Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Struggling to remove TDSS rootkit infection


  • This topic is locked This topic is locked
26 replies to this topic

#1 Gary Mendez

Gary Mendez

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 18 December 2011 - 03:01 PM

I've been attempting to remove System Fix but when I come to the TDSSkiller step I double click the renamed icon but I am unable to run TDSSKiller. Any help would be much appreciated?

Attached Files

  • Attached File  DDS.txt   13.94KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:29 PM

Posted 18 December 2011 - 06:30 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gary Mendez

Gary Mendez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 19 December 2011 - 05:57 AM

Hi and thanks for the help! I did what was instructed regarding the security software and disabled Comodo however when I attempt to run combofix it runs the scan then closes near the end of the scan and a message appears saying that Comodo Antivirus and Comodo Defense+ are still active even though I've disabled both and closed the application. It says it may cause damage if I continue with these open so I haven't continued with the Combofix scan.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:29 PM

Posted 19 December 2011 - 08:08 AM

go ahead and continue


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gary Mendez

Gary Mendez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 19 December 2011 - 09:35 AM

Here's the log from Combofix. All the problems remain the same.


ComboFix 11-12-19.01 - 19/12/2011 13:32:33.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.934 [GMT 0:00]
Running from: c:\Downloads\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
SP: COMODO Defense+ *Enabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~EzIbHGyFT5XSOH
c:\programdata\~EzIbHGyFT5XSOHr
c:\programdata\EzIbHGyFT5XSOH
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 14:03 . 2011-12-19 14:03 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-12-19 14:03 . 2011-12-19 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 12:12 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 12:12 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 12:12 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 12:12 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 12:12 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 18:34 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 05:54 . 2010-08-11 18:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-06 12:44 . 2011-10-06 12:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-06 12:44 . 2011-10-06 12:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-06 12:44 . 2011-10-06 12:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-06 12:44 . 2011-10-06 12:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-06 12:44 . 2011-10-06 12:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-06 12:44 . 2011-10-06 12:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-06 12:44 . 2011-10-06 12:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-06 12:44 . 2011-10-06 12:44 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-06 12:44 . 2011-10-06 12:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-06 12:44 . 2011-10-06 12:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-06 12:44 . 2011-10-06 12:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-06 12:44 . 2011-10-06 12:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-06 12:44 . 2011-10-06 12:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-06 12:44 . 2011-10-06 12:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-06 12:44 . 2011-10-06 12:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-06 12:44 . 2011-10-06 12:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-06 12:44 . 2011-10-06 12:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-06 12:44 . 2011-10-06 12:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-06 12:44 . 2011-10-06 12:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-06 12:44 . 2011-10-06 12:44 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-06 12:44 . 2011-10-06 12:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-06 12:44 . 2011-10-06 12:44 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-06 12:44 . 2011-10-06 12:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-06 12:44 . 2011-10-06 12:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-06 12:44 . 2011-10-06 12:44 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-06 12:44 . 2011-10-06 12:44 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-06 12:44 . 2011-10-06 12:44 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-06 12:44 . 2011-10-06 12:44 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-06 12:44 . 2011-10-06 12:44 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-06 12:44 . 2011-10-06 12:44 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-06 12:44 . 2011-10-06 12:44 448512 ----a-w- c:\windows\system32\html.iec
2011-10-06 12:44 . 2011-10-06 12:44 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-06 12:44 . 2011-10-06 12:44 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-06 12:44 . 2011-10-06 12:44 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-06 12:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-06 12:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-29 16:29 . 2011-11-08 19:36 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-15_13.53.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 15:59 . 2011-11-03 22:32 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-10-13 22:02 . 2011-09-01 02:23 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-10-13 22:02 . 2011-09-01 02:26 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-12-15 15:59 . 2011-11-03 22:37 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-10-13 22:02 . 2011-09-01 02:26 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-15 15:59 . 2011-11-03 22:37 65024 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2011-12-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-18 20:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-18 20:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-04 20:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-18 20:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-04 20:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-26 21:17 . 2011-12-19 14:08 41562 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-19 14:08 41994 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-12-15 13:53 41994 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-26 20:57 . 2011-12-19 14:08 12650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4251525272-2772303133-3558039414-1000_UserData.bin
+ 2011-12-15 15:59 . 2011-11-04 01:35 96256 c:\windows\system32\mshtmled.dll
- 2011-10-13 22:02 . 2011-09-01 05:12 96256 c:\windows\system32\mshtmled.dll
- 2011-10-13 22:02 . 2011-09-01 05:15 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-15 15:59 . 2011-11-04 01:41 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-12-15 15:59 . 2011-11-04 01:41 85504 c:\windows\system32\jsproxy.dll
- 2011-10-13 22:02 . 2011-09-01 05:15 85504 c:\windows\system32\jsproxy.dll
+ 2010-02-26 19:53 . 2011-12-19 13:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-26 19:53 . 2011-12-15 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-26 19:53 . 2011-12-19 13:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-26 19:53 . 2011-12-15 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-15 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-19 13:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-12-18 19:47 89968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-03-23 20:28 . 2011-10-13 22:03 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-12-19 14:06 . 2011-12-19 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-15 13:51 . 2011-12-15 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-15 13:51 . 2011-12-15 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-19 14:06 . 2011-12-19 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-15 15:59 . 2011-11-03 22:38 231936 c:\windows\SysWOW64\url.dll
- 2011-10-13 22:02 . 2011-09-01 02:27 231936 c:\windows\SysWOW64\url.dll
- 2011-10-13 22:02 . 2011-09-01 02:24 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-12-15 15:59 . 2011-11-03 22:34 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-12-15 14:52 . 2011-11-10 05:54 157472 c:\windows\SysWOW64\javaws.exe
- 2011-07-05 13:41 . 2011-05-04 03:52 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-12-15 14:52 . 2011-11-10 05:54 149280 c:\windows\SysWOW64\javaw.exe
+ 2011-12-15 14:52 . 2011-11-10 05:54 149280 c:\windows\SysWOW64\java.exe
- 2011-10-13 22:02 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-12-15 15:59 . 2011-11-03 22:28 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-12-15 15:59 . 2011-11-04 01:43 237056 c:\windows\system32\url.dll
- 2011-10-13 22:02 . 2011-09-01 05:16 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2011-12-15 13:05 622110 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-19 13:27 622110 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-19 13:27 108232 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-15 13:05 108232 c:\windows\system32\perfc009.dat
+ 2011-12-15 15:59 . 2011-11-04 01:39 818688 c:\windows\system32\jscript.dll
+ 2011-12-15 15:59 . 2011-11-04 01:30 248320 c:\windows\system32\ieui.dll
- 2011-10-13 22:02 . 2011-09-01 05:08 248320 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2011-11-09 18:09 413312 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-12-17 19:08 413312 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:01 . 2011-12-15 13:51 387416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-19 14:05 387416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-03-23 20:28 . 2011-10-13 22:03 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-12-15 16:02 . 2011-12-15 16:02 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-12-15 15:59 . 2011-11-03 22:39 1127424 c:\windows\SysWOW64\wininet.dll
+ 2011-12-15 15:59 . 2011-11-03 22:40 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-15 15:59 . 2011-11-03 22:47 1798144 c:\windows\SysWOW64\jscript9.dll
- 2011-10-13 22:02 . 2011-09-01 02:35 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-12-15 15:59 . 2011-11-03 22:32 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2011-12-15 15:59 . 2011-11-03 22:46 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2011-12-15 15:59 . 2011-11-04 01:44 1390080 c:\windows\system32\wininet.dll
+ 2011-12-15 15:59 . 2011-11-04 01:46 1345536 c:\windows\system32\urlmon.dll
- 2011-10-13 22:02 . 2011-09-01 05:24 2309120 c:\windows\system32\jscript9.dll
+ 2011-12-15 15:59 . 2011-11-04 01:53 2309120 c:\windows\system32\jscript9.dll
+ 2011-12-15 15:59 . 2011-11-04 01:36 2144256 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2011-12-15 11:59 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-12-17 19:10 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-04-30 21:47 . 2011-12-19 14:05 5234822 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4251525272-2772303133-3558039414-1000-8192.dat
- 2010-04-30 21:47 . 2011-12-15 12:49 5234822 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4251525272-2772303133-3558039414-1000-8192.dat
+ 2011-11-01 13:34 . 2011-11-01 13:34 4250112 c:\windows\Installer\50a94e.msp
+ 2011-11-01 13:34 . 2011-11-01 13:34 2247168 c:\windows\Installer\50a929.msp
+ 2011-11-11 16:14 . 2011-11-11 16:14 9096192 c:\windows\Installer\50a915.msp
+ 2011-11-01 13:34 . 2011-11-01 13:34 4225536 c:\windows\Installer\50a901.msp
+ 2011-11-01 13:34 . 2011-11-01 13:34 2531840 c:\windows\Installer\50a8e8.msp
+ 2011-11-11 16:15 . 2011-11-11 16:15 1795584 c:\windows\Installer\50a8d4.msp
+ 2011-11-11 16:16 . 2011-11-11 16:16 8458240 c:\windows\Installer\50a8c0.msp
- 2010-03-23 20:28 . 2011-10-13 22:03 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-03-23 20:28 . 2011-12-15 16:02 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2010-03-23 20:28 . 2011-10-13 22:03 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2009-04-02 21:44 . 2009-04-02 21:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2011-12-15 15:59 . 2011-11-03 23:02 12279808 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-12-17 19:06 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-12-15 12:17 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-12-15 15:59 . 2011-11-04 02:38 17786368 c:\windows\system32\mshtml.dll
+ 2010-03-02 18:01 . 2011-12-15 16:00 54867776 c:\windows\system32\MRT.exe
+ 2011-12-15 15:59 . 2011-11-04 01:59 10886656 c:\windows\system32\ieframe.dll
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\11aa47.msp
+ 2011-06-06 11:55 . 2011-06-06 11:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
Zotac FireStorm.lnk - c:\users\Nick\Downloads\Firestorm_1016_for_NITRO.exe [2010-3-2 998912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [x]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [x]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [x]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [x]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [x]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [x]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"RtHDVCpl"="RAVCpl64.exe" [2008-06-27 6453760]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-26 8956688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9k9yk2wr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
.
**************************************************************************
.
Completion time: 2011-12-19 14:27:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 14:26
ComboFix2.txt 2011-12-15 14:14
.
Pre-Run: 488,708,128,768 bytes free
Post-Run: 488,334,905,344 bytes free
.
- - End Of File - - 3D30DD7FAD56EBB0405EDCC0D967B271

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:29 PM

Posted 19 December 2011 - 02:01 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gary Mendez

Gary Mendez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 19 December 2011 - 03:45 PM

Thanks for replying so quickly. However, it is doing the same as before. I've downloaded it again, saved it to my desktop but when I try and run TDSSKiller nothing happens?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:29 PM

Posted 19 December 2011 - 08:37 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gary Mendez

Gary Mendez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 20 December 2011 - 05:35 AM

Ok I ran fixTDSS and it appeared with this - Infected MBR detected. So I repaired that and ran TDSSkiller which now works but nothing was detected. It does appear now that google has stopped redirecting me. Is it all clear now?

Here is the report from TDSSkiller:
10:29:15.0422 3524 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
10:29:16.0171 3524 ============================================================
10:29:16.0171 3524 Current date / time: 2011/12/20 10:29:16.0171
10:29:16.0171 3524 SystemInfo:
10:29:16.0171 3524
10:29:16.0171 3524 OS Version: 6.1.7601 ServicePack: 1.0
10:29:16.0171 3524 Product type: Workstation
10:29:16.0171 3524 ComputerName: NICK-PC
10:29:16.0171 3524 UserName: Nick
10:29:16.0171 3524 Windows directory: C:\Windows
10:29:16.0171 3524 System windows directory: C:\Windows
10:29:16.0171 3524 Running under WOW64
10:29:16.0171 3524 Processor architecture: Intel x64
10:29:16.0171 3524 Number of processors: 2
10:29:16.0171 3524 Page size: 0x1000
10:29:16.0171 3524 Boot type: Normal boot
10:29:16.0171 3524 ============================================================
10:29:17.0793 3524 Initialize success
10:29:24.0408 3696 ============================================================
10:29:24.0408 3696 Scan started
10:29:24.0408 3696 Mode: Manual;
10:29:24.0408 3696 ============================================================
10:29:25.0235 3696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:29:25.0235 3696 1394ohci - ok
10:29:25.0297 3696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:29:25.0297 3696 ACPI - ok
10:29:25.0313 3696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:29:25.0313 3696 AcpiPmi - ok
10:29:25.0375 3696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:29:25.0375 3696 adp94xx - ok
10:29:25.0406 3696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:29:25.0406 3696 adpahci - ok
10:29:25.0437 3696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:29:25.0437 3696 adpu320 - ok
10:29:25.0562 3696 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:29:25.0562 3696 AFD - ok
10:29:25.0593 3696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:29:25.0593 3696 agp440 - ok
10:29:25.0625 3696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:29:25.0625 3696 aliide - ok
10:29:25.0640 3696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:29:25.0640 3696 amdide - ok
10:29:25.0671 3696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:29:25.0671 3696 AmdK8 - ok
10:29:25.0671 3696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:29:25.0671 3696 AmdPPM - ok
10:29:25.0703 3696 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
10:29:25.0703 3696 amdsata - ok
10:29:25.0718 3696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:29:25.0718 3696 amdsbs - ok
10:29:25.0734 3696 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
10:29:25.0734 3696 amdxata - ok
10:29:25.0781 3696 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys
10:29:25.0781 3696 anodlwf - ok
10:29:25.0827 3696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:29:25.0827 3696 AppID - ok
10:29:25.0890 3696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:29:25.0890 3696 arc - ok
10:29:25.0905 3696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:29:25.0905 3696 arcsas - ok
10:29:25.0937 3696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:25.0937 3696 AsyncMac - ok
10:29:25.0937 3696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:29:25.0937 3696 atapi - ok
10:29:25.0968 3696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:29:25.0968 3696 b06bdrv - ok
10:29:25.0999 3696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:29:26.0015 3696 b57nd60a - ok
10:29:26.0030 3696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:29:26.0030 3696 Beep - ok
10:29:26.0061 3696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:29:26.0061 3696 blbdrive - ok
10:29:26.0124 3696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:29:26.0124 3696 bowser - ok
10:29:26.0124 3696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:29:26.0124 3696 BrFiltLo - ok
10:29:26.0139 3696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:29:26.0139 3696 BrFiltUp - ok
10:29:26.0155 3696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:29:26.0155 3696 Brserid - ok
10:29:26.0171 3696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:29:26.0171 3696 BrSerWdm - ok
10:29:26.0171 3696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:29:26.0171 3696 BrUsbMdm - ok
10:29:26.0186 3696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:29:26.0186 3696 BrUsbSer - ok
10:29:26.0186 3696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:29:26.0186 3696 BTHMODEM - ok
10:29:26.0233 3696 catchme - ok
10:29:26.0249 3696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:29:26.0249 3696 cdfs - ok
10:29:26.0295 3696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:29:26.0295 3696 cdrom - ok
10:29:26.0311 3696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:29:26.0311 3696 circlass - ok
10:29:26.0342 3696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:29:26.0342 3696 CLFS - ok
10:29:26.0358 3696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:29:26.0358 3696 CmBatt - ok
10:29:26.0420 3696 cmdGuard (586f26a03628f6580b4c7c8ad43be598) C:\Windows\system32\DRIVERS\cmdguard.sys
10:29:26.0420 3696 cmdGuard - ok
10:29:26.0436 3696 cmdHlp (834f76eb0a2a35999e745a313c1c32b8) C:\Windows\system32\DRIVERS\cmdhlp.sys
10:29:26.0436 3696 cmdHlp - ok
10:29:26.0451 3696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:29:26.0451 3696 cmdide - ok
10:29:26.0561 3696 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:29:26.0561 3696 CNG - ok
10:29:26.0576 3696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:29:26.0576 3696 Compbatt - ok
10:29:26.0607 3696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:29:26.0607 3696 CompositeBus - ok
10:29:26.0670 3696 cpuz132 - ok
10:29:26.0701 3696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:29:26.0701 3696 crcdisk - ok
10:29:26.0732 3696 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:29:26.0732 3696 CSC - ok
10:29:26.0795 3696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:29:26.0810 3696 DfsC - ok
10:29:26.0810 3696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:29:26.0810 3696 discache - ok
10:29:26.0873 3696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:29:26.0873 3696 Disk - ok
10:29:26.0904 3696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:29:26.0904 3696 drmkaud - ok
10:29:26.0966 3696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:29:26.0966 3696 DXGKrnl - ok
10:29:27.0029 3696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:29:27.0060 3696 ebdrv - ok
10:29:27.0091 3696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:29:27.0107 3696 elxstor - ok
10:29:27.0138 3696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:29:27.0153 3696 ErrDev - ok
10:29:27.0169 3696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:29:27.0185 3696 exfat - ok
10:29:27.0200 3696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:29:27.0200 3696 fastfat - ok
10:29:27.0216 3696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:29:27.0216 3696 fdc - ok
10:29:27.0247 3696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:29:27.0247 3696 FileInfo - ok
10:29:27.0247 3696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:29:27.0247 3696 Filetrace - ok
10:29:27.0263 3696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:29:27.0263 3696 flpydisk - ok
10:29:27.0294 3696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:29:27.0294 3696 FltMgr - ok
10:29:27.0309 3696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:29:27.0309 3696 FsDepends - ok
10:29:27.0325 3696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:29:27.0325 3696 Fs_Rec - ok
10:29:27.0387 3696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:29:27.0387 3696 fvevol - ok
10:29:27.0419 3696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:29:27.0419 3696 gagp30kx - ok
10:29:27.0465 3696 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
10:29:27.0497 3696 gdrv - ok
10:29:27.0590 3696 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:29:27.0590 3696 GEARAspiWDM - ok
10:29:27.0606 3696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:29:27.0606 3696 hcw85cir - ok
10:29:27.0684 3696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:29:27.0684 3696 HdAudAddService - ok
10:29:27.0715 3696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:29:27.0715 3696 HDAudBus - ok
10:29:27.0731 3696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:29:27.0731 3696 HidBatt - ok
10:29:27.0746 3696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:29:27.0746 3696 HidBth - ok
10:29:27.0762 3696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:29:27.0762 3696 HidIr - ok
10:29:27.0777 3696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:29:27.0777 3696 HidUsb - ok
10:29:27.0793 3696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:29:27.0809 3696 HpSAMD - ok
10:29:27.0887 3696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:29:27.0887 3696 HTTP - ok
10:29:27.0918 3696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:29:27.0918 3696 hwpolicy - ok
10:29:27.0965 3696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:29:27.0965 3696 i8042prt - ok
10:29:27.0980 3696 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
10:29:27.0980 3696 iaStorV - ok
10:29:28.0011 3696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:29:28.0011 3696 iirsp - ok
10:29:28.0074 3696 inspect (3ca351b5391d7fd405caa7fd8b2b0faa) C:\Windows\system32\DRIVERS\inspect.sys
10:29:28.0074 3696 inspect - ok
10:29:28.0152 3696 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
10:29:28.0167 3696 IntcAzAudAddService - ok
10:29:28.0183 3696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:29:28.0183 3696 intelide - ok
10:29:28.0214 3696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:29:28.0214 3696 intelppm - ok
10:29:28.0261 3696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:29:28.0261 3696 IpFilterDriver - ok
10:29:28.0277 3696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:29:28.0277 3696 IPMIDRV - ok
10:29:28.0308 3696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:29:28.0308 3696 IPNAT - ok
10:29:28.0339 3696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:29:28.0339 3696 IRENUM - ok
10:29:28.0355 3696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:29:28.0355 3696 isapnp - ok
10:29:28.0386 3696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:29:28.0386 3696 iScsiPrt - ok
10:29:28.0417 3696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:29:28.0417 3696 kbdclass - ok
10:29:28.0433 3696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:29:28.0433 3696 kbdhid - ok
10:29:28.0448 3696 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:29:28.0448 3696 KSecDD - ok
10:29:28.0542 3696 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:29:28.0542 3696 KSecPkg - ok
10:29:28.0573 3696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:29:28.0573 3696 ksthunk - ok
10:29:28.0651 3696 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:29:28.0651 3696 LHidFilt - ok
10:29:28.0667 3696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:29:28.0667 3696 lltdio - ok
10:29:28.0682 3696 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:29:28.0682 3696 LMouFilt - ok
10:29:28.0713 3696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:29:28.0729 3696 LSI_FC - ok
10:29:28.0729 3696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:29:28.0745 3696 LSI_SAS - ok
10:29:28.0760 3696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:29:28.0760 3696 LSI_SAS2 - ok
10:29:28.0776 3696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:29:28.0776 3696 LSI_SCSI - ok
10:29:28.0791 3696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:29:28.0791 3696 luafv - ok
10:29:28.0838 3696 MBAMProtector - ok
10:29:28.0885 3696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:29:28.0885 3696 megasas - ok
10:29:28.0916 3696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:29:28.0916 3696 MegaSR - ok
10:29:28.0932 3696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:29:28.0932 3696 Modem - ok
10:29:28.0979 3696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:29:28.0979 3696 monitor - ok
10:29:29.0041 3696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:29:29.0041 3696 mouclass - ok
10:29:29.0072 3696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:29:29.0072 3696 mouhid - ok
10:29:29.0119 3696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:29:29.0119 3696 mountmgr - ok
10:29:29.0135 3696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:29:29.0135 3696 mpio - ok
10:29:29.0166 3696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:29:29.0181 3696 mpsdrv - ok
10:29:29.0213 3696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:29:29.0213 3696 MRxDAV - ok
10:29:29.0259 3696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:29:29.0275 3696 mrxsmb - ok
10:29:29.0306 3696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:29:29.0306 3696 mrxsmb10 - ok
10:29:29.0322 3696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:29:29.0322 3696 mrxsmb20 - ok
10:29:29.0337 3696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:29:29.0337 3696 msahci - ok
10:29:29.0369 3696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:29:29.0369 3696 msdsm - ok
10:29:29.0400 3696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:29:29.0400 3696 Msfs - ok
10:29:29.0415 3696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:29:29.0415 3696 mshidkmdf - ok
10:29:29.0447 3696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:29:29.0447 3696 msisadrv - ok
10:29:29.0540 3696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:29:29.0540 3696 MSKSSRV - ok
10:29:29.0571 3696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:29:29.0571 3696 MSPCLOCK - ok
10:29:29.0587 3696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:29:29.0587 3696 MSPQM - ok
10:29:29.0618 3696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:29:29.0618 3696 MsRPC - ok
10:29:29.0634 3696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:29:29.0634 3696 mssmbios - ok
10:29:29.0649 3696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:29:29.0649 3696 MSTEE - ok
10:29:29.0665 3696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:29:29.0665 3696 MTConfig - ok
10:29:29.0696 3696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:29:29.0696 3696 Mup - ok
10:29:29.0727 3696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:29:29.0743 3696 NativeWifiP - ok
10:29:29.0790 3696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:29:29.0805 3696 NDIS - ok
10:29:29.0821 3696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:29:29.0821 3696 NdisCap - ok
10:29:29.0837 3696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:29:29.0837 3696 NdisTapi - ok
10:29:29.0899 3696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:29:29.0899 3696 Ndisuio - ok
10:29:29.0946 3696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:29:29.0946 3696 NdisWan - ok
10:29:29.0993 3696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:29:29.0993 3696 NDProxy - ok
10:29:30.0008 3696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:29:30.0008 3696 NetBIOS - ok
10:29:30.0039 3696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:29:30.0055 3696 NetBT - ok
10:29:30.0117 3696 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
10:29:30.0133 3696 netr28ux - ok
10:29:30.0164 3696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:29:30.0164 3696 nfrd960 - ok
10:29:30.0180 3696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:29:30.0180 3696 Npfs - ok
10:29:30.0195 3696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:29:30.0195 3696 nsiproxy - ok
10:29:30.0242 3696 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
10:29:30.0258 3696 Ntfs - ok
10:29:30.0273 3696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:29:30.0273 3696 Null - ok
10:29:30.0570 3696 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:29:30.0632 3696 nvlddmkm - ok
10:29:30.0726 3696 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
10:29:30.0726 3696 nvraid - ok
10:29:30.0741 3696 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
10:29:30.0741 3696 nvstor - ok
10:29:30.0788 3696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:29:30.0788 3696 nv_agp - ok
10:29:30.0835 3696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:29:30.0851 3696 ohci1394 - ok
10:29:30.0882 3696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:29:30.0882 3696 Parport - ok
10:29:30.0913 3696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:29:30.0913 3696 partmgr - ok
10:29:30.0944 3696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:29:30.0944 3696 pci - ok
10:29:30.0991 3696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:29:30.0991 3696 pciide - ok
10:29:31.0007 3696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:29:31.0007 3696 pcmcia - ok
10:29:31.0022 3696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:29:31.0038 3696 pcw - ok
10:29:31.0053 3696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:29:31.0053 3696 PEAUTH - ok
10:29:31.0116 3696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:29:31.0116 3696 PptpMiniport - ok
10:29:31.0131 3696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:29:31.0147 3696 Processor - ok
10:29:31.0194 3696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:29:31.0209 3696 Psched - ok
10:29:31.0241 3696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:29:31.0256 3696 ql2300 - ok
10:29:31.0272 3696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:29:31.0272 3696 ql40xx - ok
10:29:31.0303 3696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:29:31.0303 3696 QWAVEdrv - ok
10:29:31.0319 3696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:29:31.0319 3696 RasAcd - ok
10:29:31.0350 3696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:29:31.0350 3696 RasAgileVpn - ok
10:29:31.0397 3696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:31.0397 3696 Rasl2tp - ok
10:29:31.0412 3696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:31.0412 3696 RasPppoe - ok
10:29:31.0428 3696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:29:31.0428 3696 RasSstp - ok
10:29:31.0506 3696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:29:31.0537 3696 rdbss - ok
10:29:31.0553 3696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:29:31.0553 3696 rdpbus - ok
10:29:31.0568 3696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:31.0568 3696 RDPCDD - ok
10:29:31.0615 3696 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:29:31.0615 3696 RDPDR - ok
10:29:31.0646 3696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:29:31.0646 3696 RDPENCDD - ok
10:29:31.0662 3696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:29:31.0662 3696 RDPREFMP - ok
10:29:31.0724 3696 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
10:29:31.0724 3696 RdpVideoMiniport - ok
10:29:31.0755 3696 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:29:31.0755 3696 RDPWD - ok
10:29:31.0771 3696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:29:31.0771 3696 rdyboost - ok
10:29:31.0818 3696 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
10:29:31.0818 3696 RimUsb - ok
10:29:31.0880 3696 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:29:31.0880 3696 RimVSerPort - ok
10:29:31.0896 3696 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
10:29:31.0896 3696 ROOTMODEM - ok
10:29:31.0943 3696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:29:31.0943 3696 rspndr - ok
10:29:32.0021 3696 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:29:32.0021 3696 RTL8167 - ok
10:29:32.0083 3696 s3017bus (d6e1d780fe3fe014ccac83c2cf961067) C:\Windows\system32\DRIVERS\s3017bus.sys
10:29:32.0083 3696 s3017bus - ok
10:29:32.0114 3696 s3017mdfl (4005cb0f1798220eec624e2d588411b0) C:\Windows\system32\DRIVERS\s3017mdfl.sys
10:29:32.0114 3696 s3017mdfl - ok
10:29:32.0145 3696 s3017mdm (19467740bf06ab124061f59b2bc8d58d) C:\Windows\system32\DRIVERS\s3017mdm.sys
10:29:32.0145 3696 s3017mdm - ok
10:29:32.0161 3696 s3017mgmt (e659d5964aa8bd18e3a16f38ce471eda) C:\Windows\system32\DRIVERS\s3017mgmt.sys
10:29:32.0161 3696 s3017mgmt - ok
10:29:32.0192 3696 s3017nd5 (b030b78dd935ca8796857998bb973427) C:\Windows\system32\DRIVERS\s3017nd5.sys
10:29:32.0192 3696 s3017nd5 - ok
10:29:32.0223 3696 s3017obex (619de95f5e415fe5b44b2d6a4876e2a0) C:\Windows\system32\DRIVERS\s3017obex.sys
10:29:32.0223 3696 s3017obex - ok
10:29:32.0255 3696 s3017unic (a9c55d01b185106f9bee9967bf26e3af) C:\Windows\system32\DRIVERS\s3017unic.sys
10:29:32.0255 3696 s3017unic - ok
10:29:32.0317 3696 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:29:32.0317 3696 s3cap - ok
10:29:32.0348 3696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:29:32.0348 3696 sbp2port - ok
10:29:32.0395 3696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:29:32.0395 3696 scfilter - ok
10:29:32.0426 3696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:29:32.0426 3696 secdrv - ok
10:29:32.0457 3696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:29:32.0520 3696 Serenum - ok
10:29:32.0551 3696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:29:32.0551 3696 Serial - ok
10:29:32.0598 3696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:29:32.0598 3696 sermouse - ok
10:29:32.0629 3696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:29:32.0629 3696 sffdisk - ok
10:29:32.0645 3696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:29:32.0645 3696 sffp_mmc - ok
10:29:32.0660 3696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:29:32.0660 3696 sffp_sd - ok
10:29:32.0691 3696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:29:32.0691 3696 sfloppy - ok
10:29:32.0707 3696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:29:32.0707 3696 SiSRaid2 - ok
10:29:32.0738 3696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:29:32.0738 3696 SiSRaid4 - ok
10:29:32.0754 3696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:29:32.0754 3696 Smb - ok
10:29:32.0785 3696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:29:32.0785 3696 spldr - ok
10:29:32.0832 3696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:29:32.0832 3696 srv - ok
10:29:32.0863 3696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:29:32.0863 3696 srv2 - ok
10:29:32.0879 3696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:29:32.0879 3696 srvnet - ok
10:29:32.0941 3696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:29:32.0941 3696 stexstor - ok
10:29:33.0003 3696 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:29:33.0003 3696 storflt - ok
10:29:33.0019 3696 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:29:33.0019 3696 storvsc - ok
10:29:33.0050 3696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:29:33.0050 3696 swenum - ok
10:29:33.0066 3696 Synth3dVsc - ok
10:29:33.0144 3696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:29:33.0159 3696 Tcpip - ok
10:29:33.0191 3696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:29:33.0191 3696 TCPIP6 - ok
10:29:33.0253 3696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:29:33.0253 3696 tcpipreg - ok
10:29:33.0269 3696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:29:33.0269 3696 TDPIPE - ok
10:29:33.0284 3696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:29:33.0284 3696 TDTCP - ok
10:29:33.0315 3696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:29:33.0315 3696 tdx - ok
10:29:33.0331 3696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:29:33.0331 3696 TermDD - ok
10:29:33.0362 3696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:29:33.0378 3696 tssecsrv - ok
10:29:33.0409 3696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:29:33.0409 3696 TsUsbFlt - ok
10:29:33.0409 3696 tsusbhub - ok
10:29:33.0518 3696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:29:33.0534 3696 tunnel - ok
10:29:33.0549 3696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:29:33.0549 3696 uagp35 - ok
10:29:33.0612 3696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:29:33.0612 3696 udfs - ok
10:29:33.0643 3696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:29:33.0643 3696 uliagpkx - ok
10:29:33.0690 3696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:29:33.0690 3696 umbus - ok
10:29:33.0705 3696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:29:33.0705 3696 UmPass - ok
10:29:33.0752 3696 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:29:33.0752 3696 USBAAPL64 - ok
10:29:33.0768 3696 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
10:29:33.0768 3696 usbccgp - ok
10:29:33.0815 3696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:29:33.0815 3696 usbcir - ok
10:29:33.0861 3696 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
10:29:33.0861 3696 usbehci - ok
10:29:33.0877 3696 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
10:29:33.0877 3696 usbhub - ok
10:29:33.0908 3696 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
10:29:33.0908 3696 usbohci - ok
10:29:33.0924 3696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:29:33.0924 3696 usbprint - ok
10:29:33.0971 3696 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:29:33.0971 3696 USBSTOR - ok
10:29:33.0986 3696 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
10:29:33.0986 3696 usbuhci - ok
10:29:34.0002 3696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:29:34.0002 3696 vdrvroot - ok
10:29:34.0017 3696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:29:34.0017 3696 vga - ok
10:29:34.0033 3696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:29:34.0033 3696 VgaSave - ok
10:29:34.0049 3696 VGPU - ok
10:29:34.0064 3696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:29:34.0064 3696 vhdmp - ok
10:29:34.0095 3696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:29:34.0095 3696 viaide - ok
10:29:34.0127 3696 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:29:34.0127 3696 vmbus - ok
10:29:34.0142 3696 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:29:34.0142 3696 VMBusHID - ok
10:29:34.0173 3696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:29:34.0173 3696 volmgr - ok
10:29:34.0220 3696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:29:34.0220 3696 volmgrx - ok
10:29:34.0236 3696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:29:34.0236 3696 volsnap - ok
10:29:34.0267 3696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:29:34.0267 3696 vsmraid - ok
10:29:34.0283 3696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:29:34.0283 3696 vwifibus - ok
10:29:34.0314 3696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:29:34.0314 3696 vwififlt - ok
10:29:34.0329 3696 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:29:34.0329 3696 vwifimp - ok
10:29:34.0361 3696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:29:34.0361 3696 WacomPen - ok
10:29:34.0392 3696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:34.0392 3696 WANARP - ok
10:29:34.0392 3696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:29:34.0392 3696 Wanarpv6 - ok
10:29:34.0439 3696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:29:34.0439 3696 Wd - ok
10:29:34.0532 3696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:29:34.0532 3696 Wdf01000 - ok
10:29:34.0579 3696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:29:34.0579 3696 WfpLwf - ok
10:29:34.0595 3696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:29:34.0595 3696 WIMMount - ok
10:29:34.0657 3696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:29:34.0657 3696 WinUsb - ok
10:29:34.0704 3696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:29:34.0704 3696 WmiAcpi - ok
10:29:34.0735 3696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:29:34.0735 3696 ws2ifsl - ok
10:29:34.0797 3696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:29:34.0797 3696 WudfPf - ok
10:29:34.0813 3696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:29:34.0813 3696 WUDFRd - ok
10:29:34.0860 3696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:29:34.0860 3696 \Device\Harddisk0\DR0 - ok
10:29:34.0875 3696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:29:37.0605 3696 \Device\Harddisk1\DR1 - ok
10:29:37.0605 3696 Boot (0x1200) (e5bf81691b4b42f25879afc5c29eca41) \Device\Harddisk0\DR0\Partition0
10:29:37.0605 3696 \Device\Harddisk0\DR0\Partition0 - ok
10:29:37.0605 3696 Boot (0x1200) (102e57fb54c7f55748b517bb3b32d2e8) \Device\Harddisk1\DR1\Partition0
10:29:37.0605 3696 \Device\Harddisk1\DR1\Partition0 - ok
10:29:37.0605 3696 ============================================================
10:29:37.0605 3696 Scan finished
10:29:37.0605 3696 ============================================================
10:29:37.0621 3900 Detected object count: 0
10:29:37.0621 3900 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:29 PM

Posted 20 December 2011 - 05:52 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Gary Mendez

Gary Mendez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 20 December 2011 - 08:10 AM

Good stuff. Thanks for your help so far! Here's the latest report from Combofix:

ComboFix 11-12-19.03 - 20/12/2011 12:42:59.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.1358 [GMT 0:00]
Running from: c:\Downloads\ComboFix.exe
Command switches used :: c:\Desktop\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
SP: COMODO Defense+ *Enabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 12:48 . 2011-12-20 12:48 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-12-20 12:48 . 2011-12-20 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 12:12 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 12:12 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 12:12 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 12:12 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 12:12 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 18:34 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 05:54 . 2010-08-11 18:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-06 12:44 . 2011-10-06 12:44 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-06 12:44 . 2011-10-06 12:44 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-06 12:44 . 2011-10-06 12:44 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-06 12:44 . 2011-10-06 12:44 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-06 12:44 . 2011-10-06 12:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-06 12:44 . 2011-10-06 12:44 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-06 12:44 . 2011-10-06 12:44 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-06 12:44 . 2011-10-06 12:44 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-06 12:44 . 2011-10-06 12:44 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-06 12:44 . 2011-10-06 12:44 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-06 12:44 . 2011-10-06 12:44 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-06 12:44 . 2011-10-06 12:44 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-06 12:44 . 2011-10-06 12:44 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-06 12:44 . 2011-10-06 12:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-06 12:44 . 2011-10-06 12:44 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-06 12:44 . 2011-10-06 12:44 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-06 12:44 . 2011-10-06 12:44 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-06 12:44 . 2011-10-06 12:44 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-06 12:44 . 2011-10-06 12:44 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-06 12:44 . 2011-10-06 12:44 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-06 12:44 . 2011-10-06 12:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-06 12:44 . 2011-10-06 12:44 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-06 12:44 . 2011-10-06 12:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-06 12:44 . 2011-10-06 12:44 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-06 12:44 . 2011-10-06 12:44 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-06 12:44 . 2011-10-06 12:44 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-06 12:44 . 2011-10-06 12:44 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-06 12:44 . 2011-10-06 12:44 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-06 12:44 . 2011-10-06 12:44 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-06 12:44 . 2011-10-06 12:44 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-06 12:44 . 2011-10-06 12:44 448512 ----a-w- c:\windows\system32\html.iec
2011-10-06 12:44 . 2011-10-06 12:44 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-06 12:44 . 2011-10-06 12:44 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-06 12:44 . 2011-10-06 12:44 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-06 12:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-06 12:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-29 16:29 . 2011-11-08 19:36 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-19_14.07.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-26 21:17 . 2011-12-20 10:29 41910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-20 10:29 42078 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-26 20:57 . 2011-12-20 10:29 12650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4251525272-2772303133-3558039414-1000_UserData.bin
- 2010-02-26 20:57 . 2011-12-19 14:08 12650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4251525272-2772303133-3558039414-1000_UserData.bin
- 2010-02-26 19:53 . 2011-12-19 13:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-26 19:53 . 2011-12-20 10:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-26 19:53 . 2011-12-20 10:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-26 19:53 . 2011-12-19 13:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-19 13:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-20 10:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-19 14:06 . 2011-12-19 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-20 12:50 . 2011-12-20 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-20 12:50 . 2011-12-20 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-19 14:06 . 2011-12-19 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-02 11:08 . 2011-12-20 12:34 350938 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-12-19 13:27 622110 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-20 10:32 622110 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-20 10:32 108232 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-19 13:27 108232 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-12-19 14:05 387416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-20 12:50 387416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-30 21:47 . 2011-12-20 10:24 5234822 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4251525272-2772303133-3558039414-1000-8192.dat
- 2010-04-30 21:47 . 2011-12-19 14:05 5234822 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4251525272-2772303133-3558039414-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
Zotac FireStorm.lnk - c:\users\Nick\Downloads\Firestorm_1016_for_NITRO.exe [2010-3-2 998912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [x]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [x]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [x]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [x]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [x]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [x]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"RtHDVCpl"="RAVCpl64.exe" [2008-06-27 6453760]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-26 8956688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9k9yk2wr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
.
**************************************************************************
.
Completion time: 2011-12-20 12:55:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 12:55
ComboFix2.txt 2011-12-19 14:27
ComboFix3.txt 2011-12-15 14:14
.
Pre-Run: 487,621,771,264 bytes free
Post-Run: 487,615,242,240 bytes free
.
- - End Of File - - 5174214616ED441486BCB019C535CE81

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:29 PM

Posted 20 December 2011 - 01:21 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Gary Mendez

Gary Mendez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 21 December 2011 - 01:26 PM

Here's the report you requested:

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
ANIWZCS2 Service
Apple Application Support
Apple Software Update
µTorrent
Avanquest update
Battlefield: Bad Company™ 2
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
D-Link Wireless N Dual Band DWA-160
eReg
Football Manager 2011
Full Tilt Poker
Holdem Manager
InFlac 1.1.1
Java Auto Updater
Java™ 6 Update 30
Killing Floor
Left 4 Dead 2
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.24)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PartyPoker
PokerStars
PokerStove version 1.23
PostgreSQL 8.4
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
RESIDENT EVIL 5
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SitNGo Wizard
Sky Broadband
SnG Power Tools v1.22
Sony Ericsson PC Suite 3.209.00
SopCast 3.2.9
Starters Orders 4
Steam
TableNinja
Tournament Indicator 1.6.4
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Veetle TV 0.9.16
VLC media player 1.1.9
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
Yahoo! Install Manager
Yahoo! Widgets

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:29 PM

Posted 21 December 2011 - 01:55 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 30
McAfee Security Scan Plus


and click on remove




Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Gary Mendez

Gary Mendez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 23 December 2011 - 09:33 AM

I won't be able to access the computer over the next few days but next time I log on I will post the log and report requested. I just wanted to make sure the thread is not closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users