Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still having issues!


  • This topic is locked This topic is locked
26 replies to this topic

#1 bomber1712

bomber1712

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:26 AM

Posted 05 December 2011 - 09:25 PM

Hi all,

I am helping a friend with her computer. I ran MBAM, SAS, MSE scan, Eset scan, TDSSkiller. I am not sure what you want to see. MBAM found 7200+ instances of Trojan.FakeAlert. On a second run, MBAM was clean. I can't attach the MBAM log as the .txt file is too big.

First part of MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8309

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/4/2011 1:35:41 PM
mbam-log-2011-12-04 (13-35-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 285144
Time elapsed: 1 hour(s), 29 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 7285
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gYYYXXwkUVe8234A (Trojan.FakeAlert.CLGen) -> Value: gYYYXXwkUVe8234A -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Z5ssQJ66dEKfZ9T8234A (Trojan.FakeAlert.CLGen) -> Value: Z5ssQJ66dEKfZ9T8234A -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\F88ggRZqhYXwUVl8234A (Trojan.FakeAlert.CLGen) -> Value: F88ggRZqhYXwUVl8234A -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\E11uuvD2bF4pG5Q8234A (Trojan.FakeAlert.CLGen) -> Value: E11uuvD2bF4pG5Q8234A -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aOyyxAA0uvS2b8234A (Trojan.FakeAlert.CLGen) -> Value: aOyyxAA0uvS2b8234A -> Quarantined and deleted successfully.

And the end of MBAM log:


Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Delete on reboot.
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.dll (PUP.PlaySushi) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\playsushiff.xpt (PUP.PlaySushi) -> Quarantined and deleted successfully.

SAS found PUP.StartNow Toolbar. I couldn't get the log.

Eset found:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=059d65508d0cba4aa9abe622bd99d9ad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-04 08:48:27
# local_time=2011-12-04 02:48:27 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 58621550 0 0
# compatibility_mode=5893 16776574 66 94 1128570 74571651 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=127481
# found=4
# cleaned=4
# scan_time=3505
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Marina\AppData\Local\Temp\ICReinstall\cnet2_revosetup_exe[1].exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.4[1].exe a variant of Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C


TDSS found:

19:45:43.0608 0932 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:45:43.0920 0932 ============================================================
19:45:43.0920 0932 Current date / time: 2011/12/05 19:45:43.0920
19:45:43.0920 0932 SystemInfo:
19:45:43.0920 0932
19:45:43.0920 0932 OS Version: 6.1.7601 ServicePack: 1.0
19:45:43.0920 0932 Product type: Workstation
19:45:43.0920 0932 ComputerName: MARINA-PC
19:45:43.0920 0932 UserName: Marina
19:45:43.0920 0932 Windows directory: C:\Windows
19:45:43.0920 0932 System windows directory: C:\Windows
19:45:43.0920 0932 Running under WOW64
19:45:43.0920 0932 Processor architecture: Intel x64
19:45:43.0920 0932 Number of processors: 2
19:45:43.0920 0932 Page size: 0x1000
19:45:43.0920 0932 Boot type: Normal boot
19:45:43.0920 0932 ============================================================
19:45:45.0480 0932 Initialize success
19:45:53.0966 3824 ============================================================
19:45:53.0966 3824 Scan started
19:45:53.0966 3824 Mode: Manual;
19:45:53.0966 3824 ============================================================
19:45:54.0621 3824 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:45:54.0621 3824 1394ohci - ok
19:45:54.0684 3824 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:45:54.0684 3824 ACPI - ok
19:45:54.0824 3824 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:45:54.0855 3824 AcpiPmi - ok
19:45:54.0887 3824 adeqvayk - ok
19:45:54.0996 3824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:45:55.0011 3824 adp94xx - ok
19:45:55.0058 3824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:45:55.0058 3824 adpahci - ok
19:45:55.0089 3824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:45:55.0105 3824 adpu320 - ok
19:45:55.0183 3824 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:45:55.0183 3824 AFD - ok
19:45:55.0308 3824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:45:55.0308 3824 agp440 - ok
19:45:55.0370 3824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:45:55.0386 3824 aliide - ok
19:45:55.0417 3824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:45:55.0417 3824 amdide - ok
19:45:55.0479 3824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:45:55.0479 3824 AmdK8 - ok
19:45:55.0573 3824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:45:55.0573 3824 AmdPPM - ok
19:45:55.0635 3824 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:45:55.0651 3824 amdsata - ok
19:45:55.0698 3824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:45:55.0698 3824 amdsbs - ok
19:45:55.0713 3824 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:45:55.0729 3824 amdxata - ok
19:45:55.0823 3824 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:45:55.0838 3824 AppID - ok
19:45:55.0916 3824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:45:55.0916 3824 arc - ok
19:45:55.0963 3824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:45:55.0963 3824 arcsas - ok
19:45:55.0994 3824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:45:55.0994 3824 AsyncMac - ok
19:45:56.0088 3824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:45:56.0088 3824 atapi - ok
19:45:56.0244 3824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:45:56.0244 3824 b06bdrv - ok
19:45:56.0337 3824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:45:56.0337 3824 b57nd60a - ok
19:45:56.0400 3824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:45:56.0400 3824 Beep - ok
19:45:56.0478 3824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:45:56.0478 3824 blbdrive - ok
19:45:56.0509 3824 bmskrsuo - ok
19:45:56.0571 3824 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:45:56.0571 3824 bowser - ok
19:45:56.0634 3824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:45:56.0634 3824 BrFiltLo - ok
19:45:56.0665 3824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:45:56.0665 3824 BrFiltUp - ok
19:45:56.0696 3824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:45:56.0712 3824 Brserid - ok
19:45:56.0774 3824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:45:56.0774 3824 BrSerWdm - ok
19:45:56.0837 3824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:45:56.0837 3824 BrUsbMdm - ok
19:45:56.0852 3824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:45:56.0852 3824 BrUsbSer - ok
19:45:56.0915 3824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:45:56.0915 3824 BTHMODEM - ok
19:45:56.0993 3824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:45:56.0993 3824 cdfs - ok
19:45:57.0086 3824 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:45:57.0086 3824 cdrom - ok
19:45:57.0180 3824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:45:57.0180 3824 circlass - ok
19:45:57.0242 3824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:45:57.0242 3824 CLFS - ok
19:45:57.0336 3824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:45:57.0336 3824 CmBatt - ok
19:45:57.0383 3824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:45:57.0398 3824 cmdide - ok
19:45:57.0476 3824 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:45:57.0492 3824 CNG - ok
19:45:57.0523 3824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:45:57.0523 3824 Compbatt - ok
19:45:57.0585 3824 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:45:57.0585 3824 CompositeBus - ok
19:45:57.0663 3824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:45:57.0663 3824 crcdisk - ok
19:45:57.0819 3824 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:45:57.0835 3824 DfsC - ok
19:45:57.0897 3824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:45:57.0897 3824 discache - ok
19:45:57.0975 3824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:45:57.0975 3824 Disk - ok
19:45:58.0007 3824 dpfnzwjq - ok
19:45:58.0069 3824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:45:58.0069 3824 drmkaud - ok
19:45:58.0116 3824 dvusctki - ok
19:45:58.0209 3824 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:45:58.0241 3824 DXGKrnl - ok
19:45:58.0397 3824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:45:58.0459 3824 ebdrv - ok
19:45:58.0584 3824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:45:58.0599 3824 elxstor - ok
19:45:58.0646 3824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:45:58.0646 3824 ErrDev - ok
19:45:58.0693 3824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:45:58.0693 3824 exfat - ok
19:45:58.0724 3824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:45:58.0740 3824 fastfat - ok
19:45:58.0833 3824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:45:58.0833 3824 fdc - ok
19:45:58.0880 3824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:45:58.0880 3824 FileInfo - ok
19:45:58.0927 3824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:45:58.0927 3824 Filetrace - ok
19:45:58.0958 3824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:45:58.0958 3824 flpydisk - ok
19:45:59.0036 3824 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:45:59.0036 3824 FltMgr - ok
19:45:59.0130 3824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:45:59.0130 3824 FsDepends - ok
19:45:59.0161 3824 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:45:59.0161 3824 Fs_Rec - ok
19:45:59.0239 3824 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:45:59.0239 3824 fvevol - ok
19:45:59.0286 3824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:45:59.0286 3824 gagp30kx - ok
19:45:59.0426 3824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:45:59.0426 3824 hcw85cir - ok
19:45:59.0504 3824 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:45:59.0504 3824 HdAudAddService - ok
19:45:59.0567 3824 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:45:59.0567 3824 HDAudBus - ok
19:45:59.0598 3824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:45:59.0598 3824 HidBatt - ok
19:45:59.0691 3824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:45:59.0691 3824 HidBth - ok
19:45:59.0707 3824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:45:59.0707 3824 HidIr - ok
19:45:59.0769 3824 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:45:59.0769 3824 HidUsb - ok
19:45:59.0847 3824 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:45:59.0847 3824 HpSAMD - ok
19:45:59.0925 3824 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:45:59.0941 3824 HTTP - ok
19:46:00.0050 3824 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:46:00.0050 3824 hwpolicy - ok
19:46:00.0144 3824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:46:00.0144 3824 i8042prt - ok
19:46:00.0253 3824 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:46:00.0300 3824 iaStorV - ok
19:46:00.0752 3824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:46:00.0752 3824 iirsp - ok
19:46:01.0579 3824 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
19:46:01.0673 3824 IntcAzAudAddService - ok
19:46:02.0078 3824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:46:02.0094 3824 intelide - ok
19:46:02.0484 3824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:46:02.0499 3824 intelppm - ok
19:46:02.0889 3824 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:02.0905 3824 IpFilterDriver - ok
19:46:03.0311 3824 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:46:03.0326 3824 IPMIDRV - ok
19:46:03.0747 3824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:46:03.0763 3824 IPNAT - ok
19:46:04.0184 3824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:46:04.0200 3824 IRENUM - ok
19:46:04.0637 3824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:46:04.0637 3824 isapnp - ok
19:46:04.0793 3824 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:46:04.0808 3824 iScsiPrt - ok
19:46:04.0855 3824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:46:04.0871 3824 kbdclass - ok
19:46:04.0902 3824 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:46:04.0902 3824 kbdhid - ok
19:46:04.0917 3824 kkmzkpzu - ok
19:46:04.0964 3824 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:46:04.0964 3824 KSecDD - ok
19:46:05.0042 3824 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:46:05.0042 3824 KSecPkg - ok
19:46:05.0167 3824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:46:05.0198 3824 ksthunk - ok
19:46:05.0292 3824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:46:05.0292 3824 lltdio - ok
19:46:05.0619 3824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:46:05.0635 3824 LSI_FC - ok
19:46:05.0729 3824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:46:05.0729 3824 LSI_SAS - ok
19:46:05.0760 3824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:46:05.0775 3824 LSI_SAS2 - ok
19:46:05.0791 3824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:46:05.0791 3824 LSI_SCSI - ok
19:46:05.0853 3824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:46:05.0869 3824 luafv - ok
19:46:05.0947 3824 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
19:46:05.0947 3824 LVRS64 - ok
19:46:06.0228 3824 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:46:06.0368 3824 LVUVC64 - ok
19:46:06.0462 3824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:46:06.0462 3824 megasas - ok
19:46:06.0493 3824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:46:06.0509 3824 MegaSR - ok
19:46:06.0555 3824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:46:06.0555 3824 Modem - ok
19:46:06.0602 3824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:46:06.0602 3824 monitor - ok
19:46:06.0665 3824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:46:06.0680 3824 mouclass - ok
19:46:06.0805 3824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:46:06.0805 3824 mouhid - ok
19:46:07.0039 3824 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:46:07.0055 3824 mountmgr - ok
19:46:07.0803 3824 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:46:07.0835 3824 MpFilter - ok
19:46:08.0396 3824 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:46:08.0427 3824 mpio - ok
19:46:09.0161 3824 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:46:09.0192 3824 MpNWMon - ok
19:46:09.0551 3824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:46:09.0582 3824 mpsdrv - ok
19:46:10.0128 3824 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:46:10.0159 3824 MRxDAV - ok
19:46:10.0674 3824 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:10.0689 3824 mrxsmb - ok
19:46:11.0126 3824 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:11.0173 3824 mrxsmb10 - ok
19:46:11.0547 3824 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:11.0563 3824 mrxsmb20 - ok
19:46:11.0906 3824 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:46:11.0906 3824 msahci - ok
19:46:12.0078 3824 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:46:12.0093 3824 msdsm - ok
19:46:12.0327 3824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:46:12.0359 3824 Msfs - ok
19:46:12.0561 3824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:46:12.0577 3824 mshidkmdf - ok
19:46:12.0967 3824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:46:12.0998 3824 msisadrv - ok
19:46:13.0685 3824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:46:13.0700 3824 MSKSSRV - ok
19:46:14.0231 3824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:14.0246 3824 MSPCLOCK - ok
19:46:14.0745 3824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:46:14.0777 3824 MSPQM - ok
19:46:14.0995 3824 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:46:15.0026 3824 MsRPC - ok
19:46:15.0198 3824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:46:15.0213 3824 mssmbios - ok
19:46:15.0681 3824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:46:15.0697 3824 MSTEE - ok
19:46:16.0134 3824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:46:16.0134 3824 MTConfig - ok
19:46:16.0727 3824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:46:16.0773 3824 Mup - ok
19:46:17.0444 3824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:46:17.0475 3824 NativeWifiP - ok
19:46:18.0193 3824 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:46:18.0240 3824 NDIS - ok
19:46:18.0817 3824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:46:18.0848 3824 NdisCap - ok
19:46:19.0379 3824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:19.0410 3824 NdisTapi - ok
19:46:19.0878 3824 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:19.0925 3824 Ndisuio - ok
19:46:20.0315 3824 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:20.0330 3824 NdisWan - ok
19:46:20.0751 3824 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:46:20.0767 3824 NDProxy - ok
19:46:21.0313 3824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:46:21.0344 3824 NetBIOS - ok
19:46:22.0311 3824 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:46:22.0327 3824 NetBT - ok
19:46:22.0904 3824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:46:22.0920 3824 nfrd960 - ok
19:46:23.0185 3824 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:46:23.0216 3824 NisDrv - ok
19:46:23.0622 3824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:46:23.0637 3824 Npfs - ok
19:46:23.0871 3824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:46:23.0871 3824 nsiproxy - ok
19:46:24.0495 3824 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:46:24.0589 3824 Ntfs - ok
19:46:25.0010 3824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:46:25.0026 3824 Null - ok
19:46:25.0587 3824 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:46:25.0634 3824 NVENETFD - ok
19:46:27.0740 3824 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:46:28.0083 3824 nvlddmkm - ok
19:46:28.0583 3824 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
19:46:28.0614 3824 NVNET - ok
19:46:28.0973 3824 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:46:28.0988 3824 nvraid - ok
19:46:29.0097 3824 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:46:29.0113 3824 nvstor - ok
19:46:29.0550 3824 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
19:46:29.0550 3824 nvstor64 - ok
19:46:29.0690 3824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:46:29.0721 3824 nv_agp - ok
19:46:30.0111 3824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:46:30.0127 3824 ohci1394 - ok
19:46:30.0345 3824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:46:30.0361 3824 Parport - ok
19:46:30.0501 3824 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:46:30.0517 3824 partmgr - ok
19:46:30.0735 3824 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:46:30.0751 3824 pci - ok
19:46:30.0782 3824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:46:30.0782 3824 pciide - ok
19:46:30.0845 3824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:46:30.0845 3824 pcmcia - ok
19:46:30.0891 3824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:46:30.0891 3824 pcw - ok
19:46:30.0954 3824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:46:30.0969 3824 PEAUTH - ok
19:46:31.0110 3824 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:46:31.0110 3824 PptpMiniport - ok
19:46:31.0172 3824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:46:31.0188 3824 Processor - ok
19:46:31.0297 3824 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:46:31.0297 3824 Psched - ok
19:46:31.0313 3824 qaccuetw - ok
19:46:31.0391 3824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:46:31.0422 3824 ql2300 - ok
19:46:31.0484 3824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:46:31.0484 3824 ql40xx - ok
19:46:31.0547 3824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:46:31.0547 3824 QWAVEdrv - ok
19:46:31.0562 3824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:46:31.0562 3824 RasAcd - ok
19:46:31.0625 3824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:46:31.0625 3824 RasAgileVpn - ok
19:46:31.0718 3824 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:31.0718 3824 Rasl2tp - ok
19:46:31.0812 3824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:31.0812 3824 RasPppoe - ok
19:46:31.0874 3824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:46:31.0874 3824 RasSstp - ok
19:46:31.0952 3824 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:46:31.0952 3824 rdbss - ok
19:46:31.0983 3824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:46:31.0983 3824 rdpbus - ok
19:46:32.0061 3824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:32.0061 3824 RDPCDD - ok
19:46:32.0108 3824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:46:32.0108 3824 RDPENCDD - ok
19:46:32.0139 3824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:46:32.0155 3824 RDPREFMP - ok
19:46:32.0202 3824 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:46:32.0217 3824 RDPWD - ok
19:46:32.0280 3824 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:46:32.0280 3824 rdyboost - ok
19:46:32.0373 3824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:46:32.0373 3824 rspndr - ok
19:46:32.0483 3824 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:46:32.0483 3824 SASDIFSV - ok
19:46:32.0545 3824 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:46:32.0561 3824 SASKUTIL - ok
19:46:32.0685 3824 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:46:32.0685 3824 sbp2port - ok
19:46:32.0748 3824 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:46:32.0748 3824 scfilter - ok
19:46:32.0810 3824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:46:32.0810 3824 secdrv - ok
19:46:32.0841 3824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:46:32.0841 3824 Serenum - ok
19:46:32.0888 3824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:46:32.0888 3824 Serial - ok
19:46:33.0013 3824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:46:33.0013 3824 sermouse - ok
19:46:33.0075 3824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:46:33.0075 3824 sffdisk - ok
19:46:33.0107 3824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:46:33.0107 3824 sffp_mmc - ok
19:46:33.0138 3824 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:46:33.0138 3824 sffp_sd - ok
19:46:33.0185 3824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:46:33.0185 3824 sfloppy - ok
19:46:33.0294 3824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:46:33.0294 3824 SiSRaid2 - ok
19:46:33.0309 3824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:46:33.0309 3824 SiSRaid4 - ok
19:46:33.0356 3824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:46:33.0356 3824 Smb - ok
19:46:33.0419 3824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:46:33.0419 3824 spldr - ok
19:46:33.0497 3824 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
19:46:33.0497 3824 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:46:33.0497 3824 sptd ( LockedFile.Multi.Generic ) - warning
19:46:33.0497 3824 sptd - detected LockedFile.Multi.Generic (1)
19:46:33.0621 3824 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:46:33.0637 3824 srv - ok
19:46:33.0668 3824 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:46:33.0684 3824 srv2 - ok
19:46:33.0699 3824 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:46:33.0715 3824 srvnet - ok
19:46:33.0824 3824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:46:33.0824 3824 stexstor - ok
19:46:33.0902 3824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:46:33.0902 3824 swenum - ok
19:46:34.0058 3824 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:46:34.0089 3824 Tcpip - ok
19:46:34.0261 3824 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:46:34.0277 3824 TCPIP6 - ok
19:46:34.0323 3824 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:46:34.0339 3824 tcpipreg - ok
19:46:34.0433 3824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:46:34.0448 3824 TDPIPE - ok
19:46:34.0464 3824 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:46:34.0464 3824 TDTCP - ok
19:46:34.0557 3824 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:46:34.0557 3824 tdx - ok
19:46:34.0745 3824 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:46:34.0745 3824 TermDD - ok
19:46:34.0823 3824 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:34.0823 3824 tssecsrv - ok
19:46:34.0885 3824 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:46:34.0901 3824 TsUsbFlt - ok
19:46:35.0010 3824 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:46:35.0025 3824 tunnel - ok
19:46:35.0057 3824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:46:35.0057 3824 uagp35 - ok
19:46:35.0119 3824 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:46:35.0119 3824 udfs - ok
19:46:35.0181 3824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:46:35.0181 3824 uliagpkx - ok
19:46:35.0213 3824 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:46:35.0213 3824 umbus - ok
19:46:35.0306 3824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:46:35.0306 3824 UmPass - ok
19:46:35.0369 3824 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:46:35.0369 3824 usbaudio - ok
19:46:35.0400 3824 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:46:35.0400 3824 usbccgp - ok
19:46:35.0462 3824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:46:35.0462 3824 usbcir - ok
19:46:35.0525 3824 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:46:35.0525 3824 usbehci - ok
19:46:35.0603 3824 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:46:35.0603 3824 usbhub - ok
19:46:35.0634 3824 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:46:35.0634 3824 usbohci - ok
19:46:35.0681 3824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:46:35.0681 3824 usbprint - ok
19:46:35.0712 3824 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:46:35.0712 3824 usbscan - ok
19:46:35.0790 3824 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
19:46:35.0790 3824 USBSTOR - ok
19:46:35.0868 3824 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:46:35.0868 3824 usbuhci - ok
19:46:35.0961 3824 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:46:35.0961 3824 usbvideo - ok
19:46:35.0993 3824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:46:36.0008 3824 vdrvroot - ok
19:46:36.0086 3824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:46:36.0086 3824 vga - ok
19:46:36.0149 3824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:46:36.0149 3824 VgaSave - ok
19:46:36.0211 3824 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:46:36.0227 3824 vhdmp - ok
19:46:36.0273 3824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:46:36.0273 3824 viaide - ok
19:46:36.0305 3824 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:46:36.0305 3824 volmgr - ok
19:46:36.0398 3824 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:46:36.0414 3824 volmgrx - ok
19:46:36.0523 3824 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:46:36.0539 3824 volsnap - ok
19:46:36.0585 3824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:46:36.0585 3824 vsmraid - ok
19:46:36.0648 3824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:46:36.0648 3824 vwifibus - ok
19:46:36.0679 3824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:46:36.0679 3824 WacomPen - ok
19:46:36.0773 3824 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:36.0788 3824 WANARP - ok
19:46:36.0788 3824 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:36.0788 3824 Wanarpv6 - ok
19:46:36.0866 3824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:46:36.0866 3824 Wd - ok
19:46:36.0944 3824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:46:36.0960 3824 Wdf01000 - ok
19:46:37.0085 3824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:46:37.0085 3824 WfpLwf - ok
19:46:37.0131 3824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:46:37.0131 3824 WIMMount - ok
19:46:37.0225 3824 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:46:37.0225 3824 WinUsb - ok
19:46:37.0303 3824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:46:37.0303 3824 WmiAcpi - ok
19:46:37.0428 3824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:46:37.0443 3824 ws2ifsl - ok
19:46:37.0506 3824 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:46:37.0506 3824 WudfPf - ok
19:46:37.0553 3824 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:37.0553 3824 WUDFRd - ok
19:46:37.0599 3824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:46:37.0615 3824 \Device\Harddisk0\DR0 - ok
19:46:37.0615 3824 Boot (0x1200) (4a4db87c9b9f2ece675e9b1e4bb840ed) \Device\Harddisk0\DR0\Partition0
19:46:37.0615 3824 \Device\Harddisk0\DR0\Partition0 - ok
19:46:37.0631 3824 Boot (0x1200) (f8a7680154149fa48015483ea41d1285) \Device\Harddisk0\DR0\Partition1
19:46:37.0631 3824 \Device\Harddisk0\DR0\Partition1 - ok
19:46:37.0631 3824 ============================================================
19:46:37.0631 3824 Scan finished
19:46:37.0631 3824 ============================================================
19:46:37.0646 1540 Detected object count: 1
19:46:37.0646 1540 Actual detected object count: 1
19:47:00.0797 1540 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
19:47:00.0812 1540 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine


I ran DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Marina at 19:16:11 on 2011-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.1269 [GMT -6:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\iBarioApps\iBarioApps.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
uSearch Bar = Preserve
uInternet Settings,ProxyServer = http=127.0.0.1:50303
mWinlogon: Userinit=userinit.exe,
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\Marina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iBarioApps] C:\Program Files (x86)\iBarioApps\iBarioApps.exe /tray
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [PC Cleaner] C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DAA63889-2989-42BC-AEB6-40B67B166F80} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2924928]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-17 136176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-05 23:00:24 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{736FAE70-E6D6-4DE4-A57C-74AF23999B03}\offreg.dll
2011-12-05 23:00:20 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{736FAE70-E6D6-4DE4-A57C-74AF23999B03}\mpengine.dll
2011-12-04 22:42:27 -------- d-----w- C:\Program Files\Realtek
2011-12-04 22:42:26 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-12-04 22:39:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-12-04 19:46:28 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-04 17:37:37 -------- d-----w- C:\Users\Marina\AppData\Roaming\SUPERAntiSpyware.com
2011-12-04 17:37:08 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-04 17:37:08 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-04 17:32:35 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-12-04 17:29:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\Auslogics
2011-12-04 17:29:47 -------- d-----w- C:\Program Files (x86)\Auslogics
2011-12-04 17:25:16 -------- d-----w- C:\Program Files\CCleaner
2011-12-04 17:23:42 -------- d-----w- C:\Users\Marina\AppData\Roaming\Malwarebytes
2011-12-04 17:23:33 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-04 17:23:28 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-04 17:23:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-04 12:51:11 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-11-30 22:34:12 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-29 03:55:04 -------- d-----w- C:\a52c9862cf72b69dcd692d859cca
2011-11-29 03:54:37 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-11-28 15:20:21 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{798E65CA-53DA-403C-9764-07987D9B9A40}\gapaengine.dll
2011-11-28 15:15:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-28 15:15:09 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-25 19:51:05 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-19 19:35:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\qFXvK18N6rGjbTc
2011-11-19 19:30:39 -------- d-----w- C:\Users\Marina\AppData\Roaming\WRL9gTXqjCkVzNx
2011-11-19 19:30:32 -------- d-----w- C:\Users\Marina\AppData\Roaming\R2oFGaQJ6W8
2011-11-19 19:30:27 -------- d-----w- C:\Users\Marina\AppData\Roaming\FjUCeIBrzx1v
2011-11-19 19:30:13 -------- d-----w- C:\Users\Marina\AppData\Roaming\sdWK8fR9TjC
2011-11-19 19:30:13 -------- d-----w- C:\Users\Marina\AppData\Roaming\BTjUCekIBzxvFp5
2011-11-19 19:30:11 -------- d-----w- C:\Users\Marina\AppData\Roaming\KF4pmH5QJdKgZ
2011-11-19 19:30:09 -------- d-----w- C:\Users\Marina\AppData\Roaming\oQH6dWK7f9TqYeI
2011-11-19 19:30:08 -------- d-----w- C:\Users\Marina\AppData\Roaming\CdWK8fRL9TqUeIr
2011-11-19 19:30:04 -------- d-----w- C:\Users\Marina\AppData\Roaming\xK7fRL9gTqYeIrO
2011-11-19 19:29:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\QtxAcS2ibpG
2011-11-19 19:29:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\i1uS2obF3m5Q6W8
2011-11-19 19:29:48 -------- d-----w- C:\Users\Marina\AppData\Roaming\Q8fRZ9hTXjCBzNA
2011-11-17 21:45:25 -------- d-----w- C:\Users\Marina\AppData\Roaming\UL9hTXqjUeIrOy
2011-11-17 21:45:24 -------- d-----w- C:\Users\Marina\AppData\Roaming\vF4pmH5sQ7E8R
2011-11-17 21:39:32 -------- d-----w- C:\Users\Marina\AppData\Roaming\BIVrlONtx0c1b3n
2011-11-17 21:39:26 -------- d-----w- C:\Users\Marina\AppData\Roaming\mxA0uvS2iFpGaHd
2011-11-17 20:51:34 -------- d-----w- C:\Users\Marina\AppData\Roaming\ARZ9hTXwjClB
2011-11-17 19:32:13 -------- d-----w- C:\Users\Marina\AppData\Roaming\YD24pmG5sJ
2011-11-17 19:32:13 -------- d-----w- C:\Users\Marina\AppData\Roaming\r4pmG5sQJdKfZhX
2011-11-17 19:32:12 -------- d-----w- C:\Users\Marina\AppData\Roaming\YX2gSKVD6qto7wy
2011-11-17 19:10:29 -------- d-----w- C:\Users\Marina\AppData\Roaming\NeBPyA1ivopJKg9
2011-11-17 19:10:29 -------- d-----w- C:\Users\Marina\AppData\Roaming\DcA1ivDoFp5J8ZY
2011-11-17 19:10:28 -------- d-----w- C:\Users\Marina\AppData\Roaming\e1iDonG4aHJfLgZ
2011-11-17 19:10:27 -------- d-----w- C:\Users\Marina\AppData\Roaming\UqjYwkIVrNxuSoG
2011-11-17 19:10:22 -------- d-----w- C:\Users\Marina\AppData\Roaming\wgTZjYCwkVlNx0S
2011-11-17 19:10:21 -------- d-----w- C:\Users\Marina\AppData\Roaming\af9XjCIrOuiFpGa
2011-11-17 19:10:12 -------- d-----w- C:\Users\Marina\AppData\Roaming\OL9TZqjCwIrxu
2011-11-17 19:10:05 -------- d-----w- C:\Users\Marina\AppData\Roaming\UpmG5sQJ6E8R9T
2011-11-17 19:10:00 -------- d-----w- C:\Users\Marina\AppData\Roaming\ChYXwkUVeOtPyA
2011-11-17 19:09:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\I6sWK7fELgZjCkV
2011-11-17 19:09:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\IdW8fRL9h
2011-11-17 19:09:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\EwVlB0ci2FmsJ
2011-11-17 19:09:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\rycS1vD3o
2011-11-17 19:09:52 -------- d-----w- C:\Users\Marina\AppData\Roaming\UBzOxA2Fn5Hd7L
2011-11-17 19:09:49 -------- d-----w- C:\Users\Marina\AppData\Roaming\uTCVOt0c1Do57E8
2011-11-17 19:09:49 -------- d-----w- C:\Users\Marina\AppData\Roaming\gCVOt0c1Do5
2011-11-17 19:09:15 -------- d-----w- C:\Users\Marina\AppData\Roaming\WH5sWJ7dE8Rq
2011-11-17 19:09:15 -------- d-----w- C:\Users\Marina\AppData\Roaming\VbD3onG4aHsJ
2011-11-17 19:09:08 -------- d-----w- C:\Users\Marina\AppData\Roaming\qK8fRL9hTqUeIrO
2011-11-17 19:09:06 -------- d-----w- C:\Users\Marina\AppData\Roaming\conF4pmH5Q7E8R9
2011-11-17 19:09:01 -------- d-----w- C:\Users\Marina\AppData\Roaming\LQJ7dEK8gZhXjlB
2011-11-17 19:07:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\NonF4pmH5Q7E8R
2011-11-17 19:06:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\xONtxA0cSiDpQs7
2011-11-17 19:05:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\yrlONP0uc1b3n4m
2011-11-17 19:04:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\STXwjUCelB
2011-11-17 19:03:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\UG4amH6sW7LZjC
2011-11-17 19:02:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\vCelIBrzPy
2011-11-17 19:01:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\syxA0uvS2b3
2011-11-17 19:00:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\RD3pn4HWKfLgZj
2011-11-17 18:59:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\rycA1ivD2n4m
2011-11-17 18:59:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\BbF4pmG5sJdKf
2011-11-17 18:59:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\qVrlONtxPuSiDoG
2011-11-17 18:59:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\BK7fRL9gTq
2011-11-16 04:44:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\QVrOBtxP0c1v3n
2011-11-16 04:43:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\wWK7fELgTqYwIrO
2011-11-16 04:42:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\LG5J6dEK8RTweIz
2011-11-16 04:41:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\TsgwNS47Zr03s8C
2011-11-16 04:40:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\oCelIBrzPyAuFm
2011-11-16 04:39:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\z4msJEfZTjCIrNA
2011-11-16 04:38:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\h3pnG4aQHW7E9qY
2011-11-16 04:37:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\ICCekkIVr
2011-11-16 04:36:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\RtxP0ycS1v3n4m5
2011-11-16 04:35:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\hJ7fEL8gT
2011-11-16 04:34:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\co3maJWR9TjeBxF
2011-11-16 04:33:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\OPNycA1uv2b4m5J
2011-11-16 04:32:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\tYkrNxu1Dna6JEg
2011-11-16 04:31:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\tUVelOBtz0c1v2n
2011-11-16 04:30:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\WivD2onF4m5Q
2011-11-16 04:29:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\TW7EL9gZqYkVlNP
2011-11-16 04:28:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\RlrPxu2Fm56
2011-11-16 04:27:48 -------- d-----w- C:\Users\Marina\AppData\Roaming\bYCwkUVrlBx0c1v
2011-11-16 04:27:45 -------- d-----w- C:\Users\Marina\AppData\Roaming\uuvS2obF3m5Q
2011-11-16 04:25:53 -------- d-----w- C:\Users\Marina\AppData\Roaming\EQJ7dEK8gZhXjVl
2011-11-16 04:25:50 -------- d-----w- C:\Users\Marina\AppData\Roaming\w6sWK7fELgZjCkV
2011-11-16 04:15:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\nonG4amH6W7E8Tq
2011-11-16 04:15:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\HA1uvD2ob4m5Q6
2011-11-15 22:43:43 -------- d-----w- C:\Users\Marina\AppData\Roaming\sFaK9TXUkrOyAuS
2011-11-15 22:43:43 -------- d-----w- C:\Users\Marina\AppData\Roaming\N58wlPuFaK9TUkr
2011-11-15 22:43:37 -------- d-----w- C:\Users\Marina\AppData\Roaming\vZTjeBPxu2Fma6K
2011-11-15 22:43:37 -------- d-----w- C:\Users\Marina\AppData\Roaming\Q8ZTjeBPxu2Fma6
2011-11-15 22:43:37 -------- d-----w- C:\Users\Marina\AppData\Roaming\a8ZTjeBPxu2Fma6
2011-11-15 13:24:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\XkUVelOBtP
2011-11-15 13:24:34 -------- d-----w- C:\Users\Marina\AppData\Roaming\NZ9hYUltPcu2bp5
2011-11-15 13:24:28 -------- d-----w- C:\Users\Marina\AppData\Roaming\xWJ7dEL8gZhXVlc
2011-11-15 13:24:24 -------- d-----w- C:\Users\Marina\AppData\Roaming\rlIBtzPNyAu2b4m
2011-11-15 13:24:18 -------- d-----w- C:\Users\Marina\AppData\Roaming\Nu1ibD3on4m6W7E
2011-11-15 13:24:11 -------- d-----w- C:\Users\Marina\AppData\Roaming\OD3pnG4aQsKf9
2011-11-15 13:24:11 -------- d-----w- C:\Users\Marina\AppData\Roaming\BH6dW7fLTjCIzAi
2011-11-15 13:24:06 -------- d-----w- C:\Users\Marina\AppData\Roaming\BjYCeIVrzNxu2
2011-11-15 13:24:03 -------- d-----w- C:\Users\Marina\AppData\Roaming\OdEL8gRqXUltPci
2011-11-15 13:23:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\FgRZ9hYXwUeItPy
2011-11-15 13:23:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\VpmG5sQJ6E8R9Tw
2011-11-15 13:23:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\ZnFF44pmH5sJ7EK
2011-11-15 13:23:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\sOtv3Fm5Jd8Zhw
2011-11-15 13:23:53 -------- d-----w- C:\Users\Marina\AppData\Roaming\CCkltPS6VOtv3F
2011-11-15 13:23:51 -------- d-----w- C:\Users\Marina\AppData\Roaming\bzyoGK9jy1Sp6Kf
2011-11-15 13:23:41 -------- d-----w- C:\Users\Marina\AppData\Roaming\SfRL9hTXqUeIrOy
2011-11-15 13:23:39 -------- d-----w- C:\Users\Marina\AppData\Roaming\XmH5sWJ7dLgZhXk
2011-11-15 13:23:39 -------- d-----w- C:\Users\Marina\AppData\Roaming\iWJ7dEL8gZ
2011-11-15 13:23:29 -------- d-----w- C:\Users\Marina\AppData\Roaming\YqhYXwkUVl
2011-11-15 13:23:15 -------- d-----w- C:\Users\Marina\AppData\Roaming\ZK8gRZhYXjVl
2011-11-15 05:40:11 -------- d-----w- C:\Users\Marina\AppData\Roaming\PCekIVrzOtAuSiD
2011-11-15 05:40:09 -------- d-----w- C:\Users\Marina\AppData\Roaming\QvD2obF4pGs
2011-11-15 05:40:05 -------- d-----w- C:\Users\Marina\AppData\Roaming\HdEK8fRZ9TwUeIr
2011-11-15 05:40:03 -------- d-----w- C:\Users\Marina\AppData\Roaming\CelOBtzP0c1v3n4
2011-11-15 05:40:01 -------- d-----w- C:\Users\Marina\AppData\Roaming\r3pnG4aQHsKfLgZ
2011-11-15 05:38:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\sHsWJ7EL8ZYwrB
2011-11-15 05:37:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\wA1uvS2ob3m5Q6E
2011-11-15 05:36:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\TkUVrlOBtPySiDo
2011-11-15 05:35:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\vS2ibD3pn4Q6KfL
2011-11-15 05:34:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\k9IxS3a6KRg
2011-11-15 05:33:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\CVlt0AiDnms7KR9
2011-11-15 05:32:49 -------- d-----w- C:\Users\Marina\AppData\Roaming\yzPNycA1uDoFpG
2011-11-15 05:31:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\XJLTqCUlt0vn5Eq
2011-11-15 05:30:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\jNPci3Gm6Jf8qCk
2011-11-15 05:29:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\FH5WJ7dELgZh
2011-11-15 05:28:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\VNyyxA0uv2b5HW7
2011-11-15 05:27:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\PWgZYVPiFsgXIAb
2011-11-15 05:26:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\TqjYCwkVrOtPuSi
2011-11-15 05:25:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\x999gTXqYCekVzN
2011-11-15 05:24:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\w4aQH6sWKf
2011-11-15 05:23:45 -------- d-----w- C:\Users\Marina\AppData\Roaming\xcb34mHsJEgZhwU
2011-11-15 05:22:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\GwUltNAvo4GQd8Z
2011-11-15 05:21:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\tt0cSiDFaW7E8ZX
2011-11-15 05:20:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\TdKhCrAomJ8T
2011-11-15 05:19:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\CnG4mH6WE8TqYwU
2011-11-15 05:18:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\E4amHWJ7dLgZhXk
2011-11-15 05:17:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\OP1b5W9UrA
2011-11-15 05:16:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\hZqhYCUlt0Sv3Fm
2011-11-15 05:15:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\rONtxu1Dna6JEgq
2011-11-15 05:14:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\L4aQH6sWKfLgZjC
2011-11-15 05:13:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\OONyxA0uv2b3n
2011-11-15 05:12:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\un4amHWJfLTh
2011-11-15 05:11:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\dy1SbmQd8LTjeBO
2011-11-15 05:10:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\P4pmGsQJ6EfZhX
2011-11-15 05:09:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\JfRL9gTXqYeI
2011-11-15 05:08:52 -------- d-----w- C:\Users\Marina\AppData\Roaming\n5sQJ7KR9YwVltN
2011-11-15 05:07:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\TelOBzycA
2011-11-15 05:06:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\vxP0ycS1iDoFaHs
2011-11-15 05:05:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\kH6sWJ7fE8TqYwU
2011-11-15 05:04:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\g1ivD3n4aHsJdLR
2011-11-15 05:03:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\UqYwkUrlOtPySi
2011-11-13 19:04:24 -------- d-----w- C:\Users\Marina\AppData\Roaming\RegistryKeys
2011-11-13 19:04:24 -------- d-----w- C:\Users\Marina\AppData\Roaming\PC Cleaner
2011-11-13 18:41:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\wLTjeBOxu2
2011-11-13 18:40:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\VVVltP1vF
2011-11-13 18:39:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\NpnG4aQH6W7
2011-11-13 18:38:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\jyxA0uvS2b
2011-11-13 18:37:29 -------- d-----w- C:\Users\Marina\AppData\Roaming\EBBttPPycS1iD3n
2011-11-13 18:37:24 -------- d-----w- C:\Users\Marina\AppData\Roaming\KF4pmH5sQ7E8R
2011-11-13 18:32:45 -------- d-----w- C:\Users\Marina\AppData\Roaming\EVrzONtxAu
2011-11-13 18:32:43 -------- d-----w- C:\Users\Marina\AppData\Roaming\xbD3pnG4aHsKfLg
2011-11-13 18:32:31 -------- d-----w- C:\Users\Marina\AppData\Roaming\cpnG4aQH6W7E9Tq
2011-11-13 18:32:03 -------- d-----w- C:\Users\Marina\AppData\Roaming\UmH5sWJ7dLg
2011-11-13 18:32:01 -------- d-----w- C:\Users\Marina\AppData\Roaming\pQH6dWK7f
2011-11-13 18:31:49 -------- d-----w- C:\Users\Marina\AppData\Roaming\LxP0ycS1iDoFaHs
2011-11-13 18:31:41 -------- d-----w- C:\Users\Marina\AppData\Roaming\b6dWK7fRLgXjCkV
2011-11-13 18:31:38 -------- d-----w- C:\Users\Marina\AppData\Roaming\G1ibD3onGaHsJ
2011-11-13 18:31:35 -------- d-----w- C:\Users\Marina\AppData\Roaming\TelIBtzPNc1v2b4
2011-11-13 18:31:10 -------- d-----w- C:\Users\Marina\AppData\Roaming\IP0ycA1iv2n4m5Q
2011-11-13 18:31:06 -------- d-----w- C:\Users\Marina\AppData\Roaming\DBrzPNyxAuSoFpG
2011-11-12 23:10:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\j1ivD3o4HW
2011-11-12 23:09:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\lqYCIrzt0
2011-11-12 23:08:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\F8fRZ9hTXjClBzN
2011-11-12 23:07:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\sfRZ9hTXwUlrPx1
2011-11-12 23:06:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\Z3nG4H6WfLZYwUr
2011-11-12 23:05:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\aS2ibFpnGQ
2011-11-12 23:04:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\VYjUVelIB
2011-11-12 23:03:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\TD3pnG4aQ
2011-11-12 23:02:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\EIzyx1Sob3
2011-11-12 23:01:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\zona6Jf8ZYUlxy1
2011-11-12 23:00:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\u8gTZqhYCkVlBx0
2011-11-12 22:59:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\ulOzy1Dnp5JEg9X
2011-11-12 22:58:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\rRZ9YXjUlBzN
2011-11-12 22:57:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\HbDon4H6sJf
2011-11-12 22:56:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\dRZhTwjCI
2011-11-12 22:55:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\y7EL8gTZqYwVlBx
2011-11-12 22:54:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\dZjYCwkIVOxu1Do
2011-11-12 22:53:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\GlIBrzPNyAuSoFp
2011-11-12 22:52:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\yxA0u2ibFpGQ6W
2011-11-12 22:51:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\CmG5sQJ6dKfZhXj
2011-11-12 22:50:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\SjUVelIBtPyAuDo
2011-11-12 22:49:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\rYCekIVrzNx0c2b
2011-11-12 22:48:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\lrzOtxAci3GQ
2011-11-12 22:47:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\SA1ivD2on4m5Q7E
2011-11-12 22:46:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\TSDn4msJE8ThCUr
2011-11-12 22:45:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\sVOxA0ucSiDpGa
2011-11-12 22:44:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\YcA1ivD2npHs7Kg
2011-11-12 22:43:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\N7dEK8gRZhXjVlB
2011-11-12 22:42:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\bcS2ibD3pGa6KE9
2011-11-12 22:41:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\domJfTUBx2pQ8Te
2011-11-12 22:40:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\SrNAc23GQsKLgZC
2011-11-12 22:39:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\AHWf9TjerN0SDnQ
2011-11-12 22:38:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\WYXwkUVelBzci2n
2011-11-12 22:37:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\fdWK7fRL9Tjezt0
2011-11-12 22:36:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\zlONtxP0uSiDo
2011-11-12 22:35:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\TobF4pmG5Q6E
2011-11-12 22:34:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\qOtx0ucSi34HWfL
2011-11-12 22:33:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\QaQH6sWK7E9TqYw
2011-11-12 22:32:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\mlzA2pJRwBN12sd
2011-11-12 22:31:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\yUVrlOBtx0c1v3
2011-11-12 22:30:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\crOx0v2bpGaHW7R
2011-11-12 22:29:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\hR9hTXqCI
2011-11-12 22:28:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\gxP0ucS1iDo
2011-11-12 22:27:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\p7dEgRZhYwUeItN
2011-11-12 22:26:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\vnF4pHQ7KRhwVlB
2011-11-12 22:25:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\ATZjYCwkVlNx0c1
2011-11-12 22:24:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\ZK7fTqCIztAc2Dn
2011-11-12 22:23:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\TK8fRL9hTqUeIrO
2011-11-12 22:22:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\czONtxA0uSiDp4Q
2011-11-12 22:21:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\RONtxA0uc2b3n4
2011-11-12 22:20:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\v9hTwUCIBNx1v2b
2011-11-12 22:19:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\grOxuSb3n4QKEgq
2011-11-12 22:18:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\m2obF3pmGaJKRhq
2011-11-12 22:17:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\pmH5sJ7dE8R9YwU
2011-11-12 22:16:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\WNtxP0ucSiDGaHs
2011-11-12 22:15:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\wRgTXqjYCkVzN
2011-11-12 22:14:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\eJ7dEK8gR9XjVlB
2011-11-12 22:13:51 -------- d-----w- C:\Users\Marina\AppData\Roaming\mPNycA1uv2b4m5Q
2011-11-12 22:12:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\z7dEK8gZ9YwUeIt
2011-11-12 22:11:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\PmHsQJ7dE8R9YwU
2011-11-12 22:10:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\uhYCUlt0S
2011-11-12 22:09:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\NTUIzAvi3GQd7LT
2011-11-12 22:08:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\uyA1uvD2o
2011-11-12 22:07:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\lxAuv2bFpGaJdKf
2011-11-12 22:06:51 -------- d-----w- C:\Users\Marina\AppData\Roaming\GwkUVrlOBx
2011-11-12 22:05:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\YPNycuDob4ms6
2011-11-12 22:04:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\bFnGQdKR9Xj
2011-11-12 22:03:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\VIzNAuSo3m5JW8L
2011-11-12 22:02:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\fUlt0Avn4m5JE
2011-11-12 22:01:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\OTjCIrNxuSb3GQ6
2011-11-12 22:00:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\o5sQJ6EfZTwClrP
2011-11-12 21:59:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\k4H5sQJ7KRh
2011-11-12 21:59:39 -------- d-----w- C:\Users\Marina\AppData\Roaming\ABtzP0ycA
2011-11-12 21:59:35 -------- d-----w- C:\Users\Marina\AppData\Roaming\P5sQJ6dEKfZhXj
2011-11-12 21:59:18 -------- d-----w- C:\Users\Marina\AppData\Roaming\OG4amH6sW7E8TqY
2011-11-12 21:59:17 -------- d-----w- C:\Users\Marina\AppData\Roaming\xjUCIBrzOx0
2011-11-12 21:59:17 -------- d-----w- C:\Users\Marina\AppData\Roaming\lG5aQH6dW7R9
2011-11-12 21:59:15 -------- d-----w- C:\Users\Marina\AppData\Roaming\TmH5QJd8g
2011-11-12 21:59:13 -------- d-----w- C:\Users\Marina\AppData\Roaming\sG4aHWK79TjwVt0
2011-11-12 21:59:10 -------- d-----w- C:\Users\Marina\AppData\Roaming\ShYXwkUVeOtPyAi
2011-11-12 21:58:18 -------- d-----w- C:\Users\Marina\AppData\Roaming\SRL9hTXqjC
2011-11-12 21:48:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\EdEK8fRZ9TwUeIP
2011-11-12 21:47:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\u3pnG4aQHs79ZYk
2011-11-12 21:46:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\t0cvo4H8wN
2011-11-12 21:45:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\ykUVelOtz0c1v2n
2011-11-12 21:44:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\LYrNx0ciDn4Qs7E
2011-11-12 21:43:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\NaQH6sWK7E9TqYw
2011-11-12 21:42:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\SrzONtxA0c
2011-11-12 21:42:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\YEK8fRZ9hXjClBz
2011-11-12 21:42:41 -------- d-----w- C:\Users\Marina\AppData\Roaming\tIVrzONtx0c2b3n
2011-11-12 21:42:39 -------- d-----w- C:\Users\Marina\AppData\Roaming\cZ9hTXwjUeIrPyA
2011-11-12 21:42:34 -------- d-----w- C:\Users\Marina\AppData\Roaming\nIBrzPNyx
2011-11-12 21:42:33 -------- d-----w- C:\Users\Marina\AppData\Roaming\gEL8gRZqhXkVlBz
2011-11-12 21:42:15 -------- d-----w- C:\Users\Marina\AppData\Roaming\JD2obF4pm
2011-11-12 21:42:13 -------- d-----w- C:\Users\Marina\AppData\Roaming\IfEL8gTZqYwUrOt
2011-11-12 21:42:05 -------- d-----w- C:\Users\Marina\AppData\Roaming\UPNycA1uv2b4m5Q
2011-11-12 21:42:03 -------- d-----w- C:\Users\Marina\AppData\Roaming\khYCwkUVrOtPySi
2011-11-12 21:42:01 -------- d-----w- C:\Users\Marina\AppData\Roaming\ju2bF3p5a6W8R
2011-11-12 21:40:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\cDna6KEgqCIlt0c
2011-11-12 21:39:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\cA1inF4p5Jdg9Xj
2011-11-12 21:38:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\UmH6sW7fE8ThwUr
2011-11-12 21:37:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\FIVrNxSb3GaH
2011-11-12 21:36:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\Q4pmG5sQJdK
2011-11-12 21:35:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\P0ucS1ibDoGaHs
2011-11-12 21:35:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\hS2ibD3pn
2011-11-12 21:35:50 -------- d-----w- C:\Users\Marina\AppData\Roaming\C4pmH5sQJdK
2011-11-12 21:35:48 -------- d-----w- C:\Users\Marina\AppData\Roaming\x3onG4amHsJfLgZ
2011-11-12 21:35:39 -------- d-----w- C:\Users\Marina\AppData\Roaming\H3onG4amHsJ
2011-11-12 21:35:38 -------- d-----w- C:\Users\Marina\AppData\Roaming\EWK7fRL9gX
2011-11-12 21:35:36 -------- d-----w- C:\Users\Marina\AppData\Roaming\RsQJ7dEK8RhXjVl
2011-11-12 21:35:34 -------- d-----w- C:\Users\Marina\AppData\Roaming\H6sWK7fELgZjCkV
2011-11-12 21:35:26 -------- d-----w- C:\Users\Marina\AppData\Roaming\dIBtzPNyc1v2b4m
2011-11-12 21:35:24 -------- d-----w- C:\Users\Marina\AppData\Roaming\PG4amH6sW7E8TqY
2011-11-12 21:35:17 -------- d-----w- C:\Users\Marina\AppData\Roaming\G2obF3pmGaJdK
2011-11-12 21:35:16 -------- d-----w- C:\Users\Marina\AppData\Roaming\o7dEK8gRZhXjVl
2011-11-12 21:33:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\SlOt0S1iDFms7LZ
2011-11-12 21:32:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\vqhYCwkUVlBx0c1
2011-11-12 21:31:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\YfgqCkrNxu23n4Q
2011-11-12 21:30:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\YjYCwIrONx
2011-11-12 21:29:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\VEK8fRZ9hXjClBz
2011-11-12 21:28:46 -------- d-----w- C:\Users\Marina\AppData\Roaming\obD3onG4aHsJfLg
2011-11-12 21:28:43 -------- d-----w- C:\Users\Marina\AppData\Roaming\EA1uvS2ob3
2011-11-12 21:28:37 -------- d-----w- C:\Users\Marina\AppData\Roaming\q7dEK8gRZhXjVlB
2011-11-12 21:28:36 -------- d-----w- C:\Users\Marina\AppData\Roaming\hEL8gTZqh
2011-11-12 21:28:27 -------- d-----w- C:\Users\Marina\AppData\Roaming\c7dEK8gRZ
2011-11-12 21:28:26 -------- d-----w- C:\Users\Marina\AppData\Roaming\bONtxP0uc1b3n4m
2011-11-12 21:28:16 -------- d-----w- C:\Users\Marina\AppData\Roaming\gL9gTZqjYwIrOtP
2011-11-12 21:28:15 -------- d-----w- C:\Users\Marina\AppData\Roaming\XQJ6dWK8fLhXjCk
2011-11-12 21:28:09 -------- d-----w- C:\Users\Marina\AppData\Roaming\b8fRZ9hTXjClBz
2011-11-12 21:28:07 -------- d-----w- C:\Users\Marina\AppData\Roaming\n4amH5sWJdLgZhX
2011-11-12 21:28:06 -------- d-----w- C:\Users\Marina\AppData\Roaming\tfEL8gTZqY
2011-11-12 21:28:05 -------- d-----w- C:\Users\Marina\AppData\Roaming\UdWK7RL9TqYeIr
2011-11-12 21:26:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\wCIrNPci3Gms7
2011-11-12 21:25:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\rSbp5HWf9TjCkrN
2011-11-12 21:24:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\G49N5XAHjuKVsVo
2011-11-12 21:23:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\KnGaHs7fEgZVOxy
2011-11-12 21:22:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\z8fRL9hTXjeIrOy
2011-11-12 21:21:53 -------- d-----w- C:\Users\Marina\AppData\Roaming\NVelOBtzPyA
2011-11-12 21:21:52 -------- d-----w- C:\Users\Marina\AppData\Roaming\WqjYCwkIVlNx0c1
2011-11-12 21:21:35 -------- d-----w- C:\Users\Marina\AppData\Roaming\K2obF4pmGsJdKfZ
2011-11-12 21:21:33 -------- d-----w- C:\Users\Marina\AppData\Roaming\zfEL8gTZqY
2011-11-12 21:21:28 -------- d-----w- C:\Users\Marina\AppData\Roaming\zjYCwkIVrOtPuSi
2011-11-12 21:21:26 -------- d-----w- C:\Users\Marina\AppData\Roaming\o8fRZ9hTXjClBzN
2011-11-12 21:19:41 -------- d-----w- C:\Users\Marina\AppData\Roaming\P3onG4amHsJfLgZ
2011-11-12 21:19:00 -------- d-----w- C:\Users\Marina\AppData\Roaming\mS2obF3pm5Q6W
2011-11-12 21:18:42 -------- d-----w- C:\Users\Marina\AppData\Roaming\tG4amH6sW7E8T
2011-11-12 21:18:42 -------- d-----w- C:\Users\Marina\AppData\Roaming\A0ucS1ibDoGaHsJ
2011-11-12 21:18:09 -------- d-----w- C:\Users\Marina\AppData\Roaming\W5sWJ7dEL
2011-11-11 03:42:03 -------- d-----w- C:\Users\Marina\AppData\Roaming\SBrzzNNxA1uSo
2011-11-11 03:42:02 -------- d-----w- C:\Users\Marina\AppData\Roaming\TkkUUeeOBtz0c1v
2011-11-11 03:40:58 -------- d-----w- C:\Users\Marina\AppData\Roaming\tEL8gRZqhX
2011-11-11 03:39:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\kpmHH5sQJ7dK8R
2011-11-11 03:38:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\WuuccS1iib3on4m
2011-11-11 03:37:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\eaaaQHH6WK7fR9T
2011-11-11 03:36:59 -------- d-----w- C:\Users\Marina\AppData\Roaming\siiivDD3onFam5s
2011-11-11 03:35:53 -------- d-----w- C:\Users\Marina\AppData\Roaming\mjjjUVVelIBzN
2011-11-11 03:34:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\AD22oonF4pmHsQ7
2011-11-11 03:33:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\fPP00ycSS1vD3nF
2011-11-11 03:32:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\TYCCwkkIVrlNtxu
2011-11-11 03:31:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\F99ggTXXqjYkIrO
2011-11-11 03:30:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\EggRRZ9hhYwjUeI
2011-11-11 03:29:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\jddEEL8gRZqhXwU
2011-11-11 03:28:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\HdWWKK7fRL9gXqY
2011-11-11 03:27:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\Y111uvvD2obFp
2011-11-11 03:26:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\fCCCekkIVrzOtx0
2011-11-11 03:25:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\EuuccS1ibD3oG
2011-11-11 03:24:55 -------- d-----w- C:\Users\Marina\AppData\Roaming\YWWJJ7ffEL8TZhY
2011-11-11 03:23:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\swjjUCCelIBrPNx
2011-11-11 03:22:54 -------- d-----w- C:\Users\Marina\AppData\Roaming\qEEL8ggRZhYXkVe
2011-11-11 03:21:53 -------- d-----w- C:\Users\Marina\AppData\Roaming\pdddWKK7fRLgTqj
2011-11-11 03:21:52 -------- d-----w- C:\Users\Marina\AppData\Roaming\m555aQQJ6dW8fLh
2011-11-11 03:21:45 -------- d-----w- C:\Users\Marina\AppData\Roaming\JDDD3oonG4am
2011-11-11 03:21:44 -------- d-----w- C:\Users\Marina\AppData\Roaming\riibbD3ppG4aQ6W
2011-11-11 03:21:36 -------- d-----w- C:\Users\Marina\AppData\Roaming\SXXXwjjVVeIBtPy
2011-11-11 03:21:36 -------- d-----w- C:\Users\Marina\AppData\Roaming\DggRZZqhYXwUVeO
2011-11-11 03:21:28 -------- d-----w- C:\Users\Marina\AppData\Roaming\YwjjjUCelIBrPNx
2011-11-11 03:21:28 -------- d-----w- C:\Users\Marina\AppData\Roaming\rjUUCCekIBrzNyu
2011-11-11 03:21:19 -------- d-----w- C:\Users\Marina\AppData\Roaming\wXXqqjYCekIVzOt
2011-11-11 03:21:19 -------- d-----w- C:\Users\Marina\AppData\Roaming\V99hhTXqj
2011-11-11 03:21:11 -------- d-----w- C:\Users\Marina\AppData\Roaming\HCwwkIVrlONxPu
2011-11-11 03:21:11 -------- d-----w- C:\Users\Marina\AppData\Roaming\ESSS1iivD3on4aH
2011-11-11 03:19:57 -------- d-----w- C:\Users\Marina\AppData\Roaming\QS11iibD3onGam6
2011-11-11 03:19:56 -------- d-----w- C:\Users\Marina\AppData\Roaming\DNNNyyxA0uSib3p
2011-11-11 03:19:35 -------- d-----w- C:\Users\Marina\AppData\Roaming\pFmmG5sQJ6Ef9Tw
2011-11-11 03:19:30 -------- d-----w- C:\Users\Marina\AppData\Roaming\L5ssQQJ78gR9hXw
2011-11-11 03:19:17 -------- d-----w- C:\Users\Marina\AppData\Roaming\JddWWK8fRLhTXjC
2011-11-11 03:19:15 -------- d-----w- C:\Users\Marina\AppData\Roaming\bF44pmmH5sQ7dK8
2011-11-11 03:19:03 -------- d-----w- C:\Users\Marina\AppData\Roaming\WgggTqjYYwIV
2011-11-11 03:19:02 -------- d-----w- C:\Users\Marina\AppData\Roaming\BxA1uvvobFmGaQ6
2011-11-11 03:18:48 -------- d-----w- C:\Program Files (x86)\E8D81
2011-11-11 03:18:47 -------- d-----w- C:\Users\Marina\AppData\Roaming\HXXXwUCCeIBrPNx
2011-11-11 03:18:46 -------- d-----w- C:\Users\Marina\AppData\Roaming\GcAA1ion4msJEgZ
2011-11-11 03:18:37 -------- d-----w- C:\Users\Marina\AppData\Roaming\xJJJ7ddEK8gZ9YX
2011-11-11 03:18:36 -------- d-----w- C:\Users\Marina\AppData\Roaming\SyycSS1ivD3oF4m
2011-11-11 03:18:28 -------- d-----w- C:\Users\Marina\AppData\Roaming\XooobF3pmG5aJ6W
2011-11-11 03:18:27 -------- d-----w- C:\Users\Marina\AppData\Roaming\EVVVellIBtzNyA1
2011-11-11 03:18:25 -------- d-----w- C:\Users\Marina\AppData\Roaming\18AE8
2011-11-11 03:18:20 -------- d-----w- C:\Program Files (x86)\LP
2011-11-11 03:18:19 -------- d-----w- C:\Users\Marina\AppData\Roaming\gWWWK8fLLhTXjCI
2011-11-11 03:18:16 -------- d-----w- C:\Users\Marina\AppData\Roaming\NL888gTZqhC
2011-11-09 01:05:03 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 01:05:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 01:05:00 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 01:04:59 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 01:02:13 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6C46820-6E54-4F3D-9258-67428C83C2CD}\mpengine.dll
.
==================== Find3M ====================
.
2011-12-04 22:39:59 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-12-04 22:39:59 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2011-12-04 22:39:59 135168 ----a-w- C:\Windows\System32\IEAdvpack.dll
2011-12-04 22:39:59 111616 ----a-w- C:\Windows\System32\iesysprep.dll
2011-12-04 22:39:58 76800 ----a-w- C:\Windows\System32\tdc.ocx
2011-12-04 22:39:58 448512 ----a-w- C:\Windows\System32\html.iec
2011-12-04 22:39:57 85504 ----a-w- C:\Windows\System32\iesetup.dll
2011-12-04 22:39:57 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-04 22:39:57 1492992 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-04 22:39:56 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-12-04 22:39:56 165888 ----a-w- C:\Windows\System32\iexpress.exe
2011-12-04 22:39:56 160256 ----a-w- C:\Windows\System32\wextract.exe
2011-10-05 02:13:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 19:18:01.06 ===============


MSE found some pretty nasty stuff. I could not figure out how to make a .txt log, so I have 2 screen shots. I'm not sure how to show these in this post. Some items:


Let me know what to do next....

[attachment=113197:Attach.txt]
[attachment=113198:gmer.log]

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 AM

Posted 10 December 2011 - 09:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430962 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 11 December 2011 - 02:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:26 AM

Posted 11 December 2011 - 11:32 AM

Gringo,

Thank you so much for your help! I am always thankful that you folks are willing to help those of us who are less tech savvy!

The computer seems to be running fine. Have not noticed anything peculiar since first posting. One thing that was strange is that I had used Revo Uninstaller to take AntiVir off the computer, because she had both that and MSE. When I ran Combo, it said that AntiVir was running. I tried to use task manager to stop it, but did not see any entries for it. Revo must not have gotten all of AntiVir. Also, strangely, I did not see the install for MSE in Revo, but I did turn off real time protection. Maybe you can help me with this, as well....



Here is the Combo Fix results:

ComboFix 11-12-10.01 - Marina 12/11/2011 9:20.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.1051 [GMT -6:00]
Running from: c:\users\Marina\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\99E1\1258.tmp
c:\program files (x86)\LP\99E1\19C8.tmp
c:\program files (x86)\LP\99E1\2369.tmp
c:\program files (x86)\LP\99E1\2AD7.tmp
c:\program files (x86)\LP\99E1\31F9.tmp
c:\program files (x86)\LP\99E1\339F.tmp
c:\program files (x86)\LP\99E1\35DF.tmp
c:\program files (x86)\LP\99E1\386D.tmp
c:\program files (x86)\LP\99E1\3EA4.tmp
c:\program files (x86)\LP\99E1\47BA.tmp
c:\program files (x86)\LP\99E1\499C.tmp
c:\program files (x86)\LP\99E1\4DB6.tmp
c:\program files (x86)\LP\99E1\51AB.tmp
c:\program files (x86)\LP\99E1\539B.tmp
c:\program files (x86)\LP\99E1\557E.tmp
c:\program files (x86)\LP\99E1\6112.tmp
c:\program files (x86)\LP\99E1\67E9.tmp
c:\program files (x86)\LP\99E1\67FB.tmp
c:\program files (x86)\LP\99E1\711.tmp
c:\program files (x86)\LP\99E1\7D2C.tmp
c:\program files (x86)\LP\99E1\9C1F.tmp
c:\program files (x86)\LP\99E1\A8FF.tmp
c:\program files (x86)\LP\99E1\B99E.tmp
c:\program files (x86)\LP\99E1\BD93.tmp
c:\program files (x86)\LP\99E1\C7F0.tmp
c:\program files (x86)\LP\99E1\CAAE.tmp
c:\program files (x86)\LP\99E1\CF9D.tmp
c:\program files (x86)\LP\99E1\CFCC.tmp
c:\program files (x86)\LP\99E1\CFCD.tmp
c:\program files (x86)\LP\99E1\D0C5.tmp
c:\program files (x86)\LP\99E1\D6AF.tmp
c:\program files (x86)\LP\99E1\D815.tmp
c:\program files (x86)\LP\99E1\DD82.tmp
c:\program files (x86)\LP\99E1\E13.tmp
c:\program files (x86)\LP\99E1\E954.tmp
c:\program files (x86)\LP\99E1\EB38.tmp
c:\program files (x86)\LP\99E1\EC31.tmp
c:\program files (x86)\LP\99E1\F1EE.tmp
c:\program files (x86)\LP\99E1\F348.tmp
c:\program files (x86)\LP\99E1\F3D0.tmp
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 15:26 . 2011-12-11 15:26 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{588D278D-D81E-4672-A263-29DEC3CEA747}\offreg.dll
2011-12-11 15:25 . 2011-12-11 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-11 03:48 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{588D278D-D81E-4672-A263-29DEC3CEA747}\mpengine.dll
2011-12-06 01:53 . 2011-12-06 01:53 388096 ----a-r- c:\users\Marina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-06 01:53 . 2011-12-06 01:53 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-06 01:47 . 2011-12-06 01:47 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-04 22:42 . 2011-12-04 22:42 -------- d-----w- c:\program files\Realtek
2011-12-04 22:42 . 2011-12-04 22:42 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-12-04 22:39 . 2011-12-04 22:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-04 22:34 . 2011-12-04 22:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-04 19:46 . 2011-12-04 19:46 -------- d-----w- c:\program files (x86)\ESET
2011-12-04 17:37 . 2011-12-04 17:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 17:37 . 2011-12-04 17:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-04 17:36 . 2011-12-04 17:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-04 17:32 . 2011-12-04 17:32 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-12-04 17:29 . 2011-12-04 17:29 -------- d-----w- c:\users\Marina\AppData\Roaming\Auslogics
2011-12-04 17:29 . 2011-12-04 17:29 -------- d-----w- c:\program files (x86)\Auslogics
2011-12-04 17:25 . 2011-12-04 17:25 -------- d-----w- c:\program files\CCleaner
2011-12-04 17:23 . 2011-12-04 17:23 -------- d-----w- c:\programdata\Malwarebytes
2011-12-04 17:23 . 2011-12-04 17:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 17:23 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 12:51 . 2011-12-04 12:51 -------- d-----w- c:\program files (x86)\TeamViewer
2011-11-30 22:34 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-29 03:55 . 2011-11-29 03:55 -------- d-----w- C:\a52c9862cf72b69dcd692d859cca
2011-11-29 03:54 . 2011-11-29 03:54 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-11-29 03:47 . 2011-11-29 03:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-28 15:20 . 2011-11-28 15:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{798E65CA-53DA-403C-9764-07987D9B9A40}\gapaengine.dll
2011-11-28 15:15 . 2011-11-28 15:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-28 15:15 . 2011-11-28 15:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-25 19:51 . 2011-11-25 19:51 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-19 19:35 . 2011-11-19 19:35 -------- d-----w- c:\users\Marina\AppData\Roaming\cm8rvL0sVFXbh2R
2011-11-19 19:30 . 2011-11-19 19:30 -------- d-----w- c:\users\Marina\AppData\Roaming\FjUCeIBrzx1v
2011-11-19 19:30 . 2011-11-19 19:30 -------- d-----w- c:\users\Marina\AppData\Roaming\BTjUCekIBzxvFp5
2011-11-19 19:30 . 2011-11-19 19:30 -------- d-----w- c:\users\Marina\AppData\Roaming\CdWK8fRL9TqUeIr
2011-11-17 21:39 . 2011-11-17 21:39 -------- d-----w- c:\users\Marina\AppData\Roaming\BIVrlONtx0c1b3n
2011-11-17 20:51 . 2011-11-17 20:51 -------- d-----w- c:\users\Marina\AppData\Roaming\ARZ9hTXwjClB
2011-11-17 19:10 . 2011-11-17 19:10 -------- d-----w- c:\users\Marina\AppData\Roaming\DcA1ivDoFp5J8ZY
2011-11-17 19:10 . 2011-11-17 19:10 -------- d-----w- c:\users\Marina\AppData\Roaming\e1iDonG4aHJfLgZ
2011-11-17 19:10 . 2011-11-17 19:10 -------- d-----w- c:\users\Marina\AppData\Roaming\af9XjCIrOuiFpGa
2011-11-17 19:10 . 2011-11-17 19:10 -------- d-----w- c:\users\Marina\AppData\Roaming\ChYXwkUVeOtPyA
2011-11-17 19:09 . 2011-11-17 19:09 -------- d-----w- c:\users\Marina\AppData\Roaming\EwVlB0ci2FmsJ
2011-11-17 19:09 . 2011-11-17 19:09 -------- d-----w- c:\users\Marina\AppData\Roaming\gCVOt0c1Do5
2011-11-17 19:09 . 2011-11-17 19:09 -------- d-----w- c:\users\Marina\AppData\Roaming\conF4pmH5Q7E8R9
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\AtPucS1ib3n4
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\hTZqYCUrlBx0
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\DVBtzPNyc1v2b4m
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\EK7RLgTXqYeIr
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\AUVelItPNc1vo45
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\b6sWK7fELgZjCk
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\CJd8LTjeBzy0Sbp
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\DlIBtzPNyAv2b4m
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\ECekIVrzOtAuSiD
2011-11-17 19:05 . 2011-11-17 19:05 -------- d-----w- c:\users\Marina\AppData\Roaming\DqjYCwkVrOtPuSi
2011-11-17 19:04 . 2011-11-17 19:04 -------- d-----w- c:\users\Marina\AppData\Roaming\FamH6sWJfLgq
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\GL9gTXjCeIrOt0c
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\D5aQH6dWKfLgXj
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\CrzONyx0SiFpGaH
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\e7fEL9gTZjC
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\h7dEK8gRZhXjVlB
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\DRZ9hYXwjVl
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\d9gTZYwVO
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\FCekIBrzOyAuSiF
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\HTXqjYCeVzNxuSD
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\F2obF4pmGsJdKfZ
2011-11-17 19:03 . 2011-11-17 19:03 -------- d-----w- c:\users\Marina\AppData\Roaming\cA0ucS2ib3n4
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\dQ6dEKZ9hXjClBz
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\BbD3onG4a6
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\DF4amH5sW7E8Rq
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\FaQH6sWK7E9TqYw
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\gwkIVrlONx0c1b
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\G3pnG5aQHdKfLgX
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\H6sWJ7fELgZYwU
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\FzONyxA0u
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\bvD2on4pm5Q7E8R
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\b5JEf9XUlrNAvbp
2011-11-17 19:02 . 2011-11-17 19:02 -------- d-----w- c:\users\Marina\AppData\Roaming\C6sWJ7fELgZhCkV
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\EZhwUVelOz0c1
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\h8gRZqhYXkVOPci
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\GF3m5aJ6WfLTq
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\aOxu2Dna6KEgqCI
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\f9gTZqjYCk
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\cWK7fEL9gZjCkVz
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\D6dEK8fRZhX
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\ftxP0ucS1b
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\bmH6sJ7fE8ZhCkV
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\bhYXwjVelBzNcuD
2011-11-17 19:01 . 2011-11-17 19:01 -------- d-----w- c:\users\Marina\AppData\Roaming\EQJdEK8RZhXUIrx
2011-11-17 19:00 . 2011-11-17 19:00 -------- d-----w- c:\users\Marina\AppData\Roaming\hpnG5aQ6dKfLgXj
2011-11-17 19:00 . 2011-11-17 19:00 -------- d-----w- c:\users\Marina\AppData\Roaming\ddE8gRqhYwVOtPy
2011-11-17 19:00 . 2011-11-17 19:00 -------- d-----w- c:\users\Marina\AppData\Roaming\e4amHsWfE8ZhwU
2011-11-17 19:00 . 2011-11-17 19:00 -------- d-----w- c:\users\Marina\AppData\Roaming\GzOx0Sbp5H
2011-11-17 19:00 . 2011-11-17 19:00 -------- d-----w- c:\users\Marina\AppData\Roaming\DRRZZ9TXwjUClIr
2011-11-17 19:00 . 2011-11-17 19:00 -------- d-----w- c:\users\Marina\AppData\Roaming\dnG4aQH6s
2011-11-17 18:59 . 2011-11-17 18:59 -------- d-----w- c:\users\Marina\AppData\Roaming\BbF4pmG5sJdKf
2011-11-17 18:59 . 2011-11-17 18:59 -------- d-----w- c:\users\Marina\AppData\Roaming\BK7fRL9gTq
2011-11-16 04:44 . 2011-11-16 04:44 -------- d-----w- c:\users\Marina\AppData\Roaming\dH6sWKfELgZjkVl
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\cG5sQJ6dE8R9TwC
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\C0y1vD3on4m
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\HUkIrzONAubp5HW
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\DJ7dRqhYXkVOz0c
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\dIzNAu2b3GQsKEg
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\bP0ycA1ivn4
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\FTjwVOxu1Dna6Jf
2011-11-16 04:43 . 2011-11-16 04:43 -------- d-----w- c:\users\Marina\AppData\Roaming\gP0ycA1vDn4m5Q
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\BpmGQd8RqCO0F
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\BERqYXkUVlBz0
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\h9gTXqjYCkVz
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\csJd8RhXU
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\ebF3pmG5aJdKfL
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\AcAA1uvvDobF
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\AcAA1uvD2oF4
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\epnG4aQH6W7EgqY
2011-11-16 04:40 . 2011-11-16 04:40 -------- d-----w- c:\users\Marina\AppData\Roaming\a6sWK7fELg
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\CS2bD3QHfLgZjC
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\hhYXwjUVeItP
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\eS1i3nG4aHsJfLg
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\gycS1ivD3n4
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\eWRVyos8XI1FsK
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\GjCelIBrzNx12b3
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\felP1oGdZwIySpa
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\gI0pWXr036gIPS3
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\cnF4amH5sJdLgZh
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\cibD3onG4m6W7E8
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\dgTXqjYCe
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\CvS2ibF3pGaHdKf
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 04:16 . 2011-11-09 01:02 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C46820-6E54-4F3D-9258-67428C83C2CD}\mpengine.dll
2011-10-05 02:13 . 2011-06-20 11:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 11:06 . 2011-04-16 14:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 01:05 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 01:04 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iBarioApps"="c:\program files (x86)\iBarioApps\iBarioApps.exe" [2011-04-26 68608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 adeqvayk;adeqvayk; [x]
R1 bmskrsuo;bmskrsuo; [x]
R1 dpfnzwjq;dpfnzwjq; [x]
R1 dvusctki;dvusctki; [x]
R1 kkmzkpzu;kkmzkpzu; [x]
R1 qaccuetw;qaccuetw; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2924928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 17:34]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 17:34]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001Core.job
- c:\users\Marina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 22:44]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001UA.job
- c:\users\Marina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 22:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://facebook.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50303
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PC Cleaner - c:\program files (x86)\PC Cleaner\PCCLauncher.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ae,45,cc,05,f4,a6,48,a5,68,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ae,45,cc,05,f4,a6,48,a5,68,74,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Completion time: 2011-12-11 09:32:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 15:32
.
Pre-Run: 35,555,766,272 bytes free
Post-Run: 35,501,342,720 bytes free
.
- - End Of File - - 553207CA992187FECBA9800B14254164

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 11 December 2011 - 12:19 PM

Greetings



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\users\Marina\AppData\Roaming\cm8rvL0sVFXbh2R
c:\users\Marina\AppData\Roaming\FjUCeIBrzx1v
c:\users\Marina\AppData\Roaming\BTjUCekIBzxvFp5
c:\users\Marina\AppData\Roaming\CdWK8fRL9TqUeIr
c:\users\Marina\AppData\Roaming\BIVrlONtx0c1b3n
c:\users\Marina\AppData\Roaming\ARZ9hTXwjClB
c:\users\Marina\AppData\Roaming\DcA1ivDoFp5J8ZY
c:\users\Marina\AppData\Roaming\e1iDonG4aHJfLgZ
c:\users\Marina\AppData\Roaming\af9XjCIrOuiFpGa
c:\users\Marina\AppData\Roaming\ChYXwkUVeOtPyA
c:\users\Marina\AppData\Roaming\EwVlB0ci2FmsJ
c:\users\Marina\AppData\Roaming\gCVOt0c1Do5
c:\users\Marina\AppData\Roaming\conF4pmH5Q7E8R9
c:\users\Marina\AppData\Roaming\AtPucS1ib3n4
c:\users\Marina\AppData\Roaming\hTZqYCUrlBx0
c:\users\Marina\AppData\Roaming\DVBtzPNyc1v2b4m
c:\users\Marina\AppData\Roaming\EK7RLgTXqYeIr
c:\users\Marina\AppData\Roaming\AUVelItPNc1vo45
c:\users\Marina\AppData\Roaming\b6sWK7fELgZjCk
c:\users\Marina\AppData\Roaming\CJd8LTjeBzy0Sbp
c:\users\Marina\AppData\Roaming\DlIBtzPNyAv2b4m
c:\users\Marina\AppData\Roaming\ECekIVrzOtAuSiD
c:\users\Marina\AppData\Roaming\DqjYCwkVrOtPuSi
c:\users\Marina\AppData\Roaming\FamH6sWJfLgq
c:\users\Marina\AppData\Roaming\GL9gTXjCeIrOt0c
c:\users\Marina\AppData\Roaming\D5aQH6dWKfLgXj
c:\users\Marina\AppData\Roaming\CrzONyx0SiFpGaH
c:\users\Marina\AppData\Roaming\e7fEL9gTZjC
c:\users\Marina\AppData\Roaming\h7dEK8gRZhXjVlB
c:\users\Marina\AppData\Roaming\DRZ9hYXwjVl
c:\users\Marina\AppData\Roaming\d9gTZYwVO
c:\users\Marina\AppData\Roaming\FCekIBrzOyAuSiF
c:\users\Marina\AppData\Roaming\HTXqjYCeVzNxuSD
c:\users\Marina\AppData\Roaming\F2obF4pmGsJdKfZ
c:\users\Marina\AppData\Roaming\cA0ucS2ib3n4
c:\users\Marina\AppData\Roaming\dQ6dEKZ9hXjClBz
c:\users\Marina\AppData\Roaming\BbD3onG4a6
c:\users\Marina\AppData\Roaming\DF4amH5sW7E8Rq
c:\users\Marina\AppData\Roaming\FaQH6sWK7E9TqYw
c:\users\Marina\AppData\Roaming\gwkIVrlONx0c1b
c:\users\Marina\AppData\Roaming\G3pnG5aQHdKfLgX
c:\users\Marina\AppData\Roaming\H6sWJ7fELgZYwU
c:\users\Marina\AppData\Roaming\FzONyxA0u
c:\users\Marina\AppData\Roaming\bvD2on4pm5Q7E8R
c:\users\Marina\AppData\Roaming\b5JEf9XUlrNAvbp
c:\users\Marina\AppData\Roaming\C6sWJ7fELgZhCkV
c:\users\Marina\AppData\Roaming\EZhwUVelOz0c1
c:\users\Marina\AppData\Roaming\h8gRZqhYXkVOPci
c:\users\Marina\AppData\Roaming\GF3m5aJ6WfLTq
c:\users\Marina\AppData\Roaming\aOxu2Dna6KEgqCI
c:\users\Marina\AppData\Roaming\f9gTZqjYCk
c:\users\Marina\AppData\Roaming\cWK7fEL9gZjCkVz
c:\users\Marina\AppData\Roaming\D6dEK8fRZhX
c:\users\Marina\AppData\Roaming\ftxP0ucS1b
c:\users\Marina\AppData\Roaming\bmH6sJ7fE8ZhCkV
c:\users\Marina\AppData\Roaming\bhYXwjVelBzNcuD
c:\users\Marina\AppData\Roaming\EQJdEK8RZhXUIrx
c:\users\Marina\AppData\Roaming\hpnG5aQ6dKfLgXj
c:\users\Marina\AppData\Roaming\ddE8gRqhYwVOtPy
c:\users\Marina\AppData\Roaming\e4amHsWfE8ZhwU
c:\users\Marina\AppData\Roaming\GzOx0Sbp5H
c:\users\Marina\AppData\Roaming\DRRZZ9TXwjUClIr
c:\users\Marina\AppData\Roaming\dnG4aQH6s
c:\users\Marina\AppData\Roaming\BbF4pmG5sJdKf
c:\users\Marina\AppData\Roaming\BK7fRL9gTq
c:\users\Marina\AppData\Roaming\dH6sWKfELgZjkVl
c:\users\Marina\AppData\Roaming\cG5sQJ6dE8R9TwC
c:\users\Marina\AppData\Roaming\C0y1vD3on4m
c:\users\Marina\AppData\Roaming\HUkIrzONAubp5HW
c:\users\Marina\AppData\Roaming\DJ7dRqhYXkVOz0c
c:\users\Marina\AppData\Roaming\dIzNAu2b3GQsKEg
c:\users\Marina\AppData\Roaming\bP0ycA1ivn4
c:\users\Marina\AppData\Roaming\FTjwVOxu1Dna6Jf
c:\users\Marina\AppData\Roaming\gP0ycA1vDn4m5Q
c:\users\Marina\AppData\Roaming\BpmGQd8RqCO0F
c:\users\Marina\AppData\Roaming\BERqYXkUVlBz0
c:\users\Marina\AppData\Roaming\h9gTXqjYCkVz
c:\users\Marina\AppData\Roaming\csJd8RhXU
c:\users\Marina\AppData\Roaming\ebF3pmG5aJdKfL
c:\users\Marina\AppData\Roaming\AcAA1uvvDobF
c:\users\Marina\AppData\Roaming\AcAA1uvD2oF4
c:\users\Marina\AppData\Roaming\epnG4aQH6W7EgqY
c:\users\Marina\AppData\Roaming\a6sWK7fELg
c:\users\Marina\AppData\Roaming\CS2bD3QHfLgZjC
c:\users\Marina\AppData\Roaming\hhYXwjUVeItP
c:\users\Marina\AppData\Roaming\eS1i3nG4aHsJfLg
c:\users\Marina\AppData\Roaming\gycS1ivD3n4
c:\users\Marina\AppData\Roaming\eWRVyos8XI1FsK
c:\users\Marina\AppData\Roaming\GjCelIBrzNx12b3
c:\users\Marina\AppData\Roaming\felP1oGdZwIySpa
c:\users\Marina\AppData\Roaming\gI0pWXr036gIPS3
c:\users\Marina\AppData\Roaming\cnF4amH5sJdLgZh
c:\users\Marina\AppData\Roaming\cibD3onG4m6W7E8
c:\users\Marina\AppData\Roaming\dgTXqjYCe
c:\users\Marina\AppData\Roaming\CvS2ibF3pGaHdKf

Driver::
adeqvayk
bmskrsuo
dpfnzwjq
dvusctk
kkmzkpzu
qaccuetw

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50303

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:26 AM

Posted 11 December 2011 - 02:21 PM

Here's the new log:

ComboFix 11-12-10.01 - Marina 12/11/2011 13:00:34.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.894 [GMT -6:00]
Running from: c:\users\Marina\Desktop\ComboFix.exe
Command switches used :: c:\users\Marina\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marina\AppData\Roaming\a6sWK7fELg
c:\users\Marina\AppData\Roaming\AcAA1uvD2oF4
c:\users\Marina\AppData\Roaming\AcAA1uvvDobF
c:\users\Marina\AppData\Roaming\af9XjCIrOuiFpGa
c:\users\Marina\AppData\Roaming\aOxu2Dna6KEgqCI
c:\users\Marina\AppData\Roaming\ARZ9hTXwjClB
c:\users\Marina\AppData\Roaming\AtPucS1ib3n4
c:\users\Marina\AppData\Roaming\AUVelItPNc1vo45
c:\users\Marina\AppData\Roaming\b5JEf9XUlrNAvbp
c:\users\Marina\AppData\Roaming\b6sWK7fELgZjCk
c:\users\Marina\AppData\Roaming\BbD3onG4a6
c:\users\Marina\AppData\Roaming\BbF4pmG5sJdKf
c:\users\Marina\AppData\Roaming\BERqYXkUVlBz0
c:\users\Marina\AppData\Roaming\bhYXwjVelBzNcuD
c:\users\Marina\AppData\Roaming\BIVrlONtx0c1b3n
c:\users\Marina\AppData\Roaming\BK7fRL9gTq
c:\users\Marina\AppData\Roaming\bmH6sJ7fE8ZhCkV
c:\users\Marina\AppData\Roaming\bP0ycA1ivn4
c:\users\Marina\AppData\Roaming\BpmGQd8RqCO0F
c:\users\Marina\AppData\Roaming\BTjUCekIBzxvFp5
c:\users\Marina\AppData\Roaming\bvD2on4pm5Q7E8R
c:\users\Marina\AppData\Roaming\C0y1vD3on4m
c:\users\Marina\AppData\Roaming\C6sWJ7fELgZhCkV
c:\users\Marina\AppData\Roaming\cA0ucS2ib3n4
c:\users\Marina\AppData\Roaming\CdWK8fRL9TqUeIr
c:\users\Marina\AppData\Roaming\cG5sQJ6dE8R9TwC
c:\users\Marina\AppData\Roaming\ChYXwkUVeOtPyA
c:\users\Marina\AppData\Roaming\cibD3onG4m6W7E8
c:\users\Marina\AppData\Roaming\CJd8LTjeBzy0Sbp
c:\users\Marina\AppData\Roaming\cm8rvL0sVFXbh2R
c:\users\Marina\AppData\Roaming\cnF4amH5sJdLgZh
c:\users\Marina\AppData\Roaming\conF4pmH5Q7E8R9
c:\users\Marina\AppData\Roaming\CrzONyx0SiFpGaH
c:\users\Marina\AppData\Roaming\CS2bD3QHfLgZjC
c:\users\Marina\AppData\Roaming\csJd8RhXU
c:\users\Marina\AppData\Roaming\CvS2ibF3pGaHdKf
c:\users\Marina\AppData\Roaming\cWK7fEL9gZjCkVz
c:\users\Marina\AppData\Roaming\D5aQH6dWKfLgXj
c:\users\Marina\AppData\Roaming\D6dEK8fRZhX
c:\users\Marina\AppData\Roaming\d9gTZYwVO
c:\users\Marina\AppData\Roaming\DcA1ivDoFp5J8ZY
c:\users\Marina\AppData\Roaming\ddE8gRqhYwVOtPy
c:\users\Marina\AppData\Roaming\DF4amH5sW7E8Rq
c:\users\Marina\AppData\Roaming\dgTXqjYCe
c:\users\Marina\AppData\Roaming\dH6sWKfELgZjkVl
c:\users\Marina\AppData\Roaming\dIzNAu2b3GQsKEg
c:\users\Marina\AppData\Roaming\DJ7dRqhYXkVOz0c
c:\users\Marina\AppData\Roaming\DlIBtzPNyAv2b4m
c:\users\Marina\AppData\Roaming\dnG4aQH6s
c:\users\Marina\AppData\Roaming\dQ6dEKZ9hXjClBz
c:\users\Marina\AppData\Roaming\DqjYCwkVrOtPuSi
c:\users\Marina\AppData\Roaming\DRRZZ9TXwjUClIr
c:\users\Marina\AppData\Roaming\DRZ9hYXwjVl
c:\users\Marina\AppData\Roaming\DVBtzPNyc1v2b4m
c:\users\Marina\AppData\Roaming\e1iDonG4aHJfLgZ
c:\users\Marina\AppData\Roaming\e4amHsWfE8ZhwU
c:\users\Marina\AppData\Roaming\e7fEL9gTZjC
c:\users\Marina\AppData\Roaming\ebF3pmG5aJdKfL
c:\users\Marina\AppData\Roaming\ECekIVrzOtAuSiD
c:\users\Marina\AppData\Roaming\EK7RLgTXqYeIr
c:\users\Marina\AppData\Roaming\epnG4aQH6W7EgqY
c:\users\Marina\AppData\Roaming\EQJdEK8RZhXUIrx
c:\users\Marina\AppData\Roaming\eS1i3nG4aHsJfLg
c:\users\Marina\AppData\Roaming\eWRVyos8XI1FsK
c:\users\Marina\AppData\Roaming\EwVlB0ci2FmsJ
c:\users\Marina\AppData\Roaming\EZhwUVelOz0c1
c:\users\Marina\AppData\Roaming\F2obF4pmGsJdKfZ
c:\users\Marina\AppData\Roaming\f9gTZqjYCk
c:\users\Marina\AppData\Roaming\FamH6sWJfLgq
c:\users\Marina\AppData\Roaming\FaQH6sWK7E9TqYw
c:\users\Marina\AppData\Roaming\FCekIBrzOyAuSiF
c:\users\Marina\AppData\Roaming\felP1oGdZwIySpa
c:\users\Marina\AppData\Roaming\FjUCeIBrzx1v
c:\users\Marina\AppData\Roaming\FTjwVOxu1Dna6Jf
c:\users\Marina\AppData\Roaming\ftxP0ucS1b
c:\users\Marina\AppData\Roaming\FzONyxA0u
c:\users\Marina\AppData\Roaming\G3pnG5aQHdKfLgX
c:\users\Marina\AppData\Roaming\gCVOt0c1Do5
c:\users\Marina\AppData\Roaming\GF3m5aJ6WfLTq
c:\users\Marina\AppData\Roaming\gI0pWXr036gIPS3
c:\users\Marina\AppData\Roaming\GjCelIBrzNx12b3
c:\users\Marina\AppData\Roaming\GL9gTXjCeIrOt0c
c:\users\Marina\AppData\Roaming\gP0ycA1vDn4m5Q
c:\users\Marina\AppData\Roaming\gwkIVrlONx0c1b
c:\users\Marina\AppData\Roaming\gycS1ivD3n4
c:\users\Marina\AppData\Roaming\GzOx0Sbp5H
c:\users\Marina\AppData\Roaming\H6sWJ7fELgZYwU
c:\users\Marina\AppData\Roaming\h7dEK8gRZhXjVlB
c:\users\Marina\AppData\Roaming\h8gRZqhYXkVOPci
c:\users\Marina\AppData\Roaming\h9gTXqjYCkVz
c:\users\Marina\AppData\Roaming\hhYXwjUVeItP
c:\users\Marina\AppData\Roaming\hpnG5aQ6dKfLgXj
c:\users\Marina\AppData\Roaming\HTXqjYCeVzNxuSD
c:\users\Marina\AppData\Roaming\hTZqYCUrlBx0
c:\users\Marina\AppData\Roaming\HUkIrzONAubp5HW
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_adeqvayk
-------\Service_bmskrsuo
-------\Service_dpfnzwjq
-------\Service_kkmzkpzu
-------\Service_qaccuetw
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 19:08 . 2011-12-11 19:08 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99CFFB79-9323-4C45-9CF8-1C72F84CADCD}\offreg.dll
2011-12-06 01:53 . 2011-12-06 01:53 388096 ----a-r- c:\users\Marina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-06 01:53 . 2011-12-06 01:53 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-06 01:47 . 2011-12-06 01:47 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-04 22:42 . 2011-12-04 22:42 -------- d-----w- c:\program files\Realtek
2011-12-04 22:42 . 2011-12-04 22:42 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-12-04 22:39 . 2011-12-04 22:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-04 22:34 . 2011-12-04 22:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-04 19:46 . 2011-12-04 19:46 -------- d-----w- c:\program files (x86)\ESET
2011-12-04 17:37 . 2011-12-04 17:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 17:37 . 2011-12-04 17:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-04 17:36 . 2011-12-04 17:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-04 17:32 . 2011-12-04 17:32 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-12-04 17:29 . 2011-12-04 17:29 -------- d-----w- c:\users\Marina\AppData\Roaming\Auslogics
2011-12-04 17:29 . 2011-12-04 17:29 -------- d-----w- c:\program files (x86)\Auslogics
2011-12-04 17:25 . 2011-12-04 17:25 -------- d-----w- c:\program files\CCleaner
2011-12-04 17:23 . 2011-12-04 17:23 -------- d-----w- c:\programdata\Malwarebytes
2011-12-04 17:23 . 2011-12-04 17:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 17:23 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 12:51 . 2011-12-04 12:51 -------- d-----w- c:\program files (x86)\TeamViewer
2011-11-30 22:34 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-29 03:55 . 2011-11-29 03:55 -------- d-----w- C:\a52c9862cf72b69dcd692d859cca
2011-11-29 03:54 . 2011-11-29 03:54 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-11-29 03:47 . 2011-11-29 03:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-28 15:20 . 2011-11-28 15:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{798E65CA-53DA-403C-9764-07987D9B9A40}\gapaengine.dll
2011-11-28 15:15 . 2011-11-28 15:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-28 15:15 . 2011-11-28 15:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-25 19:51 . 2011-11-25 19:51 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\BG5aQJ6dW8RTqCk
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\BL8gRZqhYw
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\cgTZqhYCwUrOtPy
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\c6dEK8fRZhXjClB
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\CtxP0ucS1b3n4m
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\dNyxAu2Fp
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\frONtxA0uSiDn
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\C5a6dWK7fLgXjC
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\clONtxPS1bomJEg
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\ekIVrztxAcDnHf9
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\b8gRZqXwkVOzy1D
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\BS2obF3pm5Q6W8R
2011-11-17 19:08 . 2011-11-17 19:08 -------- d-----w- c:\users\Marina\AppData\Roaming\cL8gRZqhYwUeOtP
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\HVIzy1Dbps6KRhw
2011-11-17 19:07 . 2011-11-17 19:07 -------- d-----w- c:\users\Marina\AppData\Roaming\hxA1uS2ob3m5JW8
2011-11-17 19:05 . 2011-11-17 19:05 -------- d-----w- c:\users\Marina\AppData\Roaming\GamH5sWJ7E8RqYw
2011-11-17 19:04 . 2011-11-17 19:04 -------- d-----w- c:\users\Marina\AppData\Roaming\b8gR9hYXwUeItPy
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\gNubGdRqItc3aKg
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\eJ6ER9XUezA
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\hiD2HEZ9hjVlBzN
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\GwVOtx0Sbo4mWEg
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\aBzy1Sbma6KRhXU
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\HG4amH6sW7E
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\AfEL9gTZqYwIrOt
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\gZ9hTXwjUeIrPy
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\g6dKRL9hTqUkrNA
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\ACelIBrzPyAuSoF
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\ejwVlPc1o4HW7L
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\hK8Z9TXwj
2011-11-16 04:45 . 2011-11-16 04:45 -------- d-----w- c:\users\Marina\AppData\Roaming\b8gRZ9hYXjVlBz
2011-11-16 04:42 . 2011-11-16 04:42 -------- d-----w- c:\users\Marina\AppData\Roaming\fpmG5J6dE8RTweI
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\aF4amH5sW7
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\hH5sQJ7dE8R9YwU
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\GP0ycA1iDo
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\cxSo5dZwVtPy
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\dqhYXwkUV
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\H3pnG4aQHs7E9Tq
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\E9gTXqjYCkVOtAu
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\c8ZTjeBPx
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\dGqS807ts
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\EWBHeQPdxf09SLc
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\duDaW9YrP
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\Con7K8R9XUltNc1
2011-11-16 04:41 . 2011-11-16 04:41 -------- d-----w- c:\users\Marina\AppData\Roaming\CwUIrNx1SoFm5Q
2011-11-16 04:39 . 2011-11-16 04:39 -------- d-----w- c:\users\Marina\AppData\Roaming\HVeOBtzP0AiDoFp
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\haaQH6ssW
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\G3onFaHJEg
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\F6dWK7fRLgXj
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\FNA0cS2iDpaHW7L
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\ba6Wf9TjeBOxu2F
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\bYXwjUVelBzNcuD
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\E8gTZYCwkVlx0c1
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\ATXCBzx0SiFp5Q6
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\eghIzyubmdKfZXC
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\adK8fRZ9XCIrPAv
2011-11-16 04:37 . 2011-11-16 04:37 -------- d-----w- c:\users\Marina\AppData\Roaming\AcnJYBFdXBAv2F5
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\hJ7fEL8gT
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\DCeINxvo3GQd8LT
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\gWJ7dEL8gZh
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\FelOBtzP0c1v2n4
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\EA0SiF3pn5Q6K
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\CkUlOtP0yAiDo4m
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\EAv3p5Jd8LTjeBv
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\e8hVybQfTCyo5dL
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\CbDpnaQH67E9wV
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\eXqjUCekIrOyAuS
2011-11-16 04:35 . 2011-11-16 04:35 -------- d-----w- c:\users\Marina\AppData\Roaming\HNycA1uvDoFpGsJ
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\co3maJWR9TjeBxF
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\BSbpnQW7LTqCkVO
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\FonG4amH6
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\HGWgCOcnWgUtcD4
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\emG5aQJ6dKLhXje
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\G8ghYweBPy1vo4m
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\cpm57EK8g
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\cUCCeelIrzPy
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\eCwkUVlBtPySiDn
2011-11-16 04:34 . 2011-11-16 04:34 -------- d-----w- c:\users\Marina\AppData\Roaming\FfRL9hTXqUeI
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\hXwjUelIB
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\hxxxP0uc1
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\aKR9XUeIrPAvo3G
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\GNyA1uvD2bpGQ6E
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\CK88gRZ9hYwUelB
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\CGG5sQJ6dEKfR9
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\CG55sQJ6dEKfR9
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\bnp5JEg9XUltNAv
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\HqqjjUCekIrzNx0
2011-11-16 04:33 . 2011-11-16 04:33 -------- d-----w- c:\users\Marina\AppData\Roaming\f1uvS2F3pGJdW8R
2011-11-16 04:31 . 2011-11-16 04:31 -------- d-----w- c:\users\Marina\AppData\Roaming\ErlOBtxP0c1v3n4
2011-11-16 04:30 . 2011-11-16 04:30 -------- d-----w- c:\users\Marina\AppData\Roaming\h3onF4amHsJdLgZ
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\FxA1uvS2oFpGaJd
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\fP0yc1iv2n45JEg
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\gNyxA1uvSoFpGaJ
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\aJ7dEKgZ9YwVlBz
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\FD3onG4am6W7E8T
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\hRZ9hYwjUlBzNc1
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\DVrlOBtxPySiDoF
2011-11-16 04:29 . 2011-11-16 04:29 -------- d-----w- c:\users\Marina\AppData\Roaming\CL9gTZqjYwIrOt
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 04:16 . 2011-11-09 01:02 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C46820-6E54-4F3D-9258-67428C83C2CD}\mpengine.dll
2011-10-05 02:13 . 2011-06-20 11:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 11:06 . 2011-04-16 14:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 01:05 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 01:04 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-11_15.27.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-15 21:06 . 2011-12-11 16:21 47078 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-11 15:28 35728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-11 19:10 35728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-15 20:51 . 2011-12-11 19:10 14424 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561745552-1407280040-2834952522-1001_UserData.bin
- 2011-12-11 15:26 . 2011-12-11 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-11 19:08 . 2011-12-11 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-11 15:26 . 2011-12-11 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-11 19:08 . 2011-12-11 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-12-11 15:25 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-11 19:07 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-04 23:07 . 2011-12-11 19:07 2929736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-561745552-1407280040-2834952522-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iBarioApps"="c:\program files (x86)\iBarioApps\iBarioApps.exe" [2011-04-26 68608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 dvusctki;dvusctki; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2924928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 17:34]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 17:34]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001Core.job
- c:\users\Marina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 22:44]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001UA.job
- c:\users\Marina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 22:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF23803.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://facebook.com/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ae,45,cc,05,f4,a6,48,a5,68,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ae,45,cc,05,f4,a6,48,a5,68,74,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2011-12-11 13:14:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 19:14
ComboFix2.txt 2011-12-11 15:32
.
Pre-Run: 35,546,296,320 bytes free
Post-Run: 35,369,766,912 bytes free
.
- - End Of File - - EFC38F24EA467F160332C7ACC9A4D1BC

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 11 December 2011 - 06:25 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:26 AM

Posted 11 December 2011 - 07:47 PM

Thanks, again for all of your help. Here's the OTL log:

OTL logfile created on: 12/11/2011 6:07:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 51.27% Memory free
3.75 Gb Paging File | 2.80 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 32.97 Gb Free Space | 44.30% Space Free | Partition Type: NTFS

Computer Name: MARINA-PC | User Name: Marina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LVUVC64) Logitech Webcam C160(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 80 7F 44 5D A5 CC 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 80 7F 44 5D A5 CC 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-561745552-1407280040-2834952522-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
IE - HKU\S-1-5-21-561745552-1407280040-2834952522-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marina\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marina\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2011/04/30 19:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marina\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marina\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marina\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marina\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2011/12/11 13:09:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-561745552-1407280040-2834952522-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-561745552-1407280040-2834952522-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-561745552-1407280040-2834952522-1001..\Run: [iBarioApps] C:\Program Files (x86)\iBarioApps\iBarioApps.exe (Jubse Media Ltd.)
O4 - HKU\S-1-5-21-561745552-1407280040-2834952522-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561745552-1407280040-2834952522-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561745552-1407280040-2834952522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-561745552-1407280040-2834952522-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAA63889-2989-42BC-AEB6-40B67B166F80}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 17:54:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marina\Desktop\OTL.exe
[2011/12/11 13:14:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/11 09:18:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/11 09:18:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/11 09:18:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/11 09:18:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/11 09:11:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/11 09:09:04 | 004,334,705 | R--- | C] (Swearware) -- C:\Users\Marina\Desktop\ComboFix.exe
[2011/12/05 19:53:15 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/05 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/05 19:47:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/04 16:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/12/04 16:42:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/12/04 16:40:47 | 000,704,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\cohelper.dll
[2011/12/04 16:40:47 | 000,540,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2011/12/04 16:40:07 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/12/04 16:40:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/12/04 16:40:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/04 16:40:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/04 16:40:06 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/12/04 16:40:06 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/04 16:40:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/12/04 16:40:06 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/12/04 16:40:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/12/04 16:40:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/12/04 16:40:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/04 16:40:05 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/12/04 16:40:05 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/12/04 16:40:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/04 16:40:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/12/04 16:40:05 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/12/04 16:40:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/12/04 16:40:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/04 16:40:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/04 16:40:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/12/04 16:40:04 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/12/04 16:40:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/12/04 16:40:04 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/04 16:40:03 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/12/04 16:40:03 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/12/04 16:40:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/12/04 16:40:03 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/12/04 16:40:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/04 16:40:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/12/04 16:40:02 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/12/04 16:40:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/12/04 16:40:02 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/12/04 16:40:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/12/04 16:40:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/12/04 16:40:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/12/04 16:40:00 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/04 16:40:00 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/04 16:40:00 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/12/04 16:40:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/12/04 16:40:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/12/04 16:40:00 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/12/04 16:40:00 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/04 16:40:00 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/12/04 16:40:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/12/04 16:40:00 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/12/04 16:40:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/12/04 16:39:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/04 16:39:59 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/12/04 16:39:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/12/04 16:39:59 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/12/04 16:39:59 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/12/04 16:39:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/12/04 16:39:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/04 16:39:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/12/04 16:39:57 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/12/04 16:39:57 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/04 16:39:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/12/04 16:39:57 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/12/04 16:39:57 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/04 16:39:57 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/12/04 16:39:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/04 16:39:57 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/12/04 16:39:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/12/04 16:39:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/12/04 16:39:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/12/04 16:39:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/12/04 16:39:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/04 16:39:56 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/04 16:39:56 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/04 16:39:56 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/12/04 16:39:56 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/12/04 16:39:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/04 16:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/04 16:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/12/04 13:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/04 11:37:37 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/04 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/04 11:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/04 11:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/04 11:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/04 11:36:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/04 11:36:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/04 11:36:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/04 11:32:36 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/12/04 11:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/12/04 11:30:21 | 000,000,000 | ---D | C] -- C:\Users\Marina\Desktop\Utilities
[2011/12/04 11:29:54 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\Auslogics
[2011/12/04 11:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/12/04 11:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/12/04 11:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/04 11:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/04 11:23:42 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\Malwarebytes
[2011/12/04 11:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/04 11:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/04 11:23:28 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/04 11:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/04 06:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011/11/28 21:55:04 | 000,000,000 | ---D | C] -- C:\a52c9862cf72b69dcd692d859cca
[2011/11/28 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2011/11/28 09:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/11/28 09:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/19 13:36:41 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\d8RZqhXwkVlBz0c

NOTE: I had to cut out a bunch of entries (thousands!)identical to these. The log would not post due to it being too long. See Attachment for full log.

[2011/11/12 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\mS2obF3pm5Q6W
[2011/11/12 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\tG4amH6sW7E8T
[2011/11/12 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\A0ucS1ibDoGaHsJ
[2011/11/12 15:18:09 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\W5sWJ7dEL

========== Files - Modified Within 30 Days ==========

[2011/12/11 18:04:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/11 17:41:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marina\Desktop\OTL.exe
[2011/12/11 17:29:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001UA.job
[2011/12/11 13:17:41 | 000,051,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 13:17:41 | 000,051,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 13:09:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/11 13:08:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/11 13:08:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 13:08:19 | 1508,737,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 09:07:45 | 004,334,705 | R--- | M] (Swearware) -- C:\Users\Marina\Desktop\ComboFix.exe
[2011/12/10 22:29:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001Core.job
[2011/12/04 16:53:17 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/04 16:53:17 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/04 16:53:17 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/04 16:47:33 | 000,001,437 | ---- | M] () -- C:\Users\Marina\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/04 16:40:07 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/12/04 16:40:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/12/04 16:40:06 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/04 16:40:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/04 16:40:06 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/12/04 16:40:06 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/04 16:40:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/12/04 16:40:06 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/12/04 16:40:06 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/12/04 16:40:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/12/04 16:40:06 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/04 16:40:05 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/12/04 16:40:05 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/12/04 16:40:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/04 16:40:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/12/04 16:40:05 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/12/04 16:40:05 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/04 16:40:05 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/12/04 16:40:05 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/12/04 16:40:04 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/04 16:40:04 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/04 16:40:04 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/12/04 16:40:04 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/12/04 16:40:04 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/04 16:40:03 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/12/04 16:40:03 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/12/04 16:40:03 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/12/04 16:40:03 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/12/04 16:40:03 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/04 16:40:03 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/12/04 16:40:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/12/04 16:40:02 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/12/04 16:40:02 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/12/04 16:40:01 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/12/04 16:40:01 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/12/04 16:40:01 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/12/04 16:40:00 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/04 16:40:00 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/04 16:40:00 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/12/04 16:40:00 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/12/04 16:40:00 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/12/04 16:40:00 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/12/04 16:40:00 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/04 16:40:00 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/12/04 16:40:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/12/04 16:40:00 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/12/04 16:40:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/12/04 16:39:59 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/04 16:39:59 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/12/04 16:39:59 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/12/04 16:39:59 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/12/04 16:39:59 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/12/04 16:39:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/12/04 16:39:59 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/04 16:39:58 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/04 16:39:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/12/04 16:39:57 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/12/04 16:39:57 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/04 16:39:57 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/12/04 16:39:57 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/12/04 16:39:57 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/12/04 16:39:57 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/04 16:39:57 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/12/04 16:39:57 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/04 16:39:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/12/04 16:39:57 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/12/04 16:39:57 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/12/04 16:39:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/04 16:39:57 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/12/04 16:39:57 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/04 16:39:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/04 16:39:56 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/12/04 16:39:56 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/12/04 16:39:56 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/11/29 21:29:15 | 000,002,625 | ---- | M] () -- C:\Users\Marina\Desktop\Microsoft Office Access 2007.lnk
[2011/11/29 08:25:32 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/28 09:15:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/28 09:15:21 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/15 22:06:44 | 000,000,000 | ---- | M] () -- C:\Users\Marina\AppData\Local\{6AE0B6D4-8688-47EA-AE32-7A1EA357098F}
[2011/11/14 22:21:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/12 16:40:30 | 000,002,034 | ---- | M] () -- C:\Users\Marina\Desktop\Tanya Baby shower - Shortcut.lnk
[2011/11/12 16:40:26 | 000,001,816 | ---- | M] () -- C:\Users\Marina\Desktop\pict From Dan camera - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/12/11 09:18:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/11 09:18:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/11 09:18:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/11 09:18:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/11 09:18:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/04 16:47:29 | 000,001,443 | ---- | C] () -- C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/12/04 16:40:47 | 000,006,136 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011/12/04 16:40:05 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/12/04 16:39:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/12/04 06:51:28 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7 Host.lnk
[2011/11/28 09:15:35 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/28 09:15:21 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/28 09:15:12 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/15 22:06:44 | 000,000,000 | ---- | C] () -- C:\Users\Marina\AppData\Local\{6AE0B6D4-8688-47EA-AE32-7A1EA357098F}
[2011/11/12 16:40:30 | 000,002,034 | ---- | C] () -- C:\Users\Marina\Desktop\Tanya Baby shower - Shortcut.lnk
[2011/11/12 16:40:26 | 000,001,816 | ---- | C] () -- C:\Users\Marina\Desktop\pict From Dan camera - Shortcut.lnk
[2011/09/10 09:41:37 | 000,000,010 | ---- | C] () -- C:\Users\Marina\AppData\Roaming\RSBuddy Login.ini
[2011/08/23 19:27:02 | 000,187,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/19 03:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 03:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 03:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/08/17 17:03:24 | 000,000,086 | ---- | C] () -- C:\Users\Marina\AppData\Roaming\RSBuddy_uniponyman.ini
[2011/08/17 16:46:24 | 000,000,040 | ---- | C] () -- C:\Users\Marina\AppData\Roaming\RSBuddy_unipony.ini
[2011/05/08 16:14:08 | 000,003,584 | ---- | C] () -- C:\Users\Marina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 18:21:16 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/05/05 18:20:41 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/05/05 18:20:41 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/05/05 18:20:41 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/17 11:34:39 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 11 December 2011 - 07:59 PM

Hello


NOTE: I had to cut out a bunch of entries (thousands!)identical to these. The log would not post due to it being too long. See Attachment for full log.
these are part of the infection - upload the report to mediafire.com and send me the link


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:26 AM

Posted 11 December 2011 - 08:06 PM

Here is the link:

http://www.mediafire.com/?stu37kid889hrmc

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 11 December 2011 - 08:18 PM

Hello


I have uploaded the script I want you to use with OTL - http://www.mediafire.com/?kqvshs3duzaowem


Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the fix I uploaded into the Posted Image textbox.
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:26 AM

Posted 11 December 2011 - 09:14 PM

File is too large, again. Link:

http://www.mediafire.com/?b6p6xy18n1ulqn7

System seems to be running very nicely. No strange behavior at all, and seems to be faster to respond, overall.

Let me know what you need me to do next.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 11 December 2011 - 09:24 PM

I want a new combofix scan


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:12:26 AM

Posted 11 December 2011 - 10:04 PM

ComboFix 11-12-10.01 - Marina 12/11/2011 20:41:32.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1918.967 [GMT -6:00]
Running from: c:\users\Marina\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 02:47 . 2011-12-12 02:47 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99CFFB79-9323-4C45-9CF8-1C72F84CADCD}\offreg.dll
2011-12-12 02:46 . 2011-12-12 02:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-12 02:07 . 2011-12-12 02:48 -------- d-----w- c:\users\Marina\AppData\Roaming\Skype
2011-12-12 01:37 . 2011-12-12 01:37 -------- d-----w- C:\_OTL
2011-12-11 16:31 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99CFFB79-9323-4C45-9CF8-1C72F84CADCD}\mpengine.dll
2011-12-06 01:53 . 2011-12-06 01:53 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-06 01:47 . 2011-12-06 01:47 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-04 22:42 . 2011-12-04 22:42 -------- d-----w- c:\program files\Realtek
2011-12-04 22:42 . 2011-12-04 22:42 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-12-04 22:39 . 2011-12-04 22:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-04 22:34 . 2011-12-04 22:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-04 19:46 . 2011-12-04 19:46 -------- d-----w- c:\program files (x86)\ESET
2011-12-04 17:37 . 2011-12-04 17:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 17:37 . 2011-12-04 17:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-04 17:36 . 2011-12-04 17:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-04 17:32 . 2011-12-04 17:32 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-12-04 17:29 . 2011-12-04 17:29 -------- d-----w- c:\program files (x86)\Auslogics
2011-12-04 17:25 . 2011-12-04 17:25 -------- d-----w- c:\program files\CCleaner
2011-12-04 17:23 . 2011-12-04 17:23 -------- d-----w- c:\programdata\Malwarebytes
2011-12-04 17:23 . 2011-12-04 17:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 17:23 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 12:51 . 2011-12-04 12:51 -------- d-----w- c:\program files (x86)\TeamViewer
2011-11-30 22:34 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-29 03:55 . 2011-11-29 03:55 -------- d-----w- C:\a52c9862cf72b69dcd692d859cca
2011-11-29 03:54 . 2011-11-29 03:54 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-11-29 03:47 . 2011-11-29 03:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-11-28 15:20 . 2011-11-28 15:20 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{798E65CA-53DA-403C-9764-07987D9B9A40}\gapaengine.dll
2011-11-28 15:15 . 2011-11-28 15:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-28 15:15 . 2011-11-28 15:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-25 19:51 . 2011-11-25 19:51 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 04:16 . 2011-11-09 01:02 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C46820-6E54-4F3D-9258-67428C83C2CD}\mpengine.dll
2011-10-05 02:13 . 2011-06-20 11:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 11:06 . 2011-04-16 14:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 01:05 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 01:04 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-11_15.27.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-15 21:06 . 2011-12-12 02:49 47458 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-11 15:28 35728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-12 02:49 35728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-15 20:51 . 2011-12-12 02:49 14508 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-561745552-1407280040-2834952522-1001_UserData.bin
- 2011-12-11 15:26 . 2011-12-11 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-12 02:47 . 2011-12-12 02:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-11 15:26 . 2011-12-11 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-12 02:47 . 2011-12-12 02:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-12-11 15:25 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-12 02:46 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-04 23:07 . 2011-12-12 02:46 3126992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-561745552-1407280040-2834952522-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iBarioApps"="c:\program files (x86)\iBarioApps\iBarioApps.exe" [2011-04-26 68608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 dvusctki;dvusctki; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2924928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 17:34]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 17:34]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001Core.job
- c:\users\Marina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 22:44]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-561745552-1407280040-2834952522-1001UA.job
- c:\users\Marina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 22:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://facebook.com/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ae,45,cc,05,f4,a6,48,a5,68,74,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,ae,45,cc,05,f4,a6,48,a5,68,74,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2011-12-11 20:52:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 02:52
ComboFix2.txt 2011-12-11 19:14
ComboFix3.txt 2011-12-11 15:32
.
Pre-Run: 35,004,604,416 bytes free
Post-Run: 34,986,790,912 bytes free
.
- - End Of File - - 4A6C924E46F102F24E6EC67BBF07CEA5

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 11 December 2011 - 10:45 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users