Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Running 64-bit Windows with an infected MBR


  • This topic is locked This topic is locked
22 replies to this topic

#1 DeathReanimated

DeathReanimated

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 20 October 2011 - 06:45 PM

Hello all!

So I started off my first bleeping computer adventure in the 'Am I infected? What do I do?' forum board (which can be found here). To sum it all up so far though my laptop was first attacked on Monday (oct 17) when I visited a new website and was hit with a barrage of pop-ups claiming that I had hard disk errors and needed to purchase software to fix it (sorry, I don't remember exactly what the error messages said). At this point with the help of google I self-diagnosed and figured I had a system restore virus.

I used rkill and then scanned with the free version of Malwarebytes and deleted the malicious files it detected. Then I used my laptop's System Restore to try and reveal some of the files that had been hidden by the virus. It didn't bring them all back though so I also used unhide.exe and I thought my problems were solved.

When I opened my Webroot (Antivirus with Spy Sweeper) to scan my laptop though it reported that I had a 'Troj/TdlMbr-C' in the physical drive. The program said it deleted it but then Webroot security notifications kept repeatedly popping up saying that the threat 'Mal/TDSSConf-A' was being auto-quarantined from places like 'c:\users\owner\appdata\local\temp\tmp84a.tmp' (the file locations only varied with the numbers and letters used at the end; i.e. '\tmp###.tmp').

I've used MiniToolBox and tried TDSSKiller.exe. I've scanned with GMER (though I have a 64-bit system so I'm not sure if it was helpful). I've updated to the newest version of Java (JRE 7) and updated Adobe (Adobe Reader X). The last scan I did was the online ESET and it removed 2 Java Trojan files, but when I used Mbr.exe my helper (Moderator Boopme) instructed that I go to the Preparation Guide and complete steps 6-9 and post my results here.

I didn't run GMER because I have a 64-bit system and it told me not to but the rest of my results are here (I've been using quote boxes to separate results from other text but if that is bothersome just let me know and I'll stop).

At this point I'm not quite sure what to do now. So any help would be greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by owner at 17:41:28 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6125.2958 [GMT -5:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\explorer.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1296028224&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Elbserver] "C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe" /Stay
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [SHTtray.exe] "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B5E2928-3CE9-4218-B31A-B947B4325E55} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\2656C6B696E6E2635603 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\3516E6368656A7A61313 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun-x64: [SHTtray.exe] "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9z9l53ko.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-29 13336]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-8 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
R2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-8-10 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-8-11 836608]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2010-9-26 3997912]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-12 3381184]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-8 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-20 19:34:08 89088 ----a-w- C:\mbr.exe
2011-10-20 19:11:26 -------- d-----w- C:\Users\owner\AppData\Local\{B56C4F99-59A2-44C0-8E2E-EFA572D363D7}
2011-10-20 19:11:04 -------- d-----w- C:\Users\owner\AppData\Local\{22F034D8-3AD5-457B-8704-C119600F1CE6}
2011-10-20 04:52:21 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-20 04:44:46 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{381BE055-43C7-4FB3-BD49-26A9AA93D51E}\offreg.dll
2011-10-20 04:39:16 -------- d-----w- C:\Users\owner\AppData\Local\{7036F5B2-8F76-42C5-BCE1-2E8EB57C1DEC}
2011-10-20 04:38:42 -------- d-----w- C:\Users\owner\AppData\Local\{BAFC04FD-84C7-4DEB-AA7B-7C12ECFD72E3}
2011-10-18 22:19:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{381BE055-43C7-4FB3-BD49-26A9AA93D51E}\mpengine.dll
2011-10-18 12:25:50 -------- d-----w- C:\Users\owner\AppData\Local\{75E4B55E-95B2-4946-B84B-FD9BDEBE6AF2}
2011-10-18 12:25:41 -------- dc-h--w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2011-10-18 12:25:09 -------- d-----w- C:\Users\owner\AppData\Local\{77E584FA-6557-489C-ACAC-82ACC09A75F1}
2011-10-18 07:39:14 -------- d-----w- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-10-17 21:35:57 -------- d-----w- C:\Users\owner\AppData\Local\{486884AE-9D44-43BD-BDA6-2B41762ABAE3}
2011-10-17 21:35:16 -------- d-----w- C:\Users\owner\AppData\Local\{434C0ED2-BD7E-4986-96B7-1D694791B625}
2011-10-17 20:42:59 -------- d-----w- C:\Users\owner\AppData\Local\{42B6B35C-40D1-4702-B454-AFC45E45421C}
2011-10-17 20:42:41 -------- d-----w- C:\Users\owner\AppData\Local\{64DB11F9-67BB-4041-8BBA-4AD412200E4B}
2011-10-17 17:45:51 -------- d-----w- C:\Users\owner\AppData\Local\{CC69ED70-F737-4D2A-BFB1-9015F549874D}
2011-10-17 10:57:21 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
2011-10-17 10:48:31 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-17 10:48:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-17 01:30:03 -------- d-----w- C:\Users\owner\AppData\Local\{522E38FD-ECEA-4BAA-86EA-8828C872CFFD}
2011-10-17 01:29:39 -------- d-----w- C:\Users\owner\AppData\Local\{B92C1E99-BD2E-408C-AE13-B9A50A0C260A}
2011-10-15 16:40:13 -------- d-----w- C:\Users\owner\AppData\Local\{E379B8FD-BF8E-4157-BAFE-810B9E12FE0D}
2011-10-15 16:39:49 -------- d-----w- C:\Users\owner\AppData\Local\{A56EB208-47E3-4E38-B780-E19AF0E91EED}
2011-10-15 08:05:31 -------- d-----w- C:\Users\owner\AppData\Local\{82651BE1-88C6-462E-B890-18D86B972C10}
2011-10-15 08:04:10 -------- d-----w- C:\Users\owner\AppData\Local\{CB952459-D5CB-4E43-B8FA-19FDB4CA4628}
2011-10-13 17:46:05 -------- d-----w- C:\Users\owner\AppData\Local\{0921E771-ADE0-4476-9E71-2431CBDA292C}
2011-10-13 17:45:53 -------- d-----w- C:\Users\owner\AppData\Local\{2083E2A5-362A-49EE-827D-4901BC6234BE}
2011-10-13 06:47:54 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 06:47:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 06:47:53 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 06:47:53 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 06:47:52 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 06:47:32 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 06:47:32 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 06:47:32 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 06:47:31 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 00:20:38 -------- d-----w- C:\Program Files\iTunes
2011-10-13 00:20:38 -------- d-----w- C:\Program Files\iPod
2011-10-13 00:20:38 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-13 00:16:25 -------- d-----w- C:\Program Files\Bonjour
2011-10-13 00:16:25 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-12 17:18:43 -------- d-----w- C:\Users\owner\AppData\Local\{94A4888E-8341-4E79-B32A-3DFB744A3DBA}
2011-10-12 17:17:56 -------- d-----w- C:\Users\owner\AppData\Local\{9D5AEE09-7365-4057-9343-8375438505A1}
2011-10-11 12:24:40 -------- d-----w- C:\Users\owner\AppData\Local\{0D8FA4EE-58EB-4964-BDAA-B161747F98A0}
2011-10-11 12:24:15 -------- d-----w- C:\Users\owner\AppData\Local\{EFBF224E-6558-47AD-AC56-4FDFAA075427}
2011-10-10 15:34:23 -------- d-----w- C:\Users\owner\AppData\Local\{CE2B97CD-DA4C-4F7C-BDEB-5EA2E44431C7}
2011-10-10 15:34:09 -------- d-----w- C:\Users\owner\AppData\Local\{90818BCE-676E-4848-9028-1A9AD84C789B}
2011-10-09 16:34:03 -------- d-----w- C:\Users\owner\AppData\Local\{376BDB53-1F83-4D34-A5D5-5A4892EED35C}
2011-10-09 16:33:51 -------- d-----w- C:\Users\owner\AppData\Local\{AC528A52-51C9-4302-9F87-480500802A90}
2011-10-09 06:44:06 -------- d-----w- C:\Users\owner\AppData\Local\{DE6DBA43-C551-4D59-A6EF-E260E5714FEC}
2011-10-08 19:04:22 -------- d-----w- C:\Users\owner\AppData\Local\{205AE378-4880-4982-9A42-DFF2840BC570}
2011-10-07 20:13:18 -------- d-----w- C:\Users\owner\AppData\Local\{E049EC66-5708-46F3-8C6D-DFFBEC24BB41}
2011-10-07 20:11:03 -------- d-----w- C:\Users\owner\AppData\Local\{42F83CCD-3E1E-4748-8B10-76BAFA69F027}
2011-10-06 20:36:07 -------- d-----w- C:\Users\owner\AppData\Local\{0D5453BA-6C21-4E05-9643-0C4E2490602B}
2011-10-06 20:35:53 -------- d-----w- C:\Users\owner\AppData\Local\{9BD98289-67E0-4C75-881C-6D5D1F82A169}
2011-10-06 00:10:06 -------- d-----w- C:\Users\owner\AppData\Local\{AB2C660B-DCBA-4A11-BB6B-0CB590B5F506}
2011-10-06 00:09:53 -------- d-----w- C:\Users\owner\AppData\Local\{0FB079BC-0D8D-49AF-B0B2-64FB9487F040}
2011-10-06 00:08:16 1678 ----a-w- C:\DetectionData.tmp
2011-10-06 00:08:16 10598 ----a-w- C:\InformationalData.tmp
2011-10-05 20:57:54 -------- d-----w- C:\Users\owner\AppData\Local\{C0DF64A7-1E4E-4775-A675-70C4A52959DA}
2011-10-05 10:08:42 -------- d-----w- C:\Users\owner\AppData\Local\{197AE6B5-09D4-44AC-9FEB-2C4F36A5A105}
2011-10-05 08:21:00 -------- d-----w- C:\Users\owner\AppData\Local\{13BB3331-035B-45DC-8D05-A183E47315EB}
2011-10-05 08:14:30 -------- d-----w- C:\Users\owner\AppData\Local\{CC3632B5-D082-463B-8ACF-95D3B170DD29}
2011-10-05 08:04:43 -------- d-----w- C:\Users\owner\AppData\Local\{BBA02AC6-CB98-49EE-9E88-F2BB79920344}
2011-10-03 20:52:49 -------- d-----w- C:\Users\owner\AppData\Local\{28D854CF-09EA-4A36-B23B-E0ADA53AE101}
2011-10-03 20:52:25 -------- d-----w- C:\Users\owner\AppData\Local\{FA78BDF1-3354-478C-A1C2-655516F57E17}
2011-10-02 21:32:42 -------- d-----w- C:\Users\owner\AppData\Local\{17D7AB43-2D47-4BA4-A90E-F8FFCCD86085}
2011-10-02 21:32:07 -------- d-----w- C:\Users\owner\AppData\Local\{4B39D183-D2B7-4B59-8346-0835E8227B44}
2011-10-01 20:55:05 -------- d-----w- C:\Users\owner\AppData\Local\{A027196A-E4F0-410D-8BFE-7462D011A121}
2011-10-01 20:54:52 -------- d-----w- C:\Users\owner\AppData\Local\{708C137C-65F6-4EA9-9CCA-85A6188FC572}
2011-10-01 19:51:34 -------- d-----w- C:\Users\owner\AppData\Local\{F37B6926-3D45-4BE4-934B-FFA326F5762F}
2011-10-01 18:14:46 -------- d-----w- C:\Users\owner\AppData\Local\{6D5F6540-FFE0-4CED-B017-C0900976A049}
2011-09-30 20:51:01 -------- d-----w- C:\Users\owner\AppData\Local\{AF11D87E-4718-442E-91AF-2ABE176F4F03}
2011-09-30 20:50:46 -------- d-----w- C:\Users\owner\AppData\Local\{86A07783-53A0-4740-9597-6720106D48C1}
2011-09-29 17:52:39 -------- d-----w- C:\Users\owner\AppData\Local\{3A045D60-C9DF-4CF4-BC65-3F4BE2473D7C}
2011-09-29 17:52:13 -------- d-----w- C:\Users\owner\AppData\Local\{CF686B19-303D-43E3-835C-27AB33C61B98}
2011-09-28 19:51:07 -------- d-----w- C:\Users\owner\AppData\Local\{AA7F0BCE-A8CA-4757-AA50-601DEC7726F5}
2011-09-28 19:50:41 -------- d-----w- C:\Users\owner\AppData\Local\{ACB6F016-C409-4392-9B1A-7CB2D4E5C055}
2011-09-24 14:58:22 -------- d-----w- C:\Users\owner\AppData\Local\{45469CEF-1021-4D1F-B6A6-1E7DE5DC553F}
2011-09-24 14:57:57 -------- d-----w- C:\Users\owner\AppData\Local\{327EC4D8-BE3B-4843-BE3A-FC2BF9C94537}
2011-09-23 17:12:37 -------- d-----w- C:\Users\owner\AppData\Local\{8E0BBE37-0E35-4400-9621-E39C1231458A}
2011-09-23 17:12:24 -------- d-----w- C:\Users\owner\AppData\Local\{00D0630B-EDBC-4242-8640-705BDC2DEBBE}
2011-09-23 04:27:43 -------- d-----w- C:\Users\owner\AppData\Local\{E2DF44F5-21CD-4E52-8553-50BDE80CB0CD}
2011-09-23 04:27:13 -------- d-----w- C:\Users\owner\AppData\Local\{0201BBFA-282F-4864-9865-0052CA46807A}
2011-09-21 19:59:35 -------- d-----w- C:\Users\owner\AppData\Local\{82F163F3-A666-4F9B-A6FF-8F0C8DA18C94}
2011-09-21 19:59:21 -------- d-----w- C:\Users\owner\AppData\Local\{76126BFE-791F-4795-96DA-EF3878170286}
2011-09-21 03:55:47 116736 ----a-w- C:\Windows\System32\SonyVideoProcessor.dll
2011-09-21 03:55:47 104448 ----a-w- C:\Windows\SysWow64\SonyVideoProcessor.dll
.
==================== Find3M ====================
.
2011-10-20 04:44:08 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-13 17:46:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 17:52:29.22 ===============


Also here is my MBR log. Boopme said to post this up as well...

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

Attached Files


Edited by DeathReanimated, 20 October 2011 - 06:52 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:37 PM

Posted 22 October 2011 - 04:58 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 23 October 2011 - 10:03 AM

Last night I started Combofix and left my laptop alone to do its business. I woke up this morning (aprox. 8 hours later) though and the program seems to be stuck on 'Completed Stage_48'. Right now I'm on my dad's laptop, but I know Combofix is a pretty powerful program so I'm not sure what to do at this point...

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:37 PM

Posted 23 October 2011 - 12:34 PM

OK

It appears to have stalled

open task manager (Ctrl+Alt+Del) and look for proceeses sed.exe, pev.exe 3Xm.exe and end process

Now boot into safe mode and re-run ComboFix

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 23 October 2011 - 08:12 PM

It worked! Here are my Combofix results...

ComboFix 11-10-21.06 - owner 10/23/2011 18:46:42.2.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6125.4870 [GMT -5:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))))
.
.
2011-10-24 00:20 . 2011-10-24 00:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-23 23:40 . 2011-10-23 23:40 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{351CC7A1-CD42-4195-A0C8-E510CAD1E8EF}\offreg.dll
2011-10-22 02:56 . 2011-10-22 04:29 -------- d-----w- c:\users\owner\AppData\Roaming\vlc
2011-10-22 02:55 . 2011-10-22 02:55 -------- d-----w- c:\program files (x86)\VideoLAN
2011-10-22 02:27 . 2011-10-22 02:59 -------- d-----w- c:\program files (x86)\DirectVobSub
2011-10-21 23:54 . 2011-10-22 02:59 -------- d-----w- c:\program files (x86)\Gabest
2011-10-21 09:43 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{351CC7A1-CD42-4195-A0C8-E510CAD1E8EF}\mpengine.dll
2011-10-20 19:34 . 2011-10-20 19:34 89088 ----a-w- C:\mbr.exe
2011-10-20 04:52 . 2011-10-20 04:52 -------- d-----w- c:\program files (x86)\ESET
2011-10-20 04:47 . 2011-10-20 04:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-18 12:25 . 2011-10-18 12:25 -------- dc-h--w- c:\programdata\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2011-10-18 07:39 . 2011-10-18 07:39 -------- d-----w- c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-10-17 10:57 . 2011-10-17 10:57 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2011-10-17 10:48 . 2011-10-17 10:48 -------- d-----w- c:\programdata\Malwarebytes
2011-10-17 10:48 . 2011-10-18 01:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-13 06:47 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 06:47 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 06:47 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 06:47 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 06:47 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 06:47 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 06:47 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 06:47 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 06:47 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 00:20 . 2011-10-17 21:24 -------- d-----w- c:\program files\iTunes
2011-10-13 00:20 . 2011-10-17 21:24 -------- d-----w- c:\program files (x86)\iTunes
2011-10-13 00:20 . 2011-10-17 21:05 -------- d-----w- c:\program files\iPod
2011-10-13 00:16 . 2011-10-17 21:28 -------- d-----w- c:\program files\Bonjour
2011-10-13 00:16 . 2011-10-17 21:28 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-06 00:08 . 2011-10-22 02:28 2935 ----a-w- C:\DetectionData.tmp
2011-10-06 00:08 . 2011-10-22 02:28 18558 ----a-w- C:\InformationalData.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 04:44 . 2010-08-11 03:57 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-13 17:46 . 2011-06-14 13:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-12 19:38 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-06-22 81264]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-09-12 1382984]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-21 99696]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-4-3 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [x]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-09 836608]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
R3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-09-12 3381184]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1296028224&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\2656C6B696E6E2635603: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9z9l53ko.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:19,da,2c,2a,10,0d,cc,01
.
[HKEY_USERS\S-1-5-21-1515348147-974161303-4005747119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1515348147-974161303-4005747119-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-23 19:41:54
ComboFix-quarantined-files.txt 2011-10-24 00:41
.
Pre-Run: 280,002,072,576 bytes free
Post-Run: 280,017,596,416 bytes free
.
- - End Of File - - AB7780F7FBBD86551C88C4E6A20CF6DF

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:37 PM

Posted 23 October 2011 - 08:42 PM

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 23 October 2011 - 09:11 PM

The following is from the TDSSKiller report...



21:08:42.0765 8520 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
21:08:42.0796 8520 ============================================================
21:08:42.0796 8520 Current date / time: 2011/10/23 21:08:42.0796
21:08:42.0796 8520 SystemInfo:
21:08:42.0796 8520
21:08:42.0796 8520 OS Version: 6.1.7601 ServicePack: 1.0
21:08:42.0796 8520 Product type: Workstation
21:08:42.0796 8520 ComputerName: OWNER-VAIO
21:08:42.0796 8520 UserName: owner
21:08:42.0796 8520 Windows directory: C:\Windows
21:08:42.0796 8520 System windows directory: C:\Windows
21:08:42.0796 8520 Running under WOW64
21:08:42.0796 8520 Processor architecture: Intel x64
21:08:42.0796 8520 Number of processors: 8
21:08:42.0796 8520 Page size: 0x1000
21:08:42.0796 8520 Boot type: Normal boot
21:08:42.0796 8520 ============================================================
21:08:43.0139 8520 Initialize success
21:08:46.0025 4492 ============================================================
21:08:46.0025 4492 Scan started
21:08:46.0025 4492 Mode: Manual;
21:08:46.0025 4492 ============================================================
21:08:47.0164 4492 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:08:47.0180 4492 1394ohci - ok
21:08:47.0289 4492 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:08:47.0289 4492 ACPI - ok
21:08:47.0414 4492 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:08:47.0414 4492 AcpiPmi - ok
21:08:47.0554 4492 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:08:47.0554 4492 adp94xx - ok
21:08:47.0663 4492 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:08:47.0663 4492 adpahci - ok
21:08:47.0788 4492 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:08:47.0788 4492 adpu320 - ok
21:08:47.0897 4492 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:08:47.0913 4492 AFD - ok
21:08:48.0038 4492 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:08:48.0038 4492 agp440 - ok
21:08:48.0209 4492 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:08:48.0209 4492 aliide - ok
21:08:48.0319 4492 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:08:48.0319 4492 amdide - ok
21:08:48.0428 4492 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:08:48.0428 4492 AmdK8 - ok
21:08:48.0521 4492 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:08:48.0521 4492 AmdPPM - ok
21:08:48.0615 4492 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:08:48.0631 4492 amdsata - ok
21:08:48.0724 4492 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:08:48.0740 4492 amdsbs - ok
21:08:48.0943 4492 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:08:48.0943 4492 amdxata - ok
21:08:49.0161 4492 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
21:08:49.0177 4492 ApfiltrService - ok
21:08:49.0286 4492 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:08:49.0286 4492 AppID - ok
21:08:49.0442 4492 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:08:49.0442 4492 arc - ok
21:08:49.0551 4492 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:08:49.0551 4492 arcsas - ok
21:08:49.0645 4492 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:08:49.0645 4492 AsyncMac - ok
21:08:49.0801 4492 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:08:49.0801 4492 atapi - ok
21:08:49.0910 4492 athr (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
21:08:49.0957 4492 athr - ok
21:08:50.0097 4492 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:08:50.0113 4492 b06bdrv - ok
21:08:50.0191 4492 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:08:50.0206 4492 b57nd60a - ok
21:08:50.0315 4492 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:08:50.0315 4492 Beep - ok
21:08:50.0362 4492 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:08:50.0362 4492 blbdrive - ok
21:08:50.0425 4492 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:08:50.0425 4492 bowser - ok
21:08:50.0471 4492 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
21:08:50.0471 4492 bpenum - ok
21:08:50.0503 4492 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
21:08:50.0503 4492 bpmp - ok
21:08:50.0534 4492 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
21:08:50.0534 4492 bpusb - ok
21:08:50.0581 4492 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:08:50.0596 4492 BrFiltLo - ok
21:08:50.0612 4492 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:08:50.0612 4492 BrFiltUp - ok
21:08:50.0659 4492 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:08:50.0659 4492 Brserid - ok
21:08:50.0690 4492 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:08:50.0690 4492 BrSerWdm - ok
21:08:50.0721 4492 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:08:50.0721 4492 BrUsbMdm - ok
21:08:50.0768 4492 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:08:50.0768 4492 BrUsbSer - ok
21:08:50.0846 4492 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:08:50.0846 4492 BthEnum - ok
21:08:50.0877 4492 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:08:50.0877 4492 BTHMODEM - ok
21:08:50.0924 4492 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:08:50.0924 4492 BthPan - ok
21:08:50.0986 4492 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:08:51.0002 4492 BTHPORT - ok
21:08:51.0033 4492 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:08:51.0033 4492 BTHUSB - ok
21:08:51.0064 4492 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
21:08:51.0080 4492 btwampfl - ok
21:08:51.0127 4492 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
21:08:51.0127 4492 btwaudio - ok
21:08:51.0189 4492 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
21:08:51.0189 4492 btwavdt - ok
21:08:51.0267 4492 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:08:51.0267 4492 btwl2cap - ok
21:08:51.0314 4492 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
21:08:51.0314 4492 btwrchid - ok
21:08:51.0485 4492 catchme - ok
21:08:51.0610 4492 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:08:51.0626 4492 cdfs - ok
21:08:51.0688 4492 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:08:51.0688 4492 cdrom - ok
21:08:51.0735 4492 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:08:51.0735 4492 circlass - ok
21:08:51.0782 4492 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:08:51.0797 4492 CLFS - ok
21:08:51.0860 4492 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:08:51.0875 4492 CmBatt - ok
21:08:51.0938 4492 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:08:51.0938 4492 cmdide - ok
21:08:51.0985 4492 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:08:51.0985 4492 CNG - ok
21:08:52.0031 4492 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:08:52.0031 4492 Compbatt - ok
21:08:52.0094 4492 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:08:52.0094 4492 CompositeBus - ok
21:08:52.0156 4492 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:08:52.0156 4492 crcdisk - ok
21:08:52.0265 4492 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:08:52.0265 4492 DfsC - ok
21:08:52.0312 4492 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:08:52.0312 4492 discache - ok
21:08:52.0343 4492 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:08:52.0359 4492 Disk - ok
21:08:52.0390 4492 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:08:52.0390 4492 drmkaud - ok
21:08:52.0468 4492 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:08:52.0468 4492 DXGKrnl - ok
21:08:52.0655 4492 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:08:52.0765 4492 ebdrv - ok
21:08:52.0936 4492 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:08:52.0952 4492 elxstor - ok
21:08:52.0999 4492 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:08:52.0999 4492 ErrDev - ok
21:08:53.0077 4492 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:08:53.0077 4492 exfat - ok
21:08:53.0123 4492 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:08:53.0123 4492 fastfat - ok
21:08:53.0217 4492 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:08:53.0217 4492 fdc - ok
21:08:53.0279 4492 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:08:53.0279 4492 FileInfo - ok
21:08:53.0311 4492 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:08:53.0311 4492 Filetrace - ok
21:08:53.0373 4492 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:08:53.0373 4492 flpydisk - ok
21:08:53.0435 4492 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:08:53.0451 4492 FltMgr - ok
21:08:53.0482 4492 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:08:53.0482 4492 FsDepends - ok
21:08:53.0576 4492 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:08:53.0576 4492 Fs_Rec - ok
21:08:53.0623 4492 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:08:53.0623 4492 fvevol - ok
21:08:53.0732 4492 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:08:53.0732 4492 gagp30kx - ok
21:08:53.0779 4492 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:08:53.0779 4492 GEARAspiWDM - ok
21:08:53.0825 4492 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:08:53.0825 4492 hcw85cir - ok
21:08:53.0888 4492 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:08:53.0888 4492 HdAudAddService - ok
21:08:53.0919 4492 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:08:53.0919 4492 HDAudBus - ok
21:08:53.0981 4492 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:08:53.0981 4492 HidBatt - ok
21:08:54.0028 4492 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:08:54.0028 4492 HidBth - ok
21:08:54.0059 4492 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:08:54.0059 4492 HidIr - ok
21:08:54.0122 4492 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:08:54.0122 4492 HidUsb - ok
21:08:54.0200 4492 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:08:54.0200 4492 HpSAMD - ok
21:08:54.0262 4492 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:08:54.0262 4492 HTTP - ok
21:08:54.0293 4492 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:08:54.0309 4492 hwpolicy - ok
21:08:54.0325 4492 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:08:54.0325 4492 i8042prt - ok
21:08:54.0371 4492 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
21:08:54.0387 4492 iaStor - ok
21:08:54.0481 4492 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:08:54.0481 4492 iaStorV - ok
21:08:54.0527 4492 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:08:54.0527 4492 iirsp - ok
21:08:54.0590 4492 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\drivers\Impcd.sys
21:08:54.0590 4492 Impcd - ok
21:08:54.0683 4492 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
21:08:54.0715 4492 IntcAzAudAddService - ok
21:08:54.0839 4492 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:08:54.0839 4492 intelide - ok
21:08:54.0886 4492 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:08:54.0886 4492 intelppm - ok
21:08:54.0917 4492 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:08:54.0933 4492 IpFilterDriver - ok
21:08:54.0995 4492 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:08:54.0995 4492 IPMIDRV - ok
21:08:55.0027 4492 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:08:55.0027 4492 IPNAT - ok
21:08:55.0058 4492 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:08:55.0058 4492 IRENUM - ok
21:08:55.0073 4492 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:08:55.0073 4492 isapnp - ok
21:08:55.0105 4492 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:08:55.0120 4492 iScsiPrt - ok
21:08:55.0167 4492 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:08:55.0167 4492 kbdclass - ok
21:08:55.0183 4492 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:08:55.0183 4492 kbdhid - ok
21:08:55.0229 4492 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:08:55.0229 4492 KSecDD - ok
21:08:55.0323 4492 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:08:55.0323 4492 KSecPkg - ok
21:08:55.0370 4492 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:08:55.0370 4492 ksthunk - ok
21:08:55.0401 4492 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:08:55.0401 4492 lltdio - ok
21:08:55.0432 4492 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:08:55.0448 4492 LSI_FC - ok
21:08:55.0479 4492 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:08:55.0495 4492 LSI_SAS - ok
21:08:55.0510 4492 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:08:55.0510 4492 LSI_SAS2 - ok
21:08:55.0541 4492 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:08:55.0541 4492 LSI_SCSI - ok
21:08:55.0573 4492 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:08:55.0573 4492 luafv - ok
21:08:55.0651 4492 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:08:55.0651 4492 megasas - ok
21:08:55.0697 4492 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:08:55.0713 4492 MegaSR - ok
21:08:55.0729 4492 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:08:55.0729 4492 Modem - ok
21:08:55.0775 4492 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:08:55.0775 4492 monitor - ok
21:08:55.0822 4492 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:08:55.0822 4492 mouclass - ok
21:08:55.0838 4492 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
21:08:55.0838 4492 mouhid - ok
21:08:55.0916 4492 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:08:55.0916 4492 mountmgr - ok
21:08:55.0978 4492 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:08:55.0978 4492 mpio - ok
21:08:56.0009 4492 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:08:56.0009 4492 mpsdrv - ok
21:08:56.0056 4492 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:08:56.0072 4492 MRxDAV - ok
21:08:56.0165 4492 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:08:56.0165 4492 mrxsmb - ok
21:08:56.0197 4492 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:08:56.0212 4492 mrxsmb10 - ok
21:08:56.0243 4492 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:08:56.0243 4492 mrxsmb20 - ok
21:08:56.0321 4492 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:08:56.0321 4492 msahci - ok
21:08:56.0353 4492 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:08:56.0353 4492 msdsm - ok
21:08:56.0431 4492 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:08:56.0431 4492 Msfs - ok
21:08:56.0446 4492 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:08:56.0446 4492 mshidkmdf - ok
21:08:56.0462 4492 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:08:56.0462 4492 msisadrv - ok
21:08:56.0493 4492 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:08:56.0493 4492 MSKSSRV - ok
21:08:56.0509 4492 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:08:56.0509 4492 MSPCLOCK - ok
21:08:56.0524 4492 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:08:56.0524 4492 MSPQM - ok
21:08:56.0587 4492 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:08:56.0587 4492 MsRPC - ok
21:08:56.0633 4492 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:08:56.0633 4492 mssmbios - ok
21:08:56.0665 4492 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:08:56.0680 4492 MSTEE - ok
21:08:56.0696 4492 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:08:56.0696 4492 MTConfig - ok
21:08:56.0727 4492 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:08:56.0727 4492 Mup - ok
21:08:56.0789 4492 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:08:56.0789 4492 NativeWifiP - ok
21:08:56.0852 4492 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:08:56.0867 4492 NDIS - ok
21:08:56.0914 4492 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:08:56.0914 4492 NdisCap - ok
21:08:56.0945 4492 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:08:56.0945 4492 NdisTapi - ok
21:08:56.0977 4492 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:08:56.0977 4492 Ndisuio - ok
21:08:57.0055 4492 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:08:57.0055 4492 NdisWan - ok
21:08:57.0101 4492 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:08:57.0101 4492 NDProxy - ok
21:08:57.0164 4492 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:08:57.0164 4492 NetBIOS - ok
21:08:57.0211 4492 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:08:57.0226 4492 NetBT - ok
21:08:57.0460 4492 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:08:57.0647 4492 NETw5s64 - ok
21:08:57.0772 4492 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:08:57.0772 4492 nfrd960 - ok
21:08:57.0819 4492 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:08:57.0819 4492 Npfs - ok
21:08:57.0850 4492 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:08:57.0850 4492 nsiproxy - ok
21:08:57.0928 4492 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:08:57.0959 4492 Ntfs - ok
21:08:57.0991 4492 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:08:57.0991 4492 Null - ok
21:08:58.0006 4492 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:08:58.0022 4492 nusb3hub - ok
21:08:58.0084 4492 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:08:58.0084 4492 nusb3xhc - ok
21:08:58.0115 4492 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
21:08:58.0115 4492 NVHDA - ok
21:08:58.0443 4492 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:08:58.0599 4492 nvlddmkm - ok
21:08:58.0739 4492 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:08:58.0739 4492 nvraid - ok
21:08:58.0771 4492 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:08:58.0771 4492 nvstor - ok
21:08:58.0817 4492 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:08:58.0817 4492 nv_agp - ok
21:08:58.0880 4492 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:08:58.0880 4492 ohci1394 - ok
21:08:58.0927 4492 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:08:58.0927 4492 Parport - ok
21:08:58.0973 4492 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:08:58.0973 4492 partmgr - ok
21:08:59.0051 4492 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:08:59.0051 4492 pci - ok
21:08:59.0083 4492 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:08:59.0083 4492 pciide - ok
21:08:59.0129 4492 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:08:59.0129 4492 pcmcia - ok
21:08:59.0161 4492 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:08:59.0176 4492 pcw - ok
21:08:59.0207 4492 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:08:59.0223 4492 PEAUTH - ok
21:08:59.0301 4492 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:08:59.0301 4492 PptpMiniport - ok
21:08:59.0332 4492 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:08:59.0332 4492 Processor - ok
21:08:59.0379 4492 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:08:59.0379 4492 Psched - ok
21:08:59.0441 4492 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:08:59.0473 4492 ql2300 - ok
21:08:59.0566 4492 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:08:59.0566 4492 ql40xx - ok
21:08:59.0597 4492 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:08:59.0597 4492 QWAVEdrv - ok
21:08:59.0629 4492 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:08:59.0629 4492 RasAcd - ok
21:08:59.0660 4492 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:08:59.0660 4492 RasAgileVpn - ok
21:08:59.0722 4492 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:08:59.0722 4492 Rasl2tp - ok
21:08:59.0738 4492 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:08:59.0738 4492 RasPppoe - ok
21:08:59.0769 4492 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:08:59.0769 4492 RasSstp - ok
21:08:59.0831 4492 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:08:59.0847 4492 rdbss - ok
21:08:59.0878 4492 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:08:59.0878 4492 rdpbus - ok
21:08:59.0894 4492 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:08:59.0894 4492 RDPCDD - ok
21:08:59.0925 4492 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:08:59.0925 4492 RDPENCDD - ok
21:08:59.0956 4492 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:08:59.0956 4492 RDPREFMP - ok
21:09:00.0003 4492 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:09:00.0003 4492 RDPWD - ok
21:09:00.0065 4492 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:09:00.0065 4492 rdyboost - ok
21:09:00.0206 4492 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
21:09:00.0206 4492 regi - ok
21:09:00.0253 4492 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:09:00.0253 4492 RFCOMM - ok
21:09:00.0315 4492 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
21:09:00.0315 4492 rimspci - ok
21:09:00.0362 4492 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
21:09:00.0362 4492 risdsnpe - ok
21:09:00.0393 4492 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:09:00.0393 4492 rspndr - ok
21:09:00.0455 4492 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:09:00.0455 4492 sbp2port - ok
21:09:00.0518 4492 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:09:00.0533 4492 scfilter - ok
21:09:00.0565 4492 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:09:00.0580 4492 sdbus - ok
21:09:00.0643 4492 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:09:00.0658 4492 secdrv - ok
21:09:00.0689 4492 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:09:00.0689 4492 Serenum - ok
21:09:00.0705 4492 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:09:00.0721 4492 Serial - ok
21:09:00.0736 4492 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:09:00.0736 4492 sermouse - ok
21:09:00.0814 4492 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
21:09:00.0814 4492 SFEP - ok
21:09:00.0830 4492 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:09:00.0845 4492 sffdisk - ok
21:09:00.0861 4492 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:09:00.0861 4492 sffp_mmc - ok
21:09:00.0892 4492 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:09:00.0892 4492 sffp_sd - ok
21:09:00.0939 4492 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:09:00.0939 4492 sfloppy - ok
21:09:00.0986 4492 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:09:00.0986 4492 Sftfs - ok
21:09:01.0033 4492 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:09:01.0033 4492 Sftplay - ok
21:09:01.0064 4492 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:09:01.0064 4492 Sftredir - ok
21:09:01.0126 4492 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:09:01.0126 4492 Sftvol - ok
21:09:01.0173 4492 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:09:01.0173 4492 SiSRaid2 - ok
21:09:01.0204 4492 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:09:01.0220 4492 SiSRaid4 - ok
21:09:01.0251 4492 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:09:01.0251 4492 Smb - ok
21:09:01.0313 4492 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:09:01.0313 4492 spldr - ok
21:09:01.0391 4492 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:09:01.0391 4492 srv - ok
21:09:01.0423 4492 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:09:01.0438 4492 srv2 - ok
21:09:01.0469 4492 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:09:01.0469 4492 srvnet - ok
21:09:01.0516 4492 ssfmonm (a4c4a1fedfbed04b39efae9f1311ed5e) C:\Windows\system32\DRIVERS\ssfmonm.sys
21:09:01.0516 4492 ssfmonm - ok
21:09:01.0547 4492 ssidrv (1cc88f50bd4e6fd6eac5c5365ceb6583) C:\Windows\system32\DRIVERS\ssidrv.sys
21:09:01.0547 4492 ssidrv - ok
21:09:01.0594 4492 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:09:01.0594 4492 stexstor - ok
21:09:01.0641 4492 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:09:01.0641 4492 swenum - ok
21:09:01.0750 4492 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:09:01.0781 4492 Tcpip - ok
21:09:01.0937 4492 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:09:01.0953 4492 TCPIP6 - ok
21:09:02.0078 4492 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:09:02.0093 4492 tcpipreg - ok
21:09:02.0125 4492 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:09:02.0125 4492 TDPIPE - ok
21:09:02.0140 4492 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:09:02.0140 4492 TDTCP - ok
21:09:02.0187 4492 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:09:02.0203 4492 tdx - ok
21:09:02.0234 4492 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:09:02.0234 4492 TermDD - ok
21:09:02.0312 4492 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:02.0312 4492 tssecsrv - ok
21:09:02.0390 4492 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:09:02.0390 4492 TsUsbFlt - ok
21:09:02.0437 4492 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:09:02.0437 4492 tunnel - ok
21:09:02.0468 4492 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:09:02.0468 4492 uagp35 - ok
21:09:02.0546 4492 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:09:02.0561 4492 udfs - ok
21:09:02.0608 4492 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:09:02.0608 4492 uliagpkx - ok
21:09:02.0639 4492 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:09:02.0639 4492 umbus - ok
21:09:02.0686 4492 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:09:02.0686 4492 UmPass - ok
21:09:02.0717 4492 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:09:02.0717 4492 USBAAPL64 - ok
21:09:02.0764 4492 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:02.0764 4492 usbccgp - ok
21:09:02.0811 4492 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:09:02.0811 4492 usbcir - ok
21:09:02.0842 4492 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:09:02.0842 4492 usbehci - ok
21:09:02.0920 4492 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:09:02.0920 4492 usbhub - ok
21:09:02.0967 4492 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:09:02.0967 4492 usbohci - ok
21:09:02.0983 4492 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:09:02.0998 4492 usbprint - ok
21:09:03.0029 4492 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:09:03.0029 4492 usbscan - ok
21:09:03.0061 4492 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:03.0061 4492 USBSTOR - ok
21:09:03.0092 4492 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:09:03.0092 4492 usbuhci - ok
21:09:03.0123 4492 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:09:03.0139 4492 usbvideo - ok
21:09:03.0217 4492 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:09:03.0217 4492 vdrvroot - ok
21:09:03.0248 4492 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:03.0263 4492 vga - ok
21:09:03.0279 4492 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:09:03.0279 4492 VgaSave - ok
21:09:03.0310 4492 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:09:03.0326 4492 vhdmp - ok
21:09:03.0341 4492 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:09:03.0341 4492 viaide - ok
21:09:03.0373 4492 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:09:03.0373 4492 volmgr - ok
21:09:03.0435 4492 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:09:03.0435 4492 volmgrx - ok
21:09:03.0466 4492 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:09:03.0466 4492 volsnap - ok
21:09:03.0544 4492 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:09:03.0544 4492 vsmraid - ok
21:09:03.0591 4492 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:09:03.0591 4492 vwifibus - ok
21:09:03.0622 4492 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:09:03.0622 4492 vwififlt - ok
21:09:03.0653 4492 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:09:03.0653 4492 WacomPen - ok
21:09:03.0700 4492 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:03.0700 4492 WANARP - ok
21:09:03.0700 4492 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:03.0700 4492 Wanarpv6 - ok
21:09:03.0763 4492 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:09:03.0763 4492 Wd - ok
21:09:03.0809 4492 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:09:03.0809 4492 Wdf01000 - ok
21:09:03.0872 4492 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:03.0887 4492 WfpLwf - ok
21:09:03.0919 4492 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:09:03.0919 4492 WIMMount - ok
21:09:03.0981 4492 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:09:03.0981 4492 WmiAcpi - ok
21:09:04.0043 4492 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:09:04.0043 4492 ws2ifsl - ok
21:09:04.0106 4492 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:09:04.0106 4492 WudfPf - ok
21:09:04.0121 4492 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:04.0121 4492 WUDFRd - ok
21:09:04.0184 4492 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
21:09:04.0184 4492 yukonw7 - ok
21:09:04.0215 4492 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:09:04.0231 4492 \Device\Harddisk0\DR0 - ok
21:09:04.0246 4492 Boot (0x1200) (3219a0267e3b4c84a32621fcee4af897) \Device\Harddisk0\DR0\Partition0
21:09:04.0246 4492 \Device\Harddisk0\DR0\Partition0 - ok
21:09:04.0262 4492 Boot (0x1200) (81d42fc928afd12c3d83e0d07d25cc82) \Device\Harddisk0\DR0\Partition1
21:09:04.0262 4492 \Device\Harddisk0\DR0\Partition1 - ok
21:09:04.0262 4492 ============================================================
21:09:04.0262 4492 Scan finished
21:09:04.0262 4492 ============================================================
21:09:04.0277 7500 Detected object count: 0
21:09:04.0277 7500 Actual detected object count: 0

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:37 PM

Posted 23 October 2011 - 09:24 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 24 October 2011 - 06:21 AM

Mk, I ran MBAM and got the following results...

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8009

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/23/2011 9:58:36 PM
mbam-log-2011-10-23 (21-58-36).txt

Scan type: Quick scan
Objects scanned: 182035
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Then I ran the ESET Scan and I didn't get any results but there was something in the quarantine...

No threats found
Scanned files: 188599
Infected Files: 0
Cleaned Files: 0
Total scan time: 02:03:44
Scan status: Finished

Manage Quarantine:
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\24432f51-691d8a44 a variant of Java/TrojanDownloader.OpenConnection.MU trojan deleted - quarantined
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2930f476-4938d7e5 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:37 PM

Posted 24 October 2011 - 04:11 PM

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 26 October 2011 - 12:08 AM

The internet explorer stalls at times. When I use the google search engine some times the links I click on re-direct me to the different sites and I have to manually copy and paste the url into the address bar to get where I want to go. Oh and when I use google to search for images not all of them load (I've also noted this problem on tumblr). Also while I was running that last ESET scan the windows explorer had to restart itself three times which I thought was odd. Plus everytime I click open my Webroot I get a notification saying that the threat 'Mal/TDSSConf-A' was auto quarantined and no matter how many times I delete it the threat always comes back. Other than that my computer runs fine.

Here are my results...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by owner at 23:47:45 on 2011-10-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6125.3193 [GMT -5:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1296028224&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Elbserver] "C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe" /Stay
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [SHTtray.exe] "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B5E2928-3CE9-4218-B31A-B947B4325E55} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\2656C6B696E6E2635603 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6D5DBCC2-59C7-4DBE-B5C0-326033B78CF9}\3516E6368656A7A61313 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun-x64: [SHTtray.exe] "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9z9l53ko.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-29 13336]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-8 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
R2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-8-10 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-8-11 836608]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2010-9-26 3997912]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-12 3381184]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-8 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-25 17:15:02 -------- d-----w- C:\Users\owner\AppData\Local\{E57D1742-E731-4748-B5F4-BC202BBD2B3B}
2011-10-25 13:12:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81F17C53-7B59-40D2-BD71-0FABBBEE1C4B}\offreg.dll
2011-10-25 13:12:17 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{81F17C53-7B59-40D2-BD71-0FABBBEE1C4B}\mpengine.dll
2011-10-24 06:12:57 -------- d-----w- C:\Users\owner\AppData\Local\{F56F1637-C883-4433-BE52-AEEFABE636D5}
2011-10-24 06:12:15 -------- d-----w- C:\Users\owner\AppData\Local\{05A91F65-5838-4380-AD4B-52BA8862D5AF}
2011-10-24 00:59:07 -------- d-----w- C:\Users\owner\AppData\Local\{D01815B0-F052-4A9B-BB47-0D887008B365}
2011-10-24 00:58:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-23 23:41:04 -------- d-----w- C:\ComboFix
2011-10-23 23:30:55 -------- d-----w- C:\Users\owner\AppData\Local\{225CB55F-0D50-47C5-8BFF-9930828B1686}
2011-10-23 22:56:45 -------- d-----w- C:\Users\owner\AppData\Local\{ACEBB2E1-7A4F-4185-8260-636E03A45AE2}
2011-10-23 00:10:50 98816 ----a-w- C:\Windows\sed.exe
2011-10-23 00:10:50 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-23 00:10:50 256000 ----a-w- C:\Windows\PEV.exe
2011-10-23 00:10:50 208896 ----a-w- C:\Windows\MBR.exe
2011-10-22 17:05:23 -------- d-----w- C:\Users\owner\AppData\Local\{747B409E-6B31-4A07-A05A-B23AF7F12476}
2011-10-22 17:04:52 -------- d-----w- C:\Users\owner\AppData\Local\{ACC5AB29-8A9F-4FE1-B324-41310677AA0A}
2011-10-22 02:55:34 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-10-22 02:27:25 -------- d-----w- C:\Program Files (x86)\DirectVobSub
2011-10-22 01:52:47 -------- d-----w- C:\Users\owner\AppData\Local\{9C1FEC2D-8B98-40D4-AA0E-6853C03E8230}
2011-10-22 01:52:05 -------- d-----w- C:\Users\owner\AppData\Local\{2DB9CBB5-74B9-4364-A0B2-9ADC32242800}
2011-10-20 19:34:08 89088 ----a-w- C:\mbr.exe
2011-10-20 19:11:26 -------- d-----w- C:\Users\owner\AppData\Local\{B56C4F99-59A2-44C0-8E2E-EFA572D363D7}
2011-10-20 19:11:04 -------- d-----w- C:\Users\owner\AppData\Local\{22F034D8-3AD5-457B-8704-C119600F1CE6}
2011-10-20 04:52:21 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-20 04:39:16 -------- d-----w- C:\Users\owner\AppData\Local\{7036F5B2-8F76-42C5-BCE1-2E8EB57C1DEC}
2011-10-20 04:38:42 -------- d-----w- C:\Users\owner\AppData\Local\{BAFC04FD-84C7-4DEB-AA7B-7C12ECFD72E3}
2011-10-18 12:25:50 -------- d-----w- C:\Users\owner\AppData\Local\{75E4B55E-95B2-4946-B84B-FD9BDEBE6AF2}
2011-10-18 12:25:41 -------- dc-h--w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2011-10-18 12:25:09 -------- d-----w- C:\Users\owner\AppData\Local\{77E584FA-6557-489C-ACAC-82ACC09A75F1}
2011-10-18 07:39:14 -------- d-----w- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-10-17 21:35:57 -------- d-----w- C:\Users\owner\AppData\Local\{486884AE-9D44-43BD-BDA6-2B41762ABAE3}
2011-10-17 21:35:16 -------- d-----w- C:\Users\owner\AppData\Local\{434C0ED2-BD7E-4986-96B7-1D694791B625}
2011-10-17 20:42:59 -------- d-----w- C:\Users\owner\AppData\Local\{42B6B35C-40D1-4702-B454-AFC45E45421C}
2011-10-17 20:42:41 -------- d-----w- C:\Users\owner\AppData\Local\{64DB11F9-67BB-4041-8BBA-4AD412200E4B}
2011-10-17 17:45:51 -------- d-----w- C:\Users\owner\AppData\Local\{CC69ED70-F737-4D2A-BFB1-9015F549874D}
2011-10-17 10:57:21 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
2011-10-17 10:48:31 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-17 10:48:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-17 01:30:03 -------- d-----w- C:\Users\owner\AppData\Local\{522E38FD-ECEA-4BAA-86EA-8828C872CFFD}
2011-10-17 01:29:39 -------- d-----w- C:\Users\owner\AppData\Local\{B92C1E99-BD2E-408C-AE13-B9A50A0C260A}
2011-10-15 16:40:13 -------- d-----w- C:\Users\owner\AppData\Local\{E379B8FD-BF8E-4157-BAFE-810B9E12FE0D}
2011-10-15 16:39:49 -------- d-----w- C:\Users\owner\AppData\Local\{A56EB208-47E3-4E38-B780-E19AF0E91EED}
2011-10-15 08:05:31 -------- d-----w- C:\Users\owner\AppData\Local\{82651BE1-88C6-462E-B890-18D86B972C10}
2011-10-15 08:04:10 -------- d-----w- C:\Users\owner\AppData\Local\{CB952459-D5CB-4E43-B8FA-19FDB4CA4628}
2011-10-13 17:46:05 -------- d-----w- C:\Users\owner\AppData\Local\{0921E771-ADE0-4476-9E71-2431CBDA292C}
2011-10-13 17:45:53 -------- d-----w- C:\Users\owner\AppData\Local\{2083E2A5-362A-49EE-827D-4901BC6234BE}
2011-10-13 06:47:54 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 06:47:53 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 06:47:53 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 06:47:53 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 06:47:52 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 06:47:32 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 06:47:32 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 06:47:32 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 06:47:31 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 00:20:38 -------- d-----w- C:\Program Files\iTunes
2011-10-13 00:20:38 -------- d-----w- C:\Program Files\iPod
2011-10-13 00:20:38 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-13 00:16:25 -------- d-----w- C:\Program Files\Bonjour
2011-10-13 00:16:25 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-12 17:18:43 -------- d-----w- C:\Users\owner\AppData\Local\{94A4888E-8341-4E79-B32A-3DFB744A3DBA}
2011-10-12 17:17:56 -------- d-----w- C:\Users\owner\AppData\Local\{9D5AEE09-7365-4057-9343-8375438505A1}
2011-10-11 12:24:40 -------- d-----w- C:\Users\owner\AppData\Local\{0D8FA4EE-58EB-4964-BDAA-B161747F98A0}
2011-10-11 12:24:15 -------- d-----w- C:\Users\owner\AppData\Local\{EFBF224E-6558-47AD-AC56-4FDFAA075427}
2011-10-10 15:34:23 -------- d-----w- C:\Users\owner\AppData\Local\{CE2B97CD-DA4C-4F7C-BDEB-5EA2E44431C7}
2011-10-10 15:34:09 -------- d-----w- C:\Users\owner\AppData\Local\{90818BCE-676E-4848-9028-1A9AD84C789B}
2011-10-09 16:34:03 -------- d-----w- C:\Users\owner\AppData\Local\{376BDB53-1F83-4D34-A5D5-5A4892EED35C}
2011-10-09 16:33:51 -------- d-----w- C:\Users\owner\AppData\Local\{AC528A52-51C9-4302-9F87-480500802A90}
2011-10-09 06:44:06 -------- d-----w- C:\Users\owner\AppData\Local\{DE6DBA43-C551-4D59-A6EF-E260E5714FEC}
2011-10-08 19:04:22 -------- d-----w- C:\Users\owner\AppData\Local\{205AE378-4880-4982-9A42-DFF2840BC570}
2011-10-07 20:13:18 -------- d-----w- C:\Users\owner\AppData\Local\{E049EC66-5708-46F3-8C6D-DFFBEC24BB41}
2011-10-07 20:11:03 -------- d-----w- C:\Users\owner\AppData\Local\{42F83CCD-3E1E-4748-8B10-76BAFA69F027}
2011-10-06 20:36:07 -------- d-----w- C:\Users\owner\AppData\Local\{0D5453BA-6C21-4E05-9643-0C4E2490602B}
2011-10-06 20:35:53 -------- d-----w- C:\Users\owner\AppData\Local\{9BD98289-67E0-4C75-881C-6D5D1F82A169}
2011-10-06 00:10:06 -------- d-----w- C:\Users\owner\AppData\Local\{AB2C660B-DCBA-4A11-BB6B-0CB590B5F506}
2011-10-06 00:09:53 -------- d-----w- C:\Users\owner\AppData\Local\{0FB079BC-0D8D-49AF-B0B2-64FB9487F040}
2011-10-06 00:08:16 2935 ----a-w- C:\DetectionData.tmp
2011-10-06 00:08:16 18558 ----a-w- C:\InformationalData.tmp
2011-10-05 20:57:54 -------- d-----w- C:\Users\owner\AppData\Local\{C0DF64A7-1E4E-4775-A675-70C4A52959DA}
2011-10-05 10:08:42 -------- d-----w- C:\Users\owner\AppData\Local\{197AE6B5-09D4-44AC-9FEB-2C4F36A5A105}
2011-10-05 08:21:00 -------- d-----w- C:\Users\owner\AppData\Local\{13BB3331-035B-45DC-8D05-A183E47315EB}
2011-10-05 08:14:30 -------- d-----w- C:\Users\owner\AppData\Local\{CC3632B5-D082-463B-8ACF-95D3B170DD29}
2011-10-05 08:04:43 -------- d-----w- C:\Users\owner\AppData\Local\{BBA02AC6-CB98-49EE-9E88-F2BB79920344}
2011-10-03 20:52:49 -------- d-----w- C:\Users\owner\AppData\Local\{28D854CF-09EA-4A36-B23B-E0ADA53AE101}
2011-10-03 20:52:25 -------- d-----w- C:\Users\owner\AppData\Local\{FA78BDF1-3354-478C-A1C2-655516F57E17}
2011-10-02 21:32:42 -------- d-----w- C:\Users\owner\AppData\Local\{17D7AB43-2D47-4BA4-A90E-F8FFCCD86085}
2011-10-02 21:32:07 -------- d-----w- C:\Users\owner\AppData\Local\{4B39D183-D2B7-4B59-8346-0835E8227B44}
2011-10-01 20:55:05 -------- d-----w- C:\Users\owner\AppData\Local\{A027196A-E4F0-410D-8BFE-7462D011A121}
2011-10-01 20:54:52 -------- d-----w- C:\Users\owner\AppData\Local\{708C137C-65F6-4EA9-9CCA-85A6188FC572}
2011-10-01 19:51:34 -------- d-----w- C:\Users\owner\AppData\Local\{F37B6926-3D45-4BE4-934B-FFA326F5762F}
2011-10-01 18:14:46 -------- d-----w- C:\Users\owner\AppData\Local\{6D5F6540-FFE0-4CED-B017-C0900976A049}
2011-09-30 20:51:01 -------- d-----w- C:\Users\owner\AppData\Local\{AF11D87E-4718-442E-91AF-2ABE176F4F03}
2011-09-30 20:50:46 -------- d-----w- C:\Users\owner\AppData\Local\{86A07783-53A0-4740-9597-6720106D48C1}
2011-09-29 17:52:39 -------- d-----w- C:\Users\owner\AppData\Local\{3A045D60-C9DF-4CF4-BC65-3F4BE2473D7C}
2011-09-29 17:52:13 -------- d-----w- C:\Users\owner\AppData\Local\{CF686B19-303D-43E3-835C-27AB33C61B98}
2011-09-28 19:51:07 -------- d-----w- C:\Users\owner\AppData\Local\{AA7F0BCE-A8CA-4757-AA50-601DEC7726F5}
2011-09-28 19:50:41 -------- d-----w- C:\Users\owner\AppData\Local\{ACB6F016-C409-4392-9B1A-7CB2D4E5C055}
.
==================== Find3M ====================
.
2011-10-20 04:44:08 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-13 17:46:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 23:55:25.25 ===============

Attached Files



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:37 PM

Posted 26 October 2011 - 04:04 PM

Hi

Please do the following:

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.




When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following

  • Bootrec.exe /FixMbr
  • Once finished type Exit


Reboot to normal windows and run aswMBR


  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Edited by CatByte, 26 October 2011 - 04:05 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 28 October 2011 - 10:48 PM

S.O.S.~!

I was following your instructions. I created a Windows System 7 Repair disk and then I followed the steps up to running bootrec.exe /FixMbr in the command prompt. It said that it was successful and so I closed the prompt box and restarted my laptop. Only when it tried to start up normally I was hit with the blue screen of DEATH! It said that a problem had been detected and windows shut down to prevent damage to my laptop. Under Technical information it read: *** STOP: 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFF000000D, 0x0000000000000000, 0x0000000000000000)

I tried restarting it normally again to see if it was a fluke but it just brought me back to the blue screen. When I restarted it again I ran the Startup Repair in hopes to get it working but after running it said 'Startup Repair cannot repair this computer automatically.' So I tried System Restore hoping that would work but it also failed saying 'An unspecified error occurred during System Restore (0x800700b7)'. Right now I'm on my mom's laptop and I'm kinda of freaking out now. Help please! :(

Edited by DeathReanimated, 28 October 2011 - 10:50 PM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:37 PM

Posted 29 October 2011 - 11:05 AM

Hi

Please do the following:



Enter the recovery environment as you did before > choose the command prompt

at the command prompt type the following commands > press enter after each command:
  • bcdedit /export C:\BCD_Backup
  • c:
  • cd boot
  • attrib bcd -s -h -r
  • ren c:\boot\bcd bcd.old
  • bootrec /RebuildBcd

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 DeathReanimated

DeathReanimated
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 29 October 2011 - 03:47 PM

After entering 'bootrec /RebuildBcd' it read the following:

Successfuly scanned Windows installations.
Total identified Windows installations: 1
[1] D:\Windows
Add installation to boot list? Yes<y>/No<N>/All<A>:

What should I reply with?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users