Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, Strange Event Logs, Possible Google Redirect Virus


  • This topic is locked This topic is locked
37 replies to this topic

#1 Jewel431

Jewel431

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 28 July 2011 - 10:01 PM

I followed the prep guide. I couldn't backup my data. I think that's because I was trying to burn it to DVD. I have posted the Cobian Backup log, just in case.

2011-07-27 17:27 Welcome to Cobian Backup 10. The engine is now started. Engine version: 10.1.1.418. OS: 6.1.7601. Service: No
2011-07-27 17:27 Loading the current list: "C:\Program Files (x86)\Cobian Backup 10\DB\MainList.lst"
2011-07-27 17:27 The safe mirror directory "C:\Users\Julie\AppData\Local\Safe mirror" doesn't exists. Trying to create it...
2011-07-27 17:27 The safe mirror directory "C:\Users\Julie\AppData\Local\Safe mirror" has been successfully created
2011-07-27 17:27 Starting the user interface
2011-07-27 17:27 The user interface has been started
2011-07-27 17:47 Getting version information from the server
2011-07-27 17:47 Your version is up to date
2011-07-27 17:49 The settings have been reloaded
2011-07-27 17:53 The task list has been reloaded: "C:\Program Files (x86)\Cobian Backup 10\DB\MainList.lst"
2011-07-27 17:55 *** A new backup has begun. Number of tasks in queue: 1 ***
2011-07-27 17:55 Preventing the system from entering Sleep mode
2011-07-27 17:55 Applying parameters to the task "Inc Backup"
2011-07-27 17:55 ** Starting backup for the task "Inc Backup" **
2011-07-27 17:55 Calculating the number of files to backup for the task "Inc Backup"
2011-07-27 17:55 If your unpacker cannot handle the zip archives created by Cobian Backup 10, see the FAQ
2011-07-27 17:55 Starting the Volume Shadow Copy snapshot for the drives: C:\
2011-07-27 17:55 The Volume Shadow Copy snapshot set has been created successfully
2011-07-27 17:55 Changing the backup type to full. Reason: task's first backup
2011-07-27 17:55 Creating the destination directory "D:\"
2011-07-27 17:55 The destination directory "D:\" was successfully created
ERR 2011-07-27 17:58 An error occurred when creating or refreshing the archive "D:\C 2011-07-27 17;55;30.zip": Cannot create file "\\?\D:\C 2011-07-27 17;55;30.zip". Incorrect function
2011-07-27 17:58 The history file for "Inc Backup" will not be saved because the result of the backup is empty
2011-07-27 17:58 Deleting the Volume Shadow Copy snapshot "c2bd9eec-75cb-4a81-8bdd-26b000b34550"
2011-07-27 17:58 The Volume Shadow Copy snapshot set has been successfully deleted
2011-07-27 17:58 *** Task "Inc Backup" finished. Processed files: 171005. Backed up files: 0. Errors: 1 ***
2011-07-27 17:58 ** The backup of "Inc Backup" has ended. Elapsed time for the task: 0 hour(s), 3 minute(s), 33 second(s) **
2011-07-27 17:58
2011-07-27 17:58 The system can now enter Sleep mode
2011-07-27 17:58 Total elapsed time for all the backed up tasks: Hours: 0, Minutes: 3, Seconds: 37
2011-07-27 17:58 *** Backup finished. Processed files: 171005. Backed up files: 0. Errors: 1 ***
2011-07-27 17:58 Shutting down the computer...
2011-07-27 18:05 Welcome to Cobian Backup 10. The engine is now started. Engine version: 10.1.1.418. OS: 6.1.7601. Service: No
2011-07-27 18:05 Loading the current list: "C:\Program Files (x86)\Cobian Backup 10\DB\MainList.lst"
2011-07-27 18:05 Starting the user interface
2011-07-27 18:05 The user interface has been started
2011-07-27 18:12 The task list has been reloaded: "C:\Program Files (x86)\Cobian Backup 10\DB\MainList.lst"
2011-07-27 18:12 *** A new backup has begun. Number of tasks in queue: 1 ***
2011-07-27 18:12 Preventing the system from entering Sleep mode
2011-07-27 18:12 Applying parameters to the task "Inc Backup"
2011-07-27 18:12 ** Starting backup for the task "Inc Backup" **
2011-07-27 18:12 Calculating the number of files to backup for the task "Inc Backup"
2011-07-27 18:12 If your unpacker cannot handle the zip archives created by Cobian Backup 10, see the FAQ
2011-07-27 18:12 Starting the Volume Shadow Copy snapshot for the drives: C:\
2011-07-27 18:13 The Volume Shadow Copy snapshot set has been created successfully
2011-07-27 18:13 Changing the backup type to full. Reason: task's first backup
2011-07-27 18:13 Creating the destination directory "D:\"
2011-07-27 18:13 The destination directory "D:\" was successfully created
ERR 2011-07-27 18:16 An error occurred when creating or refreshing the archive "D:\C 2011-07-27 18;13;12.zip": Cannot create file "\\?\D:\C 2011-07-27 18;13;12.zip". Incorrect function
2011-07-27 18:16 The history file for "Inc Backup" will not be saved because the result of the backup is empty
2011-07-27 18:16 Deleting the Volume Shadow Copy snapshot "8552179b-1f25-43d2-b2e4-8a738b1d9a0d"
2011-07-27 18:16 The Volume Shadow Copy snapshot set has been successfully deleted
2011-07-27 18:16 *** Task "Inc Backup" finished. Processed files: 171012. Backed up files: 0. Errors: 1 ***
2011-07-27 18:16 ** The backup of "Inc Backup" has ended. Elapsed time for the task: 0 hour(s), 3 minute(s), 36 second(s) **
2011-07-27 18:16
2011-07-27 18:16 The system can now enter Sleep mode
2011-07-27 18:16 Total elapsed time for all the backed up tasks: Hours: 0, Minutes: 3, Seconds: 39
2011-07-27 18:16 *** Backup finished. Processed files: 171012. Backed up files: 0. Errors: 1 ***
2011-07-27 18:49 *** A new backup has begun. Number of tasks in queue: 1 ***
2011-07-27 18:49 Preventing the system from entering Sleep mode
2011-07-27 18:49 Applying parameters to the task "Inc Backup"
2011-07-27 18:49 ** Starting backup for the task "Inc Backup" **
2011-07-27 18:49 Calculating the number of files to backup for the task "Inc Backup"
2011-07-27 18:49 If your unpacker cannot handle the zip archives created by Cobian Backup 10, see the FAQ
2011-07-27 18:49 Starting the Volume Shadow Copy snapshot for the drives: C:\
2011-07-27 18:49 The Volume Shadow Copy snapshot set has been created successfully
2011-07-27 18:49 Changing the backup type to full. Reason: task's first backup
2011-07-27 18:49 Creating the destination directory "D:\"
2011-07-27 18:49 The destination directory "D:\" was successfully created
2011-07-27 18:50 The backup has been canceled by the user
ERR 2011-07-27 18:50 An error occurred when creating or refreshing the archive "D:\C 2011-07-27 18;49;16.zip": Cannot create file "\\?\D:\C 2011-07-27 18;49;16.zip". Incorrect function
2011-07-27 18:50 Deleting the Volume Shadow Copy snapshot "9ebbe05e-704e-4663-becc-88e86d22533b"
2011-07-27 18:50 The operation has been aborted while waiting for an answer from the Volume Shadow Copy requester
2011-07-27 18:50 *** Task "Inc Backup" finished. Processed files: 30675. Backed up files: 0. Errors: 1 ***
2011-07-27 18:50 ** The backup of "Inc Backup" has ended. Elapsed time for the task: 0 hour(s), 0 minute(s), 59 second(s) **
2011-07-27 18:50
2011-07-27 18:50 The system can now enter Sleep mode
2011-07-27 18:50 Total elapsed time for all the backed up tasks: Hours: 0, Minutes: 1, Seconds: 2
2011-07-27 18:50 *** Backup finished. Processed files: 30675. Backed up files: 0. Errors: 1 ***
2011-07-27 18:50 The engine is now closed. Bye!
2011-07-27 21:03 Welcome to Cobian Backup 10. The engine is now started. Engine version: 10.1.1.418. OS: 6.1.7601. Service: No
2011-07-27 21:03 Loading the current list: "C:\Program Files (x86)\Cobian Backup 10\DB\MainList.lst"
2011-07-27 21:03 Starting the user interface
2011-07-27 21:03 The user interface has been started
2011-07-27 21:04 The engine is now closed. Bye!

I ran Defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:11 on 27/07/2011 (BossLady)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-




Problem Details:

Please refer to my original thread "Not Trusting AV Scan Results. Malware or Damage?".

I know the bleeping Computer Staff are very busy and don't want to be repetitive. So I will try to compress and be more specefic about the details in my original thread.

1. Please Note: These were the original 2 issues but I didn't pay much attention to them until the the intermittent issues occurred.
After program installs, Windows popup message:
"This program may not have installed correctly."

Warning from secure sites I had visited in the past(addons.mozilla.org, gmail, etc.):
something like "The website has a valid security certificate but firefox cannot verify the connection is encrypted."
NOT - "invalid certificate" message


2. Details field has a path leading to AppData/ SPAWNWND=$/NOTIFYWND=$ with numbers after both dollar signs upon installing some new programs.

3. laptop froze up completely during a Sandboxie uninstall. Got locked into Event viewer after reboot. error message "all windows must be closed before exiting the event viewer" - none were open

4. Intermittent problems for about 2 days after:
trying to exit applications - no response
mouse-clicks - no response
keyboard - no response

5. NOTE: Listing this only because it may be related:
I accidentally loaded Hitman on a usb stick recently used in my laptop. A few minutes later, The clean pc I downloaded it from crashed with a blue screen with the message "Windows shut down to prevent damage to your computer." That pc reported only 2 PUM.disabled after scanning with MBAM, MSE reported clean, pc was restored to an earlier date, and has no issues now.

Steps I Took to search for malware:
I put all of the above together and suspected malware - Ran Full Scans (as administrator):

-Normal Mode: MBAM, then NOD32 (in-depth scan), then SuperAntiSpyware: all clean other than SAS usual tracking cookies
- Safe Mode: MBAM, then NOD32 (in-depth scan), then SuperAntiSpyware: all clean
- Microsoft Malicious Software removal Tool(full scan) and TDSS Killer both Normal and Safe mode: all clean
-HitMan Pro from USB Stick - Safe Mode: all clean



Steps I took to see if I was being Redirected:

- cleared browser cache
- cleared browser certificate cache because I wanted sites I had ALREADY visited to prove SSL all over again
- cleared temp files, browsing history, etc.,
- blocked headers/3rd party cookies.
- blocked websites from automatically redirecting me (for browsers with this option)
- Enabled "Delete History on Exit" in all browsers
- checked ESET NOD32 option to "scan all SSL Protocol"


The redirect cycle I saw after those changes were this:
(Please disregard the pink bar around my browsers, it's just sandboxie. I almost never browse without it!)
Searched Google for PNC Bank screenshot
Link goes to "Moved Perminantly to here" screenshot
"here" link goes to "Redirect" with a link screenshot
last link goes to PNC homepage
then came the certificate popups. "An application running on this computer is attempting to communicate through an encrypted channel." I denied almost every certificate.

My original thread describes the firefox/ESET Root Certificate incompatibility issue which led me to do a clean install of both ESET NOD32 AV and Mozilla Firefox. I removed EVERYTHING in my computer related to mozilla firefox except some of the registry items but when I reinstalled it my addons, bookmarks, and passwords were all there.


I tried to submit this C:\Windows file screenshot
to virusscan.jotti.org but got this screenshot

Event logs are full of errors and warnings, and a ton of registry leaks but I don't understand what I'm looking at. Yesterday I saw "the date was changed from 7-28 to 7-27" in the Event Viewer. Explorer.exe failed to log on to my guest account. (I disabled it for a reason!) Just strange stuff.
I have lots of screenshots but don't know how to separate the normal behavior from the abnormal behavior at this point.

What I DO still notice:

1. A half second of this redirect screenshot
before getting to my gmail account. (it appears so fast that it took me 5 times to actualy get it on print-screen)


Finally, today while looking thru all of my screenshots to put here, I noticed this screenshot
so I typed exactly that address from the screenshot into my address bar and got this
screenshot
I looked it up,"webhp" seems like the google redirect virus. But you can't believe everything you read so I'm still unsure.

Between my original post and this one, it sums most of it up, except the event logs...to much to describe there as I'm sure some of what I think is bad may not be and vice versa.

Just a few minutes ago, Windows Media Player said it was downloading something. I don't use windows media player and so I disabled it months ago. I disconnected from the internet and ended it in task manager but it took a good 30 seconds to do that.


I have Windows 7 x64 so I can't run GMER.



.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by BossLady at 20:49:03 on 2011-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2608 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wilderssecurity.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
TCP: Interfaces\{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C} : NameServer = 68.87.75.198,68.87.64.150
TCP: Interfaces\{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C} : DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BossLady\AppData\Roaming\Mozilla\Firefox\Profiles\f73dajq8.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-7-27 67584]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-2 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-15 366640]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-18 1153368]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-2 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-2 225280]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-27 21:27:36 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2011-07-26 19:09:29 -------- d-----w- C:\Program Files\ESET
2011-07-23 02:54:03 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-21 01:13:20 -------- d-----w- C:\ProgramData\Comodo
2011-07-20 21:43:19 -------- d-----w- C:\Users\BossLady\AppData\Local\ATI
2011-07-20 21:42:40 -------- d-----w- C:\Users\BossLady\AppData\Local\Power2Go
2011-07-18 18:52:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-18 18:52:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-16 22:28:05 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-07-16 03:13:07 -------- d-----w- C:\Users\BossLady\AppData\Roaming\Malwarebytes
2011-07-16 03:13:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 03:13:02 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-16 03:12:59 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-16 03:12:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-16 03:01:11 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-07-13 02:44:19 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2011-07-12 17:30:57 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-12 04:20:03 -------- d-----w- C:\Users\BossLady\AppData\Local\Opera
2011-07-11 18:27:41 -------- d-----w- C:\Users\BossLady\AppData\Roaming\SUPERAntiSpyware.com
2011-07-11 18:27:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-11 18:27:35 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-11 18:27:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-11 18:15:33 -------- d-----w- C:\Microsoft
2011-07-11 18:09:46 -------- d-----w- C:\Program Files\Sandboxie
2011-07-11 16:53:23 -------- d-----w- C:\Users\BossLady\AppData\Local\Mozilla
2011-07-11 03:53:33 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-07-07 01:43:28 -------- d-----w- C:\Users\BossLady\AppData\Local\Apple Computer
2011-07-07 01:42:32 -------- d-----w- C:\Users\BossLady\AppData\Local\Apple
.
==================== Find3M ====================
.
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 11:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
.
============= FINISH: 20:49:23.61 ===============

Attached Files


"I reject your reality and substitute my own."
- Mythbusters

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 07 August 2011 - 11:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 07 August 2011 - 11:26 PM

Thank you, Gringo. As for my pc's current symptoms, I have to say, it really is running fine as of right now. Please make sure to read my previous post so you can geta glimpse of the odd stuff going on so I don't have to repeat it. I still have a massive amount of registry leaks, "failed to log on" issues and programs that "fail to start."The few things I can mention though are these:

1. Intermittent trouble with browser links - but a lot more than I should. Click on it and get the message "The server was reset while trying to connect" or "the server could not be found."
2. Click on link and get the firefox bar at the top of the viewport saying "Firefox prevented you from being redirected to another page."

Both of those sound innocent but the thing is that if I copy the link (NOT "copy link location" but copy the link as text) then paste it into my address bar, it works fine most of the time. If it doesn't, then I paste it to notepad, recopy from notepad and paste it in the address bar and it works. In some cases when I have the second issue up there, firefox prevented redirect, I'll copy and paste the link in the address bar and it works, but trying to revisit the site a second time gives me an issue like "connection was reset" so I use the notepad copy paste method and it will work. It's REALLY WEIRD! I hope I am making sense here because it just sounds crazy to me but that's what happens, intermittently, like I said. Other cases, I just can't access the site at all after that.

I don't kmow a lot about malware but If there are any that attack the whole network, then my next symptom will make sense. Please note that I am not asking for help with my other pc, just mentioning this as it may be related:

3. My desktop pc on the same network is running full mbam scans in 30 seconds! Not "quick scan," "full scan." An I notice that when I scan a file that I think is suspicious, many times, the scan finishes and in the log I see "Number of Items Scanned: 0"

Since all of the scans on my laptop have been clean, that bothered me as soon as I noticed it.

4. This probably doesn't matter but for the sake of being complete I'll include it anyway. Since I was instructed not to install/uninstall anything, I made use of the Bleeping Computer's tutorials and figured I'd mention my netstat findings.

I have file sharing and homegroup disabled but ports 137, 138 and 139 are always in use.

And, I always have a very small number of well known/registered ports in use and a ton of dynamic ports! Example:

TCP
135
139
445
8093
49152
49153
49154
49155
49156
49343
49344
49345
49346
49533
49534
50947
50951
50952
50954
50955
50956
50957
50958
50959
50962
50963
50964
50965
50959


UDP
137
138
500
1900
4500
5335
58141
58142

I have no idea why firefox is using ports: 49343,49344,49345,49346,49533 and 49534.

That's a note I took from a few nights ago but every night is similar to that. Yes, I know there's a whole lot more to take into consideration there but the ratio seems way off to me.

5. My hosts file seems like everything is commented out.

I know that the creator of DDS knows what they're doing but I'll just throw in here that I notice the user info on it is my admin username. I rarely log on as that profile or browse the internet on that profile, only on my standard user profile. My addons are Noscript, WOT, firebug, and web developer toolbar. Just in case that has anything to do with my rdirect issues.

Ok. I'll stop rambling. Here are my logs.



.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by BossLady at 21:04:05 on 2011-08-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2730 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wilderssecurity.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
TCP: Interfaces\{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C} : NameServer = 68.87.75.198,68.87.64.150
TCP: Interfaces\{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C} : DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BossLady\AppData\Roaming\Mozilla\Firefox\Profiles\f73dajq8.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-7-27 67584]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-2 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-15 366640]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-2 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-2 225280]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-18 1153368]
.
=============== Created Last 30 ================
.
2011-08-08 00:22:41 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-07 17:45:06 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{107D75A3-B54F-4BE2-944D-639438788715}\mpengine.dll
2011-08-07 17:44:54 -------- d-----w- C:\9fafb7f7921136357c28263542d77ee1
2011-08-01 21:50:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-01 21:50:15 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-08-01 21:50:03 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-29 17:18:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-29 17:18:11 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-29 17:17:59 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-29 17:17:56 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-27 21:27:36 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2011-07-26 19:09:29 -------- d-----w- C:\Program Files\ESET
2011-07-23 02:54:03 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-21 01:13:20 -------- d-----w- C:\ProgramData\Comodo
2011-07-20 21:43:19 -------- d-----w- C:\Users\BossLady\AppData\Local\ATI
2011-07-20 21:42:40 -------- d-----w- C:\Users\BossLady\AppData\Local\Power2Go
2011-07-18 18:52:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-18 18:52:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-16 22:28:05 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-07-16 03:13:07 -------- d-----w- C:\Users\BossLady\AppData\Roaming\Malwarebytes
2011-07-16 03:13:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 03:13:02 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-16 03:12:59 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-16 03:12:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-16 03:01:11 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-07-13 02:44:19 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2011-07-12 17:30:57 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-12 04:20:03 -------- d-----w- C:\Users\BossLady\AppData\Local\Opera
2011-07-11 18:27:41 -------- d-----w- C:\Users\BossLady\AppData\Roaming\SUPERAntiSpyware.com
2011-07-11 18:27:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-11 18:27:35 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-11 18:27:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-11 18:15:33 -------- d-----w- C:\Microsoft
2011-07-11 18:09:46 -------- d-----w- C:\Program Files\Sandboxie
2011-07-11 16:53:23 -------- d-----w- C:\Users\BossLady\AppData\Local\Mozilla
2011-07-11 03:53:33 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
.
==================== Find3M ====================
.
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 21:04:27.97 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/5/2011 2:07:44 AM
System Uptime: 8/7/2011 7:05:09 PM (2 hours ago)
.
Motherboard: Gateway | | NV73
Processor: AMD Turion™ II Dual-Core Mobile M500 | Socket S1G3 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 406.615 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 7/16/2011 12:08:48 AM - Installed ESET NOD32 Antivirus
RP83: 7/16/2011 6:28:31 PM - Installed COMODO Internet Security
RP84: 7/18/2011 1:33:14 AM - Removed Adobe Reader X (10.0.1).
RP85: 7/18/2011 6:27:16 PM - Revo Uninstaller's restore point - XAMPP 1.7.4
RP86: 7/20/2011 6:14:57 PM - Revo Uninstaller's restore point - COMODO GeekBuddy
RP87: 7/26/2011 3:08:59 PM - Installed ESET NOD32 Antivirus
RP88: 7/26/2011 3:21:47 PM - Revo Uninstaller's restore point - Mozilla Firefox 5.0 (x86 en-US)
RP89: 7/26/2011 3:50:06 PM - Revo Uninstaller's restore point - Safari
RP90: 7/26/2011 5:54:05 PM - Revo Uninstaller's restore point - Opera 11.50
RP91: 8/4/2011 2:00:09 PM - Scheduled Checkpoint
RP92: 8/7/2011 1:44:25 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Backup Manager Basic
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Checksum Verify version 1.1.0
Cobian Backup 10
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Identity Card
Java Auto Updater
Java™ 6 Update 26
Launch Manager
Macromedia Extension Manager
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0.1 (x86 en-US)
OpenOffice.org 3.3
PDF Settings CS5
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update Installer for WildTangent Games App
Video Web Camera
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live Sync
.
==== Event Viewer Messages From Past Week ========
.
8/7/2011 8:59:29 PM, Error: atikmdag [43029] - Display is not active
8/7/2011 8:46:46 PM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
8/7/2011 1:36:35 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
.
==== End Of File ===========================

Thanks for the help. Sorry for the length of my post. I hate to be one of "those" people. I just can't help it.
"I reject your reality and substitute my own."
- Mythbusters

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 08 August 2011 - 12:02 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Edited by gringo_pr, 08 August 2011 - 12:02 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 08 August 2011 - 11:00 AM

I temp disabled my ESET NOD32 AV, and disabled real-time protection on my SAS, ran combofix as admininstrator. The first part went fine, then my computer restarted, as expected, but at that point, the combofix window was just jumping around my screen really fast, like a strobe light. I didn't know if it was supposed to do that so during the 20 minutes of it jumping around, it occurred to me that when my computer restarted, my AV had likely started up, probably causing the problem. But with the combofix window jumping around I couldn't do anything so I restarted my pc, hoping I didn't break it. Then combofix said it was preparing logs and not to start any programs but mbam (even though I don't have mbam set to real-time or to start with windows), SAS and NOD32 were running, as well as sandboxie. I had a hard time disabling all of them again because the computer was very slow to respond, probably due to combofix.

Since I ended combofix, should I rerun it? And if so, I'm thinking I should somehow set NOD32 to not restart with the computer, maybe remove sandboxie from startup, and edit preferences in SAS and MBAM?

Sorry, I probably shouldv'e seen this coming. But here is the log anyway, though probably incomplete.

ComboFix 11-08-07.03 - BossLady 08/08/2011 11:10:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2845 [GMT -4:00]
Running from: c:\users\Julie\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 15:15 . 2011-08-08 15:43 -------- d-----w- c:\users\BossLady\AppData\Local\temp
2011-08-08 15:15 . 2011-08-08 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-08 00:22 . 2011-08-08 00:22 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-08-07 17:45 . 2011-07-20 13:44 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{107D75A3-B54F-4BE2-944D-639438788715}\mpengine.dll
2011-08-06 20:31 . 2011-08-06 20:31 -------- d-----w- c:\users\Julie\AppData\Roaming\Adobe Mini Bridge CS5
2011-08-06 20:31 . 2011-08-06 20:31 -------- d-----w- c:\users\Julie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-08-01 21:50 . 2011-08-01 21:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-01 21:50 . 2011-08-01 21:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-08-01 21:50 . 2011-08-01 21:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-29 17:18 . 2011-08-08 00:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-29 17:18 . 2011-08-08 00:22 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-29 17:17 . 2011-08-08 00:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-29 17:17 . 2011-07-29 17:17 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-27 21:27 . 2011-07-27 21:27 -------- d-----w- c:\users\Julie\AppData\Local\Safe mirror
2011-07-27 21:27 . 2011-07-27 21:27 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2011-07-26 22:06 . 2011-07-26 22:06 -------- d-----w- c:\users\Julie\AppData\Local\Apps
2011-07-26 22:06 . 2011-07-26 22:06 -------- d-----w- c:\users\Julie\AppData\Local\Deployment
2011-07-26 19:09 . 2011-07-26 19:09 -------- d-----w- c:\program files\ESET
2011-07-23 02:54 . 2011-07-23 02:54 -------- d-----w- c:\program files (x86)\ESET
2011-07-21 01:13 . 2011-07-21 01:13 -------- d-----w- c:\programdata\Comodo
2011-07-20 21:43 . 2011-07-20 21:43 -------- d-----w- c:\users\BossLady\AppData\Roaming\ATI
2011-07-20 21:43 . 2011-07-20 21:43 -------- d-----w- c:\users\BossLady\AppData\Local\ATI
2011-07-20 21:42 . 2011-07-20 21:42 -------- d-----w- c:\users\BossLady\AppData\Local\Power2Go
2011-07-18 18:52 . 2011-07-21 21:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-07-18 18:52 . 2011-07-18 19:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-17 04:18 . 2011-07-17 04:18 -------- d-----w- c:\users\Julie\AppData\Local\Power2Go
2011-07-16 22:28 . 2011-07-16 22:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-07-16 03:13 . 2011-07-16 03:13 -------- d-----w- c:\users\BossLady\AppData\Roaming\Malwarebytes
2011-07-16 03:13 . 2011-07-16 03:13 -------- d-----w- c:\programdata\Malwarebytes
2011-07-16 03:13 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-16 03:12 . 2011-07-16 03:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-16 03:12 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 03:01 . 2011-07-16 03:01 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-07-13 02:44 . 2011-07-13 02:44 -------- d-----w- c:\program files (x86)\Phyxion.net
2011-07-12 17:30 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 05:01 . 2011-07-12 05:01 -------- d-----w- c:\users\Bubble Gum
2011-07-12 04:20 . 2011-07-26 21:54 -------- d-----w- c:\users\BossLady\AppData\Local\Opera
2011-07-11 18:27 . 2011-07-11 18:27 -------- d-----w- c:\users\BossLady\AppData\Roaming\SUPERAntiSpyware.com
2011-07-11 18:27 . 2011-07-11 18:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-11 18:27 . 2011-07-11 18:27 -------- d-----w- c:\programdata\!SASCORE
2011-07-11 18:27 . 2011-07-11 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-11 18:15 . 2011-07-11 18:15 -------- d-----w- C:\Microsoft
2011-07-11 18:09 . 2011-07-11 18:09 -------- d-----w- c:\program files\Sandboxie
2011-07-11 17:08 . 2011-07-27 02:20 -------- d-----w- c:\users\Julie\AppData\Local\Mozilla
2011-07-11 16:53 . 2011-07-11 16:53 -------- d-----w- c:\users\BossLady\AppData\Local\Mozilla
2011-07-11 03:53 . 2011-07-21 05:02 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 05:57 . 2011-07-12 17:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 23:14 . 2011-02-05 10:48 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 11:42 . 2011-06-29 03:24 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:24 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:40 . 2011-06-29 03:24 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:39 . 2011-06-29 03:24 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:24 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.wilderssecurity.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
TCP: Interfaces\{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C}: NameServer = 68.87.75.198,68.87.64.150
FF - ProfilePath - c:\users\BossLady\AppData\Roaming\Mozilla\Firefox\Profiles\f73dajq8.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,b4,eb,29,45,46,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,92,d7,43,79,09,d7,43,8b,c5,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,92,d7,43,79,09,d7,43,8b,c5,5f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-08 11:48:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-08 15:48
.
Pre-Run: 436,432,650,240 bytes free
Post-Run: 436,666,519,552 bytes free
.
- - End Of File - - 447CC2A7A5EABF91F5DC400A8F71E71C

Edited by Jewel431, 08 August 2011 - 11:08 AM.

"I reject your reality and substitute my own."
- Mythbusters

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 08 August 2011 - 06:39 PM

Hello


How are the redirects?


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 08 August 2011 - 09:38 PM

Ran TDSS killer. Came up clean though.

3 things I should mention:

1. SAS is not working properly. When I went thru my SuperAntiSpyware preferences after running combofix, I realized I have "homepage protected", but I changed it 2 weeks ago. SAS still has my old homepage listed on hompage hijack protection, though.

2. I checked my firewall log earlier and they stopped logging back in February. The last entry is about 2/12/2011. But Windows says that logging is enabled. I don't know what's going on.

2. Since my redirects are intermittent, it's hard to say so quickly, but I do seem to be have issues with clicking online buttons not responding.

Here is the rundown on the redirects I was talking about. In this case, it was gmail.

Here is the link saying you responded to my post: screenshot

I clicked the link, and got this: screenshot

So I copied the link as text: screenshot

Pasted it in the browser address bar: screenshot

And it worked perfectly: screenshot


So you don't want me to run combofix again, I guess. OK, Here is my TDSS log.

2011/08/08 20:47:57.0153 2660 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/08 20:47:57.0481 2660 ================================================================================
2011/08/08 20:47:57.0481 2660 SystemInfo:
2011/08/08 20:47:57.0481 2660
2011/08/08 20:47:57.0481 2660 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/08 20:47:57.0481 2660 Product type: Workstation
2011/08/08 20:47:57.0481 2660 ComputerName: BITTY-PC
2011/08/08 20:47:57.0481 2660 UserName: BossLady
2011/08/08 20:47:57.0481 2660 Windows directory: C:\Windows
2011/08/08 20:47:57.0481 2660 System windows directory: C:\Windows
2011/08/08 20:47:57.0481 2660 Running under WOW64
2011/08/08 20:47:57.0481 2660 Processor architecture: Intel x64
2011/08/08 20:47:57.0481 2660 Number of processors: 2
2011/08/08 20:47:57.0481 2660 Page size: 0x1000
2011/08/08 20:47:57.0481 2660 Boot type: Normal boot
2011/08/08 20:47:57.0481 2660 ================================================================================
2011/08/08 20:47:58.0464 2660 Initialize success
2011/08/08 20:48:01.0802 0440 ================================================================================
2011/08/08 20:48:01.0802 0440 Scan started
2011/08/08 20:48:01.0802 0440 Mode: Manual;
2011/08/08 20:48:01.0802 0440 ================================================================================
2011/08/08 20:48:03.0003 0440 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/08 20:48:03.0206 0440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/08 20:48:03.0331 0440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/08 20:48:03.0518 0440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/08 20:48:03.0690 0440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/08 20:48:03.0846 0440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/08 20:48:04.0002 0440 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/08 20:48:04.0142 0440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/08 20:48:04.0329 0440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/08 20:48:04.0501 0440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/08 20:48:04.0641 0440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/08 20:48:04.0797 0440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/08 20:48:04.0953 0440 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/08 20:48:05.0141 0440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/08 20:48:05.0312 0440 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/08 20:48:05.0468 0440 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/08 20:48:05.0640 0440 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/08 20:48:05.0811 0440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/08 20:48:05.0936 0440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/08 20:48:06.0061 0440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/08 20:48:06.0233 0440 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/08 20:48:06.0654 0440 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/08 20:48:06.0935 0440 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/08 20:48:07.0091 0440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/08 20:48:07.0262 0440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/08 20:48:07.0418 0440 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/08 20:48:07.0574 0440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/08 20:48:07.0761 0440 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/08 20:48:07.0949 0440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/08 20:48:08.0058 0440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/08 20:48:08.0198 0440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/08 20:48:08.0339 0440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/08 20:48:08.0479 0440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/08 20:48:08.0651 0440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/08 20:48:08.0775 0440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/08 20:48:08.0947 0440 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/08/08 20:48:09.0119 0440 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/08 20:48:09.0259 0440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/08 20:48:09.0399 0440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/08 20:48:09.0540 0440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/08 20:48:09.0711 0440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/08 20:48:09.0867 0440 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/08 20:48:10.0023 0440 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/08 20:48:10.0179 0440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/08 20:48:10.0320 0440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/08 20:48:10.0445 0440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/08 20:48:10.0616 0440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/08 20:48:10.0741 0440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/08 20:48:10.0913 0440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/08 20:48:11.0100 0440 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/08 20:48:11.0271 0440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/08 20:48:11.0693 0440 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
2011/08/08 20:48:11.0942 0440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/08 20:48:12.0207 0440 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/08/08 20:48:12.0473 0440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/08 20:48:12.0597 0440 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/08/08 20:48:12.0753 0440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/08 20:48:12.0909 0440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/08 20:48:13.0065 0440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/08 20:48:13.0237 0440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/08 20:48:13.0424 0440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/08 20:48:13.0565 0440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/08 20:48:13.0721 0440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/08 20:48:13.0845 0440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/08 20:48:13.0986 0440 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/08 20:48:14.0142 0440 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/08 20:48:14.0313 0440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/08 20:48:14.0469 0440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/08 20:48:14.0703 0440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/08 20:48:14.0844 0440 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/08 20:48:14.0984 0440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/08 20:48:15.0109 0440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/08 20:48:15.0249 0440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/08 20:48:15.0390 0440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/08 20:48:15.0577 0440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/08 20:48:15.0749 0440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/08 20:48:15.0920 0440 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/08/08 20:48:16.0092 0440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/08 20:48:16.0248 0440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/08 20:48:16.0419 0440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/08 20:48:16.0575 0440 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/08 20:48:16.0731 0440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/08 20:48:16.0934 0440 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/08 20:48:17.0090 0440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/08 20:48:17.0215 0440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/08 20:48:17.0371 0440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/08 20:48:17.0511 0440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/08 20:48:17.0621 0440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/08 20:48:17.0761 0440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/08 20:48:17.0886 0440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/08 20:48:18.0042 0440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/08 20:48:18.0213 0440 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/08/08 20:48:18.0385 0440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/08 20:48:18.0510 0440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/08 20:48:18.0650 0440 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/08 20:48:18.0759 0440 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/08 20:48:18.0884 0440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/08 20:48:19.0087 0440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/08 20:48:19.0243 0440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/08 20:48:19.0415 0440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/08 20:48:19.0571 0440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/08 20:48:19.0727 0440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/08 20:48:19.0883 0440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/08 20:48:20.0039 0440 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/08 20:48:20.0210 0440 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/08 20:48:20.0335 0440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/08 20:48:20.0507 0440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/08 20:48:20.0663 0440 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/08 20:48:20.0772 0440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/08 20:48:20.0928 0440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/08 20:48:21.0068 0440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/08 20:48:21.0193 0440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/08 20:48:21.0349 0440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/08 20:48:21.0458 0440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/08 20:48:21.0630 0440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/08 20:48:21.0770 0440 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/08 20:48:21.0911 0440 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/08 20:48:22.0067 0440 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/08 20:48:22.0223 0440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/08 20:48:22.0379 0440 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/08 20:48:22.0535 0440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/08 20:48:22.0675 0440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/08 20:48:22.0784 0440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/08 20:48:22.0925 0440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/08 20:48:23.0049 0440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/08 20:48:23.0159 0440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/08 20:48:23.0299 0440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/08 20:48:23.0424 0440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/08 20:48:23.0564 0440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/08 20:48:23.0673 0440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/08 20:48:23.0783 0440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/08 20:48:23.0954 0440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/08 20:48:24.0126 0440 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/08 20:48:24.0251 0440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/08 20:48:24.0375 0440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/08 20:48:24.0500 0440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/08 20:48:24.0625 0440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/08 20:48:24.0750 0440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/08 20:48:24.0906 0440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/08 20:48:25.0046 0440 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/08 20:48:25.0202 0440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/08 20:48:25.0374 0440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/08 20:48:25.0530 0440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/08 20:48:25.0655 0440 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/08 20:48:25.0779 0440 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/08/08 20:48:25.0967 0440 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/08 20:48:26.0107 0440 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/08 20:48:26.0279 0440 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/08 20:48:26.0450 0440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/08 20:48:26.0591 0440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/08 20:48:26.0731 0440 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/08 20:48:26.0871 0440 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/08 20:48:27.0043 0440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/08 20:48:27.0168 0440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/08 20:48:27.0308 0440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/08 20:48:27.0464 0440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/08 20:48:27.0651 0440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/08 20:48:27.0885 0440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/08 20:48:28.0073 0440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/08 20:48:28.0229 0440 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/08 20:48:28.0400 0440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/08 20:48:28.0541 0440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/08 20:48:28.0650 0440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/08 20:48:28.0790 0440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/08 20:48:28.0962 0440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/08 20:48:29.0087 0440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/08 20:48:29.0274 0440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/08 20:48:29.0399 0440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/08 20:48:29.0555 0440 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/08 20:48:29.0679 0440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/08 20:48:29.0820 0440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/08 20:48:29.0960 0440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/08 20:48:30.0101 0440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/08 20:48:30.0225 0440 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/08 20:48:30.0350 0440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/08 20:48:30.0506 0440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/08 20:48:30.0647 0440 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
2011/08/08 20:48:30.0865 0440 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/08/08 20:48:31.0021 0440 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/08/08 20:48:31.0130 0440 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/08/08 20:48:31.0255 0440 SbieDrv (e6c0ea194b4a98f6645502a52359e0ac) C:\Program Files\Sandboxie\SbieDrv.sys
2011/08/08 20:48:31.0395 0440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/08 20:48:31.0614 0440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/08 20:48:31.0770 0440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/08 20:48:31.0926 0440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/08 20:48:32.0066 0440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/08 20:48:32.0253 0440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/08 20:48:32.0425 0440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/08 20:48:32.0565 0440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/08 20:48:32.0721 0440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/08 20:48:32.0831 0440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/08 20:48:32.0971 0440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/08 20:48:33.0143 0440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/08 20:48:33.0299 0440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/08 20:48:33.0439 0440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/08 20:48:33.0626 0440 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/08 20:48:33.0798 0440 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/08 20:48:33.0938 0440 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/08 20:48:34.0079 0440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/08 20:48:34.0219 0440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/08 20:48:34.0422 0440 SynTP (5aeec2bb8065b563adbc88ca22588953) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/08 20:48:34.0656 0440 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/08/08 20:48:34.0843 0440 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/08 20:48:34.0983 0440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/08 20:48:35.0108 0440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/08 20:48:35.0233 0440 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/08 20:48:35.0389 0440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/08 20:48:35.0529 0440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/08 20:48:35.0717 0440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/08 20:48:35.0841 0440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/08 20:48:36.0044 0440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/08 20:48:36.0200 0440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/08 20:48:36.0325 0440 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/08/08 20:48:36.0512 0440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/08 20:48:36.0653 0440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/08 20:48:36.0824 0440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/08 20:48:36.0996 0440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/08 20:48:37.0136 0440 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/08 20:48:37.0292 0440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/08 20:48:37.0417 0440 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/08 20:48:37.0557 0440 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/08/08 20:48:37.0682 0440 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/08 20:48:37.0823 0440 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/08 20:48:37.0932 0440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/08 20:48:38.0088 0440 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/08 20:48:38.0244 0440 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/08 20:48:38.0369 0440 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/08 20:48:38.0525 0440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/08 20:48:38.0649 0440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/08 20:48:38.0759 0440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/08 20:48:38.0915 0440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/08 20:48:39.0071 0440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/08 20:48:39.0211 0440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/08 20:48:39.0383 0440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/08 20:48:39.0523 0440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/08 20:48:39.0632 0440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/08 20:48:39.0788 0440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/08 20:48:39.0929 0440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/08 20:48:40.0069 0440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/08 20:48:40.0194 0440 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/08 20:48:40.0256 0440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/08 20:48:40.0381 0440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/08 20:48:40.0521 0440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/08 20:48:40.0677 0440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/08 20:48:40.0833 0440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/08 20:48:40.0989 0440 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/08/08 20:48:41.0192 0440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/08 20:48:41.0364 0440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/08 20:48:41.0520 0440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/08 20:48:41.0723 0440 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/08 20:48:41.0894 0440 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/08/08 20:48:41.0957 0440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/08 20:48:41.0988 0440 Boot (0x1200) (ee17e01ee6e906d9278124f72847dd53) \Device\Harddisk0\DR0\Partition0
2011/08/08 20:48:42.0003 0440 Boot (0x1200) (cfd201387003a7a2922a8710e2afe0d6) \Device\Harddisk0\DR0\Partition1
2011/08/08 20:48:42.0019 0440 ================================================================================
2011/08/08 20:48:42.0019 0440 Scan finished
2011/08/08 20:48:42.0019 0440 ================================================================================
2011/08/08 20:48:42.0035 2776 Detected object count: 0
2011/08/08 20:48:42.0035 2776 Actual detected object count: 0
"I reject your reality and substitute my own."
- Mythbusters

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 09 August 2011 - 07:25 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 09 August 2011 - 12:18 PM

I have no problem with this but before I do, I have to ask if this makes any changes at all to the router. It looks like it just gathers info and creates a log but I have to be sure. I live in a duplex...1 network shared between 2 apartments. If it does make any changes to the router itself, I have to inform my neighbor before making adjustments to it. Please let me know either way so I can proceed as soon as possible. Thanks, Gringo.
"I reject your reality and substitute my own."
- Mythbusters

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 09 August 2011 - 12:58 PM

No this don't make any changes - it will just check some settings





gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 09 August 2011 - 01:35 PM

My router.bat log
-----------------

Windows IP Configuration

Host Name . . . . . . . . . . . . : Bitty-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-23-5A-74-66-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
Physical Address. . . . . . . . . : 70-1A-04-B0-5F-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f9a2:d9af:9413:ddeb%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 09, 2011 12:56:07 PM
Lease Expires . . . . . . . . . . : Tuesday, August 16, 2011 1:51:53 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 191896068
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-DE-AA-EE-70-1A-04-B0-5F-B0
DNS Servers . . . . . . . . . . . : 68.87.75.198
68.87.64.150
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{FD12E0A4-0BC6-4EA2-A0B4-295544EC2A8C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.summitpark.pa.pitt.comcast.net
Address: 68.87.75.198

Name: google.com
Addresses: 74.125.93.105
74.125.93.104
74.125.93.147
74.125.93.103
74.125.93.106
74.125.93.99

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 68.87.75.198

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65


Pinging google.com [74.125.113.105] with 32 bytes of data:
Reply from 74.125.113.105: bytes=32 time=51ms TTL=49
Reply from 74.125.113.105: bytes=32 time=51ms TTL=49

Ping statistics for 74.125.113.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 51ms, Average = 51ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=56ms TTL=50
Reply from 209.191.122.70: bytes=32 time=59ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 56ms, Maximum = 59ms, Average = 57ms
===========================================================================
Interface List
11...00 23 5a 74 66 0c ......Broadcom NetLink ™ Gigabit Ethernet
10...70 1a 04 b0 5f b0 ......Atheros AR5B93 Wireless Network Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.107 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.107 281
192.168.0.107 255.255.255.255 On-link 192.168.0.107 281
192.168.0.255 255.255.255.255 On-link 192.168.0.107 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.107 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.107 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::f9a2:d9af:9413:ddeb/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None




Do you notice anything wrong so far, or are the symptoms the only thing wrong at the moment?
"I reject your reality and substitute my own."
- Mythbusters

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 09 August 2011 - 01:39 PM

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 09 August 2011 - 04:14 PM

It asked me if I wanted to update the AVAST definitions, since you did not specify I clicked no. Is that ok?


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-09 17:09:29
-----------------------------
17:09:29.585 OS Version: Windows x64 6.1.7601 Service Pack 1
17:09:29.585 Number of processors: 2 586 0x602
17:09:29.585 ComputerName: BITTY-PC UserName: BossLady
17:09:31.083 Initialize success
17:09:47.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:09:47.147 Disk 0 Vendor: TOSHIBA_MK5055GSX FG001J Size: 476940MB BusType: 11
17:09:49.206 Disk 0 MBR read successfully
17:09:49.206 Disk 0 MBR scan
17:09:49.206 Disk 0 Windows 7 default MBR code
17:09:49.221 Service scanning
17:09:55.165 Modules scanning
17:09:55.165 Disk 0 trace - called modules:
17:09:55.212 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:09:55.227 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800432d730]
17:09:55.227 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004295520]
17:09:55.243 5 ACPI.sys[fffff88000e8f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800429f060]
17:09:55.243 Scan finished successfully
17:11:07.190 Disk 0 MBR has been saved successfully to "C:\Users\BossLady\Desktop\MBR.dat"
17:11:07.190 The log file has been saved successfully to "C:\Users\BossLady\Desktop\aswMBR.txt"

Edited by Jewel431, 09 August 2011 - 04:15 PM.

"I reject your reality and substitute my own."
- Mythbusters

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:52 AM

Posted 09 August 2011 - 06:31 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Jewel431

Jewel431
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:52 AM

Posted 09 August 2011 - 09:49 PM

OTL.txt as requested.


OTL logfile created on: 8/9/2011 10:34:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Julie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 73.59% Memory free
7.49 Gb Paging File | 6.40 Gb Available in Paging File | 85.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 406.53 Gb Free Space | 89.61% Space Free | Partition Type: NTFS

Computer Name: BITTY-PC | User Name: BossLady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Julie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)


========== Modules (SafeList) ==========

MOD - C:\Users\Julie\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (cbVSCService) -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27360211k455l0324z195a49l2x330


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606917560-43958898-2020908999-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-606917560-43958898-2020908999-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.bleepingcomputer.com/
IE - HKU\S-1-5-21-606917560-43958898-2020908999-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606917560-43958898-2020908999-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wilderssecurity.com/
IE - HKU\S-1-5-21-606917560-43958898-2020908999-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/26 21:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/26 15:09:30 | 000,000,000 | ---D | M]

[2011/07/26 21:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BossLady\AppData\Roaming\Mozilla\Extensions
[2011/07/26 21:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/08 11:42:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-606917560-43958898-2020908999-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-606917560-43958898-2020908999-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-606917560-43958898-2020908999-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-606917560-43958898-2020908999-1004..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-606917560-43958898-2020908999-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-606917560-43958898-2020908999-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150 0.0.0.0
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/18 22:44:52 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/09 17:08:19 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\BossLady\Desktop\aswMBR.exe
[2011/08/08 11:48:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/08 11:15:59 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Local\temp
[2011/08/08 11:09:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/08 11:09:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/08 11:09:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/08 11:09:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/08 11:09:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/08 11:09:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/07 23:34:16 | 000,000,000 | ---D | C] -- C:\Users\BossLady\Desktop\New folder
[2011/08/07 23:33:47 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\BossLady\Desktop\dds.scr
[2011/07/27 17:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 10
[2011/07/27 17:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2011/07/27 15:01:04 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\BossLady\Desktop\cbSetup.exe
[2011/07/26 21:56:16 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Roaming\Mozilla
[2011/07/26 21:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/26 15:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/07/26 15:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/07/26 15:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/22 22:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/21 01:07:10 | 000,000,000 | ---D | C] -- C:\Users\BossLady\Desktop\tdsskiller
[2011/07/20 21:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/07/20 18:32:59 | 000,000,000 | R--D | C] -- C:\Users\BossLady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/07/20 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Roaming\ATI
[2011/07/20 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Local\ATI
[2011/07/20 17:42:40 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Local\Power2Go
[2011/07/18 14:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/18 14:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/07/16 18:28:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/07/16 18:15:53 | 000,000,000 | ---D | C] -- C:\Users\BossLady\Desktop\firewall explained
[2011/07/15 23:13:07 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Roaming\Malwarebytes
[2011/07/15 23:13:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/15 23:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/15 23:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/15 23:12:59 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/15 23:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/15 23:01:12 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/07/15 23:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/07/15 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\BossLady\Documents\errors
[2011/07/12 22:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2011/07/12 22:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011/07/12 13:31:15 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/12 13:31:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 13:31:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 13:31:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 13:31:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 13:31:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 13:31:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 13:31:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 13:31:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 13:31:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 13:31:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 13:31:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 13:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 13:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 13:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 13:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 13:31:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 13:31:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 13:31:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 13:31:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 13:31:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 13:31:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 13:31:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 13:31:07 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 13:31:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/12 13:31:06 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/12 13:31:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/12 13:31:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/12 13:31:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/12 13:31:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/12 13:31:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/12 13:31:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/12 13:31:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/12 13:31:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/12 13:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/12 00:20:03 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Roaming\Opera
[2011/07/12 00:20:03 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Local\Opera
[2011/07/11 14:27:41 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/11 14:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/11 14:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/11 14:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/11 14:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/11 14:15:33 | 000,000,000 | ---D | C] -- C:\Microsoft
[2011/07/11 14:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/07/11 14:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/07/11 12:53:23 | 000,000,000 | ---D | C] -- C:\Users\BossLady\AppData\Local\Mozilla
[2011/07/10 23:51:36 | 007,693,632 | ---- | C] (SurfRight B.V.) -- C:\Users\BossLady\Desktop\HitmanPro35_x64.exe

========== Files - Modified Within 30 Days ==========

[2011/08/09 22:12:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/09 17:11:07 | 000,000,512 | ---- | M] () -- C:\Users\BossLady\Desktop\MBR.dat
[2011/08/09 17:09:12 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\BossLady\Desktop\aswMBR.exe
[2011/08/09 14:16:00 | 007,051,459 | ---- | M] () -- C:\Users\BossLady\Desktop\example-slow.psd
[2011/08/09 13:03:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 13:03:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 13:00:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/09 13:00:24 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/09 13:00:24 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/09 12:55:56 | 3016,912,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/08 11:42:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/07 23:33:48 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\BossLady\Desktop\dds.scr
[2011/08/02 18:18:13 | 000,004,024 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/07/27 19:11:58 | 000,000,000 | ---- | M] () -- C:\Users\BossLady\defogger_reenable
[2011/07/27 19:09:14 | 000,050,477 | ---- | M] () -- C:\Users\BossLady\Desktop\Defogger.exe
[2011/07/27 15:01:42 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\BossLady\Desktop\cbSetup.exe
[2011/07/26 21:56:12 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/26 14:40:38 | 048,348,672 | ---- | M] () -- C:\Users\BossLady\Desktop\eav_nt64_enu.msi
[2011/07/26 13:34:09 | 000,000,632 | RHS- | M] () -- C:\Users\BossLady\ntuser.pol
[2011/07/21 01:02:01 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/21 01:01:52 | 007,693,632 | ---- | M] (SurfRight B.V.) -- C:\Users\BossLady\Desktop\HitmanPro35_x64.exe
[2011/07/18 14:52:16 | 000,001,221 | ---- | M] () -- C:\Users\BossLady\Desktop\Spybot - Search & Destroy.lnk
[2011/07/16 18:28:05 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/07/16 18:01:27 | 000,002,011 | ---- | M] () -- C:\Users\BossLady\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/15 23:13:02 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/15 23:01:12 | 000,001,227 | ---- | M] () -- C:\Users\BossLady\Desktop\Revo Uninstaller.lnk
[2011/07/12 22:44:20 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Checksum Verify.lnk
[2011/07/12 13:36:17 | 004,917,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/11 14:27:35 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/07/11 14:09:46 | 000,000,903 | ---- | M] () -- C:\Users\BossLady\Desktop\Sandboxed Web Browser.lnk
[2011/07/11 14:09:46 | 000,000,903 | ---- | M] () -- C:\Users\BossLady\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk

========== Files Created - No Company Name ==========

[2011/08/09 17:11:07 | 000,000,512 | ---- | C] () -- C:\Users\BossLady\Desktop\MBR.dat
[2011/08/09 14:15:58 | 007,051,459 | ---- | C] () -- C:\Users\BossLady\Desktop\example-slow.psd
[2011/08/08 11:09:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/08 11:09:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/08 11:09:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/08 11:09:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/08 11:09:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/27 19:11:58 | 000,000,000 | ---- | C] () -- C:\Users\BossLady\defogger_reenable
[2011/07/27 19:09:14 | 000,050,477 | ---- | C] () -- C:\Users\BossLady\Desktop\Defogger.exe
[2011/07/26 21:56:12 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/26 21:56:12 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/26 14:39:06 | 048,348,672 | ---- | C] () -- C:\Users\BossLady\Desktop\eav_nt64_enu.msi
[2011/07/18 14:52:16 | 000,001,221 | ---- | C] () -- C:\Users\BossLady\Desktop\Spybot - Search & Destroy.lnk
[2011/07/16 18:01:27 | 000,002,011 | ---- | C] () -- C:\Users\BossLady\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/15 23:13:02 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/15 23:01:12 | 000,001,227 | ---- | C] () -- C:\Users\BossLady\Desktop\Revo Uninstaller.lnk
[2011/07/12 22:44:20 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\Checksum Verify.lnk
[2011/07/12 00:25:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/07/11 14:27:35 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/07/11 14:20:10 | 000,000,903 | ---- | C] () -- C:\Users\BossLady\Desktop\Sandboxed Web Browser.lnk
[2011/07/11 14:20:10 | 000,000,903 | ---- | C] () -- C:\Users\BossLady\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/07/11 14:09:54 | 000,004,024 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/07/10 23:53:33 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/29 00:26:28 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/02/10 05:54:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/05 02:55:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/02 22:38:34 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
"I reject your reality and substitute my own."
- Mythbusters




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users