\appdata\roaming\KB284842.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\users\administrator\desktop\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\program files\vmware\vmware tools\vsock sdk\bin\win32\vsocklib.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1266849271471
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{ACC95A89-9C70-4888-801D-E446E378E51C} : DhcpNameServer = 172.26.27.10 172.26.27.11 172.17.28.82 172.17.28.11 172.20.169.11 172.17.28.10
TCP: Interfaces\{BC850A2E-EFC4-4CF1-AD46-57AF6A6B429B} : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{BC850A2E-EFC4-4CF1-AD46-57AF6A6B429B}\0575E4 : DhcpNameServer = 172.26.27.10 172.26.27.11
TCP: Interfaces\{BC850A2E-EFC4-4CF1-AD46-57AF6A6B429B}\564786F63747275616D62333 : DhcpNameServer = 10.0.254.1
TCP: Interfaces\{BC850A2E-EFC4-4CF1-AD46-57AF6A6B429B}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\46x1hy16.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 vmhgfs;vmhgfs;c:\windows\system32\drivers\vmhgfs.sys [2010-2-11 128432]
R1 vmrawdsk;VMware Vista Physical Disk Helper;c:\program files\vmware\vmware tools\vmrawdsk.sys [2009-10-22 36144]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-7-9 87968]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-1-19 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 VMMEMCTL;Memory Control Driver;c:\program files\vmware\vmware tools\drivers\memctl\vmmemctl.sys [2009-10-22 14384]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-7-27 42672]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-7-9 274984]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-2-12 69616]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [2009-10-22 23088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-7-9 150560]
S3 vm3dmp;vm3dmp;c:\windows\system32\drivers\vm3dmp.sys [2010-2-11 70704]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2010-2-11 11440]
S3 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2010-2-11 17968]
.
=============== Created Last 30 ================
.
2011-06-13 23:25:24 -------- d-----w- c:\program files\ESET
2011-06-13 23:24:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 23:01:32 -------- d-----w- c:\users\administrator\appdata\local\Secunia PSI
2011-06-06 04:17:06 2668032 ----a-w- c:\windows\explorer.exe
2011-06-06 02:36:01 -------- d-----w- c:\users\administrator\appdata\roaming\ParetoLogic
2011-06-06 02:36:01 -------- d-----w- c:\users\administrator\appdata\roaming\DriverCure
2011-06-06 02:35:55 -------- d-----w- c:\program files\common files\ParetoLogic
2011-06-06 02:35:54 -------- d-----w- c:\programdata\ParetoLogic
2011-06-06 02:34:58 5221608 ----a-w- C:\ParetoLogic PC Health Advisor.exe
2011-05-24 17:13:33 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 04:21:33 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-05-24 04:21:30 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-05-19 18:51:59 123904 ----a-w- c:\windows\system32\poqexec.exe
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 03:06:46 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06:25 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06:23 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06:12 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06:11 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06:10 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 23:54:55.11 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:10 PM

Posted 22 June 2011 - 12:37 PM

Hello qwertyui and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. :thumbup2:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

#3 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2011 - 02:43 PM

Hey,

Here's the TDSS log:

2011/06/25 14:41:37.0909 2928 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 14:41:38.0453 2928 ================================================================================
2011/06/25 14:41:38.0453 2928 SystemInfo:
2011/06/25 14:41:38.0453 2928
2011/06/25 14:41:38.0453 2928 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/25 14:41:38.0454 2928 Product type: Workstation
2011/06/25 14:41:38.0454 2928 ComputerName: ERKINAZ
2011/06/25 14:41:38.0455 2928 UserName: Administrator
2011/06/25 14:41:38.0455 2928 Windows directory: C:\Windows
2011/06/25 14:41:38.0455 2928 System windows directory: C:\Windows
2011/06/25 14:41:38.0456 2928 Processor architecture: Intel x86
2011/06/25 14:41:38.0456 2928 Number of processors: 2
2011/06/25 14:41:38.0456 2928 Page size: 0x1000
2011/06/25 14:41:38.0456 2928 Boot type: Normal boot
2011/06/25 14:41:38.0456 2928 ================================================================================
2011/06/25 14:41:39.0866 2928 Initialize success
2011/06/25 14:41:43.0684 2656 ================================================================================
2011/06/25 14:41:43.0684 2656 Scan started
2011/06/25 14:41:43.0684 2656 Mode: Manual;
2011/06/25 14:41:43.0684 2656 ================================================================================
2011/06/25 14:41:47.0630 2656 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/25 14:41:47.0746 2656 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
2011/06/25 14:41:47.0902 2656 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/25 14:41:48.0033 2656 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/25 14:41:48.0189 2656 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/25 14:41:48.0369 2656 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/25 14:41:48.0492 2656 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/25 14:41:48.0745 2656 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/25 14:41:48.0851 2656 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/25 14:41:49.0084 2656 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/25 14:41:49.0259 2656 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/25 14:41:49.0330 2656 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/25 14:41:49.0491 2656 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/25 14:41:49.0599 2656 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/25 14:41:49.0663 2656 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/25 14:41:49.0855 2656 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/06/25 14:41:49.0924 2656 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/25 14:41:50.0021 2656 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/06/25 14:41:50.0178 2656 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/25 14:41:50.0324 2656 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/25 14:41:50.0590 2656 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/25 14:41:50.0679 2656 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/25 14:41:50.0870 2656 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/25 14:41:51.0027 2656 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/25 14:41:51.0270 2656 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/25 14:41:51.0677 2656 b57nd60x (958438198ed140c6eb6348cf8a35b36c) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/25 14:41:52.0005 2656 BCM43XX (df1835935b312efcaa5ebfd1a5ce6711) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/25 14:41:52.0263 2656 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/25 14:41:52.0499 2656 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/25 14:41:52.0633 2656 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/25 14:41:52.0792 2656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/25 14:41:52.0863 2656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/25 14:41:53.0162 2656 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/25 14:41:53.0660 2656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/25 14:41:54.0038 2656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/25 14:41:54.0337 2656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/25 14:41:54.0602 2656 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/25 14:41:55.0006 2656 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/25 14:41:55.0313 2656 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/25 14:41:55.0947 2656 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/25 14:41:56.0271 2656 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/25 14:41:56.0747 2656 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/25 14:41:57.0144 2656 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/25 14:41:57.0443 2656 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/25 14:41:58.0061 2656 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/25 14:41:58.0334 2656 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/25 14:41:58.0720 2656 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/25 14:41:59.0041 2656 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/25 14:41:59.0490 2656 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/25 14:42:00.0159 2656 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/25 14:42:00.0631 2656 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/25 14:42:01.0068 2656 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/25 14:42:01.0848 2656 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/25 14:42:02.0322 2656 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/25 14:42:03.0783 2656 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/25 14:42:05.0034 2656 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/25 14:42:05.0293 2656 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/25 14:42:06.0664 2656 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/25 14:42:07.0177 2656 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/25 14:42:08.0245 2656 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/25 14:42:08.0603 2656 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/25 14:42:08.0992 2656 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/25 14:42:09.0254 2656 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/25 14:42:09.0664 2656 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/25 14:42:09.0936 2656 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/25 14:42:10.0392 2656 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/25 14:42:10.0678 2656 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/25 14:42:10.0902 2656 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/25 14:42:11.0206 2656 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/25 14:42:11.0881 2656 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/25 14:42:12.0427 2656 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/25 14:42:12.0692 2656 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/25 14:42:12.0832 2656 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/25 14:42:13.0105 2656 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/25 14:42:13.0685 2656 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/25 14:42:14.0582 2656 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/25 14:42:14.0729 2656 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/25 14:42:14.0957 2656 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/25 14:42:15.0263 2656 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/25 14:42:16.0038 2656 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/25 14:42:16.0197 2656 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/06/25 14:42:16.0470 2656 igfx (1008c685871f5d108cc8900d6c6a5708) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/25 14:42:16.0669 2656 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/25 14:42:16.0970 2656 IntcAzAudAddService (2a4eb3167a071a67d3f56e94663544ec) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/25 14:42:17.0207 2656 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/25 14:42:17.0304 2656 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/25 14:42:17.0873 2656 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/25 14:42:18.0092 2656 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/25 14:42:18.0253 2656 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/25 14:42:18.0303 2656 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/25 14:42:18.0382 2656 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/25 14:42:18.0511 2656 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/25 14:42:18.0598 2656 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/25 14:42:18.0738 2656 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/25 14:42:18.0820 2656 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/25 14:42:18.0889 2656 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/25 14:42:19.0138 2656 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/25 14:42:19.0297 2656 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/25 14:42:19.0430 2656 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/25 14:42:19.0714 2656 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/25 14:42:19.0858 2656 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/25 14:42:19.0975 2656 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/25 14:42:20.0153 2656 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/25 14:42:20.0243 2656 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/25 14:42:20.0357 2656 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/25 14:42:20.0494 2656 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/25 14:42:20.0594 2656 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/25 14:42:20.0768 2656 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/25 14:42:20.0855 2656 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/25 14:42:21.0033 2656 MpFilter (fbc56c853814eaa196e22edf596a4ebd) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/25 14:42:21.0109 2656 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/25 14:42:21.0160 2656 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/25 14:42:21.0307 2656 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/25 14:42:21.0394 2656 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/25 14:42:21.0544 2656 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/25 14:42:21.0687 2656 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/25 14:42:21.0761 2656 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/25 14:42:21.0828 2656 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/25 14:42:22.0019 2656 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/25 14:42:22.0060 2656 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/25 14:42:22.0130 2656 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/25 14:42:22.0398 2656 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/25 14:42:22.0452 2656 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/25 14:42:22.0508 2656 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/25 14:42:22.0568 2656 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/25 14:42:22.0656 2656 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/25 14:42:22.0698 2656 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/25 14:42:22.0771 2656 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/25 14:42:22.0858 2656 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/25 14:42:23.0024 2656 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/25 14:42:23.0134 2656 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/25 14:42:23.0283 2656 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/25 14:42:23.0331 2656 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/25 14:42:23.0399 2656 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/25 14:42:23.0618 2656 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/25 14:42:23.0677 2656 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/25 14:42:23.0749 2656 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/25 14:42:23.0831 2656 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/25 14:42:24.0031 2656 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/25 14:42:24.0120 2656 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/25 14:42:24.0181 2656 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/25 14:42:24.0566 2656 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/06/25 14:42:24.0897 2656 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/25 14:42:25.0196 2656 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/06/25 14:42:25.0421 2656 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/06/25 14:42:25.0601 2656 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/25 14:42:26.0028 2656 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/25 14:42:26.0783 2656 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/25 14:42:27.0029 2656 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/25 14:42:27.0302 2656 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/25 14:42:28.0140 2656 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/25 14:42:28.0382 2656 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/25 14:42:28.0475 2656 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/25 14:42:28.0589 2656 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/25 14:42:28.0680 2656 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/25 14:42:29.0102 2656 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/25 14:42:29.0180 2656 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/25 14:42:29.0419 2656 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/25 14:42:29.0751 2656 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/25 14:42:29.0868 2656 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/25 14:42:30.0022 2656 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/25 14:42:30.0115 2656 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/25 14:42:30.0180 2656 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/25 14:42:30.0262 2656 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/25 14:42:30.0419 2656 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/25 14:42:30.0529 2656 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/25 14:42:30.0617 2656 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/25 14:42:30.0699 2656 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/25 14:42:30.0793 2656 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/25 14:42:30.0884 2656 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/25 14:42:31.0005 2656 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/25 14:42:31.0093 2656 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/25 14:42:31.0205 2656 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/25 14:42:31.0269 2656 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/25 14:42:31.0398 2656 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/25 14:42:31.0623 2656 RSPCIESTOR (a606d8730c6aed4ab8ebf22df6efa618) C:\Windows\system32\DRIVERS\RtsPStor.sys
2011/06/25 14:42:31.0738 2656 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/25 14:42:31.0831 2656 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/25 14:42:31.0977 2656 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/25 14:42:32.0084 2656 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/25 14:42:32.0213 2656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/25 14:42:32.0445 2656 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/25 14:42:32.0549 2656 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/25 14:42:32.0632 2656 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/25 14:42:32.0887 2656 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/25 14:42:32.0972 2656 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/25 14:42:33.0045 2656 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/25 14:42:33.0190 2656 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/25 14:42:33.0319 2656 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/25 14:42:33.0465 2656 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/25 14:42:33.0587 2656 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/25 14:42:33.0989 2656 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/25 14:42:34.0133 2656 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/25 14:42:34.0351 2656 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/06/25 14:42:34.0486 2656 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/25 14:42:34.0707 2656 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/25 14:42:34.0871 2656 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/25 14:42:34.0978 2656 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/25 14:42:35.0089 2656 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/25 14:42:35.0345 2656 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/25 14:42:36.0142 2656 SynTP (e38b97bd4e1c823ff35773ffea42496c) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/25 14:42:36.0557 2656 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/06/25 14:42:37.0056 2656 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/25 14:42:37.0260 2656 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/25 14:42:37.0336 2656 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/25 14:42:37.0414 2656 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/25 14:42:37.0533 2656 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/25 14:42:37.0803 2656 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/25 14:42:38.0155 2656 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/25 14:42:38.0557 2656 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/25 14:42:38.0729 2656 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/25 14:42:38.0934 2656 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/25 14:42:39.0092 2656 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/25 14:42:39.0236 2656 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/25 14:42:39.0339 2656 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/25 14:42:39.0457 2656 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/25 14:42:39.0871 2656 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/25 14:42:40.0196 2656 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
2011/06/25 14:42:40.0580 2656 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/25 14:42:40.0885 2656 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2011/06/25 14:42:41.0131 2656 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/25 14:42:41.0333 2656 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/25 14:42:41.0433 2656 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/06/25 14:42:41.0955 2656 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/25 14:42:42.0372 2656 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/25 14:42:42.0847 2656 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/25 14:42:43.0214 2656 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/25 14:42:43.0825 2656 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/25 14:42:43.0962 2656 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/25 14:42:44.0083 2656 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/25 14:42:44.0201 2656 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/25 14:42:44.0351 2656 vm3dmp (e2d93ecd5a0f3bfba99d023074c73f6a) C:\Windows\system32\DRIVERS\vm3dmp.sys
2011/06/25 14:42:44.0442 2656 VMAUDIO (98e6cc4d5a21db9626a6b738c4f313a5) C:\Windows\system32\drivers\vmaudio.sys
2011/06/25 14:42:44.0557 2656 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/25 14:42:44.0708 2656 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/25 14:42:44.0820 2656 vmci (c2f196b0b0f80ed121fd9146eba2587e) C:\Windows\system32\DRIVERS\vmci.sys
2011/06/25 14:42:45.0002 2656 vmdebug (59909ed99e2d137937c0f93b2201e433) C:\Windows\system32\Drivers\vmdebug.sys
2011/06/25 14:42:45.0284 2656 vmhgfs (16f9f586e12c98bbb52f1257c85cc8e0) C:\Windows\system32\DRIVERS\vmhgfs.sys
2011/06/25 14:42:45.0396 2656 VMMEMCTL (04911e98a5c312fbc55cec9ea4f62423) C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
2011/06/25 14:42:45.0960 2656 vmmouse (17cd671136032e3a202b4a9c6c4c9dba) C:\Windows\system32\DRIVERS\vmmouse.sys
2011/06/25 14:42:46.0124 2656 vmrawdsk (26a4a3f5f239a0696b189b555c84295e) C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
2011/06/25 14:42:46.0282 2656 vmscsi (19754658f7958e31f00f0227f87daf1d) C:\Windows\system32\DRIVERS\vmscsi.sys
2011/06/25 14:42:46.0391 2656 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/25 14:42:46.0565 2656 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/25 14:42:46.0656 2656 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/25 14:42:46.0889 2656 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/25 14:42:47.0105 2656 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/25 14:42:47.0261 2656 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/25 14:42:47.0378 2656 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/25 14:42:47.0685 2656 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 14:42:47.0751 2656 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 14:42:48.0076 2656 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/25 14:42:48.0206 2656 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/25 14:42:48.0596 2656 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/25 14:42:48.0644 2656 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/25 14:42:48.0989 2656 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/25 14:42:49.0106 2656 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/25 14:42:49.0387 2656 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/25 14:42:49.0510 2656 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/25 14:42:49.0627 2656 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/25 14:42:49.0836 2656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/25 14:42:49.0879 2656 ================================================================================
2011/06/25 14:42:49.0879 2656 Scan finished
2011/06/25 14:42:49.0879 2656 ================================================================================
2011/06/25 14:42:49.0952 3952 Detected object count: 0
2011/06/25 14:42:49.0952 3952 Actual detected object count: 0


Here's the ComboFix log:

ComboFix 11-06-25.03 - Administrator 06/25/2011 15:04:06.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2037.1279 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Enabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C0A64D87-F820-47FD-B029-9718374F6290}.xps
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 19:15 . 2011-06-25 19:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-25 19:15 . 2011-06-25 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-25 18:42 . 2011-06-25 18:42 -------- d-----w- c:\program files\Common Files\Java
2011-06-25 18:41 . 2011-06-25 18:41 -------- d-----w- c:\program files\Java
2011-06-13 23:25 . 2011-06-13 23:25 -------- d-----w- c:\program files\ESET
2011-06-13 23:24 . 2011-06-25 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 23:01 . 2011-06-11 23:01 -------- d-----w- c:\users\Administrator\AppData\Local\Secunia PSI
2011-06-06 04:17 . 2011-02-26 05:51 2614784 ----a-w- c:\windows\explorer.exe
2011-06-06 04:17 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\system32\config\systemprofile\explorer.bak
2011-06-06 02:36 . 2011-06-06 02:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\ParetoLogic
2011-06-06 02:36 . 2011-06-06 02:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\DriverCure
2011-06-06 02:35 . 2011-06-06 02:35 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-06-06 02:35 . 2011-06-06 02:35 -------- d-----w- c:\programdata\ParetoLogic
2011-06-06 02:34 . 2011-06-06 02:34 5221608 ----a-w- C:\ParetoLogic PC Health Advisor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 18:41 . 2010-05-05 13:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 13:11 . 2010-09-09 20:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-09-09 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 23:11 . 2011-04-23 23:11 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-22 19:36 . 2011-05-24 17:13 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-10 22:59 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-10 22:59 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 18:51 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2009-10-22 141872]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2009-10-22 1079856]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-01-19 1033600]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-12 278528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-23 8546848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-23 1680680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\users\Administrator\Desktop\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 06:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
R1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\Drivers\vmdebug.sys [2009-10-22 23088]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2010-01-19 16880]
R2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\vmtoolsd.exe [2009-10-22 72240]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-03-23 150560]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [2009-10-22 255304]
R3 TPVCGateway;TP VC Gateway Service;c:\program files\VMware\VMware Tools\TPVCGateway.exe [2009-10-22 365856]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2009-10-22 70704]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2009-10-22 61488]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2009-10-22 11440]
R3 vmscsi;vmscsi;c:\windows\system32\DRIVERS\vmscsi.sys [2010-02-11 17968]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S1 vmhgfs;vmhgfs;c:\windows\system32\DRIVERS\vmhgfs.sys [2009-10-22 128432]
S1 vmrawdsk;VMware Vista Physical Disk Helper;c:\program files\VMware\VMware Tools\vmrawdsk.sys [2009-10-22 36144]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2010-03-23 87968]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-04-06 73120]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\users\Administrator\Desktop\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\users\Administrator\Desktop\PSI\sua.exe [2011-04-19 399416]
S2 VMMEMCTL;Memory Control Driver;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [2009-10-22 14384]
S2 VMUpgradeHelper;VMware Upgrade Helper;c:\program files\VMware\VMware Tools\VMUpgradeHelper.exe [2009-10-22 191024]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-05-12 42672]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\users\Administrator\Desktop\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\PC Health Advisor.job
- c:\users\Administrator\Desktop\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\46x1hy16.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-KB284842.exe - c:\windows\system32\config\systemprofile\AppData\Roaming\KB284842.exe
AddRemove-HDMI - c:\windows\system32\igxpun.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2372759665-3554196744-2073636386-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,ce,28,ac,d2,e3,71,48,85,6c,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,ce,28,ac,d2,e3,71,48,85,6c,93,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-06-25 15:23:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-25 19:23
.
Pre-Run: 141,421,907,968 bytes free
Post-Run: 141,561,618,432 bytes free
.
- - End Of File - - 4239F06A79966669F051A6489F6CDB86


Here's Security Check checkup.txt:

Results of screen317's Security Check version 0.99.15
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Adobe Flash Player 10.3.181.26
Mozilla Firefox (3.6.18) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


I haven't gotten the BSoD since I last replied. Am I clean now? I'm worried about logging onto anything because of the threat that someone may be stealing my information...

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:10 PM

Posted 25 June 2011 - 02:52 PM

I haven't gotten the BSoD since I last replied. Am I clean now? I'm worried about logging onto anything because of the threat that someone may be stealing my information...

Your logs are looking better, but let's run some more scans to confirm that you're clean before we move on to anything else :wink:.

Also, if you believe that your passwords may have been stolen, I suggest you read the following:
If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation as soon as possible.

If you do not have access to a known clean computer, you will still need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

With that said, please run the following scans :):

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

---------

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

---------

Please include the online scan results in your next reply. :)

#5 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2011 - 06:48 PM

Thanks for replying to my last post so quickly! I appreciate the help.

Here's the ESET scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=0493dbcfaeb9184f8372aea0cf75c763
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-14 12:46:35
# local_time=2011-06-13 08:46:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 66 94 41178665 59552484 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=83591
# found=7
# cleaned=5
# scan_time=4703
C:\Windows\explorer.exe a variant of Win32/SpamTool.Agent.NER trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\ssj.exe a variant of Win32/Kryptik.OXU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5MYLZVC\reader_ec234[1].exe a variant of Win32/Kryptik.OXU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Roaming\KB284842.exe a variant of Win32/Injector.GVT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\Temp\idbe\setup.exe a variant of Win32/Nervos.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\Temp\kdfm\setup.exe a variant of Win32/Injector.GVT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/SpamTool.Agent.NER trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=0493dbcfaeb9184f8372aea0cf75c763
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-25 11:37:16
# local_time=2011-06-25 07:37:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 66 94 42211018 60584837 0 0
# compatibility_mode=8192 67108863 100 0 946122 946122 0 0
# scanned=82170
# found=9
# cleaned=9
# scan_time=4991
C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir a variant of Win32/SpamTool.Agent.NER trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\2f84494a-33083ed7 Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51660c8f-1890ef6a Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\8ec9882-3a63cf13 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2c8be69b-52c94909 a variant of Java/TrojanDownloader.OpenStream.NBV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1d763f21-18e6386b a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f630bab-5369c4a1 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\d81016d-19c8dfaf Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\677e1f36-4f403e63 a variant of Java/Agent.BR trojan (deleted -
quarantined) 00000000000000000000000000000000 C


Here's the BitDefender report:


QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Sat Jun 25 19:44:23 2011
Machine ID: 9C6B4465



No infection found.
-------------------



Processes
---------
APO Access Service (32-bit) 1584 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
Firefox 2592 C:\Program Files\Mozilla Firefox\firefox.exe
Intel® Common User Interface 2776 C:\Windows\System32\hkcmd.exe
Intel® Common User Interface 2792 C:\Windows\System32\igfxpers.exe
Intel® Common User Interface 2864 C:\Windows\System32\igfxsrvc.exe
Intel® Common User Interface 2756 C:\Windows\System32\igfxtray.exe
Java™ Platform SE Auto Updater 2 0 2884 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Forefront Client Security 1624 C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
Microsoft® Windows® Operating System 2552 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 1372 C:\Windows\System32\conhost.exe
Microsoft® Windows® Operating System 416 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 464 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 564 C:\Windows\System32\lsm.exe
Microsoft® Windows® Operating System 3820 C:\Windows\System32\notepad.exe
Microsoft® Windows® Operating System 512 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 288 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 1456 C:\Windows\System32\spoolsv.exe
Microsoft® Windows® Operating System 456 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 556 C:\Windows\System32\winlogon.exe
Microsoft® Windows® Operating System 1364 C:\Windows\System32\wlanext.exe
Microsoft® Windows® Operating System 1788 C:\Windows\System32\wuauclt.exe
Realtek HD Audio Manager 2736 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Secunia PSI Agent 1716 C:\Users\Administrator\Desktop\PSI\psia.exe
Secunia PSI Tray 2892 C:\Users\Administrator\Desktop\PSI\psi_tray.exe
Secunia Update Agent 2916 C:\Users\Administrator\Desktop\PSI\sua.exe
Synaptics Pointing Device Driver 2840 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver 3076 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
VMware Tools 1900 C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
Windows® Internet Explorer 2580 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 2656 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 1388 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Search 2668 C:\Windows\System32\SearchFilterHost.exe
Windows® Search 3560 C:\Windows\System32\SearchProtocolHost.exe
Windows® Search 3956 C:\Windows\System32\SearchProtocolHost.exe
(verified) Microsoft® Visual Studio .NET 1668 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(verified) Microsoft® Windows® Operating System 2528 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 548 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 1804 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1280 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1192 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1000 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 960 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 924 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 760 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1492 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3796 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 684 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2412 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 2848 C:\Windows\System32\taskhost.exe
(verified) Windows® Search 3188 C:\Windows\System32\SearchIndexer.exe


Network activity
----------------
Process svchost.exe (1280) connected on port 80 (HTTP) --> 184.84.244.121
Process iexplore.exe (1388) connected on port 80 (HTTP) --> 184.84.244.113
Process iexplore.exe (1388) connected on port 80 (HTTP) --> 74.125.226.173
Process iexplore.exe (1388) connected on port 80 (HTTP) --> 66.220.149.18
Process iexplore.exe (1388) connected on port 80 (HTTP) --> 184.84.244.113
Process iexplore.exe (1388) connected on port 80 (HTTP) --> 184.84.244.113
Process iexplore.exe (1388) connected on port 80 (HTTP) --> 184.84.244.113
Process iexplore.exe (1388) connected on port 80 (HTTP) --> 72.247.146.51
Process psia.exe (1716) connected on port 443 (HTTP over SSL) --> 91.198.117.248

Process wininit.exe (456) listens on ports: 49152 (RPC)
Process services.exe (512) listens on ports: 49156 (RPC)
Process lsass.exe (548) listens on ports: 49155 (RPC)
Process svchost.exe (760) listens on ports: 135 (RPC)
Process svchost.exe (924) listens on ports: 49153 (RPC)
Process svchost.exe (1000) listens on ports: 49154 (RPC)
Process svchost.exe (1280) listens on ports: 3389 (Terminal Server)


Autoruns and critical files
---------------------------
Alps Pointing-device Driver C:\Program Files\DellTPad\Apoint.exe
Intel® Common User Interface C:\Windows\System32\hkcmd.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
Intel® Common User Interface C:\Windows\System32\igfxpers.exe
Intel® Common User Interface C:\Windows\System32\igfxtray.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Forefront Client Security c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft® Windows® Operating System C:\Windows\system32\rundll32.exe
ParetoLogic Update Application C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
PC Health Advisor C:\Users\Administrator\Desktop\PCHA\PCHA.exe
Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Secunia PSI Tray C:\Users\Administrator\Desktop\PSI\psi_tray.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
VMware Tools C:\Program Files\VMware\VMware Tools\VMwareTray.exe
VMware Tools C:\Program Files\VMware\VMware Tools\VMwareUser.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
downloadUpdater C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
downloadUpdater2 C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
Skype Toolbars C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
VMware Tools C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
Windows® Internet Explorer C:\Windows\system32\IEFRAME.dll
(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll


Scan
----
MD5: 8b4f47184f1dc56d7f49faf21d93b2d6 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: d7b6706becefbdd0b86b94a4499f5109 C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
MD5: 0fbf6217f40570d66533ed037b34e01b C:\Program Files\DellTPad\Apoint.exe
MD5: bd43a986fa0dc0cbf672638a8de444db C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 64efaf916c4009f1b84153d0bb491fb0 C:\Program Files\Internet Explorer\iexplore.exe
MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 59369847657433ffd02d14f4e7221d2c c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpOAv.dll
MD5: bc6fdad668bafe564f96bddd0fbc20b6 c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
MD5: bbff5ce1aa994eccf1f3250102a6060c c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
MD5: 5e162feb08f6635f0348d250b98ac758 C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
MD5: 89c4e5e322dcca3fb0673f30f2e9ca9f C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\fcssasengine.dll
MD5: 47fc5a4a45e883a36aff884b3e6073b1 C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL
MD5: e7cb7bdaed66218bd74feec7f5df6d89 c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
MD5: e0dd4a98c79c83aa67d79c8dfc6d2e4f C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
MD5: b96306630fa5a5c01579d17af0d407bf C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
MD5: 055713cd9e0c6aac46afbb3a5b95ef75 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 7f238c0745053c966cb71c001f8878c2 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 112bef85c4b01d7b6c3321f4fb01eedd C:\Program Files\Mozilla Firefox\js3250.dll
MD5: dddbcc60480fee039a094c1662c0beff C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: b96f14bc7df04b349e82c9003f82558b C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: 74d4444f5067c2ec41a20f3893299dcd C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 99e91ea69a9c33b4349f45b486347019 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 4c057d3ad53e4e99af7590351d372093 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: baf720ed50e71d435de7d3929157c8f6 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 72bc2a9126c01d6d1045a58c0285149d C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: aa14af2c8915e41327ac3bc8b32c4548 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 8e35d253333530285c47e8d33d1d3c74 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 323fe218dac089eed70ca55e6c1c2f1d C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
MD5: dbe8c34758da614f35ae7011284406bb C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
MD5: 4e3216231cba873f1d88cc3a755cc4af C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 64c183111ada8b5f419fad4e70b9ab70 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 48dacc767b7c8d77f3dfd501b9e30a6a C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: f04cb8f40f38d1cc75c44e6c219d80cd C:\Program Files\Mozilla Firefox\sqlite3.dll
MD5: ced3cfa15858d4b8294980077a1c700e C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 0fee7c320c3e864da8f0bf9188594643 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 921cb4d7cfff02d0d818a728afbe09ba C:\Program Files\Mozilla Firefox\xul.dll
MD5: a6ce73469591554279da63be715dbc93 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
MD5: 750c7cec215c3daccbd52cf0ab80ec8f C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MD5: 71e99391b3d79769a89961131ba1eb31 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: e6c3f8628f2b35f297cb5d9fb55a4f55 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
MD5: 04911e98a5c312fbc55cec9ea4f62423 C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
MD5: 8551b01255f178038d65d65ca3bfbda4 C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
MD5: f1dae030da1dcca63f7141898b00ddd6 C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
MD5: 26a4a3f5f239a0696b189b555c84295e C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
MD5: 6d2db099e617ea206749efde0b00542d C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
MD5: 7dc960f647fcf00fb107993e74a260e7 C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
MD5: 3ef69cd52aed97a7455e2eaab818e944 C:\Program Files\VMware\VMware Tools\VMwareTray.exe
MD5: 2e90e87214490952275de77116fdabc0 C:\Program Files\VMware\VMware Tools\VMwareUser.exe
MD5: 88bb6d0f26614742cff9179be2b448fe C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
MD5: 77fbd400984cf72ba0fc4b3489d65f74 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: d6417e3ee99744edecc5978cac82a1b0 C:\Users\Administrator\Desktop\PCHA\PCHA.exe
MD5: 8e6c1915eddd719c4bfe99eccd7216a7 C:\Users\Administrator\Desktop\PSI\psi_tray.exe
MD5: 2d0599dd0124764fc939c59985c860de C:\Users\Administrator\Desktop\PSI\psia.exe
MD5: 20b9e1adbc58958b480933e4da005dfb C:\Users\Administrator\Desktop\PSI\sua.exe
MD5: 23dc75d158d484177ffe99e23264f89f C:\Windows\Downloaded Program Files\qsax.dll
MD5: 1697c39978cd69f6fbc15302edcece1f C:\Windows\ehome\ehRecvr.exe
MD5: 255cf508d7cfb10e0794d6ac93280bd8 C:\Windows\explorer.exe
MD5: 39cdcb109bf200cc8a05b9c7e6272d11 C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll
MD5: fabfc817547eabb19b74849cef410622 C:\Windows\system32\authui.dll
MD5: 9a595df601070da78c40481120dd2c06 C:\Windows\system32\basesrv.DLL
MD5: 93720b6fa9943e3a03f49ec7c5619b60 C:\Windows\System32\bcmihvsrv.dll
MD5: 9092668daf4061898fd3f2c19d8c7f85 C:\Windows\system32\CLUSAPI.DLL
MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\Windows\system32\cngaudit.dll
MD5: 53831de9162c6c2378574b59eb786bf1 C:\Windows\system32\corpol.dll
MD5: 10de24cccd418c31107813682eb73542 C:\Windows\system32\CSRSRV.dll
MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe
MD5: b8473011f59a6aa2b35e84aa19d707cf C:\Windows\system32\d3d10_1.dll
MD5: 029e2a480ce2020df097e535a2311712 C:\Windows\system32\d3d10_1core.dll
MD5: 40d2453fa90ddb5f92e4ecea5797895e C:\Windows\system32\D3D10Level9.dll
MD5: 990a58a0b01720e419b55efc5ff387f8 C:\Windows\System32\dhcpcore6.dll
MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\Windows\system32\DNSAPI.dll
MD5: 100103c6535c66265267f5eea5f5846e C:\Windows\System32\dnsext.dll
MD5: b15be77a2bacf9c3177d27518afe26a9 c:\windows\system32\dnsrslvr.dll
MD5: af1f178b0218b44876e63bf0b019e96b C:\Windows\system32\DRIVERS\Accelern.sys
MD5: 0db7a48388d54d154ebec120461a0fcd C:\Windows\system32\drivers\afd.sys
MD5: 19ce906b4cdc11fc4fef5745f33a63b6 C:\Windows\system32\drivers\amdsata.sys
MD5: 869e67d66be326a5a9159fba8746fa70 C:\Windows\system32\drivers\amdxata.sys
MD5: 11246b43e2fd8318ef5f45de3a74fbae C:\Windows\system32\DRIVERS\Apfiltr.sys
MD5: 958438198ed140c6eb6348cf8a35b36c C:\Windows\system32\DRIVERS\b57nd60x.sys
MD5: df1835935b312efcaa5ebfd1a5ce6711 C:\Windows\system32\DRIVERS\bcmwl6.sys
MD5: 9a5c671b7fbae4865149bb11f59b91b2 C:\Windows\system32\DRIVERS\bowser.sys
MD5: 83d1ecea8faae75604c0fa49ac7ad996 C:\Windows\System32\Drivers\dfsc.sys
MD5: 1679a4669326cb1a67cc95658d273234 C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 39f7c9aeee865fe8e98cf3edd2b4bb4a C:\Windows\system32\DRIVERS\iaStor.sys
MD5: 71f1a494fedf4b33c02c4a6a28d6d9e9 C:\Windows\system32\drivers\iaStorV.sys
MD5: 1008c685871f5d108cc8900d6c6a5708 C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: fbc56c853814eaa196e22edf596a4ebd C:\Windows\system32\DRIVERS\MpFilter.sys
MD5: ca7570e42522e24324a12161db14ec02 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: c108952d3660375dcb716b222912e868 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: 25c38264a3c72594dd21d355d70d7a5d C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: f1b0bed906f97e16f6d0c3629d2f21c6 C:\Windows\system32\drivers\nvraid.sys
MD5: 4520b63899e867f354ee012d34e11536 C:\Windows\system32\drivers\nvstor.sys
MD5: d24dfd16a1e2a76034df5aa18125c35d C:\Windows\system32\DRIVERS\psi_mf.sys
MD5: 2a4eb3167a071a67d3f56e94663544ec C:\Windows\system32\drivers\RTKVHDA.sys
MD5: a606d8730c6aed4ab8ebf22df6efa618 C:\Windows\system32\DRIVERS\RtsPStor.sys
MD5: c4a027b8c0bd3fc0699f41fa5e9e0c87 C:\Windows\System32\DRIVERS\srv.sys
MD5: 414bb592cad8a79649d01f9d94318fb3 C:\Windows\System32\DRIVERS\srv2.sys
MD5: ff207d67700aa18242aaf985d3e7d8f4 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: e38b97bd4e1c823ff35773ffea42496c C:\Windows\system32\DRIVERS\SynTP.sys
MD5: 0158d5e9982e9d6a90dfc802f618e130 C:\Windows\System32\drivers\tcpip.sys
MD5: c31ae588e403042632dc796cf09e30b0 C:\Windows\system32\DRIVERS\usbccgp.sys
MD5: e4c436d914768ce965d5e659ba7eebd8 C:\Windows\system32\drivers\usbehci.sys
MD5: bdcd7156ec37448f08633fd899823620 C:\Windows\system32\DRIVERS\usbhub.sys
MD5: eb2d819a639015253c871cda09d91d58 C:\Windows\system32\drivers\usbohci.sys
MD5: 1c4287739a93594e57e2a9e6a3ed7353 C:\Windows\system32\DRIVERS\USBSTOR.SYS
MD5: 22480bf4e5a09192e5e30ba4dde79fa4 C:\Windows\system32\drivers\usbuhci.sys
MD5: b5f6a992d996282b7fae7048e50af83a C:\Windows\System32\Drivers\usbvideo.sys
MD5: e2d93ecd5a0f3bfba99d023074c73f6a C:\Windows\system32\DRIVERS\vm3dmp.sys
MD5: 98e6cc4d5a21db9626a6b738c4f313a5 C:\Windows\system32\drivers\vmaudio.sys
MD5: c2f196b0b0f80ed121fd9146eba2587e C:\Windows\system32\DRIVERS\vmci.sys
MD5: 59909ed99e2d137937c0f93b2201e433 C:\Windows\system32\Drivers\vmdebug.sys
MD5: 16f9f586e12c98bbb52f1257c85cc8e0 C:\Windows\System32\DRIVERS\vmhgfs.sys
MD5: 17cd671136032e3a202b4a9c6c4c9dba C:\Windows\system32\DRIVERS\vmmouse.sys
MD5: 19754658f7958e31f00f0227f87daf1d C:\Windows\system32\DRIVERS\vmscsi.sys
MD5: 60cc965a89e2072ebd26d63d5e1e1d18 C:\Windows\system32\dwmcore.dll
MD5: 496c56361f57c2ca54931ebbc7d6c2cf C:\Windows\system32\eapphost.dll
MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\Windows\system32\efslsaext.dll
MD5: 8444a7364d6877922049e99bf4b78c5c C:\Windows\system32\elscore.dll
MD5: 02a2ed8497f437ea200df3aced255afe C:\Windows\system32\ElsLad.dll
MD5: d720800c2aa3c6889b538011ed6c6b1b c:\windows\system32\ESENT.dll
MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\Windows\system32\EXPLORERFRAME.dll
MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll
MD5: 7fe4995528a7529a761875151ee3d512 c:\windows\system32\fntcache.dll
MD5: c87f28a34b3840f4b40011d170b1a159 C:\Windows\system32\FVECERTS.dll
MD5: d5cc5113671ac70993a5b46923212f16 C:\Windows\System32\FXSMON.DLL
MD5: 6a57daf2150bad998e08952c3fd277ce C:\Windows\system32\hccutils.DLL
MD5: e2f6cc0d191361ee94fea3957653f531 C:\Windows\system32\hidphone.tsp
MD5: 05a647da57e7fe28f058c89778c3685a C:\Windows\System32\hkcmd.exe
MD5: 2e9aa85891480722d9e3501776e5a8c2 c:\windows\system32\ICAAPI.dll
MD5: 0c7b28decceb403b8853f52664f26e9b C:\Windows\system32\IEFRAME.dll
MD5: 438147dae79299a5a9240219942b4439 C:\Windows\System32\iepeers.dll
MD5: 570c6b12e7bd623a85ea1f01c75c346a C:\Windows\system32\iertutil.dll
MD5: f88391450bfdd2c789bd98ff54f51745 C:\Windows\system32\IEUI.dll
MD5: 3b02b3016406e2021b79f007775d1dc1 C:\Windows\system32\igdumd32.dll
MD5: 1c23d1ad597e8f4e2d5245b3fe17fce3 C:\Windows\system32\igdumdx32.dll
MD5: 6961669ce9b57c2add933de267f4271f C:\Windows\system32\igfxdev.dll
MD5: ea6dca4ab912b2a0f0cea2281f842466 C:\Windows\System32\igfxpers.exe
MD5: 9e5c390323156e582b9da7427f7183b2 C:\Windows\system32\igfxpph.dll
MD5: 9eb0c91a368469104c7e9137dd14a79d C:\Windows\system32\igfxrENU.lrc
MD5: 1fa90f195114105c8eb248f709f1b507 C:\Windows\system32\igfxress.dll
MD5: d5fce850af21e8cf9cfd12558ceeb523 C:\Windows\system32\igfxsrvc.dll
MD5: 9df64ebd0ad79f987abfc0ceb9a71828 C:\Windows\System32\igfxsrvc.exe
MD5: 562a66c8cede1f4dba4fc20a6254e62e C:\Windows\System32\igfxtray.exe
MD5: 258a532cffaad910b5b14f27dcd7bfb3 C:\Windows\System32\inetpp.dll
MD5: 0bd0665d8bfd321d3b5a898ed09d1df3 C:\Windows\system32\jscript.dll
MD5: 48744c796f25a52b2c229686eb86edd5 C:\Windows\system32\kerberos.DLL
MD5: af75dba674e55221b7a055b0a4345f16 C:\Windows\system32\keyiso.dll
MD5: f3fb146cdbdd26fcd0cf7941c547bee4 C:\Windows\system32\kmddsp.tsp
MD5: c1585eaa67c37a05bf6f93726fafc069 c:\windows\system32\l2gpstore.dll
MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll
MD5: 724a74ba9b5832a91562d2ac393e540b C:\Windows\System32\localspl.dll
MD5: 4ddf6d393ad49da2bec4875b0b516a74 C:\Windows\system32\lsasrv.dll
MD5: 398dc10274c0cb861338cfc56e727c9f C:\Windows\System32\lsm.exe
MD5: 4eeb1ea6495682b5446f06f1814611ac C:\Windows\system32\lsmproxy.dll
MD5: efbef826c183cf8edab324ce514d69b7 C:\Windows\system32\Macromed\Flash\Flash10t.ocx
MD5: 21a67095edc11a528f5434d28bb0ef3c C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: 3a2c4d7ffbb0101cad4fd5de0705757a C:\Windows\system32\msfeeds.dll
MD5: 1816d4cf1a7cbb72298ab120059226d4 C:\Windows\System32\mshtml.dll
MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll
MD5: c90878913df3dc504790282043db5f4c C:\Windows\system32\msprivs.DLL
MD5: 4a1b9779c5d580745b63feacc3b4332f C:\Windows\system32\MSRATING.dll
MD5: 0ce7a0ffbba93810384b6794c6901f4c C:\Windows\system32\MSSRCH.DLL
MD5: bd669749eaeff96773b5f8d0a43e0068 C:\Windows\System32\msxml3.dll
MD5: 5f856156f709df40b42d36ae8a0f0695 C:\Windows\System32\msxml6.dll
MD5: 5f610783fbf01f9885d80a1db1a2f220 C:\Windows\system32\NCI.dll
MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL
MD5: 3f2deafc463d75611cb9c5e36a8ccf15 c:\windows\system32\ncsi.dll
MD5: aa11a26692e0db2996caefe9ec61f61f C:\Windows\system32\ndptsp.tsp
MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\Windows\system32\negoexts.DLL
MD5: c5b5ccdbf8ed1475240313ed88234e3f C:\Windows\system32\netcfgx.dll
MD5: c1ae600c554a0ebc6cd211541fa6815f C:\Windows\system32\netjoin.dll
MD5: eaa75d9000b71f10eec04d2ae6c60e81 C:\Windows\system32\netlogon.DLL
MD5: 28caaa8b3dac4604b6871f311c6b9f49 C:\Windows\System32\NLSData0000.dll
MD5: d8f67ccccf4de5ebd0e1f79121afa79e C:\Windows\System32\NLSData0010.dll
MD5: 8133ea1a6258d0f536ec51be0a67855a C:\Windows\System32\NLSData0013.dll
MD5: a79fffba93697fb09584f11bd09ab636 C:\Windows\System32\NLSData0018.dll
MD5: 6687af3b9617379577ffa53b84f562fc C:\Windows\System32\NLSData001b.dll
MD5: 8ea11b7df3200d72d10fb7d33f750ef4 C:\Windows\System32\NLSLexicons0010.dll
MD5: 1ab5b6ec4981d49a0d04dee0e1085bec C:\Windows\System32\NLSLexicons0013.dll
MD5: a4308d8e2b90c3365b124ad2448ed1a2 C:\Windows\System32\NLSLexicons0018.dll
MD5: 88dea9bb0501708383a45b16173e3f95 C:\Windows\System32\NLSLexicons001b.dll
MD5: d378bffb70923139d6a4f546864aa61c C:\Windows\System32\notepad.exe
MD5: 16707ec5fd029a4415b138796f0981ce c:\windows\system32\nrpsrv.DLL
MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll
MD5: 3bbf9937cc8c58e8b418b01bddb8d43b C:\Windows\SYSTEM32\ntdll.dll
MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\system32\ole32.dll
MD5: 06333b8d05d4f3a2af25eb14fc0a1dff C:\Windows\system32\OLEAUT32.dll
MD5: 43b18040c01f0a03ebff6acc3d72fd8a C:\Windows\system32\pcadm.dll
MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\Windows\system32\perftrack.dll
MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\Windows\system32\pku2u.DLL
MD5: 2862a3819bbc9757dd27bac41a4e0a3e C:\Windows\System32\pnidui.dll
MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll
MD5: dda6cfd632dcb8d9c72ada58799bf776 C:\Windows\System32\PrintIsolationProxy.dll
MD5: 7ffd52d73352806969d424ef327d10a7 C:\Windows\system32\radardt.dll
MD5: 75dd1448b57d1f9382a8b59ed8e3790b C:\Windows\System32\raschap.dll
MD5: 98963bd29723a373009b017e87be9ce8 C:\Windows\system32\rasppp.dll
MD5: b5c452baf3a3914ef87628252ea12feb C:\Windows\system32\rastapi.DLL
MD5: 03a5934b959000fa24c18c8101b13980 C:\Windows\system32\rdpcorekmts.dll
MD5: 2ce5cf6a92ccece11e83a062ff93235f C:\Windows\system32\rdpwsx.DLL
MD5: 4739f795bec2f1170b7b7d671e28e0a2 C:\Windows\system32\REGAPI.dll
MD5: 9015ee5171bcb15653da27024bd27128 C:\Windows\system32\RESUTILS.DLL
MD5: 4bef53964dc519550ee030253fc1e25e C:\Windows\system32\SAMSRV.dll
MD5: 26073302daea83cc5b944c546d6b47d2 C:\Windows\system32\scecli.DLL
MD5: 1c9cdbdf895a556e66aebfd93a36b536 C:\Windows\system32\SCESRV.dll
MD5: 3369d021265e369d57317d61fa86dd79 C:\Windows\system32\scext.dll
MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\Windows\system32\schannel.DLL
MD5: df1e5c82e4d09cf8105cc644980c4803 c:\windows\system32\schedsvc.dll
MD5: 8a674f9ab20b4937357bf6f5a0938ebf C:\Windows\System32\SearchFilterHost.exe
MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe
MD5: 16742790895960690237a5143cedec8b C:\Windows\System32\smss.exe
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll
MD5: 192f7774290df6a0054582a6b685d43b C:\Windows\system32\spool\PRTPROCS\W32X86\TPWinPrn.dll
MD5: dbd10464e7246c9e722025debc093d01 C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll
MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\Windows\System32\SPOOLSS.DLL
MD5: d1bb750eb51694de183e08b9c33be5b2 C:\Windows\System32\spoolsv.exe
MD5: 4c287f9069fedbd791178876ee9de536 C:\Windows\system32\sppsvc.exe
MD5: 8f6bf790d3168224c16f2af68a84438c c:\windows\system32\srvsvc.dll
MD5: 2f94e3709f029512a1bd8f6c108d7b62 C:\Windows\system32\SSCORE.DLL
MD5: 54c5eb1fd11027fb23bc4f79146ce159 C:\Windows\system32\SspiSrv.dll
MD5: 0bf669f0a910beda4a32258d363af2a5 C:\Windows\system32\storsvc.dll
MD5: 8d908f346eedd752005a32787a6dcafa C:\Windows\System32\StructuredQuery.dll
MD5: 364455805e64882844ee9acb72522830 C:\Windows\system32\sxssrv.DLL
MD5: 8c7fe6b9559204765849bff308764fa5 C:\Windows\System32\SyncCenter.dll
MD5: c4407c16cf0f8cc1569b043636a3be25 C:\Windows\system32\SynCOM.dll
MD5: 206ae947e65b4ab79f313da91b410307 C:\Windows\system32\SynTPAPI.dll
MD5: 04105c8da62353589c29bdaeb8d88bd8 c:\windows\system32\sysmain.dll
MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\Windows\system32\SYSNTFY.dll
MD5: 25819a6361f10c30905b5d0fdb8dca42 C:\Windows\system32\t2embed.dll
MD5: ef8808fea65723214d79734bdb79ebf6 C:\Windows\system32\taskcomp.dll
MD5: 21012407e8c74aa72bbb485b0fc197fe C:\Windows\system32\taskschd.dll
MD5: eafc149cd3bd78c443e31bb157841197 C:\Windows\system32\tbs.dll
MD5: b390c1d825c7687493bede237c6c2f25 C:\Windows\System32\tcpmon.dll
MD5: ec8f27f8264a42e11e85c670458b25dc C:\Windows\system32\tlscsp.dll
MD5: dd6c8725ade267cbf23dd03003e14522 C:\Windows\System32\TPVMMon.dll
MD5: 2fc78bdfdbe3d2307f262a2bd7f25a95 C:\Windows\System32\TPVMW32.dll
MD5: a739793f1a4f04b66e2444e90ae9e694 C:\Windows\system32\tspkg.DLL
MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\Windows\system32\UBPM.dll
MD5: 91da0906b27adc98b7cc9d17f6f8227c C:\Windows\system32\umb.dll
MD5: f45330f0364bc8223ef835ea5e3ebb8e C:\Windows\system32\unimdm.tsp
MD5: e675de8cf57d8814218733b3dae896d7 C:\Windows\system32\uniplat.dll
MD5: ca4d146eac05ec4ba5fc4936f3369627 C:\Windows\system32\urlmon.dll
MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\Windows\System32\usbmon.dll
MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\Windows\system32\UXINIT.dll
MD5: 509b666bf56d469c641df55652c76168 C:\Windows\system32\vbscript.dll
MD5: 582c191f861d18b8c937fb9859b80e9c C:\Windows\system32\vpnike.dll
MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\Windows\system32\wbem\esscli.dll
MD5: f148865e4ac4f715e322ea06e6e21d84 C:\Windows\system32\wbem\ncprov.dll
MD5: 371e3b05894549113d07cd3081ed55ef C:\Windows\system32\wbem\repdrvfs.dll
MD5: 801211dcfd6414ffa48bca661a76c6fa C:\Windows\system32\wbem\wbemcore.dll
MD5: b350509b6c9296529bc464c60feeaef1 C:\Windows\system32\wbem\wbemess.dll
MD5: 0e7441be4d8c31c7f94d4e09af8339c8 C:\Windows\system32\wbem\wmidcprv.dll
MD5: b8f4a6990a6295159792b4ad189d460d C:\Windows\system32\wbem\wmiprvsd.dll
MD5: 7790b77fe1e5ee47dcc66247095bb4c9 C:\Windows\system32\wbengine.exe
MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\Windows\System32\wcncsvc.dll
MD5: 23d5ae191d918bb82fd8027e1ba869d4 C:\Windows\system32\wdiasqmmodule.dll
MD5: 177df28315bf4300ecb5cbeeee961292 c:\windows\system32\webcheck.dll
MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\Windows\System32\webclnt.dll
MD5: 4fb96aacf2f05c7357546becd7678863 c:\windows\system32\webio.dll
MD5: 4262220b609ad082ce66914172597a96 C:\Windows\System32\webservices.dll
MD5: 9a6dedbe309aa0ce2c31ee6799b38e4f C:\Windows\System32\werconcpl.dll
MD5: 2873dfe622f4a3929d93f7bc85ade13e c:\windows\system32\wevtsvc.dll
MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\Windows\system32\wfapigp.dll
MD5: e0fe1259d88a89493098d9269144fd5f C:\Windows\system32\wiarpc.dll
MD5: 2f998e1fca7749e836fdfafe88de9237 C:\Windows\System32\win32spl.dll
MD5: cc9bbcfc715fbedf7ae476106fe653e9 c:\windows\system32\WINHTTP.dll
MD5: 27cdaf355cce3762c7f13719e814418b C:\Windows\system32\WININET.dll
MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe
MD5: 37cdb7e72eb66ba85a87cbe37e7f03fd C:\Windows\System32\winlogon.exe
MD5: 827e4f75901ca3f990b1487d3301841e C:\Windows\system32\winsrv.DLL
MD5: 6f44f5c0bc6b210fe5f5a1c8d899ad0a C:\Windows\System32\wlanext.exe
MD5: 81e1423a5d3f0f350307b537d33599fc c:\windows\system32\WLANMSM.DLL
MD5: 20c06a50dfc097e134bc6fa8444ca9bc c:\windows\system32\WLANSEC.dll
MD5: 749f9795f01c35eebe100a87d82b9681 c:\windows\system32\wlgpclnt.dll
MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\Windows\system32\wls0wndh.dll
MD5: d412b1b72c5ab020218e9a047d90ca05 C:\Windows\system32\WMsgAPI.dll
MD5: 374b26395852a9092bde2e4c8d4d0c8d C:\Windows\System32\WSCAPI.dll
MD5: a661a76333057b383a06e65f0073222f c:\windows\system32\wscsvc.dll
MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl
MD5: 206eccf79765e9f3fc6cca04114ee058 C:\Windows\System32\wsdapi.dll
MD5: a8eb761de499242becf153b2b34f020e C:\Windows\System32\WSDMon.dll
MD5: 596371a825c6abb55e436b6f0966a24f C:\Windows\System32\wsnmp32.dll
MD5: dd4400813589985677a363f8a589cd02 C:\Windows\system32\wuapi.dll
MD5: b0da80ff42a0819d162a86612896aaf2 C:\Windows\System32\wuauclt.exe
MD5: a33408cc036f9c08142b11be5e93f0a1 c:\windows\system32\wuaueng.dll
MD5: f6ad68cc45f5630a01ac4178cef10384 C:\Windows\system32\wucltux.dll
MD5: 688975cea9add749e339168a2841205a c:\windows\system32\WUDFPlatform.dll
MD5: 2b3d64e795f6080e02cfcd9b8553ae2f C:\Windows\system32\wups2.dll
MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 1.09 KB recvd
Scanned 915 files and modules - 46 seconds

==============================================================================

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:10 PM

Posted 25 June 2011 - 06:58 PM

Hmmm, it seems we're not entirely through here.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Reglock::
[HKEY_USERS\S-1-5-21-2372759665-3554196744-2073636386-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how your computer is running now.

----------

Please download maxhandle.exe by noahdfear to your desktop
  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
Please post the results for my review

#7 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2011 - 09:30 PM

My computer seems to be running smoothly. No abnormally slow connection or redirecting. Then again, it was running the same way earlier today and ESET still showed that something was wrong.

Here's the ComboFix log:

ComboFix 11-06-25.05 - Administrator 06/25/2011 21:52:46.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2037.1419 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Forefront Client Security *Enabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 02:04 . 2011-06-26 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-25 23:44 . 2011-06-25 23:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\QuickScan
2011-06-25 19:15 . 2011-06-26 02:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-25 18:55 . 2011-06-15 08:56 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-06-25 18:55 . 2011-06-15 08:56 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-06-25 18:42 . 2011-06-25 18:42 -------- d-----w- c:\program files\Common Files\Java
2011-06-25 18:42 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-25 18:42 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-25 18:42 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-25 18:42 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-25 18:42 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-25 18:42 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-25 18:42 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-25 18:42 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-25 18:40 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-25 18:40 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-25 18:40 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-13 23:25 . 2011-06-13 23:25 -------- d-----w- c:\program files\ESET
2011-06-13 23:24 . 2011-06-25 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 23:01 . 2011-06-11 23:01 -------- d-----w- c:\users\Administrator\AppData\Local\Secunia PSI
2011-06-06 04:17 . 2011-02-26 05:51 2614784 ----a-w- c:\windows\explorer.exe
2011-06-06 04:17 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\system32\config\systemprofile\explorer.bak
2011-06-06 02:36 . 2011-06-06 02:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\ParetoLogic
2011-06-06 02:36 . 2011-06-06 02:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\DriverCure
2011-06-06 02:35 . 2011-06-06 02:35 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-06-06 02:35 . 2011-06-06 02:35 -------- d-----w- c:\programdata\ParetoLogic
2011-06-06 02:34 . 2011-06-06 02:34 5221608 ----a-w- C:\ParetoLogic PC Health Advisor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 18:41 . 2010-05-05 13:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 13:11 . 2010-09-09 20:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-09-09 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 23:11 . 2011-04-23 23:11 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-22 19:36 . 2011-05-24 17:13 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-10 22:59 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-10 22:59 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 18:51 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2009-10-22 141872]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2009-10-22 1079856]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-12 278528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-23 8546848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-23 1680680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB284842.exe"="c:\windows\system32\config\systemprofile\AppData\Roaming\KB284842.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\users\Administrator\Desktop\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 06:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
R1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\Drivers\vmdebug.sys [2009-10-22 23088]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\vmtoolsd.exe [2009-10-22 72240]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-03-23 150560]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [2009-10-22 255304]
R3 TPVCGateway;TP VC Gateway Service;c:\program files\VMware\VMware Tools\TPVCGateway.exe [2009-10-22 365856]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2009-10-22 70704]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2009-10-22 61488]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2009-10-22 11440]
R3 vmscsi;vmscsi;c:\windows\system32\DRIVERS\vmscsi.sys [2010-02-11 17968]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S1 vmhgfs;vmhgfs;c:\windows\system32\DRIVERS\vmhgfs.sys [2009-10-22 128432]
S1 vmrawdsk;VMware Vista Physical Disk Helper;c:\program files\VMware\VMware Tools\vmrawdsk.sys [2009-10-22 36144]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2010-03-23 87968]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\users\Administrator\Desktop\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\users\Administrator\Desktop\PSI\sua.exe [2011-04-19 399416]
S2 VMMEMCTL;Memory Control Driver;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [2009-10-22 14384]
S2 VMUpgradeHelper;VMware Upgrade Helper;c:\program files\VMware\VMware Tools\VMUpgradeHelper.exe [2009-10-22 191024]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-05-12 42672]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\users\Administrator\Desktop\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\PC Health Advisor.job
- c:\users\Administrator\Desktop\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\46x1hy16.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2011-06-25 22:11:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-26 02:11
ComboFix2.txt 2011-06-25 19:23
.
Pre-Run: 141,641,650,176 bytes free
Post-Run: 141,588,688,896 bytes free
.
- - End Of File - - 98CF5AF08837935C42619E8152036E85


And no log was produced by maxhandle.exe

Also, I disabled Microsoft Forefront Client Security, which included turning off real-time protection, and I even uninstalled it, but ComboFix still reported that I had it enabled.

Edited by qwertyui, 25 June 2011 - 09:32 PM.


#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:10 PM

Posted 25 June 2011 - 09:45 PM

Also, I disabled Microsoft Forefront Client Security, which included turning off real-time protection, and I even uninstalled it, but ComboFix still reported that I had it enabled.

This should take care of it :wink: :

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

SecCenter::
AV: Microsoft Forefront Client Security *Enabled/Outdated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Outdated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Please include the newly created C:\ComboFix.txt in your next reply. :)

--------

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

C\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://www.virustotal.com,

--------

Please include the online file scan results and the C:\ComboFix.txt in your next reply, and let me know how your computer is running now. :)

#9 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 June 2011 - 10:50 PM

I appreciate the quick replies!

Here's the ComboFix log:

ComboFix 11-06-25.05 - Administrator 06/25/2011 23:11:04.3.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2037.1347 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 03:20 . 2011-06-26 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-26 02:16 . 2011-01-17 14:50 333176 ----a-w- c:\windows\Listdlls.exe
2011-06-26 02:16 . 2011-05-17 16:48 423288 ----a-w- c:\windows\handle.exe
2011-06-25 23:44 . 2011-06-25 23:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\QuickScan
2011-06-25 19:15 . 2011-06-26 03:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-25 18:55 . 2011-06-15 08:56 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-06-25 18:55 . 2011-06-15 08:56 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-06-25 18:42 . 2011-06-25 18:42 -------- d-----w- c:\program files\Common Files\Java
2011-06-25 18:42 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-25 18:42 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-25 18:42 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-25 18:42 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-25 18:42 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-25 18:42 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-25 18:42 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-25 18:42 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-25 18:40 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-25 18:40 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-25 18:40 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-13 23:25 . 2011-06-13 23:25 -------- d-----w- c:\program files\ESET
2011-06-13 23:24 . 2011-06-25 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 23:01 . 2011-06-11 23:01 -------- d-----w- c:\users\Administrator\AppData\Local\Secunia PSI
2011-06-06 04:17 . 2011-02-26 05:51 2614784 ----a-w- c:\windows\explorer.exe
2011-06-06 04:17 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\system32\config\systemprofile\explorer.bak
2011-06-06 02:36 . 2011-06-06 02:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\ParetoLogic
2011-06-06 02:36 . 2011-06-06 02:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\DriverCure
2011-06-06 02:35 . 2011-06-06 02:35 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-06-06 02:35 . 2011-06-06 02:35 -------- d-----w- c:\programdata\ParetoLogic
2011-06-06 02:34 . 2011-06-06 02:34 5221608 ----a-w- C:\ParetoLogic PC Health Advisor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 18:41 . 2010-05-05 13:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-29 13:11 . 2010-09-09 20:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-09-09 20:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 23:11 . 2011-04-23 23:11 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-22 19:36 . 2011-05-24 17:13 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:13 . 2011-05-10 22:59 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-10 22:59 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 18:51 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2009-10-22 141872]
"VMware User Process"="c:\program files\VMware\VMware Tools\VMwareUser.exe" [2009-10-22 1079856]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-12 278528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-23 8546848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-23 1680680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB284842.exe"="c:\windows\system32\config\systemprofile\AppData\Roaming\KB284842.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\users\Administrator\Desktop\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 06:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
R1 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\Drivers\vmdebug.sys [2009-10-22 23088]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 VMTools;VMware Tools Service;c:\program files\VMware\VMware Tools\vmtoolsd.exe [2009-10-22 72240]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-03-23 150560]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [2009-10-22 255304]
R3 TPVCGateway;TP VC Gateway Service;c:\program files\VMware\VMware Tools\TPVCGateway.exe [2009-10-22 365856]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2009-10-22 70704]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2009-10-22 61488]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2009-10-22 11440]
R3 vmscsi;vmscsi;c:\windows\system32\DRIVERS\vmscsi.sys [2010-02-11 17968]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S1 vmhgfs;vmhgfs;c:\windows\system32\DRIVERS\vmhgfs.sys [2009-10-22 128432]
S1 vmrawdsk;VMware Vista Physical Disk Helper;c:\program files\VMware\VMware Tools\vmrawdsk.sys [2009-10-22 36144]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2010-03-23 87968]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\users\Administrator\Desktop\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\users\Administrator\Desktop\PSI\sua.exe [2011-04-19 399416]
S2 VMMEMCTL;Memory Control Driver;c:\program files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys [2009-10-22 14384]
S2 VMUpgradeHelper;VMware Upgrade Helper;c:\program files\VMware\VMware Tools\VMUpgradeHelper.exe [2009-10-22 191024]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-05-12 42672]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\users\Administrator\Desktop\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-06-06 c:\windows\Tasks\PC Health Advisor.job
- c:\users\Administrator\Desktop\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\46x1hy16.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-06-25 23:27:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-26 03:27
ComboFix2.txt 2011-06-26 02:11
ComboFix3.txt 2011-06-25 19:23
.
Pre-Run: 141,651,337,216 bytes free
Post-Run: 141,585,043,456 bytes free
.
- - End Of File - - 7BB1A46614F898D2C5220CA1C721B664


And the online scans:

Filename: svchost.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 24 Jun 2011 17:57:08 (CET)

Filename: explorer.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 26 Jun 2011 05:36:30 (CET) Permalink

Filename: iexplore.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 26 Jun 2011 05:39:01 (CET) Permalink

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:10 PM

Posted 25 June 2011 - 11:00 PM

ComboFix took care of Microsoft Forefront. :D

I appreciate the quick replies!

No problem! :)

There's still just a few things that concern me. Let's see if we can take care of them with these instructions :wink: :

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

c:\windows\system32\config\systemprofile\explorer.bak

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://www.virustotal.com,

---------

Let's download and run TDSSKiller one more time:

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


---------

Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

---------
In your next reply, please include:
  • Online file scan log
  • TDSSKiller log
  • aswMBR log and MBR.dat Zip file

How is your computer running now? :)

#11 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 June 2011 - 12:05 PM

Hey there,

Here's the online scan results:

Filename: explorer.bak
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 26 Jun 2011 18:45:55 (CET) Permalink


Here's the TDSSKiller report:

2011/06/26 12:49:26.0427 0488 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/26 12:49:26.0786 0488 ================================================================================
2011/06/26 12:49:26.0786 0488 SystemInfo:
2011/06/26 12:49:26.0786 0488
2011/06/26 12:49:26.0786 0488 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/26 12:49:26.0786 0488 Product type: Workstation
2011/06/26 12:49:26.0786 0488 ComputerName: ERKINAZ
2011/06/26 12:49:26.0786 0488 UserName: Administrator
2011/06/26 12:49:26.0786 0488 Windows directory: C:\Windows
2011/06/26 12:49:26.0786 0488 System windows directory: C:\Windows
2011/06/26 12:49:26.0786 0488 Processor architecture: Intel x86
2011/06/26 12:49:26.0786 0488 Number of processors: 2
2011/06/26 12:49:26.0786 0488 Page size: 0x1000
2011/06/26 12:49:26.0786 0488 Boot type: Normal boot
2011/06/26 12:49:26.0786 0488 ================================================================================
2011/06/26 12:49:28.0440 0488 Initialize success
2011/06/26 12:49:32.0823 1152 ================================================================================
2011/06/26 12:49:32.0839 1152 Scan started
2011/06/26 12:49:32.0839 1152 Mode: Manual;
2011/06/26 12:49:32.0839 1152 ================================================================================
2011/06/26 12:49:33.0713 1152 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/26 12:49:33.0822 1152 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
2011/06/26 12:49:34.0009 1152 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/26 12:49:34.0118 1152 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/26 12:49:34.0305 1152 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/26 12:49:34.0493 1152 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/26 12:49:34.0571 1152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/26 12:49:34.0851 1152 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/06/26 12:49:34.0945 1152 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/26 12:49:35.0101 1152 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/26 12:49:35.0304 1152 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/26 12:49:35.0397 1152 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/26 12:49:35.0553 1152 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/26 12:49:35.0647 1152 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/26 12:49:35.0803 1152 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/26 12:49:35.0975 1152 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/06/26 12:49:36.0099 1152 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/26 12:49:36.0240 1152 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/06/26 12:49:36.0349 1152 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/26 12:49:36.0536 1152 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/26 12:49:36.0786 1152 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/26 12:49:36.0895 1152 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/26 12:49:37.0145 1152 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/26 12:49:37.0269 1152 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/26 12:49:37.0519 1152 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/26 12:49:37.0706 1152 b57nd60x (958438198ed140c6eb6348cf8a35b36c) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/26 12:49:37.0909 1152 BCM43XX (df1835935b312efcaa5ebfd1a5ce6711) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/06/26 12:49:38.0221 1152 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/26 12:49:38.0330 1152 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/26 12:49:38.0439 1152 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/26 12:49:38.0595 1152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/26 12:49:38.0642 1152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/26 12:49:38.0845 1152 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/26 12:49:38.0907 1152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/26 12:49:39.0048 1152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/26 12:49:39.0126 1152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/26 12:49:39.0219 1152 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/26 12:49:39.0438 1152 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/26 12:49:39.0563 1152 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/26 12:49:39.0719 1152 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/26 12:49:39.0843 1152 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/26 12:49:40.0046 1152 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/26 12:49:40.0140 1152 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/26 12:49:40.0233 1152 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/26 12:49:40.0389 1152 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/26 12:49:40.0499 1152 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/26 12:49:40.0701 1152 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/26 12:49:40.0920 1152 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/26 12:49:41.0123 1152 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/06/26 12:49:41.0294 1152 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/26 12:49:41.0481 1152 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/26 12:49:41.0653 1152 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/26 12:49:41.0825 1152 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/26 12:49:42.0027 1152 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/26 12:49:42.0246 1152 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/26 12:49:42.0605 1152 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/26 12:49:42.0761 1152 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/26 12:49:42.0932 1152 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/26 12:49:42.0979 1152 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/26 12:49:43.0135 1152 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/26 12:49:43.0244 1152 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/26 12:49:43.0291 1152 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/26 12:49:43.0385 1152 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/26 12:49:43.0509 1152 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/26 12:49:43.0603 1152 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/26 12:49:43.0665 1152 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/26 12:49:43.0759 1152 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/26 12:49:43.0899 1152 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/26 12:49:43.0993 1152 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/26 12:49:44.0133 1152 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/26 12:49:44.0211 1152 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/26 12:49:44.0289 1152 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/26 12:49:44.0430 1152 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/26 12:49:44.0523 1152 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/26 12:49:44.0648 1152 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/26 12:49:44.0804 1152 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/26 12:49:44.0960 1152 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/26 12:49:45.0116 1152 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/26 12:49:45.0241 1152 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/26 12:49:45.0444 1152 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/26 12:49:45.0615 1152 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/06/26 12:49:45.0896 1152 igfx (1008c685871f5d108cc8900d6c6a5708) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/26 12:49:46.0239 1152 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/26 12:49:46.0505 1152 IntcAzAudAddService (2a4eb3167a071a67d3f56e94663544ec) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/26 12:49:46.0676 1152 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/26 12:49:46.0801 1152 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/26 12:49:47.0019 1152 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/26 12:49:47.0129 1152 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/26 12:49:47.0285 1152 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/26 12:49:47.0378 1152 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/26 12:49:47.0550 1152 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/26 12:49:47.0659 1152 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/26 12:49:47.0815 1152 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/26 12:49:47.0909 1152 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/26 12:49:48.0033 1152 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/26 12:49:48.0236 1152 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/26 12:49:48.0486 1152 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/26 12:49:48.0782 1152 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/26 12:49:48.0876 1152 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/26 12:49:49.0001 1152 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/26 12:49:49.0110 1152 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/26 12:49:49.0266 1152 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/26 12:49:49.0484 1152 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/26 12:49:49.0625 1152 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/26 12:49:49.0765 1152 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/26 12:49:49.0890 1152 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/26 12:49:50.0015 1152 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/26 12:49:50.0171 1152 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/26 12:49:50.0280 1152 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/26 12:49:50.0514 1152 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/26 12:49:50.0685 1152 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/26 12:49:50.0841 1152 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/26 12:49:50.0935 1152 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/26 12:49:51.0091 1152 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/26 12:49:51.0185 1152 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/26 12:49:51.0278 1152 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/26 12:49:51.0434 1152 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/26 12:49:51.0699 1152 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/26 12:49:51.0762 1152 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/26 12:49:51.0887 1152 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/26 12:49:52.0136 1152 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/26 12:49:52.0183 1152 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/26 12:49:52.0261 1152 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/26 12:49:52.0323 1152 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/26 12:49:52.0417 1152 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/26 12:49:52.0573 1152 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/26 12:49:52.0651 1152 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/26 12:49:52.0807 1152 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/26 12:49:53.0025 1152 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/26 12:49:53.0135 1152 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/26 12:49:53.0322 1152 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/26 12:49:53.0384 1152 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/26 12:49:53.0571 1152 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/26 12:49:53.0649 1152 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/26 12:49:53.0712 1152 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/26 12:49:53.0805 1152 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/26 12:49:53.0883 1152 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/26 12:49:54.0117 1152 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/26 12:49:54.0258 1152 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/26 12:49:54.0414 1152 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/26 12:49:54.0585 1152 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/06/26 12:49:54.0773 1152 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/26 12:49:54.0897 1152 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/06/26 12:49:55.0069 1152 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/06/26 12:49:55.0163 1152 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/26 12:49:55.0256 1152 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/26 12:49:55.0631 1152 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/26 12:49:55.0709 1152 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/26 12:49:55.0865 1152 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/26 12:49:55.0974 1152 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/26 12:49:56.0067 1152 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/26 12:49:56.0223 1152 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/26 12:49:56.0348 1152 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/26 12:49:56.0535 1152 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/26 12:49:57.0066 1152 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/26 12:49:57.0159 1152 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/26 12:49:57.0393 1152 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/26 12:49:57.0581 1152 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/26 12:49:57.0721 1152 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/26 12:49:57.0924 1152 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/26 12:49:58.0033 1152 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/26 12:49:58.0158 1152 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/26 12:49:58.0267 1152 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/26 12:49:58.0392 1152 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/26 12:49:58.0501 1152 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/26 12:49:58.0610 1152 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/26 12:49:58.0688 1152 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/26 12:49:58.0766 1152 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/26 12:49:58.0844 1152 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/26 12:49:58.0985 1152 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/26 12:49:59.0078 1152 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/26 12:49:59.0187 1152 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/26 12:49:59.0281 1152 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/26 12:49:59.0375 1152 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/26 12:49:59.0640 1152 RSPCIESTOR (a606d8730c6aed4ab8ebf22df6efa618) C:\Windows\system32\DRIVERS\RtsPStor.sys
2011/06/26 12:49:59.0811 1152 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/26 12:49:59.0905 1152 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/26 12:50:00.0108 1152 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/26 12:50:00.0248 1152 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/26 12:50:00.0513 1152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/26 12:50:00.0779 1152 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/26 12:50:00.0857 1152 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/26 12:50:00.0950 1152 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/26 12:50:01.0184 1152 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/26 12:50:01.0247 1152 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/26 12:50:01.0403 1152 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/26 12:50:01.0465 1152 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/26 12:50:01.0637 1152 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/26 12:50:01.0746 1152 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/26 12:50:01.0839 1152 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/26 12:50:01.0995 1152 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/26 12:50:02.0151 1152 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/26 12:50:02.0385 1152 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/06/26 12:50:02.0495 1152 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/26 12:50:02.0573 1152 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/26 12:50:02.0744 1152 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/26 12:50:02.0869 1152 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/26 12:50:02.0994 1152 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/26 12:50:03.0087 1152 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/26 12:50:03.0243 1152 SynTP (e38b97bd4e1c823ff35773ffea42496c) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/26 12:50:03.0477 1152 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/06/26 12:50:03.0711 1152 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/26 12:50:03.0899 1152 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/26 12:50:03.0992 1152 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/26 12:50:04.0086 1152 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/26 12:50:04.0148 1152 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/26 12:50:04.0242 1152 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/26 12:50:04.0538 1152 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/26 12:50:04.0616 1152 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/26 12:50:04.0679 1152 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/26 12:50:04.0835 1152 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/26 12:50:04.0991 1152 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/26 12:50:05.0178 1152 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/26 12:50:05.0271 1152 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/26 12:50:05.0505 1152 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/26 12:50:05.0615 1152 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/26 12:50:05.0802 1152 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
2011/06/26 12:50:05.0911 1152 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/26 12:50:06.0067 1152 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2011/06/26 12:50:06.0145 1152 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/26 12:50:06.0301 1152 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/26 12:50:06.0395 1152 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/06/26 12:50:06.0551 1152 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/26 12:50:06.0691 1152 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/26 12:50:06.0863 1152 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/26 12:50:06.0956 1152 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/26 12:50:07.0065 1152 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/26 12:50:07.0253 1152 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/26 12:50:07.0549 1152 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/26 12:50:07.0674 1152 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/26 12:50:07.0830 1152 vm3dmp (e2d93ecd5a0f3bfba99d023074c73f6a) C:\Windows\system32\DRIVERS\vm3dmp.sys
2011/06/26 12:50:07.0939 1152 VMAUDIO (98e6cc4d5a21db9626a6b738c4f313a5) C:\Windows\system32\drivers\vmaudio.sys
2011/06/26 12:50:08.0079 1152 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/26 12:50:08.0189 1152 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/26 12:50:08.0329 1152 vmci (c2f196b0b0f80ed121fd9146eba2587e) C:\Windows\system32\DRIVERS\vmci.sys
2011/06/26 12:50:08.0438 1152 vmdebug (59909ed99e2d137937c0f93b2201e433) C:\Windows\system32\Drivers\vmdebug.sys
2011/06/26 12:50:08.0625 1152 vmhgfs (16f9f586e12c98bbb52f1257c85cc8e0) C:\Windows\system32\DRIVERS\vmhgfs.sys
2011/06/26 12:50:08.0735 1152 VMMEMCTL (04911e98a5c312fbc55cec9ea4f62423) C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
2011/06/26 12:50:08.0906 1152 vmmouse (17cd671136032e3a202b4a9c6c4c9dba) C:\Windows\system32\DRIVERS\vmmouse.sys
2011/06/26 12:50:09.0047 1152 vmrawdsk (26a4a3f5f239a0696b189b555c84295e) C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
2011/06/26 12:50:09.0218 1152 vmscsi (19754658f7958e31f00f0227f87daf1d) C:\Windows\system32\DRIVERS\vmscsi.sys
2011/06/26 12:50:09.0359 1152 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/26 12:50:09.0530 1152 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/26 12:50:09.0671 1152 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/26 12:50:09.0811 1152 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/26 12:50:09.0967 1152 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/26 12:50:10.0076 1152 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/26 12:50:10.0263 1152 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/26 12:50:10.0388 1152 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 12:50:10.0451 1152 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 12:50:10.0716 1152 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/26 12:50:10.0872 1152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/26 12:50:11.0246 1152 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/26 12:50:11.0309 1152 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/26 12:50:11.0652 1152 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/26 12:50:11.0777 1152 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/26 12:50:12.0089 1152 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/26 12:50:12.0401 1152 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/26 12:50:12.0713 1152 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/26 12:50:12.0978 1152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/26 12:50:13.0025 1152 ================================================================================
2011/06/26 12:50:13.0025 1152 Scan finished
2011/06/26 12:50:13.0025 1152 ================================================================================
2011/06/26 12:50:13.0087 2100 Detected object count: 0
2011/06/26 12:50:13.0087 2100 Actual detected object count: 0


Here's the aswMBR log:

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-26 12:55:49
-----------------------------
12:55:49.486 OS Version: Windows 6.1.7600
12:55:49.486 Number of processors: 2 586 0x1C0A
12:55:49.486 ComputerName: ERKINAZ UserName:
12:55:50.328 Initialize success
12:55:55.554 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:55:55.570 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
12:55:55.632 Disk 0 MBR read successfully
12:55:55.648 Disk 0 MBR scan
12:55:55.679 Disk 0 Windows 7 default MBR code
12:55:55.710 Disk 0 scanning sectors +312578048
12:55:55.757 Disk 0 scanning C:\Windows\system32\drivers
12:56:01.685 Service scanning
12:56:02.855 Disk 0 trace - called modules:
12:56:02.902 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
12:56:02.933 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871f93e8]
12:56:02.949 3 CLASSPNP.SYS[88fb659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85728028]
12:56:02.980 Scan finished successfully
12:56:16.599 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
12:56:16.614 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

When I ran aswMBR, it asked me if I wanted to install Avast. I clicked No. Is that okay?

And I've attached MBR.zip

Attached Files

  • Attached File  MBR.zip   545bytes   1 downloads


#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:10 PM

Posted 26 June 2011 - 01:12 PM

Your logs appear to be clean. :wink:

Let's run a few online scans to confirm:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

---------

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

---------

Please include both the ESET and BitDefender reports in your next reply. :)

Also, how is your computer running now?

Edited by D-FRED-BROWN, 26 June 2011 - 01:12 PM.


#13 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 June 2011 - 03:44 PM

Thanks so much! Everything seems to be good. I'm a bit confused, though. So my computer isn't a zombie anymore? Is it completely back to normal?

Here's the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=0493dbcfaeb9184f8372aea0cf75c763
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-26 08:30:28
# local_time=2011-06-26 04:30:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 66 94 42286022 60659841 0 0
# compatibility_mode=8192 67108863 100 0 1021126 1021126 0 0
# scanned=81725
# found=0
# cleaned=0
# scan_time=5178


Here's the BitDefender report:

QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Sun Jun 26 16:37:30 2011
Machine ID: 9C6B4465



No infection found.
-------------------



Processes
---------
(verified) APO Access Service (32-bit) 1692 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(verified) Firefox 904 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 888 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) Intel® Common User Interface 1492 C:\Windows\System32\hkcmd.exe
(verified) Intel® Common User Interface 1480 C:\Windows\System32\igfxpers.exe
(verified) Intel® Common User Interface 2212 C:\Windows\System32\igfxsrvc.exe
(verified) Intel® Common User Interface 1484 C:\Windows\System32\igfxtray.exe
(verified) Java™ Platform SE Auto Updater 2 0 2052 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft® Visual Studio .NET 1756 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(verified) Microsoft® Windows® Operating System 1808 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 1316 C:\Windows\System32\conhost.exe
(verified) Microsoft® Windows® Operating System 416 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 464 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 1768 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 556 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 568 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 3860 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 512 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 288 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1424 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 952 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1100 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1228 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1452 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 688 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2012 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 764 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 4044 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 824 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 912 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1624 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 456 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 548 C:\Windows\System32\winlogon.exe
(verified) Microsoft® Windows® Operating System 1308 C:\Windows\System32\wlanext.exe
(verified) Microsoft® Windows® Operating System 924 C:\Windows\System32\wuauclt.exe
(verified) Realtek HD Audio Manager 1512 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(verified) Secunia PSI Agent 1868 C:\Users\Administrator\Desktop\PSI\psia.exe
(verified) Secunia PSI Tray 2080 C:\Users\Administrator\Desktop\PSI\psi_tray.exe
(verified) Secunia Update Agent 3244 C:\Users\Administrator\Desktop\PSI\sua.exe
(verified) Synaptics Pointing Device Driver 748 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Synaptics Pointing Device Driver 2268 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(verified) VMware Tools 412 C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
(verified) Windows® Internet Explorer 2716 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3932 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Search 4024 C:\Windows\System32\SearchFilterHost.exe
(verified) Windows® Search 2944 C:\Windows\System32\SearchIndexer.exe
(verified) Windows® Search 3496 C:\Windows\System32\SearchProtocolHost.exe


Network activity
----------------
Process firefox.exe (904) connected on port 80 (HTTP) --> 72.14.204.101
Process iexplore.exe (2716) connected on port 80 (HTTP) --> 66.235.142.14
Process iexplore.exe (2716) connected on port 80 (HTTP) --> 74.125.226.164
Process iexplore.exe (2716) connected on port 80 (HTTP) --> 69.171.224.41

Process wininit.exe (456) listens on ports: 49152 (RPC)
Process services.exe (512) listens on ports: 49156 (RPC)
Process lsass.exe (556) listens on ports: 49155 (RPC)
Process svchost.exe (764) listens on ports: 135 (RPC)
Process svchost.exe (824) listens on ports: 49153 (RPC)
Process svchost.exe (952) listens on ports: 49154 (RPC)
Process svchost.exe (1228) listens on ports: 3389 (Terminal Server)


Autoruns and critical files
---------------------------
(verified) Alps Pointing-device Driver C:\Program Files\DellTPad\Apoint.exe
(verified) Intel® Common User Interface C:\Windows\System32\hkcmd.exe
(verified) Intel® Common User Interface C:\Windows\system32\igfxdev.dll
(verified) Intel® Common User Interface C:\Windows\System32\igfxpers.exe
(verified) Intel® Common User Interface C:\Windows\System32\igfxtray.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) ParetoLogic Update Application C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
(verified) PC Health Advisor C:\Users\Administrator\Desktop\PCHA\PCHA.exe
(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(verified) Secunia PSI Tray C:\Users\Administrator\Desktop\PSI\psi_tray.exe
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) VMware Tools C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(verified) VMware Tools C:\Program Files\VMware\VMware Tools\VMwareUser.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll


Browser plugins
---------------
(unsigned) Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) downloadUpdater C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
(verified) downloadUpdater2 C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
(verified) Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
(verified) Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
(verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
(verified) Skype Toolbars C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
(verified) VMware Tools C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Scan
----
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 32aaeabff6299834e5d38c3a442ccf36 C:\Windows\system32\mssph.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.02 KB recvd
Scanned 904 files and modules - 5 seconds

==============================================================================

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:10 PM

Posted 26 June 2011 - 03:53 PM

Thanks so much! Everything seems to be good.

You are welcome! :) I am glad to hear things are well.

I'm a bit confused, though. So my computer isn't a zombie anymore? Is it completely back to normal?

Correct. :thumbsup2: Since your logs appear to be clean, let's update some programs to make sure you won't get infected again :wink: :


I see you have User Accounts Control (UAC) disabled.
This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.
I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

--------

Firefox is out of date. Using an outdated version of a web browser leaves you extremley vulnerable to malware![/b]
Please visit Mozilla site and update it to the latest version.

--------

Please let me know how the updates went, as failed updates may indicate additional malware.:)

#15 qwertyui

qwertyui
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 June 2011 - 05:10 PM

The updates were successful. I turned on UAC and I'm now using the latest version of Firefox. Again, thanks for helping me :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users