Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Running Slow After SYSTEM FIX Virus Removal


  • This topic is locked This topic is locked
25 replies to this topic

#1 rokittman

rokittman

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Burlington, Kentucky
  • Local time:04:20 PM

Posted 04 December 2011 - 04:36 PM

Hi, I hope someone can help me here. I was infected by the SYSTEM FIX virus. Not sure if that is the correct name, but that is the bogus software popup that they keep wanting me to buy. It started with browser redirects that were difficult to back out of. Followed by the "You've Been Infected" warning and fake scanner and anti-malware popup ads. Then, all desktop icons and start menu items disappeared. No Internet access, Windows Explorer, regedit, msconfig or anti-virus software would work. I started getting multiple, cascading hard disc failure and ram warning windows and the fake virus scanner ~ System Fix ~ kept coming back.

The only way I could see any files on the hard drive was to open a search window and do a search with nothing in the name field. This is how I was able to connect to the Net and find information about removing System Fix. It seems one of it's symptoms is that it changes the attributes of all your files to hidden. Diabolical little bastard.

I ran multiple cleaning programs. MalwareBytes, Microsoft Security Essentials, SpyBot, Ad-Aware, CCleaner, FixCleaner, JV16 PowerTools both in standard boot and in safe mode. Did all the proper reboots and ran Registry Mechanic and Registry First Aid. It seemed like I removed the virus, but I still had problems with my browsers ~ FireFox, Chrome and I.E. ~ being redirected to ad sites. I uninstalled and re-installed them all... no change. Internet Explorer also kept reporting that a program had corrupted my default search engine and it would reload so I could make changes.

I read in another forum that sometimes creating a new administrative account might fix the problem with I.E. It did. But when all was said and done, the redirects continued but now my computer is using 100% system resources preventing me from doing almost anything. With Services.exe using 270,088k of ram alone. I only have 2 gigs, so that's a serious drain.

I'm sorry this is so long. But this is actually a condensed version of what I've been experiencing over the past week. Below is my HiJackThis log. I appreciatte any help you can offer.

Thanx,
- Dean -


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:53:24 PM, on 12/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Documents and Settings\Dean\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dean\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dean\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dean\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dean\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Programs\HiJack This\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programs\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 4869 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 07 December 2011 - 11:09 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rokittman

rokittman
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Burlington, Kentucky
  • Local time:04:20 PM

Posted 07 December 2011 - 07:27 PM

Gringo,

Thank you so much for taking the time to help. I can usually manage to keep my system clean under normal circumstances, but this one is far beyond my capability. Below are my reports. Thanx again. - Dean -


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dean at 18:56:21 on 2011-12-07
.
============== Running Processes ===============
.
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\FireFox\firefox.exe
C:\Documents and Settings\Dean\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\programs\spybot - search & destroy\SDHelper.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - d:\programs\lastpass\LPBar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\programs\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\programs\lastpass\LPBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\programs\micros~1\office14\EXCEL.EXE/3000
IE: LastPass - file://d:\programs\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://d:\programs\lastpass\context.html?cmd=fillforms
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - d:\programs\lastpass\LPBar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\programs\spybot - search & destroy\SDHelper.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{DD647A37-7C6A-4296-A2A6-B47F04531E38} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{DD647A37-7C6A-4296-A2A6-B47F04531E38} : DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dean\application data\mozilla\firefox\profiles\s5ki7f9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\dean\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: d:\programs\micros~1\office14\NPAUTHZ.DLL
FF - plugin: d:\programs\micros~1\office14\NPSPWRAP.DLL
FF - plugin: d:\programs\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\programs\videolan\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cmdAgent;COMODO Internet Security Helper Service
R? COMMONFX;COMMONFX
R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service
R? CTAUDFX;CTAUDFX
R? CTERFXFX.SYS;CTERFXFX.SYS
R? CTERFXFX;CTERFXFX
R? CTSBLFX;CTSBLFX
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? GVTDrv;GVTDrv
R? ioloSystemService;iolo System Service
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? MarkFun_NT;MarkFun_NT
R? MBAMProtector;MBAMProtector
R? MBAMService;MBAMService
R? MpKsl32ee197e;MpKsl32ee197e
R? MpKsl5c8539d5;MpKsl5c8539d5
R? MpKsl69a7b1b2;MpKsl69a7b1b2
R? MpKsl7afca4db;MpKsl7afca4db
R? MpKsla5f310d2;MpKsla5f310d2
R? MpKslf6cc7502;MpKslf6cc7502
R? osppsvc;Office Software Protection Platform
R? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service
R? PSI;PSI
R? Secunia PSI Agent;Secunia PSI Agent
R? Secunia Update Agent;Secunia Update Agent
R? StarWindServiceAE;StarWind AE Service
R? WDC_SAM;WD SCSI Pass Thru driver
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? COMMONFX.SYS;COMMONFX.SYS
S? CTAUDFX.SYS;CTAUDFX.SYS
S? CTSBLFX.SYS;CTSBLFX.SYS
S? ES lite Service;ES lite Service for program management.
S? MpFilter;Microsoft Malware Protection Driver
S? MpKslea6783ec;MpKslea6783ec
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-12-07 23:52:39 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4467b622-6bad-4b33-a9e3-e606272ef92a}\MpKslea6783ec.sys
2011-12-07 23:52:31 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4467b622-6bad-4b33-a9e3-e606272ef92a}\offreg.dll
2011-12-05 23:54:59 -------- d-----w- c:\documents and settings\dean\local settings\application data\Mozilla
2011-12-05 01:13:09 -------- d-----w- c:\documents and settings\dean\local settings\application data\LastPass
2011-12-05 01:07:36 10134560 ----a-w- c:\program files\common files\lpuninstall.exe
2011-12-04 23:38:30 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2011-12-04 22:34:27 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-12-04 22:33:50 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-12-04 22:33:50 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-12-04 22:26:30 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-12-04 19:19:38 388096 ----a-r- c:\documents and settings\dean\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-04 17:16:50 -------- d-----w- c:\documents and settings\dean\application data\Revizzit
2011-12-04 16:54:10 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4467b622-6bad-4b33-a9e3-e606272ef92a}\MpKslf190e85a.sys
2011-12-04 16:43:12 -------- d-----w- c:\documents and settings\dean\application data\Malwarebytes
2011-12-04 16:04:04 -------- d-----w- c:\documents and settings\dean\application data\iolo
2011-12-04 14:44:32 -------- d-----w- c:\program files\Downloaded Installers
2011-12-04 14:31:33 -------- d-----w- c:\documents and settings\dean\application data\uTorrent
2011-12-04 14:09:55 -------- d-----w- c:\documents and settings\dean\application data\FixCleaner
2011-12-04 01:54:47 -------- d-----w- c:\documents and settings\dean\local settings\application data\Google
2011-12-04 01:21:46 -------- d-----w- c:\documents and settings\dean\local settings\application data\Adobe
2011-12-04 00:50:27 -------- d-sh--w- c:\documents and settings\dean\IECompatCache
2011-12-04 00:44:22 -------- d-sh--w- c:\documents and settings\dean\PrivacIE
2011-12-04 00:18:25 -------- d-----w- c:\windows\msdownld.tmp
2011-12-04 00:17:11 -------- d-----w- c:\windows\ie8updates
2011-12-04 00:15:35 -------- d-----w- c:\windows\Offline Web Pages
2011-12-04 00:13:52 -------- dc----w- c:\windows\ie8
2011-12-03 23:22:43 -------- d-----w- C:\MATS
2011-12-03 21:14:33 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4467b622-6bad-4b33-a9e3-e606272ef92a}\mpengine.dll
2011-12-02 02:13:11 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-02 02:13:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-02 02:11:33 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-12-01 02:01:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-30 09:59:17 -------- d-----w- c:\program files\msn gaming zone
2011-11-29 04:13:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-29 04:13:37 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 02:25:13 54016 ----a-w- c:\windows\system32\drivers\uiqxn.sys
2011-11-28 22:59:13 -------- d-----w- C:\ComboFix
2011-11-27 20:56:53 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-20 23:20:43 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-20 01:37:17 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-11-20 01:37:08 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2011-11-20 01:36:32 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-11-20 01:36:32 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-11-20 01:36:30 56200 ----a-w- c:\windows\system32\offreg.dll
2011-11-20 01:36:25 -------- d-----w- c:\program files\iolo
2011-11-20 01:17:15 -------- d-----w- c:\program files\common files\ODBC
2011-11-20 01:02:28 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-11-20 01:02:28 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-11-20 01:02:27 4677 ----a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-11-20 01:02:27 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2011-11-20 01:02:26 41029 ----a-w- c:\windows\system32\dllcache\zcorem.dll
2011-11-20 01:02:26 36937 ----a-w- c:\windows\system32\dllcache\zclientm.exe
2011-11-20 01:02:24 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-11-20 01:02:23 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-11-20 01:02:21 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-11-20 01:02:20 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-11-20 01:02:18 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-11-20 01:01:58 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-11-20 01:01:56 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-11-20 01:01:53 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-11-20 01:01:51 183296 ----a-w- c:\windows\system32\dllcache\wuaueng1.dll
2011-11-20 01:01:48 165888 ----a-w- c:\windows\system32\dllcache\wuauclt1.exe
2011-11-20 01:01:44 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-11-20 01:01:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-11-20 01:01:02 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-11-20 00:59:59 46080 ----a-w- c:\windows\system32\dllcache\wab.exe
2011-11-20 00:58:59 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-11-20 00:57:59 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll
2011-11-20 00:56:49 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-11-20 00:55:59 5888 ----a-w- c:\windows\system32\dllcache\smbali.sys
2011-11-20 00:54:59 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-11-20 00:53:58 53760 ----a-w- c:\windows\system32\dllcache\pintlcsd.dll
2011-11-20 00:52:53 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2011-11-20 00:51:43 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-11-20 00:50:59 20864 ----a-w- c:\windows\system32\dllcache\lwadihid.sys
2011-11-20 00:49:59 5632 ----a-w- c:\windows\system32\dllcache\kbdinkan.dll
2011-11-20 00:48:59 6656 ----a-w- c:\windows\system32\dllcache\iissync.exe
2011-11-20 00:47:59 57409 ----a-w- c:\windows\system32\dllcache\hrtz.dll
2011-11-20 00:46:59 34816 ----a-w- c:\windows\system32\dllcache\esuimg.dll
2011-11-20 00:45:58 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll
2011-11-20 00:44:59 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll
2011-11-20 00:43:59 73216 ----a-w- c:\windows\system32\dllcache\atintuxx.sys
2011-11-20 00:42:59 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-11-17 23:35:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-12-07 23:52:34 16608 ----a-w- c:\windows\gdrv.sys
2011-12-04 15:03:49 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-04 15:03:46 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-03 21:55:09 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-10-18 22:54:07 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-10-10 14:21:17 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 23:48:02 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 23:48:02 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 23:48:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 23:47:12 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 23:47:12 300200 ----a-w- c:\windows\system32\guard32.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 19:03:41.21 ===============


.
==== Installed Programs ======================
.
@BIOS Ver.2.01
µTorrent
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
Any DVD Converter Professional 3.6.2
Applian Director
ATI Catalyst Install Manager
Auslogics System Information
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CCleaner
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Control Center for KODAK Webcams
ConvertHelper 2.2
Creative Audio Console
Data Lifeguard Tools
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp DSP Effects
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dual-Core Optimizer
Duke Nukem Forever Demo
EasySaver B8.0729.1
EasyTune5Pro
FixCleaner
Foxit Reader 5.0
Genie Backup Manager Pro 8.0
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Hard Disk Low Level Format Tool 2.36 build 1181
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iolo technologies' System Mechanic Professional
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 1
jv16 PowerTools 2011
LastPass (uninstall only)
Left 4 Dead 2
Lexmark 4200 Series
Lexmark 4200 Series Fax Solutions
Lexmark Fax Solutions
LightScribe 1.6.45.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Norton PartitionMagic
Norton PartitionMagic 8.0
Paint.NET v3.5.8
Quake Live Internet Explorer Plugin
Quake Live Mozilla Plugin
QuickTime
Registry First Aid
Replay Video Capture
Revizzit
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
Skype™ 5.5
SpeedFan (remove only)
Spybot - Search & Destroy
Steam
swMSM
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 8 (KB2598845)
Update Manager B08.0718.1
User Profile Hive Cleanup Service
Virus Guard - powered by BitDefender
VLC media player 1.1.11
WBFS Manager 3.0
WebFldrs XP
Winamp
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Management Framework Core
WinRAR 4.01 (32-bit)
.
==== End Of File ===========================


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB96FA000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6742016 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF259000 C:\WINDOWS\System32\ati3duag.dll 4030464 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF9C9000 C:\WINDOWS\System32\ativvaxx.dll 2674688 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1871872 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1871872 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAD285000 C:\WINDOWS\system32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 847872 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF12F000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAD191000 C:\WINDOWS\System32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xAD05D000 C:\WINDOWS\System32\drivers\CTSBLFX.SYS 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAD0EB000 C:\WINDOWS\System32\drivers\CTAUDFX.SYS 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xB9600000 C:\WINDOWS\system32\drivers\ctaud2k.sys 524288 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xBF1DE000 C:\WINDOWS\System32\atiok3x2.dll 503808 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xACFC0000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 483328 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xACD87000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB93F3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xACF0C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8DF1000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF631000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9585000 C:\WINDOWS\System32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB9451000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xAD256000 C:\WINDOWS\System32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8F61000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF2000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7F9F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACDF7000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAD22D000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB96BE000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xACEE4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAD036000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB95DC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9680000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB95B9000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xACE22000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xACD19000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xAD176000 C:\WINDOWS\System32\drivers\COMMONFX.SYS 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)
0xAD38F000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9DD8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB96A4000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 106496 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xACD01000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB955A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9E1F000 inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xA8B34000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9571000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB96E6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xACF65000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9481000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2E8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA158000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xACEB4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2D8000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA188000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2A8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA208000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA8B24000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA148000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA298000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA390000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xBA488000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA430000 C:\DOCUME~1\Dean\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA498000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 24576 bytes (COMODO, COMODO Internet Security Helper Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA448000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4467B622-6BAD-4B33-A9E3-E606272EF92A}\MpKslea6783ec.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA370000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA468000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA340000 speedfan.sys 20480 bytes
0xBA338000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA408000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9DA0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA99A7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA58C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9532000 C:\WINDOWS\System32\Drivers\FileDisk.SYS 12288 bytes (iolo technologies, LLC (based on original work by Bo Brantén), FileDisk Virtual Disk Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xA8CDD000 C:\WINDOWS\gdrv.sys 12288 bytes (Windows ® 2000 DDK provider, GIGABYTE Tools)
0xB9D74000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xACF98000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5A8000 00000068 8192 bytes
0xBA5CC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5E2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5C8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5D2000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5D4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5B6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA76D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA773000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA671000 giveio.sys 4096 bytes
0xBA7EC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA691000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
!!!!!!!!!!!Hidden driver: 0x8AEE6053 00000177 4013 bytes
==============================================
>Stealth
==============================================
0x8AEE858F Unknown page with executable code, 2673 bytes
0x8AEE6053 Unknown page with executable code, 4013 bytes
0x8AEE82CB Unknown thread object [ ETHREAD 0x8AE99688 ] TID: 112, 600 bytes
0x8AEE98C3 Unknown thread object [ ETHREAD 0x8AEBEB30 ] TID: 124, 600 bytes

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 07 December 2011 - 07:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 10 December 2011 - 01:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 rokittman

rokittman
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Burlington, Kentucky
  • Local time:04:20 PM

Posted 11 December 2011 - 10:20 AM

Good morning Gringo,

Sorry for the delay. It took the better part of the afternoon to get the reports you requested. I ran ComboFix, but it took five attempts for it to complete the process, each one taking upwards of a half hour. Here were the results of those scans.

1st Run - ComboFix ran only a short while, the computer rebooted and left no log file.
2nd Run - It made it to Stage 3 and shutdown. No log.
3rd Run - Stage 50, shut down. No log.
4th Run - Stage 50, shut down. No log.
5th Run - Stage 50, Preparing report, shutdown. Created log.

During the first boot up after the scans I opened the log file and shortly after, the computer shut down again. This post was made after the second bootup. Here is the report generated by ComboFix. And thank you.



ComboFix 11-12-10.01 - Dean 12/10/2011 19:20:06.6.2 - x86
Running from: C:\Documents and Settings\Dean\Desktop\ComboFix.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\LocalService\NTUSER.DAT.tmp
C:\Documents and Settings\LocalService\NTUSER.tmp
C:\Documents and Settings\NetworkService\NTUSER.DAT.tmp
C:\Documents and Settings\NetworkService\NTUSER.tmp
C:\Program Files\Downloaded Installers
C:\Program Files\Downloaded Installers\{EB0696D4-2A41-40E5-B848-F148B3C4590D}\setup.msi
C:\WINDOWS\system32\config\systemprofile\ntuser.tmp
C:\WINDOWS\system32\drivers\tcpip.copy


((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))


2011-12-10 21:12:30 . 2011-12-11 00:07:39 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1513E40-67A1-4676-AC48-3AEE3F5574AB}\offreg.dll
2011-12-08 10:03:06 . 2011-11-21 10:47:38 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1513E40-67A1-4676-AC48-3AEE3F5574AB}\mpengine.dll
2011-12-05 01:07:36 . 2011-12-05 01:08:32 10134560 ----a-w- C:\Program Files\Common Files\lpuninstall.exe
2011-12-04 23:38:30 . 2011-12-04 23:40:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CPA_VA
2011-12-04 22:34:27 . 2011-12-05 00:00:08 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Comodo
2011-12-04 22:33:50 . 2011-12-04 22:33:52 1060864 ----a-w- C:\WINDOWS\system32\mfc71.dll
2011-12-04 22:33:50 . 2011-12-04 22:33:50 1700352 ----a-w- C:\WINDOWS\system32\gdiplus.dll
2011-12-04 22:26:30 . 2011-12-04 23:42:27 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2011-12-04 17:16:20 . 2011-12-04 17:16:20 -------- d-----w- C:\Program Files\Common Files\Adobe AIR
2011-12-04 15:06:34 . 2011-12-04 15:06:34 -------- d-----w- C:\Program Files\Common Files\Java
2011-12-04 15:03:29 . 2011-12-04 15:03:29 -------- d-----w- C:\Program Files\Java
2011-12-04 00:42:31 . 2011-12-10 20:43:00 -------- d-----w- C:\Documents and Settings\Dean
2011-12-04 00:18:25 . 2011-12-04 00:18:29 -------- d-----w- C:\WINDOWS\msdownld.tmp
2011-12-04 00:13:52 . 2011-12-04 00:16:20 -------- dc----w- C:\WINDOWS\ie8
2011-12-03 23:22:43 . 2011-12-03 23:39:28 -------- d-----w- C:\MATS
2011-12-02 02:13:11 . 2011-12-02 02:13:11 23624 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-12-02 02:13:05 . 2011-12-02 02:13:05 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-12-02 02:11:33 . 2011-12-02 02:11:34 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2011-12-01 10:16:49 . 2011-12-01 10:16:49 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Help
2011-12-01 10:10:25 . 2011-12-01 10:10:25 -------- d-sh--w- C:\Documents and Settings\Default User\IETldCache
2011-12-01 10:05:32 . 2011-12-01 10:05:32 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2011-12-01 02:09:09 . 2011-12-01 02:09:09 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
2011-12-01 02:01:09 . 2011-12-01 02:01:03 101720 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys
2011-12-01 02:00:37 . 2011-12-01 02:00:37 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-12-01 02:00:02 . 2011-12-01 02:00:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2011-11-30 09:59:16 . 2011-11-30 09:59:16 -------- d-----w- C:\Program Files\microsoft frontpage
2011-11-29 04:13:37 . 2011-11-29 04:13:37 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2011-11-29 02:25:13 . 2011-11-29 02:25:14 54016 ----a-w- C:\WINDOWS\system32\drivers\uiqxn.sys
2011-11-27 21:07:46 . 2011-11-27 21:07:46 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2011-11-27 20:56:53 . 2011-11-28 23:04:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-11-20 23:20:43 . 2011-11-20 23:20:44 691696 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2011-11-20 01:37:17 . 2011-08-08 19:18:16 2083464 ----a-w- C:\WINDOWS\system32\Incinerator32.dll
2011-11-20 01:37:08 . 2010-06-29 23:30:08 9341 ----a-w- C:\WINDOWS\system32\drivers\filedisk.sys
2011-11-20 01:36:32 . 2011-08-08 20:01:38 11776 ----a-w- C:\WINDOWS\system32\smrgdf.exe
2011-11-20 01:36:32 . 2011-08-08 20:01:28 29696 ----a-w- C:\WINDOWS\system32\iolobtdfg.exe
2011-11-20 01:36:30 . 2010-02-09 03:59:30 56200 ----a-w- C:\WINDOWS\system32\offreg.dll
2011-11-20 01:36:25 . 2011-11-20 01:36:25 -------- d-----w- C:\Program Files\iolo
2011-11-20 01:20:42 . 2011-11-20 01:20:42 0 ----a-r- C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
2011-11-20 01:02:28 . 2004-01-09 17:07:25 13894 ----a-w- C:\WINDOWS\system32\dllcache\zonelibm.dll
2011-11-20 01:02:28 . 2004-01-09 17:07:25 113222 ----a-w- C:\WINDOWS\system32\dllcache\zoneclim.dll
2011-11-20 01:02:27 . 2004-01-09 17:07:25 4677 ----a-w- C:\WINDOWS\system32\dllcache\zeeverm.dll
2011-11-20 01:02:27 . 2004-01-09 17:07:25 29760 ----a-w- C:\WINDOWS\system32\dllcache\znetm.dll
2011-11-20 01:02:26 . 2004-01-09 17:07:25 41029 ----a-w- C:\WINDOWS\system32\dllcache\zcorem.dll
2011-11-20 01:02:26 . 2004-01-09 17:07:25 36937 ----a-w- C:\WINDOWS\system32\dllcache\zclientm.exe
2011-11-20 01:02:24 . 2009-02-15 10:29:32 116224 ----a-w- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2011-11-20 01:02:23 . 2009-02-15 10:29:32 23040 ----a-w- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2011-11-20 01:02:21 . 2009-02-15 10:29:32 18944 ----a-w- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2011-11-20 01:02:20 . 2009-02-15 10:29:32 27648 ----a-w- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2011-11-20 01:02:18 . 2009-02-15 10:29:32 4608 ----a-w- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2011-11-20 01:01:58 . 2009-02-15 10:29:32 99865 ----a-w- C:\WINDOWS\system32\dllcache\xlog.exe
2011-11-20 01:01:56 . 2009-02-15 10:29:32 16970 ----a-w- C:\WINDOWS\system32\dllcache\xem336n5.sys
2011-11-20 01:01:53 . 2009-02-15 10:29:32 19455 ----a-w- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2011-11-20 01:01:51 . 2008-04-14 10:42:12 183296 ----a-w- C:\WINDOWS\system32\dllcache\wuaueng1.dll
2011-11-20 01:01:48 . 2008-04-14 10:42:42 165888 ----a-w- C:\WINDOWS\system32\dllcache\wuauclt1.exe
2011-11-20 01:01:44 . 2009-02-15 10:29:32 12063 ----a-w- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2011-11-20 01:01:42 . 2009-02-15 10:29:14 8192 ----a-w- C:\WINDOWS\system32\dllcache\wshirda.dll
2011-11-20 01:01:02 . 2009-02-15 10:29:32 8832 ----a-w- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2011-11-20 00:59:59 . 2008-04-14 10:42:40 46080 ----a-w- C:\WINDOWS\system32\dllcache\wab.exe
2011-11-20 00:58:59 . 2009-02-15 10:29:30 50688 ----a-w- C:\WINDOWS\system32\dllcache\umaxscan.dll
2011-11-20 00:57:59 . 2004-01-09 17:06:18 185344 ----a-w- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2011-11-20 00:56:49 . 2009-02-15 10:29:30 24660 ----a-w- C:\WINDOWS\system32\dllcache\spxupchk.dll
2011-11-20 00:55:59 . 2009-02-15 10:29:42 5888 ----a-w- C:\WINDOWS\system32\dllcache\smbali.sys
2011-11-20 00:54:59 . 2009-02-15 10:29:28 75392 ----a-w- C:\WINDOWS\system32\dllcache\s3savmxm.sys
2011-11-20 00:53:58 . 2008-04-14 10:40:36 53760 ----a-w- C:\WINDOWS\system32\dllcache\pintlcsd.dll
2011-11-20 00:52:53 . 2009-02-15 10:29:26 32840 ----a-w- C:\WINDOWS\system32\dllcache\ngrpci.sys
2011-11-20 00:51:43 . 2009-02-15 10:29:26 35200 ----a-w- C:\WINDOWS\system32\dllcache\msgame.sys
2011-11-20 00:50:59 . 2009-02-15 10:29:24 20864 ----a-w- C:\WINDOWS\system32\dllcache\lwadihid.sys
2011-11-20 00:49:59 . 2004-01-09 17:05:01 5632 ----a-w- C:\WINDOWS\system32\dllcache\kbdinkan.dll
2011-11-20 00:48:59 . 2004-01-09 17:04:58 6656 ----a-w- C:\WINDOWS\system32\dllcache\iissync.exe
2011-11-20 00:47:59 . 2004-01-09 17:04:56 57409 ----a-w- C:\WINDOWS\system32\dllcache\hrtz.dll
2011-11-20 00:46:59 . 2009-02-15 10:29:22 34816 ----a-w- C:\WINDOWS\system32\dllcache\esuimg.dll
2011-11-20 00:45:58 . 2009-02-15 10:29:20 419357 ----a-w- C:\WINDOWS\system32\dllcache\dgconfig.dll
2011-11-20 00:44:59 . 2009-02-15 10:29:16 121856 ----a-w- C:\WINDOWS\system32\dllcache\camext30.dll
2011-11-20 00:43:59 . 2009-02-15 10:29:38 73216 ----a-w- C:\WINDOWS\system32\dllcache\atintuxx.sys
2011-11-20 00:42:59 . 2009-02-15 10:29:28 66048 ----a-w- C:\WINDOWS\system32\dllcache\s3legacy.dll
2011-11-17 23:35:09 . 2011-11-17 23:44:54 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-11 00:07:43 . 2011-06-12 08:32:41 16608 ----a-w- C:\WINDOWS\gdrv.sys
2011-12-08 10:03:05 . 2011-06-11 12:55:10 222080 ------w- C:\WINDOWS\system32\MpSigStub.exe
2011-12-04 15:03:49 . 2011-06-18 15:14:19 128000 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-12-04 15:03:46 . 2011-06-18 15:14:19 544656 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-12-03 21:55:09 . 2011-06-12 09:31:55 24944 ----a-w- C:\WINDOWS\system32\drivers\GVTDrv.sys
2011-11-21 10:47:38 . 2011-10-02 12:53:12 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-18 22:54:07 . 2011-10-18 22:54:07 74703 ----a-w- C:\WINDOWS\system32\mfc45.dll
2011-10-10 14:21:17 . 2011-06-11 08:40:11 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-10-07 23:48:04 . 2011-10-07 23:48:04 97760 ----a-w- C:\WINDOWS\system32\drivers\inspect.sys
2011-10-07 23:48:02 . 2011-10-07 23:48:02 492768 ----a-w- C:\WINDOWS\system32\drivers\cmdGuard.sys
2011-10-07 23:48:02 . 2011-10-07 23:48:02 31704 ----a-w- C:\WINDOWS\system32\drivers\cmdhlp.sys
2011-10-07 23:48:00 . 2011-10-07 23:48:00 18056 ----a-w- C:\WINDOWS\system32\drivers\cmderd.sys
2011-10-07 23:47:12 . 2011-10-07 23:47:12 33984 ----a-w- C:\WINDOWS\system32\cmdcsr.dll
2011-10-07 23:47:12 . 2011-10-07 23:47:12 300200 ----a-w- C:\WINDOWS\system32\guard32.dll
2011-09-28 07:06:50 . 2008-04-14 10:41:52 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-09-26 15:41:20 . 2008-07-29 23:59:58 611328 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 15:41:20 . 2004-01-09 17:05:47 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll
2011-09-26 15:41:14 . 2004-01-09 17:05:47 20480 ----a-w- C:\WINDOWS\system32\oleaccrc.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 19:16:48 997920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-14 10:42:08 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 09:32:48 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\W:\0autocheck autochk /r \??\I:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
] [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 17:53:10 77824 ----a-w- C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2011-10-20 17:58:42 2497352 ----a-w- D:\Programs\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2010-03-18 23:17:48 19456 ----a-w- C:\WINDOWS\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 16:32:32 19968 ----a-w- C:\WINDOWS\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2010-02-28 06:09:14 519584 ----a-w- C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 19:05:20 20480 ----a-w- C:\Program Files\Gigabyte\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
2004-01-22 14:59:10 151552 ----a-w- C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]
2008-04-03 14:01:22 297480 ----a-w- C:\Program Files\Gigabyte\GBTUpd\PreRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-31 01:36:27 136176 ----atw- C:\Documents and Settings\Dean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 20:15:22 221184 ----a-w- C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15:20 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
2004-01-16 10:04:08 57344 ----a-w- C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-05-15 21:12:10 484904 ----a-w- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00:48 449608 ----a-w- D:\Programs\Malwarebytes\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57:24 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36:48 421888 ----a-w- D:\Programs\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2009-10-21 16:58:58 916304 ----a-w- D:\Programs\Registry First Aid\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07:20 2260480 --sha-r- D:\Programs\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-07-08 03:05:06 98304 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 18:59:46 252136 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47:06 74752 ----a-w- D:\Programs\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"spupdsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"idsvc"=3 (0x3)
"UPS"=3 (0x3)
"Themes"=2 (0x2)
"TlntSvr"=3 (0x3)
"LmHosts"=2 (0x2)
"Steam Client Service"=3 (0x3)
"wscsvc"=2 (0x2)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"PCToolsSSDMonitorSvc"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Netlogon"=3 (0x3)
"NBService"=3 (0x3)
"MBAMService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"CiSvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"MSDTC"=3 (0x3)
"CryptSvc"=3 (0x3)
"ClipSrv"=3 (0x3)
"BITS"=2 (0x2)
"wuauserv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programs\\uTorrent\\uTorrent.exe"=

R1 MpKsl32ee197e;MpKsl32ee197e; [x]
R1 MpKsl35265280;MpKsl35265280;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FF4D41-41E5-47D3-83D6-43E87F51547A}\MpKsl35265280.sys [x]
R1 MpKsl5c8539d5;MpKsl5c8539d5; [x]
R1 MpKsl69a7b1b2;MpKsl69a7b1b2; [x]
R1 MpKsl7afca4db;MpKsl7afca4db; [x]
R1 MpKsla5f310d2;MpKsla5f310d2; [x]
R1 MpKslf6cc7502;MpKslf6cc7502; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\System32\drivers\COMMONFX.SYS [2010-03-19 00:39:10 99416]
R3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2010-03-19 00:39:10 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2010-03-19 00:39:18 555096]
R3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2010-03-19 00:39:18 555096]
R3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2010-03-19 00:39:36 100952]
R3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2010-03-19 00:39:36 100952]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2010-03-19 00:39:28 566360]
R3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2010-03-19 00:39:28 566360]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2011-12-03 21:55:09 24944]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;D:\Programs\Ad-Aware\KernExplorer.sys [2011-11-03 17:06:56 15232]
R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5Pro\markfun.w32 [2007-08-21 15:49:28 17912]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [2011-08-31 22:00:50 22216]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-09-01 08:30:58 15544]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-06 20:06:00 11520]
R3 WinRM;Windows Remote Management (WS-Management);C:\WINDOWS\system32\svchost.exe [2008-04-14 10:42:38 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 17:16:28 753504]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-13 09:50:58 79360]
R4 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-31 01:36:27 136176]
R4 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-31 01:36:27 136176]
R4 ioloSystemService;iolo System Service;C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 19:15:42 722616]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;D:\Programs\Ad-Aware\AAWService.exe [2011-11-03 17:06:56 2152152]
R4 MBAMService;MBAMService;D:\Programs\Malwarebytes\mbamservice.exe [2011-08-31 22:00:48 366152]
R4 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:37:50 4640000]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 12:46:02 583640]
R4 Secunia PSI Agent;Secunia PSI Agent;D:\Programs\Secunia PSI\PSIA.exe [2011-10-14 06:01:50 994360]
R4 Secunia Update Agent;Secunia Update Agent;D:\Programs\Secunia PSI\sua.exe [2011-10-14 06:01:48 399416]
R4 sptd;sptd;C:\WINDOWS\System32\Drivers\sptd.sys [2011-11-20 23:20:44 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2011-10-07 23:48:02 492768]
S1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2011-10-07 23:48:02 31704]
S2 ES lite Service;ES lite Service for program management.;C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 17:21:34 80392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08:20 452136 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2011-12-01 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- D:\Programs\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06:56 . 2011-11-03 17:06:56]

2011-09-23 C:\WINDOWS\Tasks\GBM - Backup To My Passport-Full.job
- D:\Programs\Genie Backup Manager Pro 8\GBM8.exe [2011-09-23 01:16:15 . 2011-09-23 01:12:00]

2011-09-23 C:\WINDOWS\Tasks\GBM - New Backup Job-Full.job
- D:\Programs\Genie Backup Manager Pro 8\GBM8.exe [2011-09-23 01:16:15 . 2011-09-23 01:12:00]

2011-10-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-31 01:36:30 . 2011-10-31 01:36:27]

2011-12-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1450960922-1935655697-1005Core.job
- C:\Documents and Settings\Dean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-04 01:55:06 . 2011-10-31 01:36:27]

2011-07-24 C:\WINDOWS\Tasks\RMSmartUpdate.job
- D:\Programs\Registry Mechanic\Update.exe [2011-12-08 03:45:05 . 2010-08-05 13:46:18]

2011-06-12 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2011-06-12 09:27:01 . 2009-03-11 02:18:08]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/ig
uLocal Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
mLocal Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
IE: E&xport to Microsoft Excel - D:\Programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://D:\Programs\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://D:\Programs\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{DD647A37-7C6A-4296-A2A6-B47F04531E38}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - C:\Documents and Settings\Dean\Application Data\Mozilla\Firefox\Profiles\s5ki7f9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0


------- File Associations -------

JSEFile=NOTEPAD.EXE %1

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 11 December 2011 - 12:06 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 rokittman

rokittman
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Burlington, Kentucky
  • Local time:04:20 PM

Posted 11 December 2011 - 01:56 PM

Gringo,
Here is the log file from tdsskiller. I also noticed on the first reboot after ComboFix, my sound software ~ Audigy SoundBlaster ~ was disabled and no instance of it was listed on the Audio tab of the Sound and Audio Devices Properties applet. I won't attempt to reinstall it until we're done here. Thank you.




19:33:19.0687 2964 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
19:33:20.0109 2964 ============================================================
19:33:20.0109 2964 Current date / time: 2011/11/19 19:33:20.0109
19:33:20.0109 2964 SystemInfo:
19:33:20.0109 2964
19:33:20.0109 2964 OS Version: 5.1.2600 ServicePack: 3.0
19:33:20.0109 2964 Product type: Workstation
19:33:20.0109 2964 ComputerName: ROKITMAN
19:33:20.0109 2964 UserName: Administrator
19:33:20.0109 2964 Windows directory: C:\WINDOWS
19:33:20.0109 2964 System windows directory: C:\WINDOWS
19:33:20.0109 2964 Processor architecture: Intel x86
19:33:20.0109 2964 Number of processors: 2
19:33:20.0109 2964 Page size: 0x1000
19:33:20.0109 2964 Boot type: Normal boot
19:33:20.0109 2964 ============================================================
19:33:21.0250 2964 Initialize success
19:33:33.0562 2416 ============================================================
19:33:33.0562 2416 Scan started
19:33:33.0562 2416 Mode: Manual;
19:33:33.0562 2416 ============================================================
19:33:33.0703 2416 Abiosdsk - ok
19:33:33.0734 2416 abp480n5 - ok
19:33:33.0765 2416 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:33:33.0765 2416 ACPI - ok
19:33:33.0796 2416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:33:33.0796 2416 ACPIEC - ok
19:33:33.0812 2416 adpu160m - ok
19:33:33.0843 2416 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:33:33.0843 2416 aec - ok
19:33:33.0875 2416 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
19:33:33.0875 2416 AFD - ok
19:33:33.0890 2416 Aha154x - ok
19:33:33.0906 2416 aic78u2 - ok
19:33:33.0921 2416 aic78xx - ok
19:33:33.0937 2416 AliIde - ok
19:33:33.0953 2416 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
19:33:33.0953 2416 AmdLLD - ok
19:33:33.0968 2416 amsint - ok
19:33:33.0984 2416 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:33:33.0984 2416 Arp1394 - ok
19:33:34.0000 2416 asc - ok
19:33:34.0015 2416 asc3350p - ok
19:33:34.0031 2416 asc3550 - ok
19:33:34.0062 2416 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:33:34.0062 2416 AsyncMac - ok
19:33:34.0078 2416 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:33:34.0078 2416 atapi - ok
19:33:34.0093 2416 Atdisk - ok
19:33:34.0234 2416 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:33:34.0296 2416 ati2mtag - ok
19:33:34.0343 2416 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
19:33:34.0343 2416 AtiHdmiService - ok
19:33:34.0359 2416 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:33:34.0359 2416 Atmarpc - ok
19:33:34.0390 2416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:33:34.0390 2416 audstub - ok
19:33:34.0421 2416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:33:34.0421 2416 Beep - ok
19:33:34.0437 2416 catchme - ok
19:33:34.0468 2416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:33:34.0468 2416 cbidf2k - ok
19:33:34.0500 2416 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:33:34.0500 2416 CCDECODE - ok
19:33:34.0515 2416 cd20xrnt - ok
19:33:34.0515 2416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:33:34.0515 2416 Cdaudio - ok
19:33:34.0546 2416 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:33:34.0546 2416 Cdfs - ok
19:33:34.0562 2416 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:33:34.0562 2416 Cdrom - ok
19:33:34.0578 2416 Changer - ok
19:33:34.0609 2416 CmdIde - ok
19:33:34.0640 2416 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
19:33:34.0640 2416 COMMONFX - ok
19:33:34.0656 2416 COMMONFX.DLL - ok
19:33:34.0671 2416 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
19:33:34.0671 2416 COMMONFX.SYS - ok
19:33:34.0687 2416 Cpqarray - ok
19:33:34.0734 2416 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
19:33:34.0765 2416 CT20XUT.DLL - ok
19:33:34.0796 2416 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
19:33:34.0796 2416 ctac32k - ok
19:33:34.0828 2416 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:33:34.0828 2416 ctaud2k - ok
19:33:34.0859 2416 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
19:33:34.0859 2416 CTAUDFX - ok
19:33:34.0875 2416 CTAUDFX.DLL - ok
19:33:34.0890 2416 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
19:33:34.0906 2416 CTAUDFX.SYS - ok
19:33:34.0937 2416 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:33:34.0937 2416 ctdvda2k - ok
19:33:34.0968 2416 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
19:33:35.0000 2416 CTEAPSFX.DLL - ok
19:33:35.0015 2416 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
19:33:35.0046 2416 CTEDSPFX.DLL - ok
19:33:35.0062 2416 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
19:33:35.0093 2416 CTEDSPIO.DLL - ok
19:33:35.0109 2416 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
19:33:35.0140 2416 CTEDSPSY.DLL - ok
19:33:35.0156 2416 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
19:33:35.0156 2416 CTERFXFX - ok
19:33:35.0171 2416 CTERFXFX.DLL - ok
19:33:35.0187 2416 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
19:33:35.0187 2416 CTERFXFX.SYS - ok
19:33:35.0218 2416 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
19:33:35.0265 2416 CTEXFIFX.DLL - ok
19:33:35.0281 2416 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
19:33:35.0312 2416 CTHWIUT.DLL - ok
19:33:35.0328 2416 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:33:35.0328 2416 ctprxy2k - ok
19:33:35.0359 2416 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
19:33:35.0359 2416 CTSBLFX - ok
19:33:35.0375 2416 CTSBLFX.DLL - ok
19:33:35.0390 2416 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
19:33:35.0390 2416 CTSBLFX.SYS - ok
19:33:35.0421 2416 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:33:35.0421 2416 ctsfm2k - ok
19:33:35.0421 2416 dac2w2k - ok
19:33:35.0437 2416 dac960nt - ok
19:33:35.0468 2416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:33:35.0468 2416 Disk - ok
19:33:35.0500 2416 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:33:35.0500 2416 dmboot - ok
19:33:35.0515 2416 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:33:35.0515 2416 dmio - ok
19:33:35.0546 2416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:33:35.0546 2416 dmload - ok
19:33:35.0562 2416 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:33:35.0562 2416 DMusic - ok
19:33:35.0578 2416 dpti2o - ok
19:33:35.0609 2416 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:33:35.0609 2416 drmkaud - ok
19:33:35.0625 2416 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
19:33:35.0625 2416 emupia - ok
19:33:35.0640 2416 ET5Drv (e5030e34de21a6818e8586bfb7dd4b60) C:\WINDOWS\system32\Drivers\ET5Drv.sys
19:33:35.0656 2416 ET5Drv - ok
19:33:35.0703 2416 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:33:35.0703 2416 Fastfat - ok
19:33:35.0718 2416 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:33:35.0718 2416 Fdc - ok
19:33:35.0734 2416 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:33:35.0734 2416 Fips - ok
19:33:35.0750 2416 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:33:35.0750 2416 Flpydisk - ok
19:33:35.0781 2416 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:33:35.0781 2416 FltMgr - ok
19:33:35.0812 2416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:33:35.0812 2416 Fs_Rec - ok
19:33:35.0828 2416 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:33:35.0828 2416 Ftdisk - ok
19:33:35.0843 2416 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:33:35.0843 2416 gameenum - ok
19:33:35.0875 2416 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
19:33:35.0890 2416 gdrv - ok
19:33:35.0921 2416 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:33:35.0937 2416 giveio - ok
19:33:35.0953 2416 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:33:35.0953 2416 Gpc - ok
19:33:36.0000 2416 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:33:36.0015 2416 ha10kx2k - ok
19:33:36.0031 2416 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
19:33:36.0031 2416 hap16v2k - ok
19:33:36.0046 2416 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
19:33:36.0046 2416 hap17v2k - ok
19:33:36.0062 2416 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:33:36.0062 2416 HDAudBus - ok
19:33:36.0093 2416 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:33:36.0093 2416 hidusb - ok
19:33:36.0109 2416 hpn - ok
19:33:36.0140 2416 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:33:36.0140 2416 HTTP - ok
19:33:36.0156 2416 i2omgmt - ok
19:33:36.0156 2416 i2omp - ok
19:33:36.0171 2416 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:33:36.0171 2416 i8042prt - ok
19:33:36.0187 2416 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:33:36.0187 2416 Imapi - ok
19:33:36.0203 2416 ini910u - ok
19:33:36.0218 2416 IntcAzAudAddService - ok
19:33:36.0234 2416 IntelIde - ok
19:33:36.0234 2416 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:33:36.0234 2416 intelppm - ok
19:33:36.0265 2416 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:33:36.0265 2416 Ip6Fw - ok
19:33:36.0281 2416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:33:36.0296 2416 IpFilterDriver - ok
19:33:36.0312 2416 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:33:36.0312 2416 IpInIp - ok
19:33:36.0328 2416 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:33:36.0328 2416 IpNat - ok
19:33:36.0343 2416 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:33:36.0343 2416 IPSec - ok
19:33:36.0375 2416 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:33:36.0375 2416 IRENUM - ok
19:33:36.0406 2416 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:33:36.0406 2416 isapnp - ok
19:33:36.0421 2416 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:33:36.0421 2416 Kbdclass - ok
19:33:36.0453 2416 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:33:36.0453 2416 kmixer - ok
19:33:36.0468 2416 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:33:36.0468 2416 KSecDD - ok
19:33:36.0484 2416 lbrtfdc - ok
19:33:36.0531 2416 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
19:33:36.0531 2416 MBAMProtector - ok
19:33:36.0578 2416 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:33:36.0578 2416 MBAMSwissArmy - ok
19:33:36.0593 2416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:33:36.0593 2416 mnmdd - ok
19:33:36.0625 2416 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:33:36.0625 2416 Modem - ok
19:33:36.0656 2416 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:33:36.0656 2416 Mouclass - ok
19:33:36.0671 2416 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:33:36.0671 2416 mouhid - ok
19:33:36.0687 2416 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:33:36.0687 2416 MountMgr - ok
19:33:36.0718 2416 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:33:36.0718 2416 MpFilter - ok
19:33:36.0812 2416 MpKsl258ec034 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A4E818B-295C-41A1-8CC0-763C1235F33D}\MpKsl258ec034.sys
19:33:36.0812 2416 MpKsl258ec034 - ok
19:33:36.0828 2416 MpKsl32ee197e - ok
19:33:36.0843 2416 MpKsl4ec705a7 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A4E818B-295C-41A1-8CC0-763C1235F33D}\MpKsl4ec705a7.sys
19:33:36.0875 2416 MpKsl4ec705a7 - ok
19:33:36.0906 2416 MpKsl5c8539d5 - ok
19:33:36.0921 2416 MpKsl7afca4db - ok
19:33:37.0015 2416 MpKsld48720d8 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A4E818B-295C-41A1-8CC0-763C1235F33D}\MpKsld48720d8.sys
19:33:37.0046 2416 MpKsld48720d8 - ok
19:33:37.0046 2416 mraid35x - ok
19:33:37.0093 2416 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:33:37.0093 2416 MRxDAV - ok
19:33:37.0109 2416 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:33:37.0109 2416 MRxSmb - ok
19:33:37.0140 2416 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:33:37.0140 2416 Msfs - ok
19:33:37.0187 2416 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:33:37.0187 2416 MSKSSRV - ok
19:33:37.0218 2416 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:33:37.0218 2416 MSPCLOCK - ok
19:33:37.0234 2416 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:33:37.0234 2416 MSPQM - ok
19:33:37.0265 2416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:33:37.0265 2416 mssmbios - ok
19:33:37.0296 2416 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:33:37.0296 2416 MSTEE - ok
19:33:37.0312 2416 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:33:37.0312 2416 Mup - ok
19:33:37.0343 2416 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:33:37.0343 2416 NABTSFEC - ok
19:33:37.0375 2416 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:33:37.0390 2416 NDIS - ok
19:33:37.0406 2416 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:33:37.0406 2416 NdisIP - ok
19:33:37.0437 2416 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:33:37.0437 2416 NdisTapi - ok
19:33:37.0453 2416 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:33:37.0453 2416 Ndisuio - ok
19:33:37.0468 2416 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:33:37.0468 2416 NdisWan - ok
19:33:37.0500 2416 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:33:37.0500 2416 NDProxy - ok
19:33:37.0515 2416 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:33:37.0515 2416 NetBIOS - ok
19:33:37.0531 2416 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:33:37.0531 2416 NetBT - ok
19:33:37.0578 2416 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:33:37.0578 2416 NIC1394 - ok
19:33:37.0593 2416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:33:37.0593 2416 Npfs - ok
19:33:37.0609 2416 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:33:37.0625 2416 Ntfs - ok
19:33:37.0671 2416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:33:37.0671 2416 Null - ok
19:33:37.0703 2416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:33:37.0703 2416 NwlnkFlt - ok
19:33:37.0703 2416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:33:37.0718 2416 NwlnkFwd - ok
19:33:37.0734 2416 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:33:37.0734 2416 ohci1394 - ok
19:33:37.0781 2416 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:33:37.0781 2416 ossrv - ok
19:33:37.0796 2416 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:33:37.0796 2416 Parport - ok
19:33:37.0812 2416 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:33:37.0812 2416 PartMgr - ok
19:33:37.0843 2416 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:33:37.0843 2416 ParVdm - ok
19:33:37.0859 2416 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:33:37.0859 2416 PCI - ok
19:33:37.0875 2416 PCIDump - ok
19:33:37.0890 2416 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:33:37.0890 2416 PCIIde - ok
19:33:37.0921 2416 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:33:37.0921 2416 Pcmcia - ok
19:33:37.0937 2416 PDCOMP - ok
19:33:37.0953 2416 PDFRAME - ok
19:33:37.0968 2416 PDRELI - ok
19:33:37.0968 2416 PDRFRAME - ok
19:33:37.0984 2416 perc2 - ok
19:33:38.0000 2416 perc2hib - ok
19:33:38.0046 2416 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:33:38.0046 2416 PptpMiniport - ok
19:33:38.0078 2416 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
19:33:38.0093 2416 PQNTDrv - ok
19:33:38.0109 2416 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:33:38.0109 2416 PSched - ok
19:33:38.0125 2416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:33:38.0125 2416 Ptilink - ok
19:33:38.0156 2416 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:33:38.0156 2416 PxHelp20 - ok
19:33:38.0171 2416 ql1080 - ok
19:33:38.0171 2416 Ql10wnt - ok
19:33:38.0187 2416 ql12160 - ok
19:33:38.0203 2416 ql1240 - ok
19:33:38.0218 2416 ql1280 - ok
19:33:38.0234 2416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:33:38.0234 2416 RasAcd - ok
19:33:38.0265 2416 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:33:38.0265 2416 Rasl2tp - ok
19:33:38.0281 2416 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:33:38.0281 2416 RasPppoe - ok
19:33:38.0296 2416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:33:38.0296 2416 Raspti - ok
19:33:38.0312 2416 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:33:38.0328 2416 Rdbss - ok
19:33:38.0343 2416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:33:38.0343 2416 RDPCDD - ok
19:33:38.0375 2416 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:33:38.0375 2416 rdpdr - ok
19:33:38.0406 2416 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:33:38.0406 2416 RDPWD - ok
19:33:38.0421 2416 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:33:38.0421 2416 redbook - ok
19:33:38.0468 2416 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:33:38.0468 2416 RTLE8023xp - ok
19:33:38.0531 2416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:33:38.0531 2416 Secdrv - ok
19:33:38.0546 2416 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:33:38.0546 2416 serenum - ok
19:33:38.0562 2416 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:33:38.0578 2416 Serial - ok
19:33:38.0609 2416 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:33:38.0609 2416 Sfloppy - ok
19:33:38.0640 2416 Simbad - ok
19:33:38.0671 2416 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:33:38.0671 2416 SLIP - ok
19:33:38.0687 2416 Sparrow - ok
19:33:38.0718 2416 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
19:33:38.0765 2416 speedfan - ok
19:33:38.0796 2416 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:33:38.0796 2416 splitter - ok
19:33:38.0843 2416 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:33:38.0843 2416 Sr - ok
19:33:38.0875 2416 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
19:33:38.0875 2416 Srv - ok
19:33:38.0921 2416 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:33:38.0921 2416 streamip - ok
19:33:38.0953 2416 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:33:38.0953 2416 swenum - ok
19:33:38.0984 2416 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:33:38.0984 2416 swmidi - ok
19:33:39.0000 2416 symc810 - ok
19:33:39.0015 2416 symc8xx - ok
19:33:39.0031 2416 sym_hi - ok
19:33:39.0031 2416 sym_u3 - ok
19:33:39.0062 2416 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:33:39.0062 2416 sysaudio - ok
19:33:39.0109 2416 Tcpip (1f39c7bdba4c5f3f01c4eabf7edbf4b3) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:33:39.0109 2416 Tcpip - ok
19:33:39.0140 2416 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:33:39.0140 2416 TDPIPE - ok
19:33:39.0156 2416 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:33:39.0156 2416 TDTCP - ok
19:33:39.0187 2416 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:33:39.0187 2416 TermDD - ok
19:33:39.0203 2416 TosIde - ok
19:33:39.0250 2416 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:33:39.0250 2416 Udfs - ok
19:33:39.0265 2416 ultra - ok
19:33:39.0281 2416 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:33:39.0281 2416 Update - ok
19:33:39.0328 2416 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:33:39.0328 2416 usbaudio - ok
19:33:39.0359 2416 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:33:39.0359 2416 usbccgp - ok
19:33:39.0375 2416 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:33:39.0390 2416 usbehci - ok
19:33:39.0406 2416 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:33:39.0406 2416 usbhub - ok
19:33:39.0421 2416 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:33:39.0421 2416 usbprint - ok
19:33:39.0453 2416 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:33:39.0453 2416 usbscan - ok
19:33:39.0484 2416 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:33:39.0484 2416 usbstor - ok
19:33:39.0500 2416 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:33:39.0500 2416 usbuhci - ok
19:33:39.0531 2416 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:33:39.0531 2416 usbvideo - ok
19:33:39.0562 2416 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:33:39.0562 2416 VgaSave - ok
19:33:39.0578 2416 ViaIde - ok
19:33:39.0593 2416 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:33:39.0593 2416 VolSnap - ok
19:33:39.0640 2416 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:33:39.0640 2416 Wanarp - ok
19:33:39.0656 2416 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
19:33:39.0671 2416 WDC_SAM - ok
19:33:39.0671 2416 WDICA - ok
19:33:39.0703 2416 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:33:39.0703 2416 wdmaud - ok
19:33:39.0734 2416 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
19:33:39.0734 2416 WimFltr - ok
19:33:39.0843 2416 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:33:39.0843 2416 WSTCODEC - ok
19:33:39.0875 2416 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:33:39.0953 2416 \Device\Harddisk0\DR0 - ok
19:33:39.0953 2416 Boot (0x1200) (306fec8a94f60151431d37177225bf28) \Device\Harddisk0\DR0\Partition0
19:33:39.0953 2416 \Device\Harddisk0\DR0\Partition0 - ok
19:33:39.0968 2416 Boot (0x1200) (6743dde1248b765e8a400e2ae3e41bd4) \Device\Harddisk0\DR0\Partition1
19:33:39.0968 2416 \Device\Harddisk0\DR0\Partition1 - ok
19:33:39.0968 2416 ============================================================
19:33:39.0968 2416 Scan finished
19:33:39.0968 2416 ============================================================
19:33:39.0984 2368 Detected object count: 0
19:33:39.0984 2368 Actual detected object count: 0
19:33:44.0750 2004 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 11 December 2011 - 06:25 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 rokittman

rokittman
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Burlington, Kentucky
  • Local time:04:20 PM

Posted 11 December 2011 - 10:05 PM

Gringo,

I downloaded aswMBR.exe from your link and tried to launch it. I clicked on Run, but the program never opened.

- Dean -

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 11 December 2011 - 10:47 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 rokittman

rokittman
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Burlington, Kentucky
  • Local time:04:20 PM

Posted 12 December 2011 - 05:30 AM

Gringo,

I ran TDSS Fix Tool. Found infected MBR and repaired it. After the reboot, Services.exe Ram usage in the Processes tab went from 270,000k to 3580k with a very noticeable speed increase in page loading and program starts.

I then ran aswMBR successfully, the log is below. You did not mention whether or not to click on Fix MBR, so I just saved the scan and posted it here. Thanx.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 05:16:47
-----------------------------
05:16:47.828 OS Version: Windows 5.1.2600 Service Pack 3
05:16:47.828 Number of processors: 2 586 0xF0D
05:16:47.828 ComputerName: ROKITMAN UserName: Dean
05:16:48.796 Initialize success
05:18:10.234 AVAST engine defs: 11121200
05:18:30.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:18:30.578 Disk 0 Vendor: ST3500410AS CC31 Size: 476938MB BusType: 3
05:18:32.593 Disk 0 MBR read successfully
05:18:32.593 Disk 0 MBR scan
05:18:32.625 Disk 0 Windows XP default MBR code
05:18:32.625 Disk 0 scanning sectors +976768065
05:18:32.703 Disk 0 scanning C:\WINDOWS\system32\drivers
05:18:40.281 Service scanning
05:18:43.093 Modules scanning
05:18:45.265 Disk 0 trace - called modules:
05:18:45.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:18:45.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae73ab8]
05:18:45.281 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000082[0x8af207f0]
05:18:45.796 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae7a940]
05:18:46.375 AVAST engine scan C:\WINDOWS
05:18:50.562 AVAST engine scan C:\WINDOWS\system32
05:20:24.140 AVAST engine scan C:\WINDOWS\system32\drivers
05:20:36.187 AVAST engine scan C:\Documents and Settings\Dean
05:21:37.609 AVAST engine scan C:\Documents and Settings\All Users
05:22:05.187 Scan finished successfully
05:22:21.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dean\Desktop\MBR.dat"
05:22:21.375 The log file has been saved successfully to "C:\Documents and Settings\Dean\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 12 December 2011 - 08:24 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rokittman

rokittman
  • Topic Starter

  • Members
  • 215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Burlington, Kentucky
  • Local time:04:20 PM

Posted 12 December 2011 - 06:16 PM

Gringo,

There have been some more improvements in system performance. The browser redirects have stopped in all browsers, Services.exe is using less than 4000k of ram and the CPU Usage in Task Manager is hovering around 5% or less during idle. I still have no sound, but I'm guessing that's just a matter of reinstalling my sound drivers. Here is the log.




ComboFix 11-12-12.02 - Dean 12/12/2011 16:59:20.7.2 - x86
Running from: c:\documents and settings\Dean\Desktop\Bleeping Computer Programs\ComboFix.exe
Command switches used :: c:\documents and settings\Dean\Desktop\Bleeping Computer Programs\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\LocalService\NTUSER.DAT.tmp
c:\documents and settings\LocalService\NTUSER.tmp
c:\documents and settings\NetworkService\NTUSER.DAT.tmp
c:\documents and settings\NetworkService\NTUSER.tmp
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{EB0696D4-2A41-40E5-B848-F148B3C4590D}\setup.msi
c:\windows\system32\config\systemprofile\ntuser.tmp
c:\windows\system32\drivers\tcpip.copy
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 21:03 . 2011-12-12 21:03 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{855A1F68-7223-478C-AF22-69454E76288D}\MpKsl6993d8ed.sys
2011-12-12 21:03 . 2011-12-12 21:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{855A1F68-7223-478C-AF22-69454E76288D}\offreg.dll
2011-12-12 21:03 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{855A1F68-7223-478C-AF22-69454E76288D}\mpengine.dll
2011-12-05 01:07 . 2011-12-05 01:08 10134560 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-12-04 23:38 . 2011-12-04 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2011-12-04 22:34 . 2011-12-05 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-12-04 22:33 . 2011-12-04 22:33 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-12-04 22:33 . 2011-12-04 22:33 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-12-04 22:26 . 2011-12-04 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-12-04 17:16 . 2011-12-04 17:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-12-04 15:06 . 2011-12-04 15:06 -------- d-----w- c:\program files\Common Files\Java
2011-12-04 15:03 . 2011-12-04 15:03 -------- d-----w- c:\program files\Java
2011-12-04 00:42 . 2011-12-12 21:30 -------- d-----w- c:\documents and settings\Dean
2011-12-04 00:18 . 2011-12-04 00:18 -------- d-----w- c:\windows\msdownld.tmp
2011-12-04 00:13 . 2011-12-04 00:16 -------- dc----w- c:\windows\ie8
2011-12-03 23:22 . 2011-12-03 23:39 -------- d-----w- C:\MATS
2011-12-02 02:13 . 2011-12-02 02:13 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-02 02:13 . 2011-12-02 02:13 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-02 02:11 . 2011-12-02 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-12-01 10:16 . 2011-12-01 10:16 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2011-12-01 10:10 . 2011-12-01 10:10 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-12-01 10:05 . 2011-12-01 10:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-01 02:09 . 2011-12-01 02:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-01 02:01 . 2011-12-01 02:01 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-01 02:00 . 2011-12-01 02:00 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-12-01 02:00 . 2011-12-01 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-11-30 09:59 . 2011-11-30 09:59 -------- d-----w- c:\program files\microsoft frontpage
2011-11-29 04:13 . 2011-11-29 04:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-29 02:25 . 2011-11-29 02:25 54016 ----a-w- c:\windows\system32\drivers\uiqxn.sys
2011-11-27 21:07 . 2011-11-27 21:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-11-27 20:56 . 2011-11-28 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-20 23:20 . 2011-11-20 23:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-20 01:37 . 2011-08-08 19:18 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-11-20 01:37 . 2010-06-29 23:30 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2011-11-20 01:36 . 2011-08-08 20:01 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-11-20 01:36 . 2011-08-08 20:01 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-11-20 01:36 . 2010-02-09 03:59 56200 ----a-w- c:\windows\system32\offreg.dll
2011-11-20 01:36 . 2011-11-20 01:36 -------- d-----w- c:\program files\iolo
2011-11-20 01:20 . 2011-11-20 01:20 0 ----a-r- c:\documents and settings\Administrator\TempWmicBatchFile.bat
2011-11-20 01:02 . 2004-01-09 17:07 13894 ----a-w- c:\windows\system32\dllcache\zonelibm.dll
2011-11-20 01:02 . 2004-01-09 17:07 113222 ----a-w- c:\windows\system32\dllcache\zoneclim.dll
2011-11-20 01:02 . 2004-01-09 17:07 4677 ----a-w- c:\windows\system32\dllcache\zeeverm.dll
2011-11-20 01:02 . 2004-01-09 17:07 29760 ----a-w- c:\windows\system32\dllcache\znetm.dll
2011-11-20 01:02 . 2004-01-09 17:07 41029 ----a-w- c:\windows\system32\dllcache\zcorem.dll
2011-11-20 01:02 . 2004-01-09 17:07 36937 ----a-w- c:\windows\system32\dllcache\zclientm.exe
2011-11-20 01:02 . 2009-02-15 10:29 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-11-20 01:02 . 2009-02-15 10:29 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-11-20 01:02 . 2009-02-15 10:29 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-11-20 01:02 . 2009-02-15 10:29 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-11-20 01:02 . 2009-02-15 10:29 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-11-20 01:01 . 2009-02-15 10:29 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-11-20 01:01 . 2009-02-15 10:29 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-11-20 01:01 . 2009-02-15 10:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-11-20 01:01 . 2008-04-14 10:42 183296 ----a-w- c:\windows\system32\dllcache\wuaueng1.dll
2011-11-20 01:01 . 2008-04-14 10:42 165888 ----a-w- c:\windows\system32\dllcache\wuauclt1.exe
2011-11-20 01:01 . 2009-02-15 10:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-11-20 01:01 . 2009-02-15 10:29 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-11-20 01:01 . 2009-02-15 10:29 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-11-20 00:59 . 2008-04-14 10:42 46080 ----a-w- c:\windows\system32\dllcache\wab.exe
2011-11-20 00:58 . 2009-02-15 10:29 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-11-20 00:57 . 2004-01-09 17:06 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll
2011-11-20 00:56 . 2009-02-15 10:29 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-11-20 00:55 . 2009-02-15 10:29 5888 ----a-w- c:\windows\system32\dllcache\smbali.sys
2011-11-20 00:54 . 2009-02-15 10:29 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-11-20 00:53 . 2008-04-14 10:40 53760 ----a-w- c:\windows\system32\dllcache\pintlcsd.dll
2011-11-20 00:52 . 2009-02-15 10:29 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-11-20 00:51 . 2009-02-15 10:29 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-11-20 00:50 . 2009-02-15 10:29 20864 ----a-w- c:\windows\system32\dllcache\lwadihid.sys
2011-11-20 00:49 . 2004-01-09 17:05 5632 ----a-w- c:\windows\system32\dllcache\kbdinkan.dll
2011-11-20 00:48 . 2004-01-09 17:04 6656 ----a-w- c:\windows\system32\dllcache\iissync.exe
2011-11-20 00:47 . 2004-01-09 17:04 57409 ----a-w- c:\windows\system32\dllcache\hrtz.dll
2011-11-20 00:46 . 2009-02-15 10:29 34816 ----a-w- c:\windows\system32\dllcache\esuimg.dll
2011-11-20 00:45 . 2009-02-15 10:29 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll
2011-11-20 00:44 . 2009-02-15 10:29 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll
2011-11-20 00:43 . 2009-02-15 10:29 73216 ----a-w- c:\windows\system32\dllcache\atintuxx.sys
2011-11-20 00:42 . 2009-02-15 10:29 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-11-17 23:35 . 2011-11-17 23:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 20:31 . 2011-06-12 08:32 16608 ----a-w- c:\windows\gdrv.sys
2011-12-08 10:03 . 2011-06-11 12:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-04 15:03 . 2011-06-18 15:14 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-04 15:03 . 2011-06-18 15:14 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-03 21:55 . 2011-06-12 09:31 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-11-21 10:47 . 2011-10-02 12:53 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-18 22:54 . 2011-10-18 22:54 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-10-10 14:21 . 2011-06-11 08:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 23:48 . 2011-10-07 23:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 23:48 . 2011-10-07 23:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 23:48 . 2011-10-07 23:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 23:48 . 2011-10-07 23:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 23:47 . 2011-10-07 23:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 23:47 . 2011-10-07 23:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-09-28 07:06 . 2008-04-14 10:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-01-09 17:05 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-01-09 17:05 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-11_01.09.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-12 20:31 . 2011-12-12 20:31 16384 c:\windows\temp\Perflib_Perfdata_58c.dat
+ 2004-01-09 17:05 . 2011-12-11 19:55 92574 c:\windows\system32\perfc009.dat
- 2004-01-09 17:05 . 2011-12-10 21:26 92574 c:\windows\system32\perfc009.dat
+ 2011-11-28 20:15 . 2011-12-12 21:04 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-28 20:15 . 2011-12-10 21:05 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-28 20:15 . 2011-12-12 21:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-11-28 20:15 . 2011-12-10 21:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-12-01 02:09 . 2011-12-10 21:05 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-12-01 02:09 . 2011-12-11 20:06 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-11-28 20:15 . 2011-12-10 21:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-11-28 20:15 . 2011-12-12 21:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-12-01 03:29 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\update\spcustom.dll
- 2011-12-01 03:29 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\spmsg.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 12800 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\xpshims.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 66560 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\mshtmled.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 55296 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\msfeedsbs.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 43520 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\licmgr10.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 25600 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\jsproxy.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 12800 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\xpshims.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 66560 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\mshtmled.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 55296 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\msfeedsbs.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 43520 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\licmgr10.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 25600 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\jsproxy.dll
+ 2011-12-11 20:11 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Web.RegularExpressions.dll
+ 2011-12-11 20:11 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Drawing.Design.dll
+ 2011-12-11 20:11 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Configuration.Install.dll
+ 2011-12-11 20:11 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-11 20:12 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.Vsa.dll
+ 2011-12-11 20:11 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.VisualBasic.Vsa.dll
+ 2011-12-11 20:11 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.Build.Utilities.dll
+ 2011-12-11 20:11 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.Build.Framework.dll
+ 2011-12-11 20:11 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\ISymWrapper.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\IEHost.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\CustomMarshalers.dll
+ 2011-12-11 20:12 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\cscompmgd.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Accessibility.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Web.RegularExpressions.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Drawing.Design.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Configuration.Install.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.Vsa.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.VisualBasic.Vsa.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.Build.Utilities.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.Build.Framework.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\ISymWrapper.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\IEHost.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\CustomMarshalers.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\cscompmgd.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Accessibility.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-12-10 21:24 . 2011-12-10 21:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-12-10 21:24 . 2011-12-10 21:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-12-11 20:12 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft_VsaVb.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.VisualC.Dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\IIEHost.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\IEExecRemote.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft_VsaVb.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\IIEHost.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\IEExecRemote.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-12-11 19:54 . 2011-12-11 19:54 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-12-10 21:25 . 2011-12-10 21:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-12-10 21:25 . 2011-12-10 21:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-01-09 17:05 . 2011-12-11 19:55 512470 c:\windows\system32\perfh009.dat
- 2004-01-09 17:05 . 2011-12-10 21:26 512470 c:\windows\system32\perfh009.dat
- 2011-12-01 03:29 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\update\updspapi.dll
- 2011-12-01 03:29 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\update\update.exe
- 2011-12-01 03:29 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\spuninst.exe
- 2011-12-01 03:29 . 2011-08-22 23:47 919552 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\wininet.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 105984 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\url.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 206848 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\occache.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 611840 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\mstime.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 602112 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\msfeeds.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 247808 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\ieproxy.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 184320 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\iepeers.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 743424 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\iedvtool.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 387584 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\iedkcs32.dll
- 2011-12-01 03:29 . 2011-08-22 11:52 174080 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\ie4uinit.exe
- 2011-12-01 03:29 . 2011-08-22 23:48 916480 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\wininet.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 105984 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\url.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 206848 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\occache.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 611840 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\mstime.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 602112 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\msfeeds.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 247808 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\ieproxy.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 184320 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\iepeers.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 743424 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\iedvtool.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 387584 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\iedkcs32.dll
- 2011-12-01 03:29 . 2011-08-22 11:56 174080 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\ie4uinit.exe
+ 2011-12-11 20:11 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Web.Services.dll
+ 2011-12-11 20:11 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Web.Mobile.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Transactions.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.ServiceProcess.dll
+ 2011-12-11 20:12 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Security.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Runtime.Remoting.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Messaging.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Management.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.EnterpriseServices.Wrapper.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.EnterpriseServices.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Drawing.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.DirectoryServices.Protocols.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.DirectoryServices.dll
+ 2011-12-11 20:12 . 2008-07-25 15:16 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Deployment.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Data.SqlXml.dll
+ 2011-12-11 20:11 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Data.OracleClient.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.configuration.dll
+ 2011-12-11 20:11 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\sysglobl.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.VisualBasic.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.VisualBasic.Compatibility.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-11 20:12 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.JScript.dll
+ 2011-12-11 20:11 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.Build.Tasks.dll
+ 2011-12-11 20:11 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\Microsoft.Build.Engine.dll
+ 2011-12-11 20:11 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\AspNetMMCExt.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 839680 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Web.Services.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Web.Mobile.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Transactions.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Runtime.Remoting.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Messaging.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Management.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.EnterpriseServices.Wrapper.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.EnterpriseServices.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.DirectoryServices.Protocols.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.DirectoryServices.dll
+ 2011-12-11 20:02 . 2008-11-25 08:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Data.OracleClient.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\sysglobl.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 659456 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.VisualBasic.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.VisualBasic.Compatibility.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.JScript.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.Build.Tasks.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\Microsoft.Build.Engine.dll
+ 2011-12-11 20:02 . 2008-07-25 15:16 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\AspNetMMCExt.dll
+ 2010-02-25 05:14 . 2010-02-25 05:14 543232 c:\windows\Installer\338a5.msp
- 2011-12-10 21:24 . 2011-12-10 21:24 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-12-10 21:24 . 2011-12-10 21:24 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-12-10 21:24 . 2011-12-10 21:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 1214464 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\urlmon.dll
- 2011-12-01 03:29 . 2011-10-03 08:34 5972992 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\mshtml.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 2001408 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\iertutil.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 1212416 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\urlmon.dll
- 2011-12-01 03:29 . 2011-10-03 08:35 5971456 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\mshtml.dll
- 2011-12-01 03:29 . 2011-08-22 23:48 2000384 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\iertutil.dll
+ 2011-12-11 20:12 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.XML.dll
+ 2011-12-11 20:11 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Windows.Forms.dll
+ 2011-12-11 20:11 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Web.dll
+ 2011-12-11 20:12 . 2011-04-29 01:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.dll
+ 2011-12-11 20:11 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Design.dll
+ 2011-12-11 20:12 . 2008-07-25 15:17 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\System.Data.dll
+ 2011-12-11 20:12 . 2011-07-07 10:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC15263\mscorlib.dll
+ 2011-12-11 20:02 . 2008-11-25 08:59 2048000 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.XML.dll
+ 2011-12-11 20:02 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Windows.Forms.dll
+ 2011-12-11 20:02 . 2010-09-22 13:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Web.dll
+ 2011-12-11 20:02 . 2008-07-25 15:17 5062656 c:\windows\Microsoft.NET\Framework\v2.0.50727\GAC13366\System.Design.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-12-10 21:24 . 2011-12-10 21:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-12-11 19:52 . 2011-12-11 19:52 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2011-12-10 21:24 . 2011-12-10 21:24 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-11 19:53 . 2011-12-11 19:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-12-10 21:25 . 2011-12-10 21:25 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-12-11 19:54 . 2011-12-11 19:54 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-12-01 03:29 . 2011-08-22 23:47 11084288 c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\ieframe.dll
+ 2011-03-28 08:27 . 2011-03-28 08:27 15456256 c:\windows\Installer\ef252.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\w:\0autocheck autochk /r \??\I:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
] [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 17:53 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2011-10-20 17:58 2497352 ----a-w- d:\programs\COMODO\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2010-03-18 23:17 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 16:32 19968 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2010-02-28 06:09 519584 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 19:05 20480 ----a-w- c:\program files\Gigabyte\ET5Pro\ETcall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
2004-01-22 14:59 151552 ----a-w- c:\program files\Lexmark 4200 Series\Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]
2008-04-03 14:01 297480 ----a-w- c:\program files\Gigabyte\GBTUpd\PreRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-31 01:36 136176 ----atw- c:\documents and settings\Dean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 20:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
2004-01-16 10:04 57344 ----a-w- c:\program files\Lexmark 4200 Series\lxbmbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-05-15 21:12 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00 449608 ----a-w- d:\programs\Malwarebytes\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- d:\programs\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2009-10-21 16:58 916304 ----a-w- d:\programs\Registry First Aid\rfagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- d:\programs\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-07-08 03:05 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 18:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- d:\programs\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"spupdsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"idsvc"=3 (0x3)
"UPS"=3 (0x3)
"Themes"=2 (0x2)
"TlntSvr"=3 (0x3)
"LmHosts"=2 (0x2)
"Steam Client Service"=3 (0x3)
"wscsvc"=2 (0x2)
"Secunia Update Agent"=2 (0x2)
"Secunia PSI Agent"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"PCToolsSSDMonitorSvc"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Netlogon"=3 (0x3)
"NBService"=3 (0x3)
"MBAMService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"CiSvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"MSDTC"=3 (0x3)
"CryptSvc"=3 (0x3)
"ClipSrv"=3 (0x3)
"BITS"=2 (0x2)
"wuauserv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ALG"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programs\\uTorrent\\uTorrent.exe"=
.
R1 MpKsl32ee197e;MpKsl32ee197e; [x]
R1 MpKsl35265280;MpKsl35265280;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2FF4D41-41E5-47D3-83D6-43E87F51547A}\MpKsl35265280.sys [x]
R1 MpKsl5c8539d5;MpKsl5c8539d5; [x]
R1 MpKsl69a7b1b2;MpKsl69a7b1b2; [x]
R1 MpKsl7afca4db;MpKsl7afca4db; [x]
R1 MpKsla5f310d2;MpKsla5f310d2; [x]
R1 MpKslf6cc7502;MpKslf6cc7502; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 99416]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 555096]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 555096]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 100952]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 100952]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 566360]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 566360]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2011-12-03 24944]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\programs\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5Pro\markfun.w32 [2007-08-21 17912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-13 79360]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\programs\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R4 MBAMService;MBAMService;d:\programs\Malwarebytes\mbamservice.exe [2011-08-31 366152]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
R4 Secunia PSI Agent;Secunia PSI Agent;d:\programs\Secunia PSI\PSIA.exe [2011-10-14 994360]
R4 Secunia Update Agent;Secunia Update Agent;d:\programs\Secunia PSI\sua.exe [2011-10-14 399416]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-11-20 691696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 492768]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
S1 MpKsl6993d8ed;MpKsl6993d8ed;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{855A1F68-7223-478C-AF22-69454E76288D}\MpKsl6993d8ed.sys [2011-12-12 29904]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 80392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6993D8ED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 21:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\programs\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-09-23 c:\windows\Tasks\GBM - Backup To My Passport-Full.job
- d:\programs\Genie Backup Manager Pro 8\GBM8.exe [2011-09-23 01:12]
.
2011-09-23 c:\windows\Tasks\GBM - New Backup Job-Full.job
- d:\programs\Genie Backup Manager Pro 8\GBM8.exe [2011-09-23 01:12]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 01:36]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1450960922-1935655697-1005Core.job
- c:\documents and settings\Dean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-04 01:36]
.
2011-07-24 c:\windows\Tasks\RMSmartUpdate.job
- d:\programs\Registry Mechanic\Update.exe [2011-12-08 13:46]
.
2011-06-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-06-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://d:\programs\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://d:\programs\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
TCP: Interfaces\{DD647A37-7C6A-4296-A2A6-B47F04531E38}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\s5ki7f9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 17:15
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5Pro\markfun.w32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\System32\wpdshserviceobj.dll
c:\windows\System32\portabledevicetypes.dll
c:\windows\System32\portabledeviceapi.dll
.
- - - - - - - > 'csrss.exe'(512)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2011-12-12 17:25:12
ComboFix-quarantined-files.txt 2011-12-12 22:25
ComboFix2.txt 2011-11-20 00:17
ComboFix3.txt 2011-10-13 19:56
.
Pre-Run: 27,965,665,280 bytes free
Post-Run: 28,178,087,936 bytes free
.
- - End Of File - - 0AAE272D91C1918B0CDF1F8F98A0F9A8

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 12 December 2011 - 08:19 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users