Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've been hit - Google redirects, Msoft Security Centre disabled


  • This topic is locked This topic is locked
27 replies to this topic

#1 ishtar

ishtar

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:06:13 PM

Posted 10 August 2011 - 06:32 AM

Many Thanks to Boopme for forum assistance in my suspected malware attack. I'm now posting this update after following his instructions. As a brief background :

I'm running Windows 7 Ultimate 64 Bit and use chrome as browser. This has been running faultlessly all year until 2 days ago.

I have noticed that Microsoft Security Center is disabled and I can not restart this via control panel or directly through services.msc
Google search results are being redirected to various other random search/ad portals.

When I try to restart MS Security I get error "The Windows Security Center Service can't be started" as per attached screen dump.


In an attempt to fix this I ran:
Anti-Malware
Spybot Search & Destroy
Hitman Pro
TDSS killer

and as MS Security Center is not operational I am currently running Panda Cloud antivirus.

After following steps suggested I attach DDS log as follows =====>

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Fluffy at 21:01:22 on 2011-08-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2480 [GMT 10:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files (x86)\Softland\FBackup 4\fbaSched.exe
C:\Program Files (x86)\Softland\FBackup 4\FBackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\VntNet\Power Switcher Alpha\PowerSchemeSwitcher.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.news.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FBackup Scheduler]
uRun: [FBackup 4]
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
StartupFolder: C:\Users\Fluffy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERS~1.LNK - C:\Windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DC8DCB5F-BB62-44E8-921F-A76CFBF62132} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-7 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-2 1153368]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2010-9-7 544768]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-17 14216]
S3 EUDSKACS;EUDSKACS;C:\Windows\SysWOW64\drivers\eudskacs.sys [2010-9-8 17800]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-17 8456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-7 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-08-10 10:46:49 -------- d-----w- C:\Users\Fluffy\AppData\Local\{066BB52F-C57B-470E-A2C7-6FD7F5C7E6FA}
2011-08-10 10:46:46 -------- d-----w- C:\Users\Fluffy\AppData\Local\{A9033900-C0B6-4D6B-B2B5-35CFCAB3FACF}
2011-08-10 10:46:46 -------- d-----w- C:\Users\Fluffy\AppData\Local\{460F4579-0DE3-403A-9AED-D73B92C4C8BF}
2011-08-09 14:22:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{F29A170E-5309-4F0D-8BB2-1FE6BDE85C6A}
2011-08-09 14:22:29 -------- d-----w- C:\Users\Fluffy\AppData\Local\{0B20E710-2935-47F2-9E46-36515C54FEF2}
2011-08-09 14:19:33 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-08-09 13:46:43 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-08-09 13:45:19 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-09 12:51:23 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-09 12:51:23 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-09 02:08:38 -------- d-----w- C:\Users\Fluffy\AppData\Local\{4A9F76B5-CAD5-4CA0-9C50-399557DE19FE}
2011-08-09 02:08:26 -------- d-----w- C:\Users\Fluffy\AppData\Local\{A79C47EE-0927-4ADC-84D1-A029470C3D68}
2011-08-08 02:41:20 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9A27F19C-84F5-44A4-A0C4-644D2D740FC6}
2011-08-08 02:41:09 -------- d-----w- C:\Users\Fluffy\AppData\Local\{B1277A5B-B2C8-4EAA-99C1-C77C78152BBD}
2011-08-07 17:50:06 -------- d-----w- C:\Windows\en
2011-08-07 17:47:21 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-07 17:46:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1950251cc552903\MeshBetaRemover.exe
2011-08-07 17:45:36 -------- d-----w- C:\Users\Fluffy\AppData\Local\{33E5F2A5-EE57-4B6F-96F2-94D014159AC7}
2011-08-07 17:45:26 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2B16A316-40D5-432C-8BDF-3CF81F669573}
2011-08-07 17:26:24 95024 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-07 17:15:25 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-08-07 17:07:01 388096 ----a-r- C:\Users\Fluffy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-07 17:07:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-07 16:42:14 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Panda Security
2011-08-07 16:41:33 -------- d-----w- C:\ProgramData\Panda Security
2011-08-07 16:41:33 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-08-07 16:26:54 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8EECFDA1-10B5-4A55-910B-DCD3FD5EA7A2}\mpengine.dll
2011-08-07 16:26:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-07 16:26:33 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-07 16:00:05 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Malwarebytes
2011-08-07 15:59:37 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-07 15:59:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-07 15:59:36 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-07 15:59:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-07 15:31:04 -------- d-----w- C:\Users\Fluffy\AppData\Local\{5DED49D0-DD58-4B1B-A716-2D94D589F217}
2011-08-07 15:30:53 -------- d-----w- C:\Users\Fluffy\AppData\Local\{F3706DA1-0995-42BA-B705-0D1BC6B5ADE8}
2011-08-07 15:12:56 65024 --sha-r- C:\Windows\SysWow64\gpprnextj.dll
2011-08-07 15:03:52 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Millennia
2011-08-07 14:32:59 80896 ----a-w- C:\Windows\SysWow64\lffax11n.dll
2011-08-07 14:32:59 41472 ----a-w- C:\Windows\SysWow64\lfgif11n.dll
2011-08-07 14:32:59 35328 ----a-w- C:\Windows\SysWow64\lfcal11n.dll
2011-08-07 14:32:59 31232 ----a-w- C:\Windows\SysWow64\lfeps11n.dll
2011-08-07 14:32:59 276992 ----a-w- C:\Windows\SysWow64\LFCMP11n.DLL
2011-08-07 14:32:58 36864 ----a-w- C:\Windows\SysWow64\lfbmp11n.dll
2011-08-07 14:32:39 -------- d-----w- C:\Program Files (x86)\Legacy
2011-08-07 11:20:50 -------- d-----w- C:\Users\Fluffy\AppData\Local\{C7FC7C16-669B-4DA5-ACA1-1C0421B21E21}
2011-08-07 11:20:37 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9C6BB802-C26E-4073-BD81-C34A20FB3AA5}
2011-08-06 16:09:01 -------- d-----w- C:\Users\Fluffy\AppData\Local\{087F8890-3636-448A-9DFA-FAB130ADFC8C}
2011-08-06 16:08:51 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2738B609-6C27-4A2E-83AA-02E652B7D3FD}
2011-08-06 16:00:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{F1663ED8-2BA5-43E2-AE18-58960472983C}
2011-08-06 16:00:29 -------- d-----w- C:\Users\Fluffy\AppData\Local\{4F350C1F-322C-4510-A731-3C39E882A289}
2011-08-06 14:14:31 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9592D41A-8047-41E5-AAD0-141A34B64C41}
2011-08-06 05:50:17 -------- d-----w- C:\Users\Fluffy\AppData\Local\{1DA135C7-8C86-44BD-898C-2735167A93B9}
2011-08-04 12:03:58 -------- d-----w- C:\Program Files (x86)\FOTONICA
2011-08-04 09:23:13 -------- d-----w- C:\Users\Fluffy\AppData\Local\{7944FBC3-F70B-4DAB-8980-FDEC6373C437}
2011-08-03 12:02:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{BF0C7F7F-D199-480A-B79D-32A270D7105C}
2011-08-02 22:39:58 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2F40F379-A2CB-42ED-934B-FADDB7ADC06F}
2011-08-02 02:39:16 -------- d-----w- C:\Users\Fluffy\AppData\Local\{4D417FAA-CFD6-4DFF-8454-02C3173A4E6A}
2011-08-01 08:46:34 -------- d-----w- C:\Users\Fluffy\AppData\Local\{8CE0A1EA-9AF8-4C39-ABE4-25EC1F8A1714}
2011-07-30 16:25:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{EBFA0D21-3AFB-4812-885E-4D6C39D6ADC2}
2011-07-30 03:41:51 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9BCE1440-1518-443A-9511-323B061DB96A}
2011-07-28 12:50:50 -------- d-----w- C:\Users\Fluffy\AppData\Local\{FE39B8A5-7CA9-4A93-86BE-2F996D830AB3}
2011-07-27 13:42:46 -------- d-----w- C:\Users\Fluffy\AppData\Local\{131209A9-6EDA-4D31-903A-F78A21FF205A}
2011-07-26 09:17:01 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2CD8463D-D694-437A-B552-1450D3EFAC0E}
2011-07-25 09:01:12 -------- d-----w- C:\Program Files\iPod
2011-07-25 09:01:11 -------- d-----w- C:\Program Files\iTunes
2011-07-25 09:01:11 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-25 08:59:50 -------- d-----w- C:\Program Files\Bonjour
2011-07-25 08:59:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-25 04:16:39 -------- d-----w- C:\Users\Fluffy\AppData\Local\{1367C7DD-404E-4229-ADA1-DA4A731C0C53}
2011-07-24 06:47:00 -------- d-----w- C:\Users\Fluffy\AppData\Local\{FAA79CA6-1CF9-4F95-ADFA-054A53B7A461}
2011-07-24 04:56:59 -------- d-----w- C:\Users\Fluffy\AppData\Local\{1EB9DF4C-F772-4027-854D-9CAB0539274E}
2011-07-23 04:57:19 -------- d-----w- C:\Users\Fluffy\AppData\Local\{7900B8AC-5301-4A64-A494-DDDFBC5BCAE3}
2011-07-22 08:42:19 -------- d-----w- C:\Users\Fluffy\AppData\Local\{75E737EE-0FFD-4667-AA85-10C36B0CE50B}
2011-07-21 08:11:44 -------- d-----w- C:\Users\Fluffy\AppData\Local\{21AFB28D-8E03-4B21-9A45-A2014EB23321}
2011-07-20 11:22:01 -------- d-----w- C:\Program Files (x86)\Proun
2011-07-20 09:14:11 -------- d-----w- C:\Users\Fluffy\AppData\Local\{981A14C5-3D7B-497E-A819-A8ADEA924AD0}
2011-07-19 09:20:47 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-19 09:20:43 336192 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-19 08:51:03 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-19 08:47:24 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-07-19 08:47:23 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-07-19 08:47:21 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-07-19 08:47:19 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-07-19 08:47:19 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-07-19 08:47:18 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-07-19 08:47:18 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-07-19 08:47:17 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-07-19 08:47:16 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-07-19 08:47:16 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-07-19 08:47:16 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-07-19 08:10:30 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9D133FC1-4BED-4865-B439-AFF5B9434B94}
2011-07-18 04:08:22 -------- d-----w- C:\Users\Fluffy\AppData\Local\{542D1AB9-FE61-4CAF-9783-F9001BE8AC18}
2011-07-17 07:50:24 -------- d-----w- C:\Users\Fluffy\AppData\Local\{772276E0-DD0D-494A-A763-A8B782E48F61}
2011-07-16 12:07:12 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2B7D52A7-D194-431C-BFB2-276C35A446FD}
2011-07-16 00:06:37 -------- d-----w- C:\Users\Fluffy\AppData\Local\{128EF1C2-C4EF-4E01-AF51-8B8073B446EF}
2011-07-15 07:47:54 -------- d-----w- C:\Users\Fluffy\AppData\Local\{46662D84-57BE-4288-ACF6-B06ECDE26BD2}
2011-07-14 09:50:50 -------- d-----w- C:\Users\Fluffy\AppData\Local\{8AEB7B5F-84D9-4A01-9D25-D5B206F9E1EB}
2011-07-12 01:53:24 -------- d-----w- C:\Users\Fluffy\AppData\Local\{365BF340-AF90-4727-B4A1-917B05DA88FB}
2011-07-12 01:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 01:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 01:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 01:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 01:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 01:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 01:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 01:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
==================== Find3M ====================
.
2011-07-05 02:12:46 160520 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2011-06-19 11:52:09 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-06-19 11:52:09 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-06-11 09:33:22 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-13 05:42:24 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 21:04:48.38 ===============


I also attach the Attach.txt file


Many thanks for your Knowledge and Patience and look forward to any help you can provide.
Best Regards.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 15 August 2011 - 01:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:06:13 PM

Posted 15 August 2011 - 07:31 AM

Hi Gringo,

Thanks for your help in resolving this issue. I have just run the defogger and DDS as requested with the logs as follows.
I have not installed/deleted anything since initial attack, and the issues remain, with Microsoft Security Center disabled and unable to be restarted and Google search results are being redirected to various other random search/ad portals.

When I try to restart MS Security I get error "The Windows Security Center Service can't be started" as per attached screen dump.

DDS log as follows =====>
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Fluffy at 22:16:30 on 2011-08-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2684 [GMT 10:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Softland\FBackup 4\fbaSched.exe
C:\Program Files (x86)\Softland\FBackup 4\FBackup.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VntNet\Power Switcher Alpha\PowerSchemeSwitcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\LogonUI.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fluffy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.news.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FBackup Scheduler]
uRun: [FBackup 4]
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
StartupFolder: C:\Users\Fluffy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERS~1.LNK - C:\Windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DC8DCB5F-BB62-44E8-921F-A76CFBF62132} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys --> C:\Windows\system32\DRIVERS\hotcore3.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EuDisk;EASEUS Disk Enumerator;C:\Windows\system32\DRIVERS\EuDisk.sys --> C:\Windows\system32\DRIVERS\EuDisk.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-7 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-2 1153368]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2010-9-7 544768]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-4-17 14216]
S3 EUDSKACS;EUDSKACS;C:\Windows\SysWOW64\drivers\eudskacs.sys [2010-9-8 17800]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-4-17 8456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-7 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-08-15 04:36:57 -------- d-----w- C:\Users\Fluffy\AppData\Local\{7C1DE69D-EAA1-4224-8628-CF0ED324208F}
2011-08-15 04:36:47 -------- d-----w- C:\Users\Fluffy\AppData\Local\{FAB8CF2A-656B-4C55-82D5-35A82CFD98A4}
2011-08-14 14:29:43 -------- d-----w- C:\Users\Fluffy\AppData\Local\{DC3B6CFB-8451-42B6-8AFA-53049ACA6BE7}
2011-08-14 14:29:32 -------- d-----w- C:\Users\Fluffy\AppData\Local\{7CAC2452-1385-4F9B-8C2C-321B7C4448C9}
2011-08-14 02:29:15 -------- d-----w- C:\Users\Fluffy\AppData\Local\{D1F31569-EE73-441F-B46E-E7004038D204}
2011-08-14 02:29:13 -------- d-----w- C:\Users\Fluffy\AppData\Local\{5A25AA71-350A-4C00-A370-0AF91658E824}
2011-08-13 02:52:47 -------- d-----w- C:\Users\Fluffy\AppData\Local\{6ED4A162-F5E8-4767-BB6C-D04DBFD44FFA}
2011-08-13 02:52:36 -------- d-----w- C:\Users\Fluffy\AppData\Local\{6783BAC3-92E6-4177-AD85-AAC86296D28E}
2011-08-12 10:21:41 -------- d-----w- C:\Users\Fluffy\AppData\Local\{53BC1B0B-E7E5-421F-B73C-489F80805EBC}
2011-08-12 10:21:30 -------- d-----w- C:\Users\Fluffy\AppData\Local\{0E5DA043-BE16-41E4-AACD-108D6C72BDB6}
2011-08-11 09:04:55 -------- d-----w- C:\Users\Fluffy\AppData\Local\{415E5FC7-AA38-4185-9205-29157C7CC98F}
2011-08-11 09:04:44 -------- d-----w- C:\Users\Fluffy\AppData\Local\{0FC3ECC3-7617-45D8-A4F2-015D70554A96}
2011-08-10 10:46:49 -------- d-----w- C:\Users\Fluffy\AppData\Local\{066BB52F-C57B-470E-A2C7-6FD7F5C7E6FA}
2011-08-10 10:46:46 -------- d-----w- C:\Users\Fluffy\AppData\Local\{A9033900-C0B6-4D6B-B2B5-35CFCAB3FACF}
2011-08-10 10:46:46 -------- d-----w- C:\Users\Fluffy\AppData\Local\{460F4579-0DE3-403A-9AED-D73B92C4C8BF}
2011-08-09 14:22:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{F29A170E-5309-4F0D-8BB2-1FE6BDE85C6A}
2011-08-09 14:22:29 -------- d-----w- C:\Users\Fluffy\AppData\Local\{0B20E710-2935-47F2-9E46-36515C54FEF2}
2011-08-09 14:19:33 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-08-09 13:46:43 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-08-09 13:45:19 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-09 12:51:23 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-09 12:51:23 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-09 02:08:38 -------- d-----w- C:\Users\Fluffy\AppData\Local\{4A9F76B5-CAD5-4CA0-9C50-399557DE19FE}
2011-08-09 02:08:26 -------- d-----w- C:\Users\Fluffy\AppData\Local\{A79C47EE-0927-4ADC-84D1-A029470C3D68}
2011-08-08 02:41:20 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9A27F19C-84F5-44A4-A0C4-644D2D740FC6}
2011-08-08 02:41:09 -------- d-----w- C:\Users\Fluffy\AppData\Local\{B1277A5B-B2C8-4EAA-99C1-C77C78152BBD}
2011-08-07 17:50:06 -------- d-----w- C:\Windows\en
2011-08-07 17:47:21 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-07 17:46:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1950251cc552903\MeshBetaRemover.exe
2011-08-07 17:45:36 -------- d-----w- C:\Users\Fluffy\AppData\Local\{33E5F2A5-EE57-4B6F-96F2-94D014159AC7}
2011-08-07 17:45:26 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2B16A316-40D5-432C-8BDF-3CF81F669573}
2011-08-07 17:26:24 95024 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-07 17:15:25 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-08-07 17:07:01 388096 ----a-r- C:\Users\Fluffy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-07 17:07:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-07 16:42:14 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Panda Security
2011-08-07 16:41:33 -------- d-----w- C:\ProgramData\Panda Security
2011-08-07 16:41:33 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-08-07 16:26:54 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8EECFDA1-10B5-4A55-910B-DCD3FD5EA7A2}\mpengine.dll
2011-08-07 16:26:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-07 16:26:33 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-07 16:00:05 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Malwarebytes
2011-08-07 15:59:37 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-07 15:59:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-07 15:59:36 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-07 15:59:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-07 15:31:04 -------- d-----w- C:\Users\Fluffy\AppData\Local\{5DED49D0-DD58-4B1B-A716-2D94D589F217}
2011-08-07 15:30:53 -------- d-----w- C:\Users\Fluffy\AppData\Local\{F3706DA1-0995-42BA-B705-0D1BC6B5ADE8}
2011-08-07 15:12:56 65024 --sha-r- C:\Windows\SysWow64\gpprnextj.dll
2011-08-07 15:03:52 -------- d-----w- C:\Users\Fluffy\AppData\Roaming\Millennia
2011-08-07 14:32:59 80896 ----a-w- C:\Windows\SysWow64\lffax11n.dll
2011-08-07 14:32:59 41472 ----a-w- C:\Windows\SysWow64\lfgif11n.dll
2011-08-07 14:32:59 35328 ----a-w- C:\Windows\SysWow64\lfcal11n.dll
2011-08-07 14:32:59 31232 ----a-w- C:\Windows\SysWow64\lfeps11n.dll
2011-08-07 14:32:59 276992 ----a-w- C:\Windows\SysWow64\LFCMP11n.DLL
2011-08-07 14:32:58 36864 ----a-w- C:\Windows\SysWow64\lfbmp11n.dll
2011-08-07 14:32:39 -------- d-----w- C:\Program Files (x86)\Legacy
2011-08-07 11:20:50 -------- d-----w- C:\Users\Fluffy\AppData\Local\{C7FC7C16-669B-4DA5-ACA1-1C0421B21E21}
2011-08-07 11:20:37 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9C6BB802-C26E-4073-BD81-C34A20FB3AA5}
2011-08-06 16:09:01 -------- d-----w- C:\Users\Fluffy\AppData\Local\{087F8890-3636-448A-9DFA-FAB130ADFC8C}
2011-08-06 16:08:51 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2738B609-6C27-4A2E-83AA-02E652B7D3FD}
2011-08-06 16:00:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{F1663ED8-2BA5-43E2-AE18-58960472983C}
2011-08-06 16:00:29 -------- d-----w- C:\Users\Fluffy\AppData\Local\{4F350C1F-322C-4510-A731-3C39E882A289}
2011-08-06 14:14:31 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9592D41A-8047-41E5-AAD0-141A34B64C41}
2011-08-06 05:50:17 -------- d-----w- C:\Users\Fluffy\AppData\Local\{1DA135C7-8C86-44BD-898C-2735167A93B9}
2011-08-04 12:03:58 -------- d-----w- C:\Program Files (x86)\FOTONICA
2011-08-04 09:23:13 -------- d-----w- C:\Users\Fluffy\AppData\Local\{7944FBC3-F70B-4DAB-8980-FDEC6373C437}
2011-08-03 12:02:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{BF0C7F7F-D199-480A-B79D-32A270D7105C}
2011-08-02 22:39:58 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2F40F379-A2CB-42ED-934B-FADDB7ADC06F}
2011-08-02 02:39:16 -------- d-----w- C:\Users\Fluffy\AppData\Local\{4D417FAA-CFD6-4DFF-8454-02C3173A4E6A}
2011-08-01 08:46:34 -------- d-----w- C:\Users\Fluffy\AppData\Local\{8CE0A1EA-9AF8-4C39-ABE4-25EC1F8A1714}
2011-07-30 16:25:40 -------- d-----w- C:\Users\Fluffy\AppData\Local\{EBFA0D21-3AFB-4812-885E-4D6C39D6ADC2}
2011-07-30 03:41:51 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9BCE1440-1518-443A-9511-323B061DB96A}
2011-07-28 12:50:50 -------- d-----w- C:\Users\Fluffy\AppData\Local\{FE39B8A5-7CA9-4A93-86BE-2F996D830AB3}
2011-07-27 13:42:46 -------- d-----w- C:\Users\Fluffy\AppData\Local\{131209A9-6EDA-4D31-903A-F78A21FF205A}
2011-07-26 09:17:01 -------- d-----w- C:\Users\Fluffy\AppData\Local\{2CD8463D-D694-437A-B552-1450D3EFAC0E}
2011-07-25 09:01:12 -------- d-----w- C:\Program Files\iPod
2011-07-25 09:01:11 -------- d-----w- C:\Program Files\iTunes
2011-07-25 09:01:11 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-25 08:59:50 -------- d-----w- C:\Program Files\Bonjour
2011-07-25 08:59:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-25 04:16:39 -------- d-----w- C:\Users\Fluffy\AppData\Local\{1367C7DD-404E-4229-ADA1-DA4A731C0C53}
2011-07-24 06:47:00 -------- d-----w- C:\Users\Fluffy\AppData\Local\{FAA79CA6-1CF9-4F95-ADFA-054A53B7A461}
2011-07-24 04:56:59 -------- d-----w- C:\Users\Fluffy\AppData\Local\{1EB9DF4C-F772-4027-854D-9CAB0539274E}
2011-07-23 04:57:19 -------- d-----w- C:\Users\Fluffy\AppData\Local\{7900B8AC-5301-4A64-A494-DDDFBC5BCAE3}
2011-07-22 08:42:19 -------- d-----w- C:\Users\Fluffy\AppData\Local\{75E737EE-0FFD-4667-AA85-10C36B0CE50B}
2011-07-21 08:11:44 -------- d-----w- C:\Users\Fluffy\AppData\Local\{21AFB28D-8E03-4B21-9A45-A2014EB23321}
2011-07-20 11:22:01 -------- d-----w- C:\Program Files (x86)\Proun
2011-07-20 09:14:11 -------- d-----w- C:\Users\Fluffy\AppData\Local\{981A14C5-3D7B-497E-A819-A8ADEA924AD0}
2011-07-19 09:20:47 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-19 09:20:43 336192 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-19 08:51:03 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-19 08:47:24 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-07-19 08:47:23 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-07-19 08:47:21 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-07-19 08:47:19 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-07-19 08:47:19 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-07-19 08:47:18 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-07-19 08:47:18 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-07-19 08:47:17 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-07-19 08:47:16 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-07-19 08:47:16 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-07-19 08:47:16 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-07-19 08:10:30 -------- d-----w- C:\Users\Fluffy\AppData\Local\{9D133FC1-4BED-4865-B439-AFF5B9434B94}
2011-07-18 04:08:22 -------- d-----w- C:\Users\Fluffy\AppData\Local\{542D1AB9-FE61-4CAF-9783-F9001BE8AC18}
2011-07-17 07:50:24 -------- d-----w- C:\Users\Fluffy\AppData\Local\{772276E0-DD0D-494A-A763-A8B782E48F61}
.
==================== Find3M ====================
.
2011-07-12 01:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 01:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 01:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 01:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 01:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 01:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 01:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 01:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-05 02:12:46 160520 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2011-06-19 11:52:09 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-06-19 11:52:09 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-06-11 09:33:22 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 22:19:41.08 ===============

and have attached Attach.txt

Appreciate you help and look forward to your insights.

Many Thanks.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 15 August 2011 - 07:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:06:13 PM

Posted 17 August 2011 - 05:21 AM

Hey Gringo,

I have run Combofix as per your instruction and here is the log =====>

ComboFix 11-08-16.05 - Fluffy 17/08/2011 19:11:42.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2755 [GMT 10:00]
Running from: d:\zips\Security\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Downloaded Installers\{2a02d439-12c4-4303-bfb9-7173056eaa59}\setup.msi
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20101009232757.log
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110310232022.log
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110425213221.log
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 09:16 . 2011-08-17 09:19 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2011-08-17 09:16 . 2011-08-17 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-09 14:19 . 2011-08-09 14:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-09 13:46 . 2011-08-09 14:19 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-09 13:45 . 2011-08-09 13:45 -------- d-----w- c:\programdata\Hitman Pro
2011-08-09 12:51 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-09 12:51 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-07 17:50 . 2011-08-07 17:50 -------- d-----w- c:\windows\en
2011-08-07 17:47 . 2011-08-07 17:47 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-07 17:46 . 2011-08-07 17:46 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ec1950251cc552903\MeshBetaRemover.exe
2011-08-07 17:26 . 2011-08-07 17:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-07 17:15 . 2011-08-07 17:55 -------- d-----w- c:\programdata\Lavasoft
2011-08-07 17:15 . 2011-08-07 17:15 -------- d-----w- c:\program files (x86)\Lavasoft
2011-08-07 17:07 . 2011-08-07 17:07 388096 ----a-r- c:\users\Fluffy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-07 17:07 . 2011-08-07 17:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-07 16:42 . 2011-08-07 16:42 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Panda Security
2011-08-07 16:41 . 2011-08-07 16:41 -------- d-----w- c:\programdata\Panda Security
2011-08-07 16:41 . 2011-08-07 16:41 -------- d-----w- c:\program files (x86)\Panda Security
2011-08-07 16:26 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EECFDA1-10B5-4A55-910B-DCD3FD5EA7A2}\mpengine.dll
2011-08-07 16:26 . 2011-08-07 16:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-07 16:26 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-07 16:00 . 2011-08-07 16:00 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Malwarebytes
2011-08-07 15:59 . 2011-07-06 09:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-07 15:59 . 2011-08-07 16:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-07 15:59 . 2011-08-07 15:59 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 15:59 . 2011-07-06 09:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 15:12 . 2011-08-07 15:12 65024 --sha-r- c:\windows\SysWow64\gpprnextj.dll
2011-08-07 15:03 . 2011-08-07 17:48 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Millennia
2011-08-07 14:32 . 1999-11-23 00:01 276992 ----a-w- c:\windows\SysWow64\LFCMP11n.DLL
2011-08-07 14:32 . 1999-11-22 03:52 41472 ----a-w- c:\windows\SysWow64\lfgif11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 31232 ----a-w- c:\windows\SysWow64\lfeps11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 80896 ----a-w- c:\windows\SysWow64\lffax11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 35328 ----a-w- c:\windows\SysWow64\lfcal11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 36864 ----a-w- c:\windows\SysWow64\lfbmp11n.dll
2011-08-07 14:32 . 2011-08-07 14:35 -------- d-----w- c:\program files (x86)\Legacy
2011-08-04 12:03 . 2011-08-04 12:03 -------- d-----w- c:\program files (x86)\FOTONICA
2011-07-25 09:01 . 2011-07-25 09:01 -------- d-----w- c:\program files\iPod
2011-07-25 09:01 . 2011-07-25 09:01 -------- d-----w- c:\program files\iTunes
2011-07-25 09:01 . 2011-07-25 09:01 -------- d-----w- c:\program files (x86)\iTunes
2011-07-25 08:59 . 2011-07-25 08:59 -------- d-----w- c:\program files\Bonjour
2011-07-25 08:59 . 2011-07-25 08:59 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-20 11:22 . 2011-07-20 11:25 -------- d-----w- c:\program files (x86)\Proun
2011-07-19 09:20 . 2011-07-19 09:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-19 09:20 . 2011-07-19 09:20 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-19 08:51 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-07-19 08:47 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-07-19 08:47 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-07-19 08:47 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-07-19 08:47 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-07-19 08:47 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-07-19 08:47 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-19 08:47 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-07-19 08:47 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-07-19 08:47 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-07-19 08:47 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-07-19 08:47 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 04:53 . 2010-09-08 07:48 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 01:34 . 2011-07-12 01:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 01:34 . 2011-07-12 01:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 01:34 . 2011-07-12 01:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 01:34 . 2011-07-12 01:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 01:20 . 2011-07-12 01:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 01:20 . 2011-07-12 01:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 01:20 . 2011-07-12 01:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 01:20 . 2011-07-12 01:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-05 02:12 . 2011-07-05 02:12 160520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2011-07-05 01:33 . 2011-07-05 01:33 0 ---ha-w- c:\users\Fluffy\AppData\Local\BIT5E5C.tmp
2011-06-19 11:52 . 2011-06-19 11:52 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-06-19 11:52 . 2011-06-19 11:52 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-06-11 09:33 . 2011-04-25 11:33 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-06-03 05:57 . 2011-07-19 08:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:30 . 2011-07-05 09:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-07-05 09:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 11:42 . 2011-07-05 09:16 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-07-05 09:16 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-07-05 09:16 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-07-05 09:16 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-07-05 09:16 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
c:\users\Fluffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-8 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PowerSwitch.lnk - c:\windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe [2011-6-28 9662]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-06-30 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 16776]
R3 EUDSKACS;EUDSKACS;c:\windows\sysWow64\drivers\eudskacs.sys [2009-12-02 17800]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\sysWow64\drivers\eubakup.sys [2009-12-02 30600]
S0 EUFS;EUFS;c:\windows\sysWow64\drivers\eufs.sys [2009-12-02 26504]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-16 194496]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\fba_Documents.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\fba_Game Stuff.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\fba_Legacy Data.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\fba_Movies.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\fba_Music.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\fba_Our Pictures.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\fba_Our Videos.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\fba_Zips.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-06-11 07:24]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 08:11]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 08:11]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200592571-1787147183-1501935079-1001Core.job
- c:\users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 08:05]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200592571-1787147183-1501935079-1001UA.job
- c:\users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 08:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.news.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Wow6432Node-HKCU-Run-FBackup Scheduler - (no file)
Wow6432Node-HKCU-Run-FBackup 4 - (no file)
AddRemove-LEGO LOCO - c:\program files (x86)\LEGO Media\Constructive\LEGO LOCO\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3200592571-1787147183-1501935079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Softland\FBackup 4\FBackup.exe
c:\program files (x86)\Softland\FBackup 4\fbaSched.exe
.
**************************************************************************
.
Completion time: 2011-08-17 19:26:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 09:26
.
Pre-Run: 177,818,595,328 bytes free
Post-Run: 177,829,822,464 bytes free
.
- - End Of File - - B04B9F1DF0F7B330B4C172DFDADCD594


Not sure if any problems were resolved as MS Security Essentials is still disabled, though google searches seem to be working ok just after reboot.
But I have previously experienced where they work initially and than get redirected.
Look forward to your advice.
Cheers.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 17 August 2011 - 07:25 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\SysWow64\gpprnextj.dll


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:06:13 PM

Posted 18 August 2011 - 08:25 AM

Gringo,


Thanks for script, I ran it and post log as follows. Just to confirm, I disabled Panda Antivirus and turned off internet access before running combofix. I still have errors with the Microsoft security, have attached error images. A bit concerned because I am operating without a firewall at the moment, I could install a third party firewall but I'd love to resolve these errors first. Computer is otherwise running ok, but chrome seems a bit slow to start up. Out of interest what have you seen as infected/ by what? Are there any sites you can recommend for brushing up on malware knowledge, it would be good to know what you are looking for. Anyway here is the log ====================>


ComboFix 11-08-16.05 - Fluffy 18/08/2011 22:38:51.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2679 [GMT 10:00]
Running from: d:\zips\Security\ComboFix.exe
Command switches used :: c:\users\Fluffy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\SysWow64\gpprnextj.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\gpprnextj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 12:44 . 2011-08-18 12:46 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2011-08-18 12:44 . 2011-08-18 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-09 14:19 . 2011-08-09 14:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-09 13:46 . 2011-08-09 14:19 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-09 13:45 . 2011-08-09 13:45 -------- d-----w- c:\programdata\Hitman Pro
2011-08-09 12:51 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-09 12:51 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-07 17:50 . 2011-08-07 17:50 -------- d-----w- c:\windows\en
2011-08-07 17:47 . 2011-08-07 17:47 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-07 17:46 . 2011-08-07 17:46 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ec1950251cc552903\MeshBetaRemover.exe
2011-08-07 17:26 . 2011-08-07 17:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-07 17:15 . 2011-08-07 17:55 -------- d-----w- c:\programdata\Lavasoft
2011-08-07 17:15 . 2011-08-07 17:15 -------- d-----w- c:\program files (x86)\Lavasoft
2011-08-07 17:07 . 2011-08-07 17:07 388096 ----a-r- c:\users\Fluffy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-07 17:07 . 2011-08-07 17:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-07 16:42 . 2011-08-07 16:42 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Panda Security
2011-08-07 16:41 . 2011-08-07 16:41 -------- d-----w- c:\programdata\Panda Security
2011-08-07 16:41 . 2011-08-07 16:41 -------- d-----w- c:\program files (x86)\Panda Security
2011-08-07 16:26 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EECFDA1-10B5-4A55-910B-DCD3FD5EA7A2}\mpengine.dll
2011-08-07 16:26 . 2011-08-07 16:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-07 16:26 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-07 16:00 . 2011-08-07 16:00 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Malwarebytes
2011-08-07 15:59 . 2011-07-06 09:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-07 15:59 . 2011-08-07 16:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-07 15:59 . 2011-08-07 15:59 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 15:59 . 2011-07-06 09:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 15:03 . 2011-08-07 17:48 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Millennia
2011-08-07 14:32 . 1999-11-23 00:01 276992 ----a-w- c:\windows\SysWow64\LFCMP11n.DLL
2011-08-07 14:32 . 1999-11-22 03:52 41472 ----a-w- c:\windows\SysWow64\lfgif11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 31232 ----a-w- c:\windows\SysWow64\lfeps11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 80896 ----a-w- c:\windows\SysWow64\lffax11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 35328 ----a-w- c:\windows\SysWow64\lfcal11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 36864 ----a-w- c:\windows\SysWow64\lfbmp11n.dll
2011-08-07 14:32 . 2011-08-07 14:35 -------- d-----w- c:\program files (x86)\Legacy
2011-08-04 12:03 . 2011-08-04 12:03 -------- d-----w- c:\program files (x86)\FOTONICA
2011-07-25 09:01 . 2011-07-25 09:01 -------- d-----w- c:\program files\iPod
2011-07-25 09:01 . 2011-07-25 09:01 -------- d-----w- c:\program files\iTunes
2011-07-25 09:01 . 2011-07-25 09:01 -------- d-----w- c:\program files (x86)\iTunes
2011-07-25 08:59 . 2011-07-25 08:59 -------- d-----w- c:\program files\Bonjour
2011-07-25 08:59 . 2011-07-25 08:59 -------- d-----w- c:\program files (x86)\Bonjour
2011-07-20 11:22 . 2011-07-20 11:25 -------- d-----w- c:\program files (x86)\Proun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 09:20 . 2011-07-19 09:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-19 09:20 . 2011-07-19 09:20 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-13 04:53 . 2010-09-08 07:48 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 01:34 . 2011-07-12 01:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 01:34 . 2011-07-12 01:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 01:34 . 2011-07-12 01:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 01:34 . 2011-07-12 01:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 01:20 . 2011-07-12 01:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 01:20 . 2011-07-12 01:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 01:20 . 2011-07-12 01:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 01:20 . 2011-07-12 01:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-05 02:12 . 2011-07-05 02:12 160520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2011-07-05 01:33 . 2011-07-05 01:33 0 ---ha-w- c:\users\Fluffy\AppData\Local\BIT5E5C.tmp
2011-06-19 11:52 . 2011-06-19 11:52 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-06-19 11:52 . 2011-06-19 11:52 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-06-11 09:33 . 2011-04-25 11:33 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-06-11 03:07 . 2011-07-19 08:51 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:57 . 2011-07-19 08:49 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-03 06:57 . 2011-07-19 08:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-06-03 06:57 . 2011-07-19 08:49 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-06-03 06:57 . 2011-07-19 08:49 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 06:57 . 2011-07-19 08:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-06-03 06:56 . 2011-07-19 09:03 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 06:53 . 2011-07-19 08:49 338944 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 06:44 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-03 06:00 . 2011-07-19 08:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-06-03 05:57 . 2011-07-19 08:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-03 05:57 . 2011-07-19 08:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-06-03 05:56 . 2011-07-19 08:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-03 05:56 . 2011-07-19 09:03 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-06-03 05:47 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-03 03:53 . 2011-07-19 08:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-06-03 03:53 . 2011-07-19 08:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-06-03 03:48 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-06-03 03:48 . 2011-07-19 09:03 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-05-28 03:30 . 2011-07-05 09:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-07-05 09:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 11:42 . 2011-07-05 09:16 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-07-05 09:16 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-07-05 09:16 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-07-05 09:16 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-07-05 09:16 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-17_09.20.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-07 07:23 . 2011-08-17 09:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-07 07:23 . 2011-08-18 12:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-07 07:23 . 2011-08-17 09:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-07 07:23 . 2011-08-18 12:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-17 09:19 . 2011-08-17 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-18 12:45 . 2011-08-18 12:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-18 12:45 . 2011-08-18 12:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-17 09:19 . 2011-08-17 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-08-17 09:17 257520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-18 12:44 257520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-04 14:32 . 2011-08-17 19:36 1089736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-04 14:32 . 2011-08-17 09:17 1089736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-07 12:02 . 2011-08-18 12:44 2200936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3200592571-1787147183-1501935079-1001-8192.dat
- 2010-09-07 12:02 . 2011-08-17 09:17 2200936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3200592571-1787147183-1501935079-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
c:\users\Fluffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-8 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PowerSwitch.lnk - c:\windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe [2011-6-28 9662]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-06-30 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 16776]
R3 EUDSKACS;EUDSKACS;c:\windows\sysWow64\drivers\eudskacs.sys [2009-12-02 17800]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\sysWow64\drivers\eubakup.sys [2009-12-02 30600]
S0 EUFS;EUFS;c:\windows\sysWow64\drivers\eufs.sys [2009-12-02 26504]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-16 194496]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\fba_Documents.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\fba_Game Stuff.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\fba_Legacy Data.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\fba_Movies.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\fba_Music.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\fba_Our Pictures.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\fba_Our Videos.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\fba_Zips.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-06-11 07:24]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 08:11]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 08:11]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200592571-1787147183-1501935079-1001Core.job
- c:\users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 08:05]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200592571-1787147183-1501935079-1001UA.job
- c:\users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 08:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.news.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3200592571-1787147183-1501935079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Softland\FBackup 4\fbaSched.exe
c:\program files (x86)\Softland\FBackup 4\FBackup.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-08-18 22:52:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 12:52
ComboFix2.txt 2011-08-17 09:26
.
Pre-Run: 177,943,228,416 bytes free
Post-Run: 177,855,455,232 bytes free
.
- - End Of File - - 201F8F79A1EDF25C6E158176954E07CB


Many thanks for your continued help.

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 18 August 2011 - 12:50 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:06:13 PM

Posted 21 August 2011 - 02:22 AM

Gringo,

Thanks for help on this, I ran TDSSKiller and attach log. Unfortunately it did not seem to identify any issues during its scan, unless you can read something into the log. I still have errors with the Microsoft security and firewall disabled and have had slow shutdown and reboots, but might be a coincidence. Do viruses corrupt the Msoft security system files that much that there's no redemption? . Anyway here is the log ====================>

2011/08/21 17:11:56.0279 6068 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/21 17:11:57.0408 6068 ================================================================================
2011/08/21 17:11:57.0409 6068 SystemInfo:
2011/08/21 17:11:57.0409 6068
2011/08/21 17:11:57.0409 6068 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/21 17:11:57.0409 6068 Product type: Workstation
2011/08/21 17:11:57.0409 6068 ComputerName: FLUFFY-PC
2011/08/21 17:11:57.0409 6068 UserName: Fluffy
2011/08/21 17:11:57.0409 6068 Windows directory: C:\Windows
2011/08/21 17:11:57.0409 6068 System windows directory: C:\Windows
2011/08/21 17:11:57.0410 6068 Running under WOW64
2011/08/21 17:11:57.0410 6068 Processor architecture: Intel x64
2011/08/21 17:11:57.0410 6068 Number of processors: 4
2011/08/21 17:11:57.0410 6068 Page size: 0x1000
2011/08/21 17:11:57.0410 6068 Boot type: Normal boot
2011/08/21 17:11:57.0410 6068 ================================================================================
2011/08/21 17:12:00.0086 6068 Initialize success
2011/08/21 17:12:02.0231 5332 ================================================================================
2011/08/21 17:12:02.0231 5332 Scan started
2011/08/21 17:12:02.0231 5332 Mode: Manual;
2011/08/21 17:12:02.0231 5332 ================================================================================
2011/08/21 17:12:03.0645 5332 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/21 17:12:03.0759 5332 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/21 17:12:03.0807 5332 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/21 17:12:03.0874 5332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/21 17:12:03.0951 5332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/21 17:12:04.0000 5332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/21 17:12:04.0092 5332 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/21 17:12:04.0147 5332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/21 17:12:04.0201 5332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/21 17:12:04.0277 5332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/21 17:12:04.0324 5332 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/08/21 17:12:04.0368 5332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/21 17:12:04.0648 5332 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/21 17:12:04.0923 5332 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/21 17:12:04.0976 5332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/21 17:12:05.0014 5332 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/21 17:12:05.0055 5332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/21 17:12:05.0100 5332 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/21 17:12:05.0172 5332 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/21 17:12:05.0245 5332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/21 17:12:05.0276 5332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/21 17:12:05.0309 5332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/21 17:12:05.0363 5332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/21 17:12:05.0440 5332 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/08/21 17:12:05.0504 5332 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/21 17:12:05.0589 5332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/21 17:12:05.0651 5332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/21 17:12:05.0700 5332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/21 17:12:05.0757 5332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/21 17:12:05.0816 5332 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/21 17:12:05.0840 5332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/21 17:12:05.0871 5332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/21 17:12:05.0942 5332 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
2011/08/21 17:12:05.0985 5332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/21 17:12:06.0043 5332 BrSerIf (80e52ef092f3dad03e0ee15e64f97245) C:\Windows\system32\DRIVERS\BrSerIf.sys
2011/08/21 17:12:06.0070 5332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/21 17:12:06.0101 5332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/21 17:12:06.0133 5332 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2011/08/21 17:12:06.0157 5332 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
2011/08/21 17:12:06.0181 5332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/21 17:12:06.0383 5332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/21 17:12:06.0449 5332 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/21 17:12:06.0512 5332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/21 17:12:06.0566 5332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/21 17:12:06.0698 5332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/21 17:12:06.0736 5332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/21 17:12:06.0796 5332 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/21 17:12:06.0843 5332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/21 17:12:06.0902 5332 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/21 17:12:06.0994 5332 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
2011/08/21 17:12:07.0027 5332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/21 17:12:07.0108 5332 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/21 17:12:07.0218 5332 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/21 17:12:07.0270 5332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/21 17:12:07.0318 5332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/21 17:12:07.0400 5332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/21 17:12:07.0476 5332 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/21 17:12:07.0614 5332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/21 17:12:07.0778 5332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/21 17:12:07.0862 5332 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/08/21 17:12:07.0900 5332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/21 17:12:07.0987 5332 EuDisk (ce1f5cdcd1df4b0b574033b37784b57f) C:\Windows\system32\DRIVERS\EuDisk.sys
2011/08/21 17:12:08.0057 5332 EUDSKACS (081a23848c5c2c3076e55047321b28cd) C:\Windows\sysWow64\drivers\eudskacs.sys
2011/08/21 17:12:08.0133 5332 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/08/21 17:12:08.0182 5332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/21 17:12:08.0224 5332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/21 17:12:08.0260 5332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/21 17:12:08.0333 5332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/21 17:12:08.0374 5332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/21 17:12:08.0414 5332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/21 17:12:08.0469 5332 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/21 17:12:08.0524 5332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/21 17:12:08.0575 5332 fssfltr (96ac62f059225e543e4ab0fc44db6024) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/21 17:12:08.0616 5332 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/21 17:12:08.0665 5332 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/21 17:12:08.0703 5332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/21 17:12:08.0750 5332 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/08/21 17:12:08.0796 5332 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/21 17:12:08.0878 5332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/21 17:12:08.0940 5332 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/21 17:12:09.0008 5332 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/21 17:12:09.0035 5332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/21 17:12:09.0068 5332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/21 17:12:09.0108 5332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/21 17:12:09.0163 5332 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/21 17:12:09.0263 5332 hotcore3 (645eaafe8ce610c2d74751e72f0a6e24) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/08/21 17:12:09.0301 5332 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/21 17:12:09.0383 5332 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/21 17:12:09.0451 5332 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/21 17:12:09.0498 5332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/21 17:12:09.0549 5332 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/21 17:12:09.0626 5332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/21 17:12:09.0683 5332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/21 17:12:09.0722 5332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/21 17:12:09.0778 5332 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/21 17:12:09.0827 5332 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/21 17:12:09.0855 5332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/21 17:12:09.0928 5332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/21 17:12:09.0977 5332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/21 17:12:10.0019 5332 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/21 17:12:10.0097 5332 ivusb (2f9f76349bb8c578873a58c840ba0589) C:\Windows\system32\DRIVERS\ivusb.sys
2011/08/21 17:12:10.0137 5332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/21 17:12:10.0185 5332 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/21 17:12:10.0245 5332 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/21 17:12:10.0299 5332 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/21 17:12:10.0338 5332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/21 17:12:10.0450 5332 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/08/21 17:12:10.0504 5332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/21 17:12:10.0569 5332 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/08/21 17:12:10.0634 5332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/21 17:12:10.0662 5332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/21 17:12:10.0692 5332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/21 17:12:10.0719 5332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/21 17:12:10.0754 5332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/21 17:12:10.0809 5332 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/21 17:12:10.0845 5332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/21 17:12:10.0897 5332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/21 17:12:10.0950 5332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/21 17:12:10.0981 5332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/21 17:12:11.0030 5332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/21 17:12:11.0062 5332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/21 17:12:11.0115 5332 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/21 17:12:11.0196 5332 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/21 17:12:11.0251 5332 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/21 17:12:11.0291 5332 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/21 17:12:11.0326 5332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/21 17:12:11.0382 5332 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/21 17:12:11.0429 5332 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/21 17:12:11.0477 5332 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/21 17:12:11.0514 5332 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/21 17:12:11.0554 5332 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/21 17:12:11.0605 5332 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/21 17:12:11.0675 5332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/21 17:12:11.0725 5332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/21 17:12:11.0769 5332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/21 17:12:11.0836 5332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/21 17:12:11.0871 5332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/21 17:12:11.0904 5332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/21 17:12:11.0964 5332 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/21 17:12:12.0011 5332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/21 17:12:12.0045 5332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/21 17:12:12.0071 5332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/21 17:12:12.0114 5332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/21 17:12:12.0190 5332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/21 17:12:12.0263 5332 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/21 17:12:12.0334 5332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/21 17:12:12.0366 5332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/21 17:12:12.0415 5332 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/21 17:12:12.0449 5332 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/21 17:12:12.0482 5332 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/21 17:12:12.0531 5332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/21 17:12:12.0589 5332 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/21 17:12:12.0685 5332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/21 17:12:12.0726 5332 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/21 17:12:12.0788 5332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/21 17:12:12.0841 5332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/21 17:12:12.0939 5332 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/21 17:12:13.0015 5332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/21 17:12:13.0073 5332 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/21 17:12:13.0123 5332 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/21 17:12:13.0171 5332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/21 17:12:13.0220 5332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/21 17:12:13.0280 5332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/21 17:12:13.0324 5332 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/21 17:12:13.0362 5332 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/21 17:12:13.0388 5332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/21 17:12:13.0414 5332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/21 17:12:13.0445 5332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/21 17:12:13.0489 5332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/21 17:12:13.0677 5332 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/21 17:12:13.0719 5332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/21 17:12:13.0803 5332 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/21 17:12:13.0888 5332 PSINAflt (54d6ff8e88be3a7685a9727222ce70ef) C:\Windows\system32\DRIVERS\PSINAflt.sys
2011/08/21 17:12:13.0940 5332 PSINFile (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys
2011/08/21 17:12:13.0990 5332 PSINKNC (2dd99f249699d69bb5fb455a405e724a) C:\Windows\system32\DRIVERS\psinknc.sys
2011/08/21 17:12:14.0032 5332 PSINProc (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys
2011/08/21 17:12:14.0060 5332 PSINProt (8ce7ccb7ba1e79d78d25cb964dd5393e) C:\Windows\system32\DRIVERS\PSINProt.sys
2011/08/21 17:12:14.0144 5332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/21 17:12:14.0227 5332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/21 17:12:14.0270 5332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/21 17:12:14.0299 5332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/21 17:12:14.0365 5332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/21 17:12:14.0426 5332 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/21 17:12:14.0477 5332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/21 17:12:14.0513 5332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/21 17:12:14.0560 5332 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/21 17:12:14.0599 5332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/21 17:12:14.0636 5332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/21 17:12:14.0692 5332 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/21 17:12:14.0740 5332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/21 17:12:14.0787 5332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/21 17:12:14.0845 5332 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/21 17:12:14.0902 5332 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/21 17:12:14.0951 5332 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/21 17:12:15.0021 5332 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/08/21 17:12:15.0095 5332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/21 17:12:15.0159 5332 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/08/21 17:12:15.0200 5332 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/21 17:12:15.0257 5332 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/21 17:12:15.0339 5332 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/21 17:12:15.0418 5332 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
2011/08/21 17:12:15.0481 5332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/21 17:12:15.0512 5332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/21 17:12:15.0553 5332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/21 17:12:15.0632 5332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/21 17:12:15.0669 5332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/21 17:12:15.0698 5332 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/21 17:12:15.0726 5332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/21 17:12:15.0784 5332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/21 17:12:15.0830 5332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/21 17:12:15.0877 5332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/21 17:12:15.0940 5332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/21 17:12:16.0035 5332 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/21 17:12:16.0089 5332 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/21 17:12:16.0143 5332 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/21 17:12:16.0222 5332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/21 17:12:16.0275 5332 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/21 17:12:16.0322 5332 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/21 17:12:16.0364 5332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/21 17:12:16.0539 5332 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/08/21 17:12:16.0691 5332 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/21 17:12:16.0764 5332 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/21 17:12:16.0806 5332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/21 17:12:16.0844 5332 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/21 17:12:16.0892 5332 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/21 17:12:16.0938 5332 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/21 17:12:17.0041 5332 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/21 17:12:17.0089 5332 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/21 17:12:17.0186 5332 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/21 17:12:17.0223 5332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/21 17:12:17.0278 5332 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/21 17:12:17.0347 5332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/21 17:12:17.0387 5332 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/21 17:12:17.0422 5332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/21 17:12:17.0499 5332 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/21 17:12:17.0552 5332 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/21 17:12:17.0619 5332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/21 17:12:17.0673 5332 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/21 17:12:17.0728 5332 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/08/21 17:12:17.0780 5332 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/21 17:12:17.0833 5332 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/21 17:12:17.0878 5332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/21 17:12:17.0925 5332 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/21 17:12:17.0970 5332 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/21 17:12:18.0003 5332 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/21 17:12:18.0074 5332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/21 17:12:18.0117 5332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/21 17:12:18.0144 5332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/21 17:12:18.0226 5332 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/21 17:12:18.0261 5332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/21 17:12:18.0304 5332 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/21 17:12:18.0340 5332 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/21 17:12:18.0372 5332 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/21 17:12:18.0420 5332 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/21 17:12:18.0461 5332 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/21 17:12:18.0504 5332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/21 17:12:18.0541 5332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/21 17:12:18.0583 5332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/21 17:12:18.0626 5332 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/21 17:12:18.0652 5332 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/21 17:12:18.0738 5332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/21 17:12:18.0793 5332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/21 17:12:18.0916 5332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/21 17:12:18.0950 5332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/21 17:12:19.0086 5332 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/21 17:12:19.0156 5332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/21 17:12:19.0236 5332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/21 17:12:19.0334 5332 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/21 17:12:19.0375 5332 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/21 17:12:19.0994 5332 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/21 17:12:20.0124 5332 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/08/21 17:12:20.0152 5332 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
2011/08/21 17:12:20.0182 5332 Boot (0x1200) (971142de121e8d905250b7ebdd62049b) \Device\Harddisk0\DR0\Partition0
2011/08/21 17:12:20.0233 5332 Boot (0x1200) (293304aa73490b2faf34600cf37e1582) \Device\Harddisk0\DR0\Partition1
2011/08/21 17:12:20.0255 5332 Boot (0x1200) (1e86efdab52507285b3a4777ec25ecce) \Device\Harddisk1\DR1\Partition0
2011/08/21 17:12:20.0298 5332 Boot (0x1200) (3b7d9602f7bffe4f90d7a38ebcb5c2f4) \Device\Harddisk1\DR1\Partition1
2011/08/21 17:12:20.0320 5332 Boot (0x1200) (d20d73c2a07a817c1f13fba4e4da775e) \Device\Harddisk2\DR2\Partition0
2011/08/21 17:12:20.0351 5332 Boot (0x1200) (64fe6efa1d726c98dcb4fafcc51dd240) \Device\Harddisk2\DR2\Partition1
2011/08/21 17:12:20.0371 5332 ================================================================================
2011/08/21 17:12:20.0372 5332 Scan finished
2011/08/21 17:12:20.0372 5332 ================================================================================
2011/08/21 17:12:20.0395 5620 Detected object count: 0
2011/08/21 17:12:20.0395 5620 Actual detected object count: 0

Thanks.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 21 August 2011 - 02:58 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 24 August 2011 - 05:23 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:06:13 PM

Posted 24 August 2011 - 07:08 AM

Hi Gringo,

I have not had much luck with trying to run aswMBR successfully. I can run it to the point where it updates the virus definitions, but when I go to scan it locks up and doesn't perform a scan. The log I am able to create is======>


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-24 21:15:05
-----------------------------
21:15:05.599 OS Version: Windows x64 6.1.7601 Service Pack 1
21:15:05.599 Number of processors: 4 586 0x403
21:15:05.615 ComputerName: FLUFFY-PC UserName: Fluffy
21:15:07.128 Initialize success
21:19:34.106 AVAST engine defs: 11082400
21:27:25.593 The log file has been saved successfully to "C:\Users\Fluffy\Desktop\aswMBR.txt"


But that's as far as I can go. Have tried to run scan a few times now but it always becomes unresponsive.
Also I have noticed that my PC is not logging off as it now gets stuck in shutdown.

Thanks.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 24 August 2011 - 07:24 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ishtar

ishtar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane
  • Local time:06:13 PM

Posted 25 August 2011 - 07:24 AM

Hi Gringo,

Ran new Combofix as requested here is log ======================>


ComboFix 11-08-24.06 - Fluffy 25/08/2011 21:46:10.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2555 [GMT 10:00]
Running from: c:\users\Fluffy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 11:58 . 2011-08-25 12:00 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2011-08-25 11:58 . 2011-08-25 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-09 14:19 . 2011-08-09 14:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-09 13:46 . 2011-08-09 14:19 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-09 13:45 . 2011-08-09 13:45 -------- d-----w- c:\programdata\Hitman Pro
2011-08-09 12:51 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-09 12:51 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-07 17:50 . 2011-08-07 17:50 -------- d-----w- c:\windows\en
2011-08-07 17:47 . 2011-08-07 17:47 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-07 17:46 . 2011-08-07 17:46 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ec1950251cc552903\MeshBetaRemover.exe
2011-08-07 17:26 . 2011-08-07 17:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-07 17:15 . 2011-08-07 17:55 -------- d-----w- c:\programdata\Lavasoft
2011-08-07 17:15 . 2011-08-07 17:15 -------- d-----w- c:\program files (x86)\Lavasoft
2011-08-07 17:07 . 2011-08-07 17:07 388096 ----a-r- c:\users\Fluffy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-07 17:07 . 2011-08-07 17:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-07 16:42 . 2011-08-07 16:42 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Panda Security
2011-08-07 16:41 . 2011-08-07 16:41 -------- d-----w- c:\programdata\Panda Security
2011-08-07 16:41 . 2011-08-07 16:41 -------- d-----w- c:\program files (x86)\Panda Security
2011-08-07 16:26 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EECFDA1-10B5-4A55-910B-DCD3FD5EA7A2}\mpengine.dll
2011-08-07 16:26 . 2011-08-07 16:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-07 16:26 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-07 16:00 . 2011-08-07 16:00 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Malwarebytes
2011-08-07 15:59 . 2011-07-06 09:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-07 15:59 . 2011-08-07 16:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-07 15:59 . 2011-08-07 15:59 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 15:59 . 2011-07-06 09:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-07 15:03 . 2011-08-07 17:48 -------- d-----w- c:\users\Fluffy\AppData\Roaming\Millennia
2011-08-07 14:32 . 1999-11-23 00:01 276992 ----a-w- c:\windows\SysWow64\LFCMP11n.DLL
2011-08-07 14:32 . 1999-11-22 03:52 41472 ----a-w- c:\windows\SysWow64\lfgif11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 31232 ----a-w- c:\windows\SysWow64\lfeps11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 80896 ----a-w- c:\windows\SysWow64\lffax11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 35328 ----a-w- c:\windows\SysWow64\lfcal11n.dll
2011-08-07 14:32 . 1999-11-22 03:52 36864 ----a-w- c:\windows\SysWow64\lfbmp11n.dll
2011-08-07 14:32 . 2011-08-07 14:35 -------- d-----w- c:\program files (x86)\Legacy
2011-08-04 12:03 . 2011-08-04 12:03 -------- d-----w- c:\program files (x86)\FOTONICA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 09:20 . 2011-07-19 09:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-07-19 09:20 . 2011-07-19 09:20 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-13 04:53 . 2010-09-08 07:48 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 01:34 . 2011-07-12 01:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 01:34 . 2011-07-12 01:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 01:34 . 2011-07-12 01:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 01:34 . 2011-07-12 01:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 01:20 . 2011-07-12 01:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 01:20 . 2011-07-12 01:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 01:20 . 2011-07-12 01:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 01:20 . 2011-07-12 01:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-05 02:12 . 2011-07-05 02:12 160520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2011-07-05 01:33 . 2011-07-05 01:33 0 ---ha-w- c:\users\Fluffy\AppData\Local\BIT5E5C.tmp
2011-06-19 11:52 . 2011-06-19 11:52 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-06-19 11:52 . 2011-06-19 11:52 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-06-11 09:33 . 2011-04-25 11:33 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-06-11 03:07 . 2011-07-19 08:51 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:57 . 2011-07-19 08:49 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-03 06:57 . 2011-07-19 08:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-06-03 06:57 . 2011-07-19 08:49 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-06-03 06:57 . 2011-07-19 08:49 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 06:57 . 2011-07-19 08:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-06-03 06:56 . 2011-07-19 09:03 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 06:53 . 2011-07-19 08:49 338944 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 06:44 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-06-03 06:44 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-06-03 06:00 . 2011-07-19 08:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-06-03 05:57 . 2011-07-19 08:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-03 05:57 . 2011-07-19 08:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-06-03 05:56 . 2011-07-19 08:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-06-03 05:56 . 2011-07-19 09:03 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-06-03 05:47 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-06-03 05:47 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-06-03 03:53 . 2011-07-19 08:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-06-03 03:53 . 2011-07-19 08:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-06-03 03:48 . 2011-07-19 09:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48 . 2011-07-19 09:03 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48 . 2011-07-19 09:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-06-03 03:48 . 2011-07-19 09:03 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-05-28 03:30 . 2011-07-05 09:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-07-05 09:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-17_09.20.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-07 07:23 . 2011-08-17 09:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-07 07:23 . 2011-08-25 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-07 07:23 . 2011-08-17 09:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-07 07:23 . 2011-08-25 11:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-17 09:19 . 2011-08-17 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-25 11:59 . 2011-08-25 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-17 09:19 . 2011-08-17 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-25 11:59 . 2011-08-25 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-08-25 11:58 257520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-17 09:17 257520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-04 14:32 . 2011-08-25 11:58 1089736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-04 14:32 . 2011-08-17 09:17 1089736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-07 12:02 . 2011-08-25 11:58 2314140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3200592571-1787147183-1501935079-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"FBackup Scheduler"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
.
c:\users\Fluffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-9-8 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PowerSwitch.lnk - c:\windows\Installer\{57E62977-39DC-4F5D-BDEB-101DE4564507}\_797E8DB853A3BB846B8366.exe [2011-6-28 9662]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-06-30 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 48381975;48381975;c:\windows\system32\drivers\19914568.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 16776]
R3 EUDSKACS;EUDSKACS;c:\windows\sysWow64\drivers\eudskacs.sys [2009-12-02 17800]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 9096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 EUBAKUP;EUBAKUP;c:\windows\sysWow64\drivers\eubakup.sys [2009-12-02 30600]
S0 EUFS;EUFS;c:\windows\sysWow64\drivers\eufs.sys [2009-12-02 26504]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-16 194496]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-25 c:\windows\Tasks\fba_Documents.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\fba_Game Stuff.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\fba_Legacy Data.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\fba_Movies.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\fba_Music.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\fba_Our Pictures.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\fba_Our Videos.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\fba_Zips.job
- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2010-09-08 06:47]
.
2011-08-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-06-11 07:24]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 08:11]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-07 08:11]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200592571-1787147183-1501935079-1001Core.job
- c:\users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 08:05]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3200592571-1787147183-1501935079-1001UA.job
- c:\users\Fluffy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-07 08:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.news.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-48381975.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3200592571-1787147183-1501935079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Softland\FBackup 4\fbaSched.exe
c:\program files (x86)\Softland\FBackup 4\FBackup.exe
.
**************************************************************************
.
Completion time: 2011-08-25 22:09:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 12:09
ComboFix2.txt 2011-08-18 12:52
ComboFix3.txt 2011-08-17 09:26
.
Pre-Run: 178,278,682,624 bytes free
Post-Run: 178,252,197,888 bytes free
.
- - End Of File - - 2FB92F1C7776C2D213811FD486796B5B



PC still chokes on shut down and has MS Security / firewall disabled.

Would love to hear you say that you can see the issue so that I can kill it.
Look forward to your advice.


Cheers

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 AM

Posted 01 September 2011 - 03:42 AM

Hello

sorry for losing you just seen you online

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users