Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with Google redirect & popups


  • This topic is locked This topic is locked
22 replies to this topic

#1 gdtms24

gdtms24

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 11 December 2011 - 08:23 PM

http://www.bleepingcomputer.com/forums/topic431875.html/page__gopid__2505707#entry2505707

That is the link to the previous post where I was helped with removing some of the problem. But I am having an issue with popups and with Windows Firewall i get an error code 0x80070424. Boopme is the one that told me about the ZeroAccess rootkit taking over. Any help is appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by K at 20:18:53 on 2011-12-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.280 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\k\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{533F5151-1606-4CC4-8712-2D87AECBC912} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{533F5151-1606-4CC4-8712-2D87AECBC912}\55E684F6F6B65646 : DhcpNameServer = 192.168.2.1 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\k\appdata\roaming\mozilla\firefox\profiles\v99u5swa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111011&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\k\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-17 366152]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-5 22216]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-7-28 20080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-28 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-28 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2011-12-11 23:40:19 -------- d-----w- c:\users\k\appdata\roaming\SUPERAntiSpyware.com
2011-12-11 23:39:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-11 23:39:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-11 23:33:20 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-11 23:12:15 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-12-11 23:10:04 -------- d-----w- c:\users\k\appdata\local\ElevatedDiagnostics
2011-12-11 17:07:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-11 17:04:01 -------- d-----w- c:\users\k\appdata\local\Secunia PSI
2011-12-11 17:03:55 -------- d-----w- c:\program files\Secunia
2011-12-11 16:12:00 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-11 01:51:45 -------- d-----w- c:\users\k\appdata\local\Google
2011-12-11 01:26:33 -------- d-----w- c:\program files\EjoyStudio
2011-11-16 17:49:52 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{634f9a48-95f1-47b7-bfe8-2fbebdc77dbd}\mpengine.dll
2011-11-13 19:26:21 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-13 19:26:20 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 19:26:19 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-12-11 17:13:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 17:06:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:19:38.81 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-11 20:17:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800AAJS-00B4A0 rev.01.03A01
Running: xg85hibd.exe; Driver: C:\Users\K\AppData\Local\Temp\pxldqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82A58349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A91D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\lped.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F014000, 0x38CD55, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 778D5F18 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtWriteVirtualMemory 778D6A98 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!KiUserExceptionDispatcher 778D7008 5 Bytes JMP 0085000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!LdrLoadDll 778F22B8 5 Bytes JMP 656E2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] USER32.dll!SetWindowLongA 776C8BA3 5 Bytes JMP 65AAC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] USER32.dll!SetWindowLongW 776D4449 5 Bytes JMP 65AAC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] USER32.dll!GetWindowInfo 776D4B5E 5 Bytes JMP 6585E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] USER32.dll!TrackPopupMenu 776E2228 5 Bytes JMP 6585E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\System32\ping.exe[5940] ntdll.dll!NtCreateProcess 778D5698 5 Bytes JMP 0027000A
.text C:\Windows\System32\ping.exe[5940] ntdll.dll!NtCreateProcessEx 778D56A8 5 Bytes JMP 0028000A
.text C:\Windows\System32\ping.exe[5940] ntdll.dll!NtCreateUserProcess 778D5778 5 Bytes JMP 0031000A
.text C:\Windows\System32\ping.exe[5940] ntdll.dll!NtProtectVirtualMemory 778D5F18 5 Bytes JMP 0024000A
.text C:\Windows\System32\ping.exe[5940] ntdll.dll!NtWriteVirtualMemory 778D6A98 5 Bytes JMP 0030000A
.text C:\Windows\System32\ping.exe[5940] ntdll.dll!KiUserExceptionDispatcher 778D7008 5 Bytes JMP 001F000A
.text C:\Windows\System32\ping.exe[5940] USER32.dll!GetCursorPos 776CA4B3 5 Bytes JMP 0051000A
.text C:\Windows\System32\ping.exe[5940] USER32.dll!GetForegroundWindow 776D335D 5 Bytes JMP 0053000A
.text C:\Windows\System32\ping.exe[5940] USER32.dll!WindowFromPoint 776F6BE9 5 Bytes JMP 0052000A
.text C:\Windows\System32\ping.exe[5940] ole32.dll!CoCreateInstance 76339D0B 5 Bytes JMP 0033000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Users\K\Downloads\xg85hibd.exe[1052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00202CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\K\Downloads\xg85hibd.exe[1052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00202CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\K\Downloads\xg85hibd.exe[1052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00202D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\K\Downloads\xg85hibd.exe[1052] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00202F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskhost.exe[2260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskhost.exe[2260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskhost.exe[2260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskhost.exe[2260] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[2880] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[2880] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[2880] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[2880] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[3136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[3136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[3136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[3136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00562CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00562CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00562D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3232] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00562F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00242CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00242CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00242D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[4016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00242F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00442CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00442CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00442D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00442F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [028F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [028F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [028F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [028F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00272CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00272CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00272D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[4904] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00272F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8DEE4000-8DEFB000 (94208 bytes)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB53791$\3900442487 0 bytes
File C:\Windows\$NtUninstallKB53791$\5427789 0 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\@ 2048 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\bckfg.tmp 879 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\cfg.ini 199 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\keywords 218 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\L 0 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\L\xadqgnnk 83456 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\U 0 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB53791$\5427789\U\80000032.@ 98304 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\0RlQSyEsgA_1504581338[1].html 5161 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\belly%20fat[1].jpg 6399 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\isolate[1].html 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\feed[1].png 2797 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\ff2[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\flowplayer-3.2.6.min[3].js 16838 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\122x54_lm_lugz[1].gif 892 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\afr[2].htm 1208 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\afr[3].htm 2647 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\afr[4].htm 2652 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\load[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\c[1] 7517 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\pd_txt_btmbrdr[1].gif 138 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\pd_txt_topRight[1].gif 309 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\jquery[3].js 91363 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\shoes_i289327[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\shoes_i389327[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\smartad[2].jsp 697 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\p[2].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\iframe!t=1209![6].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\ss_v3r2_300x250[1].swf 49092 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\AdDisplayTrackerServlet[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\r[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\bgr_shadow[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\NFCU_Stories_Membership-Navy_160x600[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\nonSecureAnonymousFramework[1] 125862 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\collapsed[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TTAFDCP\Get_google_160x600_2[1].swf 40665 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\pc[2].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\pd_txt_bottomRight[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\badgeRect50x60[1].png 1985 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\badge_su[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\afr[1].php 4044 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\6858328_d4e4acf9-1a72-43ee-93ab-c5929679948e[1].js 3920 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\c[2] 7518 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\Empty_Movie[1].swf 30 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\bh[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\ad[4].htm 946 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\surly[2].js 1702 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\jsadimp[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\01[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\BoyGMCboy_728x90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\174x98_0[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\load[4].htm 8 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\ros;sect=ros;sz=300x250,250x250;tile=1;ord=5117897017107804[1] 206 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\videobash.com.1007[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\939519373@x96[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\sect%3Dhome%3Bsz%3D160x600%2C120x600%3Btile%3D2%3Bbsg%3D101109%3Bbsg%3D101268%3Bbsg%3D122251%3B%3B~aopt%3D2%2F1%2F8c27%2F0%3B~sscs%3D%3F[1] 329 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\set[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\statstracker[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\strength_traini9055[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\20d660aaddfc444985809ff3ceae07fe[1].jpg 25442 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\visit[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\iframe!t=1209![8].txt 305 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\iframe!t=1209![9].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\iframe3[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\iframe3[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\2_0_YWE9NDY3NzUsMjI4ODAzLDM5NTY1LDMzNTQ3NjUsMjgyMSw3NjI0OSxEUHAyNjhKT2h6VVoscCwxNDM5LDg4NDMsMTUwMDY5LDUyMDcsMTM4NTUmcmI9MzQ1JnJlPTIwNzg5[1] 6146 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\300x250_banner1[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\haley-reinhart[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\sharedModuleLoader[1].txt 10359 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\shoes_i589327[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\optn=64[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\p-acTSWqQlmTgSU[1].gif 35 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\137x77_10[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\137x77_13[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\137x77_16[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\137x77_5[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\Footer_Blog[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\q3593[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\5654_137x77[1].jpg 6092 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\beacon[8].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\pixel_adsafeprotected_com[2].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\ac@Bottom3[1].htm 230 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\like[1].php 25172 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\like[2].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\rs[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\adserv_17171[7].js 14703 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\adserv_17171[8].js 14703 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\adserv_17171[9].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\B5754668[1].20;sz=160x600;ord=3806385664896620361 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\B5830682[1].128;sz=300x250;ord=2960990318512659436 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\glamadapt_jsrv[1].act 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\breakingnews2[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\cpxpop_prod[1].js 4220 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\ros;sect=ros;mtfInline=true;sz=728x90,468x60;tile=3;ord=5117897017107804[1] 1621 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\AMA[1].swf 47727 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\anyclip-menu-banner[1].jpg 1941 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK1GTM9T\FB[1].Share 6585 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OWMLBSPR.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P2EEON0K.txt 743 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AD4H3USQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\56OFYMKQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5G5R4HPB.txt 868 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5I0KSOZC.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KP3F4903.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YQQYNDV9.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DMCF6L1U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F16LP4PN.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7OSHV82U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JDNFBW8P.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\18XOI42D.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1LJTW8FM.txt 251 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GBQ52KVT.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GKM47DLM.txt 748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8Q9DO47D.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8X3VLKXG.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\929MWCZM.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NNYDZZKV.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NP3FNAQW.txt 546 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6EJ0ROR2.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6X9EMRJK.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UZPYIG8N.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V4U3GLF1.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V79N35TT.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2ESG4QH6.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ICTQ1NEC.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L20T51NI.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LFU3T0UA.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q7J84ZWD.txt 547 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CLQZ32OH.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\D182FB2U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\D50NG1HO.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JKT536EJ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OAA8GUYP.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\89KQNZVP.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FT5R66IC.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\385O9I8K.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MR646PGJ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\N0T71BUR.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XPL5V5ZF.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R0ORYJ0I.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RAXYHQMW.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\689TLZYL.txt 542 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BBAFGMD2.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 14 December 2011 - 10:25 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 December 2011 - 10:38 AM

Ok there was a problem during combofix I was running the computer in safe mode and combo fix restarted the computer on restart I did not go back into safe mode and the computer BSOD. So I had to restart the computer and ran combofix The log below is that log.


ComboFix 11-12-15.02 - K 12/15/2011 10:17:32.2.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1682 [GMT -5:00]
Running from: c:\users\K\Desktop\anv157.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\K\AppData\Roaming\Mozilla\Firefox\Profiles\v99u5swa.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 15:22 . 2011-12-15 15:23 -------- d-----w- c:\users\K\AppData\Local\temp
2011-12-15 15:22 . 2011-12-15 15:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-15 15:22 . 2011-12-15 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 15:07 . 2011-12-15 15:07 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-12-15 15:04 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-14 14:37 . 2011-12-14 16:22 -------- d-----w- c:\programdata\pM28300EeKjJ28300
2011-12-11 23:40 . 2011-12-11 23:40 -------- d-----w- c:\users\K\AppData\Roaming\SUPERAntiSpyware.com
2011-12-11 23:39 . 2011-12-11 23:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-11 23:39 . 2011-12-11 23:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-11 23:10 . 2011-12-14 15:50 -------- d-----w- c:\users\K\AppData\Local\ElevatedDiagnostics
2011-12-11 17:07 . 2011-11-05 07:10 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-11 17:06 . 2011-12-11 17:06 -------- d-----w- c:\program files\Java
2011-12-11 17:04 . 2011-12-11 17:04 -------- d-----w- c:\users\K\AppData\Local\Secunia PSI
2011-12-11 17:03 . 2011-12-11 17:03 -------- d-----w- c:\program files\Secunia
2011-12-11 16:12 . 2011-12-11 16:12 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-11 01:51 . 2011-12-11 01:52 -------- d-----w- c:\users\K\AppData\Local\Google
2011-12-11 01:26 . 2011-12-11 01:26 -------- d-----w- c:\program files\EjoyStudio
2011-11-16 17:49 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{634F9A48-95F1-47B7-BFE8-2FBEBDC77DBD}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 17:13 . 2011-07-26 20:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 17:06 . 2011-09-10 04:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-17 19:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 16:03 . 2011-11-13 19:26 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-13 19:26 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 07:10 . 2011-12-11 17:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-08_06.19.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wabimp.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wabimp.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wabimp.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wabimp.dll
+ 2011-07-26 20:31 . 2011-12-11 19:56 21382 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-12-15 15:09 35460 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-01 08:30 . 2010-09-01 08:30 15544 c:\windows\System32\drivers\psi_mf.sys
+ 2011-12-11 02:34 . 2011-12-14 21:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-11 05:05 . 2011-12-11 05:05 85312 c:\windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
+ 2011-12-14 15:43 . 2011-12-14 20:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121420111215\index.dat
+ 2011-12-13 05:29 . 2011-12-13 22:48 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121320111214\index.dat
+ 2011-12-12 15:28 . 2011-12-12 17:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011121220111213\index.dat
+ 2011-12-12 15:28 . 2011-12-12 15:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011120520111212\index.dat
+ 2011-12-11 02:30 . 2011-12-11 02:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-12-11 02:30 . 2011-12-14 22:58 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-07-26 19:55 . 2011-12-15 15:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-26 19:55 . 2011-11-08 06:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-11-15 17:37 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-26 19:55 . 2011-12-15 15:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-26 19:55 . 2011-11-08 06:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-26 19:55 . 2011-12-15 15:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-26 19:55 . 2011-11-08 06:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-26 19:55 . 2011-12-15 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-26 19:55 . 2011-11-08 06:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-26 19:55 . 2011-11-08 06:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-26 19:55 . 2011-12-15 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-11 17:09 . 2011-12-11 17:09 32256 c:\windows\Installer\2d1f759.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-07-26 19:56 . 2011-12-15 15:09 6934 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2073212592-3125426970-1633408977-1001_UserData.bin
+ 2011-12-13 20:12 . 2011-12-13 20:12 2638 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6L7Z74B\EpicPlaySetup[1].exe
+ 2011-12-15 15:13 . 2011-12-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-08 06:01 . 2011-11-08 06:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-08 06:01 . 2011-11-08 06:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-15 15:13 . 2011-12-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-13 19:26 . 2011-10-01 06:09 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wab32.dll
+ 2011-11-13 19:26 . 2011-10-01 04:37 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wab32.dll
+ 2011-11-13 19:26 . 2011-10-01 04:39 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wab32.dll
+ 2011-11-13 19:26 . 2011-10-01 04:43 708608 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wab32.dll
+ 2011-11-13 19:26 . 2011-09-29 16:17 187760 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\FWPKCLNT.SYS
+ 2011-07-26 20:12 . 2010-11-20 12:29 187776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\FWPKCLNT.SYS
+ 2011-11-13 19:26 . 2011-09-29 16:02 187248 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\FWPKCLNT.SYS
+ 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\FWPKCLNT.SYS
+ 2011-07-28 05:06 . 2011-12-14 14:06 231248 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:05 . 2011-11-08 06:07 615122 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-12-11 01:37 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-08 06:07 103496 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-12-11 01:37 103496 c:\windows\System32\perfc009.dat
+ 2011-12-11 17:06 . 2011-12-11 17:06 247968 c:\windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-11 17:06 . 2011-12-11 17:06 335520 c:\windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-12-11 17:13 . 2011-12-11 17:13 243872 c:\windows\System32\Macromed\Flash\FlashUtil10y_Plugin.exe
- 2011-09-10 04:15 . 2011-09-10 04:15 157472 c:\windows\System32\javaws.exe
+ 2011-12-11 17:06 . 2011-12-11 17:06 157472 c:\windows\System32\javaws.exe
- 2011-09-10 04:15 . 2011-09-10 04:15 145184 c:\windows\System32\javaw.exe
+ 2011-12-11 17:06 . 2011-12-11 17:06 145184 c:\windows\System32\javaw.exe
+ 2011-12-11 17:06 . 2011-12-11 17:06 145184 c:\windows\System32\java.exe
- 2011-09-10 04:15 . 2011-09-10 04:15 145184 c:\windows\System32\java.exe
- 2009-07-14 04:33 . 2011-10-17 19:45 483664 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-14 04:33 . 2011-11-13 19:57 483664 c:\windows\System32\FNTCACHE.DAT
+ 2011-07-26 19:52 . 2011-12-14 22:58 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-07-26 19:52 . 2011-07-26 20:29 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-07-27 06:50 . 2011-12-15 15:13 573440 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:47 . 2011-12-11 23:10 448636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-11-08 06:00 448636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-11 17:05 . 2011-12-11 17:05 907264 c:\windows\Installer\2d1f682.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-11-13 19:26 . 2011-09-29 04:49 2349568 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21828_none_bb7db57911eafe30\win32k.sys
+ 2011-11-13 19:26 . 2011-09-29 03:37 2341888 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17697_none_baa76709f9070b7f\win32k.sys
+ 2011-11-13 19:26 . 2011-09-29 03:35 2349056 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21060_none_b963ecaf14ec6d6b\win32k.sys
+ 2011-11-13 19:26 . 2011-09-29 04:20 2339840 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16889_none_b8cdda83fbd6b650\win32k.sys
+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wab32res.dll
+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wab32res.dll
+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wab32res.dll
+ 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wab32res.dll
+ 2011-11-13 19:26 . 2011-09-29 16:17 1303920 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
+ 2011-11-13 19:26 . 2011-09-29 16:03 1290608 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
+ 2011-11-13 19:26 . 2011-09-29 16:02 1301872 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
+ 2011-11-13 19:26 . 2011-09-29 15:43 1285488 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
+ 2009-07-14 02:03 . 2011-11-13 19:54 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2011-10-17 19:43 7340032 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-07-26 20:31 . 2011-12-11 17:13 6276768 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2011-07-27 06:50 . 2011-12-15 15:13 5062656 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-12-15 15:13 3899392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:34 . 2011-11-08 06:02 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2011-11-13 19:57 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-09 20:53 . 2011-12-11 17:18 8484444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2073212592-3125426970-1633408977-1001-12288.dat
+ 2011-12-11 01:25 . 2011-12-11 01:25 1856512 c:\windows\Installer\6c11eeb.msi
+ 2011-06-06 19:55 . 2011-06-06 19:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 19:55 . 2011-06-06 19:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 19:55 . 2011-06-06 19:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-07-26 20:17 . 2011-11-13 19:27 50295240 c:\windows\System32\MRT.exe
+ 2011-07-26 20:51 . 2011-12-13 19:44 41859348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2073212592-3125426970-1633408977-1001-8192.dat
+ 2011-12-11 17:08 . 2011-12-11 17:08 13135872 c:\windows\Installer\2d1f73e.msp
+ 2011-06-06 19:55 . 2011-06-06 19:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-07-26 20:31 . 2011-11-13 19:26 111884279 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-08-11 17:31]
.
2011-12-15 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-08-11 17:31]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073212592-3125426970-1633408977-1001Core.job
- c:\users\K\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 01:51]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073212592-3125426970-1633408977-1001UA.job
- c:\users\K\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 01:51]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\K\AppData\Roaming\Mozilla\Firefox\Profiles\v99u5swa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111011&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 10:24:38
ComboFix-quarantined-files.txt 2011-12-15 15:24
ComboFix2.txt 2011-11-08 06:21
.
Pre-Run: 24,393,715,712 bytes free
Post-Run: 24,328,454,144 bytes free
.
- - End Of File - - 7284276F6FD37F62FD825EC99F30C4FF

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 15 December 2011 - 11:47 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 December 2011 - 12:10 PM

11:58:45.0170 3552 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:58:45.0463 3552 ============================================================
11:58:45.0463 3552 Current date / time: 2011/12/15 11:58:45.0463
11:58:45.0463 3552 SystemInfo:
11:58:45.0463 3552
11:58:45.0463 3552 OS Version: 6.1.7601 ServicePack: 1.0
11:58:45.0463 3552 Product type: Workstation
11:58:45.0463 3552 ComputerName: K-PC
11:58:45.0463 3552 UserName: K
11:58:45.0463 3552 Windows directory: C:\Windows
11:58:45.0463 3552 System windows directory: C:\Windows
11:58:45.0463 3552 Processor architecture: Intel x86
11:58:45.0463 3552 Number of processors: 2
11:58:45.0463 3552 Page size: 0x1000
11:58:45.0463 3552 Boot type: Safe boot with network
11:58:45.0463 3552 ============================================================
11:58:53.0884 3552 Initialize success
11:58:55.0419 3740 ============================================================
11:58:55.0419 3740 Scan started
11:58:55.0419 3740 Mode: Manual;
11:58:55.0419 3740 ============================================================
11:58:58.0613 3740 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:58:58.0615 3740 1394ohci - ok
11:58:58.0645 3740 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:58:58.0648 3740 ACPI - ok
11:58:58.0699 3740 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:58:58.0700 3740 AcpiPmi - ok
11:58:58.0764 3740 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:58:58.0769 3740 adp94xx - ok
11:58:58.0792 3740 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:58:58.0796 3740 adpahci - ok
11:58:58.0815 3740 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:58:58.0817 3740 adpu320 - ok
11:58:58.0865 3740 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:58:58.0869 3740 AFD - ok
11:58:58.0896 3740 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:58:58.0897 3740 agp440 - ok
11:58:58.0952 3740 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:58:58.0954 3740 aic78xx - ok
11:58:58.0984 3740 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:58:58.0985 3740 aliide - ok
11:58:59.0030 3740 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:58:59.0031 3740 amdagp - ok
11:58:59.0050 3740 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:58:59.0051 3740 amdide - ok
11:58:59.0099 3740 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:58:59.0101 3740 AmdK8 - ok
11:58:59.0274 3740 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
11:58:59.0405 3740 amdkmdag - ok
11:58:59.0439 3740 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
11:58:59.0442 3740 amdkmdap - ok
11:58:59.0465 3740 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:58:59.0467 3740 AmdPPM - ok
11:58:59.0506 3740 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:58:59.0508 3740 amdsata - ok
11:58:59.0541 3740 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:58:59.0544 3740 amdsbs - ok
11:58:59.0565 3740 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:58:59.0566 3740 amdxata - ok
11:58:59.0614 3740 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:58:59.0615 3740 AppID - ok
11:58:59.0667 3740 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:58:59.0669 3740 arc - ok
11:58:59.0686 3740 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:58:59.0688 3740 arcsas - ok
11:58:59.0716 3740 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:58:59.0717 3740 AsyncMac - ok
11:58:59.0747 3740 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:58:59.0747 3740 atapi - ok
11:58:59.0795 3740 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
11:58:59.0821 3740 athr - ok
11:59:00.0001 3740 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
11:59:00.0045 3740 atikmdag - ok
11:59:00.0193 3740 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:59:00.0198 3740 b06bdrv - ok
11:59:00.0254 3740 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:59:00.0258 3740 b57nd60x - ok
11:59:00.0279 3740 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:59:00.0280 3740 Beep - ok
11:59:00.0301 3740 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:59:00.0302 3740 blbdrive - ok
11:59:00.0346 3740 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:59:00.0348 3740 bowser - ok
11:59:00.0370 3740 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:59:00.0371 3740 BrFiltLo - ok
11:59:00.0432 3740 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:59:00.0434 3740 BrFiltUp - ok
11:59:00.0478 3740 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:59:00.0483 3740 Brserid - ok
11:59:00.0502 3740 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:59:00.0503 3740 BrSerWdm - ok
11:59:00.0518 3740 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:59:00.0520 3740 BrUsbMdm - ok
11:59:00.0537 3740 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:59:00.0538 3740 BrUsbSer - ok
11:59:00.0556 3740 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:59:00.0557 3740 BTHMODEM - ok
11:59:00.0661 3740 catchme - ok
11:59:00.0720 3740 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:59:00.0722 3740 cdfs - ok
11:59:00.0776 3740 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:59:00.0778 3740 cdrom - ok
11:59:00.0799 3740 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:59:00.0801 3740 circlass - ok
11:59:00.0824 3740 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:59:00.0828 3740 CLFS - ok
11:59:00.0888 3740 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:59:00.0889 3740 CmBatt - ok
11:59:00.0931 3740 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:59:00.0932 3740 cmdide - ok
11:59:00.0953 3740 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
11:59:00.0959 3740 CNG - ok
11:59:00.0975 3740 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:59:00.0976 3740 Compbatt - ok
11:59:01.0013 3740 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:59:01.0014 3740 CompositeBus - ok
11:59:01.0035 3740 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:59:01.0036 3740 crcdisk - ok
11:59:01.0084 3740 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:59:01.0089 3740 CSC - ok
11:59:01.0135 3740 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:59:01.0136 3740 DfsC - ok
11:59:01.0159 3740 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:59:01.0160 3740 discache - ok
11:59:01.0197 3740 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:59:01.0198 3740 Disk - ok
11:59:01.0244 3740 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:59:01.0245 3740 drmkaud - ok
11:59:01.0288 3740 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:59:01.0304 3740 DXGKrnl - ok
11:59:01.0397 3740 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:59:01.0456 3740 ebdrv - ok
11:59:01.0494 3740 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
11:59:01.0496 3740 ElbyCDIO - ok
11:59:01.0544 3740 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:59:01.0550 3740 elxstor - ok
11:59:01.0575 3740 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:59:01.0576 3740 ErrDev - ok
11:59:01.0614 3740 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:59:01.0616 3740 exfat - ok
11:59:01.0639 3740 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:59:01.0642 3740 fastfat - ok
11:59:01.0672 3740 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:59:01.0673 3740 fdc - ok
11:59:01.0698 3740 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:59:01.0700 3740 FileInfo - ok
11:59:01.0715 3740 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:59:01.0717 3740 Filetrace - ok
11:59:01.0748 3740 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:59:01.0748 3740 flpydisk - ok
11:59:01.0764 3740 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:59:01.0767 3740 FltMgr - ok
11:59:01.0801 3740 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:59:01.0802 3740 FsDepends - ok
11:59:01.0815 3740 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:59:01.0816 3740 Fs_Rec - ok
11:59:01.0860 3740 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:59:01.0863 3740 fvevol - ok
11:59:01.0895 3740 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:59:01.0897 3740 gagp30kx - ok
11:59:01.0915 3740 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:59:01.0916 3740 hcw85cir - ok
11:59:01.0965 3740 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:59:01.0969 3740 HdAudAddService - ok
11:59:02.0004 3740 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:59:02.0006 3740 HDAudBus - ok
11:59:02.0021 3740 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:59:02.0022 3740 HidBatt - ok
11:59:02.0036 3740 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:59:02.0037 3740 HidBth - ok
11:59:02.0065 3740 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:59:02.0066 3740 HidIr - ok
11:59:02.0106 3740 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:59:02.0107 3740 HidUsb - ok
11:59:02.0152 3740 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:59:02.0153 3740 HpSAMD - ok
11:59:02.0193 3740 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:59:02.0208 3740 HTTP - ok
11:59:02.0244 3740 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:59:02.0245 3740 hwpolicy - ok
11:59:02.0292 3740 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:59:02.0294 3740 i8042prt - ok
11:59:02.0321 3740 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:59:02.0325 3740 iaStorV - ok
11:59:02.0365 3740 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:59:02.0366 3740 iirsp - ok
11:59:02.0441 3740 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:59:02.0442 3740 intelide - ok
11:59:02.0473 3740 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:59:02.0474 3740 intelppm - ok
11:59:02.0507 3740 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:59:02.0509 3740 IpFilterDriver - ok
11:59:02.0542 3740 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:59:02.0544 3740 IPMIDRV - ok
11:59:02.0557 3740 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:59:02.0559 3740 IPNAT - ok
11:59:02.0594 3740 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:59:02.0595 3740 IRENUM - ok
11:59:02.0613 3740 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:59:02.0614 3740 isapnp - ok
11:59:02.0644 3740 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:59:02.0647 3740 iScsiPrt - ok
11:59:02.0688 3740 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:59:02.0689 3740 kbdclass - ok
11:59:02.0704 3740 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:59:02.0705 3740 kbdhid - ok
11:59:02.0738 3740 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
11:59:02.0739 3740 KSecDD - ok
11:59:02.0763 3740 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
11:59:02.0766 3740 KSecPkg - ok
11:59:02.0813 3740 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:59:02.0815 3740 lltdio - ok
11:59:02.0859 3740 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:59:02.0861 3740 LSI_FC - ok
11:59:02.0875 3740 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:59:02.0877 3740 LSI_SAS - ok
11:59:02.0898 3740 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:59:02.0899 3740 LSI_SAS2 - ok
11:59:02.0927 3740 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:59:02.0929 3740 LSI_SCSI - ok
11:59:02.0946 3740 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:59:02.0947 3740 luafv - ok
11:59:03.0029 3740 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
11:59:03.0071 3740 LVcKap - ok
11:59:03.0129 3740 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
11:59:03.0172 3740 LVMVDrv - ok
11:59:03.0212 3740 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
11:59:03.0214 3740 LVPr2Mon - ok
11:59:03.0254 3740 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
11:59:03.0255 3740 LVUSBSta - ok
11:59:03.0297 3740 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
11:59:03.0298 3740 MBAMProtector - ok
11:59:03.0344 3740 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:59:03.0346 3740 megasas - ok
11:59:03.0376 3740 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:59:03.0379 3740 MegaSR - ok
11:59:03.0404 3740 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:59:03.0405 3740 Modem - ok
11:59:03.0450 3740 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:59:03.0451 3740 monitor - ok
11:59:03.0489 3740 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:59:03.0491 3740 mouclass - ok
11:59:03.0524 3740 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:59:03.0525 3740 mouhid - ok
11:59:03.0552 3740 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:59:03.0553 3740 mountmgr - ok
11:59:03.0581 3740 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:59:03.0611 3740 mpio - ok
11:59:03.0642 3740 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:59:03.0644 3740 mpsdrv - ok
11:59:03.0679 3740 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:59:03.0681 3740 MRxDAV - ok
11:59:03.0706 3740 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:59:03.0708 3740 mrxsmb - ok
11:59:03.0737 3740 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:59:03.0741 3740 mrxsmb10 - ok
11:59:03.0755 3740 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:59:03.0756 3740 mrxsmb20 - ok
11:59:03.0777 3740 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:59:03.0779 3740 msahci - ok
11:59:03.0800 3740 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:59:03.0802 3740 msdsm - ok
11:59:03.0841 3740 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:59:03.0842 3740 Msfs - ok
11:59:03.0853 3740 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:59:03.0854 3740 mshidkmdf - ok
11:59:03.0880 3740 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:59:03.0881 3740 msisadrv - ok
11:59:03.0926 3740 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:59:03.0927 3740 MSKSSRV - ok
11:59:03.0943 3740 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:59:03.0944 3740 MSPCLOCK - ok
11:59:03.0953 3740 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:59:03.0954 3740 MSPQM - ok
11:59:03.0973 3740 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:59:03.0976 3740 MsRPC - ok
11:59:03.0994 3740 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:59:03.0995 3740 mssmbios - ok
11:59:04.0009 3740 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:59:04.0010 3740 MSTEE - ok
11:59:04.0031 3740 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:59:04.0032 3740 MTConfig - ok
11:59:04.0076 3740 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
11:59:04.0077 3740 MTsensor - ok
11:59:04.0092 3740 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:59:04.0093 3740 Mup - ok
11:59:04.0132 3740 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:59:04.0136 3740 NativeWifiP - ok
11:59:04.0184 3740 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:59:04.0201 3740 NDIS - ok
11:59:04.0226 3740 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:59:04.0227 3740 NdisCap - ok
11:59:04.0242 3740 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:59:04.0243 3740 NdisTapi - ok
11:59:04.0268 3740 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:59:04.0269 3740 Ndisuio - ok
11:59:04.0295 3740 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:59:04.0297 3740 NdisWan - ok
11:59:04.0318 3740 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:59:04.0320 3740 NDProxy - ok
11:59:04.0356 3740 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:59:04.0357 3740 NetBIOS - ok
11:59:04.0413 3740 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:59:04.0416 3740 NetBT - ok
11:59:04.0477 3740 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:59:04.0479 3740 nfrd960 - ok
11:59:04.0517 3740 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:59:04.0519 3740 Npfs - ok
11:59:04.0555 3740 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:59:04.0556 3740 nsiproxy - ok
11:59:04.0608 3740 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:59:04.0634 3740 Ntfs - ok
11:59:04.0677 3740 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:59:04.0678 3740 Null - ok
11:59:04.0714 3740 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:59:04.0716 3740 nvraid - ok
11:59:04.0742 3740 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:59:04.0744 3740 nvstor - ok
11:59:04.0763 3740 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:59:04.0765 3740 nv_agp - ok
11:59:04.0792 3740 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:59:04.0794 3740 ohci1394 - ok
11:59:04.0870 3740 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:59:04.0872 3740 Parport - ok
11:59:04.0906 3740 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:59:04.0912 3740 partmgr - ok
11:59:04.0923 3740 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:59:04.0925 3740 Parvdm - ok
11:59:04.0983 3740 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
11:59:04.0984 3740 pbfilter - ok
11:59:05.0021 3740 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:59:05.0023 3740 pci - ok
11:59:05.0032 3740 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:59:05.0033 3740 pciide - ok
11:59:05.0056 3740 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:59:05.0059 3740 pcmcia - ok
11:59:05.0080 3740 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:59:05.0081 3740 pcw - ok
11:59:05.0103 3740 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:59:05.0118 3740 PEAUTH - ok
11:59:05.0191 3740 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
11:59:05.0194 3740 PID_0928 - ok
11:59:05.0237 3740 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:59:05.0239 3740 PptpMiniport - ok
11:59:05.0255 3740 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:59:05.0257 3740 Processor - ok
11:59:05.0307 3740 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:59:05.0308 3740 Psched - ok
11:59:05.0350 3740 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
11:59:05.0350 3740 PSI - ok
11:59:05.0395 3740 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:59:05.0420 3740 ql2300 - ok
11:59:05.0447 3740 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:59:05.0449 3740 ql40xx - ok
11:59:05.0471 3740 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:59:05.0472 3740 QWAVEdrv - ok
11:59:05.0489 3740 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:59:05.0490 3740 RasAcd - ok
11:59:05.0512 3740 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:59:05.0514 3740 RasAgileVpn - ok
11:59:05.0537 3740 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:59:05.0539 3740 Rasl2tp - ok
11:59:05.0570 3740 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:59:05.0572 3740 RasPppoe - ok
11:59:05.0591 3740 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:59:05.0593 3740 RasSstp - ok
11:59:05.0625 3740 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:59:05.0628 3740 rdbss - ok
11:59:05.0653 3740 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:59:05.0654 3740 rdpbus - ok
11:59:05.0688 3740 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:59:05.0689 3740 RDPCDD - ok
11:59:05.0726 3740 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:59:05.0728 3740 RDPDR - ok
11:59:05.0762 3740 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:59:05.0763 3740 RDPENCDD - ok
11:59:05.0775 3740 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:59:05.0777 3740 RDPREFMP - ok
11:59:05.0826 3740 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:59:05.0827 3740 RdpVideoMiniport - ok
11:59:05.0863 3740 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
11:59:05.0866 3740 RDPWD - ok
11:59:05.0888 3740 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:59:05.0891 3740 rdyboost - ok
11:59:05.0960 3740 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:59:05.0962 3740 rspndr - ok
11:59:06.0008 3740 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
11:59:06.0012 3740 RTL8167 - ok
11:59:06.0036 3740 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:59:06.0037 3740 s3cap - ok
11:59:06.0115 3740 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:59:06.0116 3740 SASDIFSV - ok
11:59:06.0148 3740 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:59:06.0149 3740 SASKUTIL - ok
11:59:06.0187 3740 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:59:06.0189 3740 sbp2port - ok
11:59:06.0224 3740 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:59:06.0225 3740 scfilter - ok
11:59:06.0273 3740 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:59:06.0274 3740 secdrv - ok
11:59:06.0326 3740 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:59:06.0327 3740 Serenum - ok
11:59:06.0352 3740 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:59:06.0353 3740 sermouse - ok
11:59:06.0427 3740 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:59:06.0428 3740 sffdisk - ok
11:59:06.0442 3740 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:59:06.0443 3740 sffp_mmc - ok
11:59:06.0463 3740 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:59:06.0464 3740 sffp_sd - ok
11:59:06.0483 3740 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:59:06.0484 3740 sfloppy - ok
11:59:06.0513 3740 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:59:06.0515 3740 sisagp - ok
11:59:06.0544 3740 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:59:06.0546 3740 SiSRaid2 - ok
11:59:06.0564 3740 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:59:06.0565 3740 SiSRaid4 - ok
11:59:06.0600 3740 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:59:06.0602 3740 Smb - ok
11:59:06.0636 3740 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:59:06.0637 3740 spldr - ok
11:59:06.0688 3740 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:59:06.0695 3740 srv - ok
11:59:06.0709 3740 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:59:06.0713 3740 srv2 - ok
11:59:06.0747 3740 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:59:06.0749 3740 srvnet - ok
11:59:06.0782 3740 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:59:06.0783 3740 stexstor - ok
11:59:06.0814 3740 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
11:59:06.0815 3740 StillCam - ok
11:59:06.0855 3740 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:59:06.0856 3740 storflt - ok
11:59:06.0868 3740 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:59:06.0869 3740 storvsc - ok
11:59:06.0881 3740 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:59:06.0882 3740 swenum - ok
11:59:06.0921 3740 Synth3dVsc - ok
11:59:06.0983 3740 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:59:07.0008 3740 Tcpip - ok
11:59:07.0069 3740 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:59:07.0076 3740 TCPIP6 - ok
11:59:07.0111 3740 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:59:07.0112 3740 tcpipreg - ok
11:59:07.0144 3740 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:59:07.0145 3740 TDPIPE - ok
11:59:07.0160 3740 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
11:59:07.0162 3740 TDTCP - ok
11:59:07.0185 3740 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:59:07.0187 3740 tdx - ok
11:59:07.0214 3740 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:59:07.0216 3740 TermDD - ok
11:59:07.0265 3740 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:59:07.0267 3740 tssecsrv - ok
11:59:07.0311 3740 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:59:07.0312 3740 TsUsbFlt - ok
11:59:07.0323 3740 tsusbhub - ok
11:59:07.0371 3740 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:59:07.0373 3740 tunnel - ok
11:59:07.0407 3740 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:59:07.0408 3740 uagp35 - ok
11:59:07.0440 3740 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:59:07.0444 3740 udfs - ok
11:59:07.0484 3740 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:59:07.0486 3740 uliagpkx - ok
11:59:07.0524 3740 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
11:59:07.0525 3740 umbus - ok
11:59:07.0542 3740 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:59:07.0544 3740 UmPass - ok
11:59:07.0569 3740 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:59:07.0571 3740 usbccgp - ok
11:59:07.0603 3740 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:59:07.0605 3740 usbcir - ok
11:59:07.0629 3740 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:59:07.0631 3740 usbehci - ok
11:59:07.0650 3740 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:59:07.0653 3740 usbhub - ok
11:59:07.0664 3740 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
11:59:07.0665 3740 usbohci - ok
11:59:07.0688 3740 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:59:07.0689 3740 usbprint - ok
11:59:07.0715 3740 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:59:07.0717 3740 USBSTOR - ok
11:59:07.0735 3740 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
11:59:07.0736 3740 usbuhci - ok
11:59:07.0771 3740 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
11:59:07.0772 3740 VClone - ok
11:59:07.0802 3740 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:59:07.0803 3740 vdrvroot - ok
11:59:07.0818 3740 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:59:07.0819 3740 vga - ok
11:59:07.0832 3740 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:59:07.0833 3740 VgaSave - ok
11:59:07.0849 3740 VGPU - ok
11:59:07.0884 3740 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:59:07.0887 3740 vhdmp - ok
11:59:07.0931 3740 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:59:07.0932 3740 viaagp - ok
11:59:07.0953 3740 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:59:07.0954 3740 ViaC7 - ok
11:59:07.0968 3740 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:59:07.0969 3740 viaide - ok
11:59:08.0000 3740 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:59:08.0002 3740 vmbus - ok
11:59:08.0029 3740 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:59:08.0030 3740 VMBusHID - ok
11:59:08.0044 3740 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:59:08.0046 3740 volmgr - ok
11:59:08.0070 3740 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:59:08.0075 3740 volmgrx - ok
11:59:08.0103 3740 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:59:08.0106 3740 volsnap - ok
11:59:08.0135 3740 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:59:08.0137 3740 vsmraid - ok
11:59:08.0161 3740 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:59:08.0162 3740 vwifibus - ok
11:59:08.0178 3740 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:59:08.0179 3740 vwififlt - ok
11:59:08.0219 3740 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
11:59:08.0220 3740 vwifimp - ok
11:59:08.0244 3740 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:59:08.0245 3740 WacomPen - ok
11:59:08.0285 3740 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:59:08.0287 3740 WANARP - ok
11:59:08.0291 3740 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:59:08.0291 3740 Wanarpv6 - ok
11:59:08.0324 3740 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:59:08.0325 3740 Wd - ok
11:59:08.0345 3740 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:59:08.0351 3740 Wdf01000 - ok
11:59:08.0466 3740 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:59:08.0467 3740 WfpLwf - ok
11:59:08.0482 3740 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:59:08.0483 3740 WIMMount - ok
11:59:08.0543 3740 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:59:08.0544 3740 WinUsb - ok
11:59:08.0573 3740 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:59:08.0574 3740 WmiAcpi - ok
11:59:08.0605 3740 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:59:08.0606 3740 ws2ifsl - ok
11:59:08.0642 3740 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:59:08.0643 3740 WSDPrintDevice - ok
11:59:08.0687 3740 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:59:08.0688 3740 WudfPf - ok
11:59:08.0723 3740 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:59:08.0726 3740 WUDFRd - ok
11:59:08.0777 3740 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
11:59:08.0777 3740 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
11:59:08.0778 3740 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
11:59:09.0236 3740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:59:09.0240 3740 \Device\Harddisk1\DR1 - ok
11:59:09.0244 3740 Boot (0x1200) (892648489def1629b78e336bb654fb5f) \Device\Harddisk0\DR0\Partition0
11:59:09.0245 3740 \Device\Harddisk0\DR0\Partition0 - ok
11:59:09.0252 3740 Boot (0x1200) (495ee981dffc4fd26fb5e9e5b64473dd) \Device\Harddisk1\DR1\Partition0
11:59:09.0255 3740 \Device\Harddisk1\DR1\Partition0 - ok
11:59:09.0259 3740 ============================================================
11:59:09.0259 3740 Scan finished
11:59:09.0259 3740 ============================================================
11:59:09.0273 3704 Detected object count: 1
11:59:09.0273 3704 Actual detected object count: 1
11:59:30.0578 3704 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
11:59:30.0578 3704 \Device\Harddisk0\DR0 - ok
11:59:30.0579 3704 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
12:04:34.0147 2780 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 15 December 2011 - 12:19 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::e

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 December 2011 - 12:43 PM

Combo Fix ran didnt see any problems.
Still blue screens if i dont run in safe mode.


ComboFix 11-12-15.02 - K 12/15/2011 12:36:14.3.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1651 [GMT -5:00]
Running from: c:\users\K\Desktop\anv157.exe
Command switches used :: c:\users\K\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 17:40 . 2011-12-15 17:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-15 17:40 . 2011-12-15 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 15:24 . 2011-12-15 17:40 -------- d-----w- c:\users\K\AppData\Local\temp
2011-12-15 15:07 . 2011-12-15 15:07 78848 ----a-w- c:\windows\KMSEmulator.exe
2011-12-15 15:04 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-14 14:37 . 2011-12-14 16:22 -------- d-----w- c:\programdata\pM28300EeKjJ28300
2011-12-11 23:40 . 2011-12-11 23:40 -------- d-----w- c:\users\K\AppData\Roaming\SUPERAntiSpyware.com
2011-12-11 23:39 . 2011-12-11 23:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-11 23:39 . 2011-12-11 23:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-11 23:10 . 2011-12-14 15:50 -------- d-----w- c:\users\K\AppData\Local\ElevatedDiagnostics
2011-12-11 17:07 . 2011-11-05 07:10 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-11 17:06 . 2011-12-11 17:06 -------- d-----w- c:\program files\Java
2011-12-11 17:04 . 2011-12-11 17:04 -------- d-----w- c:\users\K\AppData\Local\Secunia PSI
2011-12-11 17:03 . 2011-12-11 17:03 -------- d-----w- c:\program files\Secunia
2011-12-11 16:12 . 2011-12-11 16:12 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-11 01:51 . 2011-12-11 01:52 -------- d-----w- c:\users\K\AppData\Local\Google
2011-12-11 01:26 . 2011-12-11 01:26 -------- d-----w- c:\program files\EjoyStudio
2011-11-16 17:49 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{634F9A48-95F1-47B7-BFE8-2FBEBDC77DBD}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 17:13 . 2011-07-26 20:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-11 17:06 . 2011-09-10 04:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-17 19:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 16:03 . 2011-11-13 19:26 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-13 19:26 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 07:10 . 2011-12-11 17:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-15_15.23.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-11 02:30 . 2011-12-15 15:42 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-11 02:30 . 2011-12-14 22:58 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-15 15:13 . 2011-12-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-15 17:05 . 2011-12-15 17:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-15 15:13 . 2011-12-15 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-15 17:05 . 2011-12-15 17:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-26 19:52 . 2011-12-14 22:58 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-07-26 19:52 . 2011-12-15 15:42 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-07-27 06:50 . 2011-12-15 15:13 573440 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-27 06:50 . 2011-12-15 15:32 573440 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-27 06:50 . 2011-12-15 15:13 5062656 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-27 06:50 . 2011-12-15 15:32 5062656 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-12-15 15:32 3948544 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-08-11 17:31]
.
2011-12-15 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-08-11 17:31]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073212592-3125426970-1633408977-1001Core.job
- c:\users\K\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 01:51]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2073212592-3125426970-1633408977-1001UA.job
- c:\users\K\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 01:51]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\K\AppData\Roaming\Mozilla\Firefox\Profiles\v99u5swa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111011&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 12:41:32
ComboFix-quarantined-files.txt 2011-12-15 17:41
ComboFix2.txt 2011-12-15 15:24
ComboFix3.txt 2011-11-08 06:21
.
Pre-Run: 24,444,841,984 bytes free
Post-Run: 24,377,393,152 bytes free
.
- - End Of File - - A65BF402BB6584977FE7EC2636E2D5E4

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 15 December 2011 - 12:47 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 15 December 2011 - 01:23 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-15 12:54:57
-----------------------------
12:54:57.345 OS Version: Windows 6.1.7601 Service Pack 1
12:54:57.345 Number of processors: 2 586 0x6B02
12:54:57.347 ComputerName: K-PC UserName: K
12:55:14.179 Initialize success
13:06:44.611 AVAST engine defs: 11121501
13:10:37.989 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:10:37.991 Disk 0 Vendor: WDC_WD800AAJS-00B4A0 01.03A01 Size: 76319MB BusType: 3
13:10:37.994 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
13:10:37.996 Disk 1 Vendor: WDC_WD10EACS-00D6B1 01.01A01 Size: 953869MB BusType: 3
13:10:40.028 Disk 0 MBR read successfully
13:10:40.031 Disk 0 MBR scan
13:10:40.104 Disk 0 Windows 7 default MBR code
13:10:40.109 Disk 0 scanning sectors +156280320
13:10:40.158 Disk 0 scanning C:\Windows\system32\drivers
13:10:48.644 Service scanning
13:10:49.752 Modules scanning
13:10:56.565 Disk 0 trace - called modules:
13:10:56.582 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
13:10:56.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8562f030]
13:10:56.918 3 CLASSPNP.SYS[88d9359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8556d908]
13:10:57.408 AVAST engine scan C:\Windows
13:10:59.425 AVAST engine scan C:\Windows\system32
13:12:39.522 AVAST engine scan C:\Windows\system32\drivers
13:12:47.782 AVAST engine scan C:\Users\K
13:16:06.540 AVAST engine scan C:\ProgramData
13:16:35.571 Scan finished successfully
13:22:37.577 Disk 0 MBR has been saved successfully to "C:\Users\K\Desktop\MBR.dat"
13:22:37.577 The log file has been saved successfully to "C:\Users\K\Desktop\aswMBR.txt"

#10 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 16 December 2011 - 03:05 PM

I can not get my Microsoft Firewall to turn on i keep getting an error code. I am not seeing any problems with redirects at this time.
the error code is 0x80070424

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 17 December 2011 - 11:12 PM

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 20 December 2011 - 11:21 AM

how do u launch those reg files they keep wanting to open in wordpad.

#13 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 20 December 2011 - 01:01 PM

Ok I got that to work seems like it is okay now. is there a program I can run to scan for these type rootkits in the future or a way to prevent this problem in the future.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:59 PM

Posted 20 December 2011 - 02:22 PM

Hello

Best thing to do is to come here as they are changing all the time

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gdtms24

gdtms24
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 20 December 2011 - 06:45 PM

µTorrent
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AutoSketch Release 10
EatCam Webcam Recorder 5.0 for Yahoo Messenger
Google Chrome
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Update
I.R.I.S. OCR
Java Auto Updater
Java™ 6 Update 29
Logitech High Quality Video
Logitech QuickCam
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable - KB2467175
Mozilla Firefox 8.0 (x86 en-GB)
oRipa Yahoo Webcam Recorder1.2.2
PDF Measure It
PeaZip 3.9
PeerBlock 1.1 (r518)
Secunia PSI (2.0.0.4003)
Skype™ 5.5
SUPERAntiSpyware
VBA (2627.01)
VirtualCloneDrive
VLC media player 1.1.11
Windows Media Player Firefox Plugin
Yahoo! Messenger




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users