Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with iexplore.exe, conhost.exe, smdt.exe, and sdiagnhost.exe malware


  • This topic is locked This topic is locked
36 replies to this topic

#1 arNette1024

arNette1024

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 13 December 2011 - 02:39 PM

Hello, I have recently picked up a nasty bug that I can't seem to get rid of. I have run Malwarebytes, SpyBot, Super Antispyware, ESET Online Scanner, and Avast 5 system scan which havent been able to get rid of the virus. The virus seems to be opening iexplore.exe in the background of my machine which causes audio advertisements shortly after. The virus also seems to be opening multiple instances of conhost.exe, msdt.exe and sdiagnhost.exe. If I leave the system running for a few hours and come back there will be over 30 instances open for each of these processes in my task manager. I was unable to make a GMER Log because I am running 64 bit windows. Please help! I am running Windows 7 Ultimate 64 Bit. I am using Avast AV 5 for system protection.

UPDATE: I may have pin pointed the file causing the problems, but I may be wrong. It seems that the process svchost.exe*32 located in my C:/Windows/SysWOW64 folder could be causing the issue. It may be coincidence that when I consistently kill this process in my task manager, iexplore.exe, conhost.exe, msdt.exe and sdiagnhost.exe do not seem to open in the background. However I could be wrong here.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by arNette at 14:27:59 on 2011-12-13
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6423 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\SysWoW64\svchost.exe
C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: Interfaces\{4BAD5689-BC50-46F1-8532-55F2EB95C974} : NameServer = 65.32.5.111,65.32.5.112
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\arNette\AppData\Roaming\Mozilla\Firefox\Profiles\xw0g9lsc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-7 44768]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-10-24 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-10-24 528760]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-5-3 14440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-3 366152]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-2 79360]
S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-13 19:26:39 821 ----a-w- C:\ProgramData\snrbbaa.tmp
2011-12-13 05:38:50 800 ----a-w- C:\ProgramData\mizuaaa.tmp
2011-12-13 03:28:06 388096 ----a-r- C:\Users\arNette\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 03:28:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-12 21:45:52 841 ----a-w- C:\ProgramData\kvnwbaa.tmp
2011-12-12 21:16:17 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-12 05:36:50 864 ----a-w- C:\ProgramData\iyatbaa.tmp
2011-12-11 20:29:34 828 ----a-w- C:\ProgramData\asluaaa.tmp
2011-12-10 23:45:59 -------- d-----w- C:\$RECYCLE.BIN
2011-12-10 23:08:28 -------- d-----w- C:\Users\arNette\AppData\Roaming\SUPERAntiSpyware.com
2011-12-10 23:08:11 -------- d-----w- C:\ProgramData\!SASCORE
2011-12-10 23:08:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-10 23:08:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-10 23:07:29 -------- d-----w- C:\Program Files\CCleaner
2011-12-07 22:00:28 208896 ----a-w- C:\Windows\MBR.exe
2011-12-07 22:00:27 98816 ----a-w- C:\Windows\sed.exe
2011-12-07 22:00:27 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-07 22:00:27 256000 ----a-w- C:\Windows\PEV.exe
2011-12-07 18:18:58 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-07 18:18:56 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-07 18:17:57 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-07 18:17:56 -------- d-----w- C:\ProgramData\Alwil Software
2011-12-06 17:26:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-06 17:26:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-04 15:07:52 -------- d-----w- C:\Program Files\ESET
2011-12-03 17:25:37 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2011-12-03 17:25:05 -------- d-----w- C:\263bbd1319c60add5a765670d55cf0
2011-12-03 15:34:48 -------- d--h--w- C:\Users\arNette\AppData\Roaming\Malwarebytes
2011-12-03 15:34:30 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-03 15:34:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-03 14:32:32 -------- d--h--w- C:\Users\arNette\AppData\Local\Apps
2011-11-30 17:47:57 -------- d--h--w- C:\Users\arNette\AppData\Local\ElevatedDiagnostics
2011-11-15 18:05:39 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-11-15 18:05:39 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-11-15 18:05:39 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2011-11-15 18:05:39 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-11-15 18:05:39 137536 ----a-w- C:\Windows\System32\nvshext.dll
2011-11-15 18:05:39 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2011-11-15 18:05:34 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-11-15 18:04:52 8791360 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-11-15 18:04:52 7041856 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2011-11-15 18:04:52 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-11-15 18:04:52 5578560 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2011-11-15 18:04:52 2458432 ----a-w- C:\Windows\SysWow64\nvapi.dll
2011-11-15 18:04:52 2401088 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2011-11-15 18:04:52 2099520 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2011-11-15 18:04:52 18871616 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2011-11-15 18:04:52 17248576 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2011-11-15 18:04:52 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2011-11-15 18:04:52 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2011-11-15 18:04:52 13205312 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2011-11-15 17:01:26 7581504 ----a-w- C:\Windows\System32\nvcuda.dll
2011-11-15 17:01:26 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2011-11-15 17:01:26 2808128 ----a-w- C:\Windows\System32\nvapi64.dll
2011-11-15 17:01:26 2542912 ----a-w- C:\Windows\System32\nvcuvid.dll
2011-11-15 17:01:26 24796992 ----a-w- C:\Windows\System32\nvcompiler.dll
2011-11-15 17:01:26 24742720 ----a-w- C:\Windows\System32\nvoglv64.dll
2011-11-15 17:01:26 2232128 ----a-w- C:\Windows\System32\nvcuvenc.dll
2011-11-15 17:01:26 15693120 ----a-w- C:\Windows\System32\nvd3dumx.dll
2011-11-15 17:01:26 12971840 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2011-11-14 18:33:46 -------- d--h--w- C:\Users\arNette\AppData\Roaming\SteelSeries Xai
2011-11-14 18:33:24 -------- d-----w- C:\Program Files (x86)\SteelSeries
2011-11-13 19:31:42 -------- d--h--w- C:\Users\arNette\AppData\Local\Skyrim
.
==================== Find3M ====================
.
2011-11-15 21:10:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-10-08 19:29:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-08 19:29:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-08 19:25:04 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-03 20:23:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-03 18:49:27 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 14:30:40.78 ===============

Edited by arNette1024, 13 December 2011 - 07:13 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 18 December 2011 - 01:34 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 arNette1024

arNette1024
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 18 December 2011 - 02:08 PM

I attached the Attach.txt to this reply. The DDS.txt is below.

DDS.txt:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by arNette at 14:00:17 on 2011-12-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6396 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\Windows\SysWoW64\svchost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: Interfaces\{4BAD5689-BC50-46F1-8532-55F2EB95C974} : NameServer = 65.32.5.111,65.32.5.112
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\arNette\AppData\Roaming\Mozilla\Firefox\Profiles\xw0g9lsc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-7 44768]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-10-24 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-10-24 528760]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-5-3 14440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-3 366152]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-2 79360]
S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-12-18 15:39:44 808 ----a-w- C:\ProgramData\wzgtbaa.tmp
2011-12-18 07:45:10 827 ----a-w- C:\ProgramData\ionrbaa.tmp
2011-12-17 06:58:05 789 ----a-w- C:\ProgramData\khcdaaa.tmp
2011-12-17 05:36:57 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-12-17 05:36:56 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-12-17 05:36:38 -------- d-----w- C:\Windows\SysWow64\xlive
2011-12-17 05:36:38 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-12-17 05:36:31 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
2011-12-17 05:36:31 107368 ----a-w- C:\Windows\System32\xinput1_3.dll
2011-12-17 05:36:29 469264 ----a-w- C:\Windows\System32\d3dx10.dll
2011-12-17 05:36:29 440080 ----a-w- C:\Windows\SysWow64\d3dx10.dll
2011-12-17 05:09:50 -------- d-----w- C:\Program Files (x86)\R.G. Catalyst
2011-12-17 05:01:12 -------- d-----w- C:\bat
2011-12-16 06:28:32 813 ----a-w- C:\ProgramData\choibaa.tmp
2011-12-16 02:48:46 800 ----a-w- C:\ProgramData\uyxecaa.tmp
2011-12-15 21:43:03 884 ----a-w- C:\ProgramData\medkbaa.tmp
2011-12-15 19:46:08 -------- d-----w- C:\$RECYCLE.BIN
2011-12-15 19:28:29 -------- d-----w- C:\ComboFix
2011-12-15 19:14:49 -------- d-----w- C:\Windows\System32\appmgmt
2011-12-14 22:20:04 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-12-13 23:58:39 -------- d-----w- C:\ProgramData\SecTaskMan
2011-12-13 03:28:06 388096 ----a-r- C:\Users\arNette\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 03:28:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-10 23:08:28 -------- d-----w- C:\Users\arNette\AppData\Roaming\SUPERAntiSpyware.com
2011-12-10 23:08:11 -------- d-----w- C:\ProgramData\!SASCORE
2011-12-10 23:08:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-10 23:08:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-10 23:07:29 -------- d-----w- C:\Program Files\CCleaner
2011-12-07 22:00:28 208896 ----a-w- C:\Windows\MBR.exe
2011-12-07 22:00:27 98816 ----a-w- C:\Windows\sed.exe
2011-12-07 22:00:27 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-07 22:00:27 256000 ----a-w- C:\Windows\PEV.exe
2011-12-07 18:18:58 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-07 18:18:56 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-07 18:17:57 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-07 18:17:56 -------- d-----w- C:\ProgramData\Alwil Software
2011-12-06 17:26:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-06 17:26:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-03 17:25:37 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2011-12-03 17:25:05 -------- d-----w- C:\263bbd1319c60add5a765670d55cf0
2011-12-03 15:34:48 -------- d--h--w- C:\Users\arNette\AppData\Roaming\Malwarebytes
2011-12-03 15:34:30 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-03 15:34:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-03 14:32:32 -------- d--h--w- C:\Users\arNette\AppData\Local\Apps
2011-11-30 17:47:57 -------- d--h--w- C:\Users\arNette\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-11-15 21:10:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-10-08 19:29:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-08 19:25:04 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-03 20:23:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:02:08.70 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 18 December 2011 - 02:24 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 arNette1024

arNette1024
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 18 December 2011 - 02:48 PM

Ran ComboFix and nothing seems to have changed. iexplore.exe*32 continues to load in the background as well as conhost.exe, smdt.exe and sdiagnhost.exe after a few minutes. I had to attach the log because it was too long.
ComboFix 11-12-18.01 - arNette 12/18/2011 14:31:40.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6427 [GMT -5:00]
Running from: c:\users\arNette\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\choibaa.tmp
c:\programdata\ionrbaa.tmp
c:\programdata\khcdaaa.tmp
c:\programdata\medkbaa.tmp
c:\programdata\uyxecaa.tmp
c:\programdata\wzgtbaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 19:36 . 2011-12-18 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-17 05:36 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-12-17 05:36 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-12-17 05:36 . 2011-12-17 05:36 -------- d-----w- c:\windows\SysWow64\xlive
2011-12-17 05:36 . 2011-12-17 05:36 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-12-17 05:36 . 2007-04-04 23:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2011-12-17 05:36 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-12-17 05:36 . 2006-11-29 18:06 469264 ----a-w- c:\windows\system32\d3dx10.dll
2011-12-17 05:36 . 2006-11-29 18:06 440080 ----a-w- c:\windows\SysWow64\d3dx10.dll
2011-12-17 05:09 . 2011-12-17 05:09 -------- d-----w- c:\program files (x86)\R.G. Catalyst
2011-12-17 05:01 . 2011-12-17 05:07 -------- d-----w- C:\bat
2011-12-15 19:14 . 2011-12-15 19:14 -------- d-----w- c:\windows\system32\appmgmt
2011-12-14 22:20 . 2011-12-14 22:20 -------- d-----w- c:\users\arNette\AppData\Roaming\vlc
2011-12-14 22:20 . 2011-12-14 22:20 -------- d-----w- c:\program files (x86)\VideoLAN
2011-12-13 23:58 . 2011-12-14 22:05 -------- d-----w- c:\programdata\SecTaskMan
2011-12-13 03:28 . 2011-12-13 03:28 388096 ----a-r- c:\users\arNette\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 03:28 . 2011-12-13 03:28 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-10 23:08 . 2011-12-10 23:08 -------- d-----w- c:\users\arNette\AppData\Roaming\SUPERAntiSpyware.com
2011-12-10 23:08 . 2011-12-10 23:08 -------- d-----w- c:\programdata\!SASCORE
2011-12-10 23:08 . 2011-12-12 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-10 23:08 . 2011-12-10 23:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-10 23:07 . 2011-12-10 23:07 -------- d-----w- c:\program files\CCleaner
2011-12-07 18:19 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-07 18:19 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-07 18:18 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-07 18:18 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-07 18:18 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-07 18:18 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-07 18:18 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-07 18:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-07 18:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-07 18:17 . 2011-12-07 18:17 -------- d-----w- c:\programdata\Alwil Software
2011-12-07 18:17 . 2011-12-07 18:17 -------- d-----w- c:\program files\Alwil Software
2011-12-06 17:26 . 2011-12-06 17:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-06 17:26 . 2011-12-06 17:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-05 16:47 . 2011-12-05 16:47 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2011-12-03 17:25 . 2011-12-04 03:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2011-12-03 17:25 . 2011-12-04 03:57 -------- d-----w- C:\263bbd1319c60add5a765670d55cf0
2011-12-03 15:34 . 2011-12-03 15:34 -------- d--h--w- c:\users\arNette\AppData\Roaming\Malwarebytes
2011-12-03 15:34 . 2011-12-03 15:34 -------- d-----w- c:\programdata\Malwarebytes
2011-12-03 15:34 . 2011-12-04 03:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-03 14:32 . 2011-12-03 14:32 -------- d--h--w- c:\users\arNette\AppData\Local\Apps
2011-11-30 17:47 . 2011-11-30 17:47 -------- d--h--w- c:\users\arNette\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 21:10 . 2011-08-02 20:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 08:53 . 2011-11-15 18:05 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-11-15 18:05 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-11-15 18:05 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-11-15 18:05 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-11-15 18:05 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-11-15 18:05 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-11-15 18:04 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-11-15 18:04 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-15 18:04 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-15 18:04 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-15 18:04 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-11-15 18:04 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-15 18:04 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-15 18:04 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-15 18:04 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-15 18:04 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-11-15 18:04 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-15 18:04 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-11-15 17:01 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-15 17:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-15 17:01 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-11-15 17:01 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-15 17:01 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-15 17:01 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-15 17:01 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-15 17:01 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-11-15 17:01 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-08 19:29 . 2011-10-03 20:25 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-08 19:25 . 2011-10-03 18:49 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-03 20:23 . 2011-10-03 20:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . DAE0D9E0D417070633DE369A800448BE . 857600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-12-15_19.46.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-07 18:14 . 2011-12-15 19:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-07 18:14 . 2011-12-18 19:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-12 18:34 . 2011-12-14 06:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2011-04-09 23:55 . 2011-04-09 23:55 13642904 c:\windows\SysWOW64\xlivefnt.dll
+ 2011-04-09 23:55 . 2011-04-09 23:55 15453336 c:\windows\SysWOW64\xlive.dll
+ 2011-08-02 21:15 . 2011-12-18 19:36 29447420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1816794011-1965744179-1877184498-1001-12288.dat
+ 2011-11-30 23:39 . 2011-11-30 23:39 21598208 c:\windows\Installer\2bdeaa4.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-02 79360]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-12-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-05-03 14440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: Interfaces\{4BAD5689-BC50-46F1-8532-55F2EB95C974}: NameServer = 65.32.5.111,65.32.5.112
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\arNette\AppData\Roaming\Mozilla\Firefox\Profiles\xw0g9lsc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,83,14,0f,6c,51,bf,4b,8b,99,63,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,83,14,0f,6c,51,bf,4b,8b,99,63,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
c:\program files (x86)\EVGA Precision\EVGAPrecision.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-12-18 14:42:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 19:42
.
Pre-Run: 14,129,061,888 bytes free
Post-Run: 14,105,227,264 bytes free
.
- - End Of File - - 9AD3591AE3728CB2C2EA5E208469904F

Attached Files


Edited by gringo_pr, 18 December 2011 - 03:00 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 18 December 2011 - 02:58 PM

Hello


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

Edited by gringo_pr, 18 December 2011 - 03:00 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 arNette1024

arNette1024
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 18 December 2011 - 03:01 PM

14:59:48.0367 1016 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:59:48.0701 1016 ============================================================
14:59:48.0701 1016 Current date / time: 2011/12/18 14:59:48.0701
14:59:48.0701 1016 SystemInfo:
14:59:48.0701 1016
14:59:48.0701 1016 OS Version: 6.1.7600 ServicePack: 0.0
14:59:48.0701 1016 Product type: Workstation
14:59:48.0701 1016 ComputerName: ARNETTE-PC
14:59:48.0701 1016 UserName: arNette
14:59:48.0701 1016 Windows directory: C:\Windows
14:59:48.0701 1016 System windows directory: C:\Windows
14:59:48.0701 1016 Running under WOW64
14:59:48.0701 1016 Processor architecture: Intel x64
14:59:48.0701 1016 Number of processors: 4
14:59:48.0701 1016 Page size: 0x1000
14:59:48.0701 1016 Boot type: Normal boot
14:59:48.0701 1016 ============================================================
14:59:50.0481 1016 Initialize success
14:59:53.0118 2304 ============================================================
14:59:53.0118 2304 Scan started
14:59:53.0118 2304 Mode: Manual;
14:59:53.0118 2304 ============================================================
14:59:53.0690 2304 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:59:53.0692 2304 1394ohci - ok
14:59:53.0724 2304 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:59:53.0728 2304 ACPI - ok
14:59:53.0743 2304 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:59:53.0744 2304 AcpiPmi - ok
14:59:53.0807 2304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:59:53.0812 2304 adp94xx - ok
14:59:53.0837 2304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:59:53.0841 2304 adpahci - ok
14:59:53.0861 2304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:59:53.0863 2304 adpu320 - ok
14:59:53.0902 2304 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
14:59:53.0908 2304 AFD - ok
14:59:53.0936 2304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:59:53.0937 2304 agp440 - ok
14:59:53.0958 2304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:59:53.0959 2304 aliide - ok
14:59:53.0971 2304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:59:53.0972 2304 amdide - ok
14:59:54.0001 2304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:59:54.0003 2304 AmdK8 - ok
14:59:54.0021 2304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:59:54.0021 2304 AmdPPM - ok
14:59:54.0052 2304 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
14:59:54.0053 2304 amdsata - ok
14:59:54.0063 2304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:59:54.0065 2304 amdsbs - ok
14:59:54.0085 2304 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
14:59:54.0086 2304 amdxata - ok
14:59:54.0137 2304 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:59:54.0138 2304 AppID - ok
14:59:54.0173 2304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:59:54.0174 2304 arc - ok
14:59:54.0186 2304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:59:54.0187 2304 arcsas - ok
14:59:54.0237 2304 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
14:59:54.0237 2304 aswFsBlk - ok
14:59:54.0297 2304 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
14:59:54.0297 2304 aswMonFlt - ok
14:59:54.0313 2304 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
14:59:54.0314 2304 aswRdr - ok
14:59:54.0342 2304 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
14:59:54.0344 2304 aswSnx - ok
14:59:54.0367 2304 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
14:59:54.0368 2304 aswSP - ok
14:59:54.0384 2304 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
14:59:54.0385 2304 aswTdi - ok
14:59:54.0405 2304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:59:54.0405 2304 AsyncMac - ok
14:59:54.0423 2304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:59:54.0423 2304 atapi - ok
14:59:54.0487 2304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:59:54.0492 2304 b06bdrv - ok
14:59:54.0530 2304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:59:54.0533 2304 b57nd60a - ok
14:59:54.0553 2304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:59:54.0554 2304 Beep - ok
14:59:54.0582 2304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:59:54.0583 2304 blbdrive - ok
14:59:54.0608 2304 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
14:59:54.0610 2304 bowser - ok
14:59:54.0654 2304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:59:54.0655 2304 BrFiltLo - ok
14:59:54.0670 2304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:59:54.0670 2304 BrFiltUp - ok
14:59:54.0691 2304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:59:54.0694 2304 Brserid - ok
14:59:54.0714 2304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:59:54.0715 2304 BrSerWdm - ok
14:59:54.0729 2304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:59:54.0730 2304 BrUsbMdm - ok
14:59:54.0742 2304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:59:54.0742 2304 BrUsbSer - ok
14:59:54.0758 2304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:59:54.0760 2304 BTHMODEM - ok
14:59:54.0785 2304 catchme - ok
14:59:54.0815 2304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:59:54.0817 2304 cdfs - ok
14:59:54.0859 2304 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:59:54.0861 2304 cdrom - ok
14:59:54.0888 2304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:59:54.0889 2304 circlass - ok
14:59:54.0930 2304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:59:54.0934 2304 CLFS - ok
14:59:54.0956 2304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:59:54.0957 2304 CmBatt - ok
14:59:54.0975 2304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:59:54.0976 2304 cmdide - ok
14:59:55.0005 2304 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:59:55.0010 2304 CNG - ok
14:59:55.0028 2304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:59:55.0029 2304 Compbatt - ok
14:59:55.0054 2304 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:59:55.0055 2304 CompositeBus - ok
14:59:55.0082 2304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:59:55.0083 2304 crcdisk - ok
14:59:55.0123 2304 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
14:59:55.0129 2304 CSC - ok
14:59:55.0178 2304 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
14:59:55.0179 2304 danewFltr - ok
14:59:55.0220 2304 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
14:59:55.0221 2304 DfsC - ok
14:59:55.0240 2304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:59:55.0241 2304 discache - ok
14:59:55.0281 2304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:59:55.0282 2304 Disk - ok
14:59:55.0323 2304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:59:55.0324 2304 drmkaud - ok
14:59:55.0353 2304 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
14:59:55.0376 2304 DXGKrnl - ok
14:59:55.0445 2304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:59:55.0505 2304 ebdrv - ok
14:59:55.0540 2304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:59:55.0546 2304 elxstor - ok
14:59:55.0562 2304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:59:55.0563 2304 ErrDev - ok
14:59:55.0596 2304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:59:55.0599 2304 exfat - ok
14:59:55.0614 2304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:59:55.0617 2304 fastfat - ok
14:59:55.0645 2304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:59:55.0646 2304 fdc - ok
14:59:55.0662 2304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:59:55.0663 2304 FileInfo - ok
14:59:55.0680 2304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:59:55.0681 2304 Filetrace - ok
14:59:55.0701 2304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:59:55.0701 2304 flpydisk - ok
14:59:55.0725 2304 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:59:55.0728 2304 FltMgr - ok
14:59:55.0748 2304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:59:55.0749 2304 FsDepends - ok
14:59:55.0766 2304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:59:55.0766 2304 Fs_Rec - ok
14:59:55.0796 2304 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
14:59:55.0798 2304 fvevol - ok
14:59:55.0823 2304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:59:55.0824 2304 gagp30kx - ok
14:59:55.0841 2304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:59:55.0842 2304 hcw85cir - ok
14:59:55.0883 2304 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:59:55.0887 2304 HdAudAddService - ok
14:59:55.0908 2304 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:59:55.0910 2304 HDAudBus - ok
14:59:55.0929 2304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:59:55.0930 2304 HidBatt - ok
14:59:55.0950 2304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:59:55.0951 2304 HidBth - ok
14:59:55.0968 2304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:59:55.0970 2304 HidIr - ok
14:59:55.0995 2304 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:59:55.0996 2304 HidUsb - ok
14:59:56.0021 2304 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:59:56.0022 2304 HpSAMD - ok
14:59:56.0049 2304 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:59:56.0065 2304 HTTP - ok
14:59:56.0083 2304 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:59:56.0083 2304 hwpolicy - ok
14:59:56.0130 2304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:59:56.0132 2304 i8042prt - ok
14:59:56.0244 2304 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
14:59:56.0249 2304 iaStorV - ok
14:59:56.0264 2304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:59:56.0265 2304 iirsp - ok
14:59:56.0289 2304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:59:56.0290 2304 intelide - ok
14:59:56.0316 2304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:59:56.0317 2304 intelppm - ok
14:59:56.0338 2304 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:59:56.0339 2304 IpFilterDriver - ok
14:59:56.0351 2304 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:59:56.0353 2304 IPMIDRV - ok
14:59:56.0371 2304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:59:56.0373 2304 IPNAT - ok
14:59:56.0399 2304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:59:56.0400 2304 IRENUM - ok
14:59:56.0419 2304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:59:56.0420 2304 isapnp - ok
14:59:56.0439 2304 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:59:56.0442 2304 iScsiPrt - ok
14:59:56.0471 2304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:59:56.0471 2304 kbdclass - ok
14:59:56.0496 2304 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:59:56.0497 2304 kbdhid - ok
14:59:56.0521 2304 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:59:56.0522 2304 KSecDD - ok
14:59:56.0535 2304 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
14:59:56.0537 2304 KSecPkg - ok
14:59:56.0550 2304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:59:56.0550 2304 ksthunk - ok
14:59:56.0588 2304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:59:56.0589 2304 lltdio - ok
14:59:56.0613 2304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:59:56.0615 2304 LSI_FC - ok
14:59:56.0631 2304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:59:56.0633 2304 LSI_SAS - ok
14:59:56.0643 2304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:59:56.0644 2304 LSI_SAS2 - ok
14:59:56.0661 2304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:59:56.0662 2304 LSI_SCSI - ok
14:59:56.0693 2304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:59:56.0694 2304 luafv - ok
14:59:56.0725 2304 MBAMProtector - ok
14:59:56.0748 2304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:59:56.0749 2304 megasas - ok
14:59:56.0772 2304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:59:56.0775 2304 MegaSR - ok
14:59:56.0792 2304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:59:56.0793 2304 Modem - ok
14:59:56.0816 2304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:59:56.0816 2304 monitor - ok
14:59:56.0841 2304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:59:56.0841 2304 mouclass - ok
14:59:56.0873 2304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:59:56.0873 2304 mouhid - ok
14:59:56.0892 2304 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:59:56.0893 2304 mountmgr - ok
14:59:56.0911 2304 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:59:56.0913 2304 mpio - ok
14:59:56.0934 2304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:59:56.0935 2304 mpsdrv - ok
14:59:56.0951 2304 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:59:56.0953 2304 MRxDAV - ok
14:59:56.0974 2304 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:59:56.0977 2304 mrxsmb - ok
14:59:57.0000 2304 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:59:57.0003 2304 mrxsmb10 - ok
14:59:57.0020 2304 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:59:57.0022 2304 mrxsmb20 - ok
14:59:57.0048 2304 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:59:57.0049 2304 msahci - ok
14:59:57.0063 2304 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:59:57.0065 2304 msdsm - ok
14:59:57.0082 2304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:59:57.0082 2304 Msfs - ok
14:59:57.0094 2304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:59:57.0095 2304 mshidkmdf - ok
14:59:57.0110 2304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:59:57.0111 2304 msisadrv - ok
14:59:57.0151 2304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:59:57.0152 2304 MSKSSRV - ok
14:59:57.0165 2304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:59:57.0165 2304 MSPCLOCK - ok
14:59:57.0177 2304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:59:57.0178 2304 MSPQM - ok
14:59:57.0199 2304 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:59:57.0203 2304 MsRPC - ok
14:59:57.0218 2304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:59:57.0219 2304 mssmbios - ok
14:59:57.0237 2304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:59:57.0238 2304 MSTEE - ok
14:59:57.0255 2304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:59:57.0255 2304 MTConfig - ok
14:59:57.0274 2304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:59:57.0275 2304 Mup - ok
14:59:57.0311 2304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:59:57.0315 2304 NativeWifiP - ok
14:59:57.0366 2304 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:59:57.0370 2304 NDIS - ok
14:59:57.0389 2304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:59:57.0390 2304 NdisCap - ok
14:59:57.0413 2304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:59:57.0414 2304 NdisTapi - ok
14:59:57.0435 2304 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:59:57.0436 2304 Ndisuio - ok
14:59:57.0458 2304 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:59:57.0460 2304 NdisWan - ok
14:59:57.0471 2304 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:59:57.0473 2304 NDProxy - ok
14:59:57.0488 2304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:59:57.0490 2304 NetBIOS - ok
14:59:57.0512 2304 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:59:57.0516 2304 NetBT - ok
14:59:57.0550 2304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:59:57.0552 2304 nfrd960 - ok
14:59:57.0569 2304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:59:57.0570 2304 Npfs - ok
14:59:57.0588 2304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:59:57.0589 2304 nsiproxy - ok
14:59:57.0633 2304 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
14:59:57.0640 2304 Ntfs - ok
14:59:57.0654 2304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:59:57.0655 2304 Null - ok
14:59:57.0684 2304 NVHDA - ok
14:59:57.0947 2304 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:59:57.0997 2304 nvlddmkm - ok
14:59:58.0020 2304 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
14:59:58.0022 2304 nvraid - ok
14:59:58.0037 2304 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
14:59:58.0039 2304 nvstor - ok
14:59:58.0073 2304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:59:58.0075 2304 nv_agp - ok
14:59:58.0091 2304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:59:58.0092 2304 ohci1394 - ok
14:59:58.0139 2304 P17 (66a2c70da35e8559982ee9d205329e1a) C:\Windows\system32\drivers\P17.sys
14:59:58.0169 2304 P17 - ok
14:59:58.0189 2304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:59:58.0191 2304 Parport - ok
14:59:58.0206 2304 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:59:58.0208 2304 partmgr - ok
14:59:58.0227 2304 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:59:58.0229 2304 pci - ok
14:59:58.0243 2304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:59:58.0244 2304 pciide - ok
14:59:58.0264 2304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:59:58.0267 2304 pcmcia - ok
14:59:58.0305 2304 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
14:59:58.0306 2304 pcouffin - ok
14:59:58.0317 2304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:59:58.0318 2304 pcw - ok
14:59:58.0343 2304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:59:58.0351 2304 PEAUTH - ok
14:59:58.0407 2304 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:59:58.0409 2304 PptpMiniport - ok
14:59:58.0428 2304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:59:58.0429 2304 Processor - ok
14:59:58.0466 2304 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:59:58.0468 2304 Psched - ok
14:59:58.0510 2304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:59:58.0541 2304 ql2300 - ok
14:59:58.0559 2304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:59:58.0561 2304 ql40xx - ok
14:59:58.0578 2304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:59:58.0579 2304 QWAVEdrv - ok
14:59:58.0594 2304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:59:58.0595 2304 RasAcd - ok
14:59:58.0634 2304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:59:58.0635 2304 RasAgileVpn - ok
14:59:58.0654 2304 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:59:58.0655 2304 Rasl2tp - ok
14:59:58.0674 2304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:59:58.0676 2304 RasPppoe - ok
14:59:58.0705 2304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:59:58.0707 2304 RasSstp - ok
14:59:58.0730 2304 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:59:58.0734 2304 rdbss - ok
14:59:58.0749 2304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:59:58.0750 2304 rdpbus - ok
14:59:58.0768 2304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:59:58.0768 2304 RDPCDD - ok
14:59:58.0790 2304 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
14:59:58.0792 2304 RDPDR - ok
14:59:58.0819 2304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:59:58.0819 2304 RDPENCDD - ok
14:59:58.0831 2304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:59:58.0831 2304 RDPREFMP - ok
14:59:58.0841 2304 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:59:58.0843 2304 RDPWD - ok
14:59:58.0875 2304 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:59:58.0877 2304 rdyboost - ok
14:59:58.0911 2304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:59:58.0912 2304 rspndr - ok
14:59:58.0999 2304 RTCore64 (2d91d45cd09dfc3f8e89da1c261fd1ac) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
14:59:59.0000 2304 RTCore64 - ok
14:59:59.0025 2304 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:59:59.0028 2304 RTL8167 - ok
14:59:59.0054 2304 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
14:59:59.0055 2304 s3cap - ok
14:59:59.0138 2304 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:59:59.0138 2304 SASDIFSV - ok
14:59:59.0161 2304 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:59:59.0161 2304 SASKUTIL - ok
14:59:59.0190 2304 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:59:59.0192 2304 sbp2port - ok
14:59:59.0262 2304 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
14:59:59.0263 2304 SCDEmu - ok
14:59:59.0278 2304 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:59:59.0280 2304 scfilter - ok
14:59:59.0313 2304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:59:59.0314 2304 secdrv - ok
14:59:59.0350 2304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:59:59.0351 2304 Serenum - ok
14:59:59.0383 2304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:59:59.0384 2304 Serial - ok
14:59:59.0402 2304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:59:59.0403 2304 sermouse - ok
14:59:59.0425 2304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:59:59.0425 2304 sffdisk - ok
14:59:59.0443 2304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:59:59.0444 2304 sffp_mmc - ok
14:59:59.0457 2304 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:59:59.0458 2304 sffp_sd - ok
14:59:59.0469 2304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:59:59.0470 2304 sfloppy - ok
14:59:59.0499 2304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:59:59.0500 2304 SiSRaid2 - ok
14:59:59.0520 2304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:59:59.0522 2304 SiSRaid4 - ok
14:59:59.0551 2304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:59:59.0553 2304 Smb - ok
14:59:59.0589 2304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:59:59.0589 2304 spldr - ok
14:59:59.0620 2304 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
14:59:59.0625 2304 srv - ok
14:59:59.0656 2304 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
14:59:59.0661 2304 srv2 - ok
14:59:59.0677 2304 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
14:59:59.0679 2304 srvnet - ok
14:59:59.0707 2304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:59:59.0708 2304 stexstor - ok
14:59:59.0745 2304 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
14:59:59.0745 2304 storflt - ok
14:59:59.0761 2304 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
14:59:59.0762 2304 storvsc - ok
14:59:59.0779 2304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:59:59.0779 2304 swenum - ok
14:59:59.0911 2304 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
14:59:59.0919 2304 Tcpip - ok
15:00:00.0003 2304 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
15:00:00.0010 2304 TCPIP6 - ok
15:00:00.0025 2304 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:00:00.0026 2304 tcpipreg - ok
15:00:00.0046 2304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:00:00.0047 2304 TDPIPE - ok
15:00:00.0064 2304 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:00:00.0065 2304 TDTCP - ok
15:00:00.0085 2304 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:00:00.0087 2304 tdx - ok
15:00:00.0101 2304 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:00:00.0102 2304 TermDD - ok
15:00:00.0153 2304 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:00.0154 2304 tssecsrv - ok
15:00:00.0190 2304 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:00:00.0192 2304 tunnel - ok
15:00:00.0209 2304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:00:00.0210 2304 uagp35 - ok
15:00:00.0236 2304 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:00:00.0240 2304 udfs - ok
15:00:00.0261 2304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:00:00.0262 2304 uliagpkx - ok
15:00:00.0292 2304 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:00:00.0293 2304 umbus - ok
15:00:00.0311 2304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:00:00.0312 2304 UmPass - ok
15:00:00.0334 2304 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:00.0335 2304 usbccgp - ok
15:00:00.0366 2304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:00:00.0368 2304 usbcir - ok
15:00:00.0385 2304 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
15:00:00.0386 2304 usbehci - ok
15:00:00.0419 2304 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
15:00:00.0423 2304 usbhub - ok
15:00:00.0444 2304 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:00:00.0445 2304 usbohci - ok
15:00:00.0473 2304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:00:00.0474 2304 usbprint - ok
15:00:00.0495 2304 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:00.0497 2304 USBSTOR - ok
15:00:00.0514 2304 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:00:00.0515 2304 usbuhci - ok
15:00:00.0548 2304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:00:00.0549 2304 vdrvroot - ok
15:00:00.0571 2304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:00.0572 2304 vga - ok
15:00:00.0589 2304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:00:00.0590 2304 VgaSave - ok
15:00:00.0614 2304 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:00:00.0617 2304 vhdmp - ok
15:00:00.0636 2304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:00:00.0636 2304 viaide - ok
15:00:00.0680 2304 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
15:00:00.0681 2304 VKbms - ok
15:00:00.0704 2304 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
15:00:00.0707 2304 vmbus - ok
15:00:00.0720 2304 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:00:00.0721 2304 VMBusHID - ok
15:00:00.0740 2304 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:00:00.0741 2304 volmgr - ok
15:00:00.0762 2304 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:00:00.0766 2304 volmgrx - ok
15:00:00.0808 2304 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:00:00.0811 2304 volsnap - ok
15:00:00.0830 2304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:00:00.0832 2304 vsmraid - ok
15:00:00.0847 2304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:00:00.0848 2304 vwifibus - ok
15:00:00.0903 2304 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
15:00:00.0903 2304 wacommousefilter - ok
15:00:00.0920 2304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:00:00.0921 2304 WacomPen - ok
15:00:00.0980 2304 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
15:00:00.0981 2304 wacomvhid - ok
15:00:01.0010 2304 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:01.0012 2304 WANARP - ok
15:00:01.0024 2304 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:01.0024 2304 Wanarpv6 - ok
15:00:01.0049 2304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:00:01.0050 2304 Wd - ok
15:00:01.0077 2304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:00:01.0090 2304 Wdf01000 - ok
15:00:01.0131 2304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:01.0131 2304 WfpLwf - ok
15:00:01.0146 2304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:00:01.0147 2304 WIMMount - ok
15:00:01.0182 2304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:00:01.0182 2304 WmiAcpi - ok
15:00:01.0217 2304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:00:01.0219 2304 ws2ifsl - ok
15:00:01.0273 2304 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:00:01.0275 2304 WudfPf - ok
15:00:01.0330 2304 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
15:00:01.0344 2304 xnacc - ok
15:00:01.0382 2304 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:00:01.0394 2304 \Device\Harddisk0\DR0 - ok
15:00:01.0410 2304 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
15:00:01.0412 2304 \Device\Harddisk1\DR1 - ok
15:00:01.0414 2304 Boot (0x1200) (ba869537766c1adf60f0ed6a7d51273b) \Device\Harddisk0\DR0\Partition0
15:00:01.0415 2304 \Device\Harddisk0\DR0\Partition0 - ok
15:00:01.0422 2304 Boot (0x1200) (305190f31b2f587268acc7120d72202a) \Device\Harddisk1\DR1\Partition0
15:00:01.0422 2304 \Device\Harddisk1\DR1\Partition0 - ok
15:00:01.0422 2304 ============================================================
15:00:01.0422 2304 Scan finished
15:00:01.0422 2304 ============================================================
15:00:01.0429 1500 Detected object count: 0
15:00:01.0429 1500 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 18 December 2011 - 03:16 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 arNette1024

arNette1024
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 18 December 2011 - 03:29 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-18 15:29:19
-----------------------------
15:29:19.982 OS Version: Windows x64 6.1.7600
15:29:19.983 Number of processors: 4 586 0x403
15:29:19.983 ComputerName: ARNETTE-PC UserName: arNette
15:29:20.516 Initialize success
15:29:20.546 AVAST engine defs: 11121801
15:29:22.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:29:22.478 Disk 0 Vendor: WDC_WD1600AAJS-22PSA0 05.06H05 Size: 152627MB BusType: 3
15:29:22.480 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
15:29:22.481 Disk 1 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3
15:29:24.499 Disk 0 MBR read successfully
15:29:24.501 Disk 0 MBR scan
15:29:24.503 Disk 0 Windows 7 default MBR code
15:29:24.512 Service scanning
15:29:25.709 Modules scanning
15:29:25.711 Disk 0 trace - called modules:
15:29:25.716 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:29:25.719 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae0060]
15:29:25.721 3 CLASSPNP.SYS[fffff8800180b43f] -> nt!IofCallDriver -> [0xfffffa800780c520]
15:29:25.724 5 ACPI.sys[fffff88000edd781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800780a680]
15:29:26.098 AVAST engine scan C:\Windows
15:29:28.062 AVAST engine scan C:\Windows\system32
15:30:08.950 AVAST engine scan C:\Windows\system32\drivers
15:30:13.116 AVAST engine scan C:\Users\arNette
15:38:44.415 AVAST engine scan C:\ProgramData
15:39:23.061 Scan finished successfully
15:39:31.989 Disk 0 MBR has been saved successfully to "C:\Users\arNette\Desktop\MBR.dat"
15:39:31.991 The log file has been saved successfully to "C:\Users\arNette\Desktop\aswMBR.txt"

Edited by arNette1024, 18 December 2011 - 03:40 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 18 December 2011 - 03:42 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 arNette1024

arNette1024
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 20 December 2011 - 12:28 PM

Posted Image

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 20 December 2011 - 02:16 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 arNette1024

arNette1024
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 20 December 2011 - 02:28 PM

OTL logfile created on: 12/20/2011 2:19:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\arNette\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 75.82% Memory free
16.00 Gb Paging File | 13.99 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 13.17 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 6.71 Gb Free Space | 0.96% Space Free | Partition Type: NTFS
Drive E: | 126.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ARNETTE-PC | User Name: arNette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\arNette\Desktop\bleepingcpu\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe ()
PRC - C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe ()
PRC - C:\Windows\SysWOW64\sdiagnhost.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\msdt.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\RTMUI.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\RTHAL.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\RTCore.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\RTUI.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\RTFC.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe ()
MOD - C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe ()
MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTTSH.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTMUI.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTUI.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTFC.dll ()
MOD - C:\Program Files (x86)\EVGA Precision\RTTSH.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (danewFltr) -- C:\Windows\SysNative\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV - (RTCore64) -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 2E D3 78 D0 B9 CC 01 [binary data]
IE - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/03 22:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/02 15:33:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\arNette\AppData\Roaming\Mozilla\Extensions
[2011/12/14 20:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arNette\AppData\Roaming\Mozilla\Firefox\Profiles\xw0g9lsc.default\extensions
[2011/12/05 22:52:31 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\arNette\AppData\Roaming\Mozilla\Firefox\Profiles\xw0g9lsc.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/12/15 14:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ARNETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XW0G9LSC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\ARNETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XW0G9LSC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ARNETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XW0G9LSC.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
() (No name found) -- C:\USERS\ARNETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XW0G9LSC.DEFAULT\EXTENSIONS\FIRESSH@NIGHTLIGHT.WS.XPI
[2011/11/08 23:57:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 23:57:44 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/18 14:37:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O4 - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1816794011-1965744179-1877184498-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BAD5689-BC50-46F1-8532-55F2EB95C974}: NameServer = 65.32.5.111,65.32.5.112
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = v6] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\unn.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = v6] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\unn.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 11:54:46 | 000,000,000 | ---D | C] -- C:\Users\arNette\AppData\Roaming\ImgBurn
[2011/12/20 11:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/12/20 11:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/12/18 14:38:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/18 14:36:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/18 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\arNette\Desktop\bleepingcpu
[2011/12/17 00:36:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/12/17 00:36:56 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/12/17 00:36:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/12/17 00:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/12/17 00:36:31 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/12/17 00:36:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/12/17 00:36:29 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/12/17 00:36:29 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/12/17 00:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[2011/12/17 00:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Catalyst
[2011/12/17 00:01:12 | 000,000,000 | ---D | C] -- C:\bat
[2011/12/15 14:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011/12/14 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\arNette\AppData\Roaming\vlc
[2011/12/14 17:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/12/14 17:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/12/13 18:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/12/12 22:28:07 | 000,000,000 | ---D | C] -- C:\Users\arNette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/12 22:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/10 18:08:28 | 000,000,000 | ---D | C] -- C:\Users\arNette\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/10 18:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/10 18:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/12/10 18:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/10 18:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/10 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/07 17:00:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/07 17:00:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/07 17:00:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/07 17:00:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/07 16:59:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 13:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011/12/07 13:19:00 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/07 13:19:00 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/07 13:18:58 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/07 13:18:58 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/07 13:18:57 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/07 13:18:56 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/07 13:18:44 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/07 13:17:57 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/07 13:17:57 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/07 13:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/12/07 13:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/12/06 12:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/06 12:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/06 12:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/05 11:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/12/03 23:40:03 | 000,638,976 | ---- | C] (ESET) -- C:\Users\arNette\Desktop\ESETUninstaller.exe
[2011/12/03 12:25:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2011/12/03 12:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2011/12/03 12:25:05 | 000,000,000 | ---D | C] -- C:\263bbd1319c60add5a765670d55cf0
[2011/12/03 11:51:55 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/03 10:34:48 | 000,000,000 | -H-D | C] -- C:\Users\arNette\AppData\Roaming\Malwarebytes
[2011/12/03 10:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/03 10:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/03 10:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/03 09:32:32 | 000,000,000 | -H-D | C] -- C:\Users\arNette\AppData\Local\Apps
[2011/11/30 12:47:57 | 000,000,000 | -H-D | C] -- C:\Users\arNette\AppData\Local\ElevatedDiagnostics
[2011/08/14 02:04:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\arNette\AppData\Roaming\pcouffin.sys
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 12:32:14 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 12:32:14 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 12:29:18 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/20 12:29:18 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/20 12:29:18 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/20 12:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 12:24:50 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 11:48:41 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/20 11:34:52 | 005,139,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/19 23:46:37 | 000,001,041 | ---- | M] () -- C:\Users\arNette\AppData\Roaming\vso_ts_preview.xml
[2011/12/19 23:22:22 | 000,174,530 | ---- | M] () -- C:\screenshot1.jpg
[2011/12/18 14:37:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/14 17:20:25 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/12/13 14:26:42 | 000,000,000 | ---- | M] () -- C:\Users\arNette\defogger_reenable
[2011/12/12 13:21:33 | 000,010,402 | -HS- | M] () -- C:\ProgramData\821510t1p066d640j276j2dgj5x6
[2011/12/11 15:23:03 | 000,001,542 | -HS- | M] () -- C:\ProgramData\eyfwlj5h3mmp7jcw1bey8j228s1i
[2011/12/11 15:03:41 | 000,013,328 | -HS- | M] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/07 17:29:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/03 11:32:27 | 000,000,355 | ---- | M] () -- C:\Users\arNette\Desktop\Computer - Shortcut.lnk
[2011/12/03 10:48:29 | 000,000,324 | ---- | M] () -- C:\Users\arNette\Desktop\fix.reg
[2011/12/03 10:40:24 | 000,005,168 | -HS- | M] () -- C:\Users\arNette\AppData\Local\8e27ki5n85c306
[2011/12/03 10:40:24 | 000,005,168 | -HS- | M] () -- C:\ProgramData\8e27ki5n85c306
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/20 11:48:41 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/20 11:48:41 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/19 23:22:22 | 000,174,530 | ---- | C] () -- C:\screenshot1.jpg
[2011/12/19 17:57:08 | 000,001,041 | ---- | C] () -- C:\Users\arNette\AppData\Roaming\vso_ts_preview.xml
[2011/12/17 00:37:08 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011/12/14 17:20:25 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/12/13 14:26:42 | 000,000,000 | ---- | C] () -- C:\Users\arNette\defogger_reenable
[2011/12/12 13:17:08 | 000,010,402 | -HS- | C] () -- C:\ProgramData\821510t1p066d640j276j2dgj5x6
[2011/12/11 15:22:33 | 000,001,542 | -HS- | C] () -- C:\ProgramData\eyfwlj5h3mmp7jcw1bey8j228s1i
[2011/12/11 13:03:02 | 000,013,328 | -HS- | C] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/07 17:00:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/07 17:00:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/07 17:00:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/07 17:00:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/07 17:00:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/07 13:18:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/03 11:32:27 | 000,000,355 | ---- | C] () -- C:\Users\arNette\Desktop\Computer - Shortcut.lnk
[2011/12/03 10:48:29 | 000,000,324 | ---- | C] () -- C:\Users\arNette\Desktop\fix.reg
[2011/12/03 10:25:16 | 000,005,168 | -HS- | C] () -- C:\Users\arNette\AppData\Local\8e27ki5n85c306
[2011/12/03 10:25:16 | 000,005,168 | -HS- | C] () -- C:\ProgramData\8e27ki5n85c306
[2011/11/12 13:37:56 | 000,000,600 | -H-- | C] () -- C:\Users\arNette\AppData\Local\PUTTY.RND
[2011/11/01 19:27:37 | 000,001,456 | -H-- | C] () -- C:\Users\arNette\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/10 12:39:45 | 000,000,017 | -H-- | C] () -- C:\Users\arNette\AppData\Local\resmon.resmoncfg
[2011/09/06 20:29:19 | 000,124,436 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/26 14:32:50 | 000,000,132 | -H-- | C] () -- C:\Users\arNette\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/14 02:04:31 | 000,007,859 | ---- | C] () -- C:\Users\arNette\AppData\Roaming\pcouffin.cat
[2011/08/14 02:04:31 | 000,001,167 | ---- | C] () -- C:\Users\arNette\AppData\Roaming\pcouffin.inf
[2011/08/12 02:47:27 | 000,000,600 | -H-- | C] () -- C:\Users\arNette\AppData\Roaming\winscp.rnd
[2011/08/08 16:20:24 | 000,000,132 | -H-- | C] () -- C:\Users\arNette\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/08/02 19:21:54 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/02 18:06:31 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/08/02 18:06:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:24:58 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/13 13:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 12:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 12:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:06 AM

Posted 20 December 2011 - 03:57 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2010/01/01 03:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/08 23:57:44 | 000,002,040 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2011/12/12 13:21:33 | 000,010,402 | -HS- | M] () -- C:\ProgramData\821510t1p066d640j276j2dgj5x6
    [2011/12/11 15:23:03 | 000,001,542 | -HS- | M] () -- C:\ProgramData\eyfwlj5h3mmp7jcw1bey8j228s1i
    [2011/12/11 15:03:41 | 000,013,328 | -HS- | M] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
    [2011/12/03 10:40:24 | 000,005,168 | -HS- | M] () -- C:\Users\arNette\AppData\Local\8e27ki5n85c306
    [2011/12/03 10:40:24 | 000,005,168 | -HS- | M] () -- C:\ProgramData\8e27ki5n85c306
    [2011/12/12 13:17:08 | 000,010,402 | -HS- | C] () -- C:\ProgramData\821510t1p066d640j276j2dgj5x6
    [2011/12/11 15:22:33 | 000,001,542 | -HS- | C] () -- C:\ProgramData\eyfwlj5h3mmp7jcw1bey8j228s1i
    [2011/12/11 13:03:02 | 000,013,328 | -HS- | C] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
    [2011/12/03 10:25:16 | 000,005,168 | -HS- | C] () -- C:\Users\arNette\AppData\Local\8e27ki5n85c306
    [2011/12/03 10:25:16 | 000,005,168 | -HS- | C] () -- C:\ProgramData\8e27ki5n85c306
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 arNette1024

arNette1024
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 20 December 2011 - 04:09 PM

iexplore.exe*32 continues to open in the background about 5 minutes after windows loads up. conhost.exe, sdiagnhost.exe and msdt.exe are still popping up in the background after the computer has been on for a bit.



All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
C:\ProgramData\821510t1p066d640j276j2dgj5x6 moved successfully.
C:\ProgramData\eyfwlj5h3mmp7jcw1bey8j228s1i moved successfully.
C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k moved successfully.
C:\Users\arNette\AppData\Local\8e27ki5n85c306 moved successfully.
C:\ProgramData\8e27ki5n85c306 moved successfully.
File C:\ProgramData\821510t1p066d640j276j2dgj5x6 not found.
File C:\ProgramData\eyfwlj5h3mmp7jcw1bey8j228s1i not found.
File C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k not found.
File C:\Users\arNette\AppData\Local\8e27ki5n85c306 not found.
File C:\ProgramData\8e27ki5n85c306 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\arNette\Desktop\cmd.bat deleted successfully.
C:\Users\arNette\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: arNette
->Temp folder emptied: 394182 bytes
->Temporary Internet Files folder emptied: 5192946 bytes
->FireFox cache emptied: 130448652 bytes
->Flash cache emptied: 171003 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7368802 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 553 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 137.00 mb


[EMPTYJAVA]

User: All Users

User: arNette

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: arNette
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12202011_155846

Files\Folders moved on Reboot...
C:\Users\arNette\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\msdtadmin\_16E247F8-D65C-4DC2-A9D3-A424279FA165_\inuse moved successfully.
C:\Windows\temp\~DF059DDDD423D2D867.TMP moved successfully.
C:\Windows\temp\~DF717EBA8BFC989B9F.TMP moved successfully.
C:\Windows\temp\~DFCEEFFF9FEB9768A0.TMP moved successfully.
C:\Windows\temp\~DFE07D68B5A37CAAA7.TMP moved successfully.

Registry entries deleted on Reboot...

Edited by arNette1024, 20 December 2011 - 04:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users