Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with scvhost.exe and smitfraud


  • This topic is locked This topic is locked
15 replies to this topic

#1 Russell Johnson

Russell Johnson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 24 December 2011 - 06:15 PM

Hello,

I hope I am doing this correctly. I got infected with the fake "System Fix" program. I seemed to have gotten rid of the program, but still have remnants. I am getting constant warnings from Avast about the scvhost.exe file. I did the following:

1. Windows 7 backup and system restore (non-destructive where the programs had to be reinstalled but the data remained. I have since discovered that it was a waste of time since I apparently backed up the malware too)

2. Malware bytes (quick scan) - discovered Trojan.Agent in c:/ windows/svchost.exe . I deleted it and the program said successful

3. Ran spybot S&D, it went crazy with Smitfraud error messages and had to be restarted. I tried and again and was able to complete the scan. It found smitfraud malware and deleted it.

4. I ran a full Malware bytes scan. Now I have found 3 problems:

1. Trojan.Agent in c:/Backup/Russell/AppData/Local/Telp/ywerrtyerw.exe
2. PUP.Adware.OpenInstall in c:/Users/Russell/downloads/downloads/oi_setup.exe
3. Trojan.Agent in c:/Windows/svchost.exe


This is where I am now. The computer works but is very sluggish. Programs and pages take a long time to load, and this wasn't a problem before the "System Fix" infection.


----DDS File----

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Russell at 16:49:47 on 2011-12-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.907 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{068BA458-B45C-47FE-A520-7FA3691B0CDC} : DhcpNameServer = 192.168.10.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\lmq6353j.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-21 44768]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-23 1153368]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-8-30 243232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-24 09:21:30 20480 ----a-w- C:\Windows\svchost.exe
2011-12-24 05:19:01 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6FCF945-5107-49F7-BDD2-AED867188448}\offreg.dll
2011-12-24 05:07:30 691 ----a-w- C:\Users\Russell\AppData\Roaming\GetValue.vbs
2011-12-24 05:07:30 35 ----a-w- C:\Users\Russell\AppData\Roaming\SetValue.bat
2011-12-24 05:07:30 2192 ----a-w- C:\Windows\SysWow64\tmp.reg
2011-12-24 04:43:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-24 04:43:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-24 04:29:45 552464 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-12-24 04:29:44 25560 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-12-24 04:29:44 140760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-12-24 04:29:43 67032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
2011-12-24 04:29:42 849368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
2011-12-24 04:29:42 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcrt19.dll
2011-12-24 04:29:42 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-12-24 04:29:42 505816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll
2011-12-24 04:29:42 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2011-12-24 04:29:42 10452952 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2011-12-24 04:06:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-24 01:15:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-24 01:15:26 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6FCF945-5107-49F7-BDD2-AED867188448}\mpengine.dll
2011-12-24 01:14:42 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-12-24 01:14:41 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-12-24 01:14:39 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-12-24 01:14:38 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-12-24 01:14:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-12-24 01:14:37 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-12-24 01:14:36 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-12-24 01:13:29 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-12-24 01:13:27 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-12-24 01:13:26 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-12-24 01:13:26 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-12-24 01:13:25 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-12-24 01:13:19 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-12-24 01:13:18 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-12-24 01:13:17 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-12-24 01:13:16 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-12-24 01:13:12 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-12-24 01:13:09 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-12-23 21:27:51 -------- d-----w- C:\Windows\SysWow64\Wat
2011-12-23 21:27:51 -------- d-----w- C:\Windows\System32\Wat
2011-12-23 21:03:30 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-12-23 21:03:29 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-12-23 20:34:38 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-12-23 20:34:35 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-12-23 20:34:33 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-12-23 20:34:31 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-12-23 20:34:26 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-12-23 19:46:35 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-12-23 19:46:34 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-12-23 19:46:34 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-12-23 19:46:34 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-12-23 19:46:33 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-12-23 19:46:33 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-12-23 19:46:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-12-23 19:46:33 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-12-23 19:46:32 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-12-23 19:46:30 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-12-22 18:50:45 -------- d-----w- C:\Users\Russell\AppData\Local\ElevatedDiagnostics
2011-12-22 17:24:56 -------- d-----w- C:\f15b838cb6a808f2aad5
2011-12-22 09:02:28 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-12-22 06:00:08 -------- d--h--w- C:\Windows\AxInstSV
2011-12-21 17:45:09 -------- d-----w- C:\ProgramData\WEBREG
2011-12-21 17:44:36 -------- d-----w- C:\Users\Russell\AppData\Local\HP
2011-12-21 17:39:02 -------- d-----w- C:\Windows\SysWow64\spool
2011-12-21 17:37:26 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-12-21 17:36:56 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-12-21 17:33:55 -------- d-----w- C:\Program Files (x86)\HP
2011-12-21 17:32:19 -------- d-----w- C:\Program Files\HP
2011-12-21 17:30:29 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2011-12-21 17:13:38 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-21 16:48:33 -------- dc----w- C:\Users\Russell\AppData\Local\MigWiz
2011-12-21 16:30:22 -------- d-----w- C:\Program Files\CCleaner
2011-12-21 15:43:17 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-12-21 15:43:17 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-12-21 15:41:58 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-12-21 15:41:50 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-21 15:41:49 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-12-21 15:41:46 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-12-21 15:41:46 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-12-21 15:39:10 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39:09 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39:09 2085376 ----a-w- C:\Windows\System32\ole32.dll
2011-12-21 15:39:08 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-12-21 15:39:05 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-12-21 15:39:05 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2011-12-21 15:37:59 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-21 15:36:51 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2011-12-21 15:35:50 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-12-21 15:34:58 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-12-21 15:34:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-12-21 15:34:10 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-12-21 15:34:07 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-12-21 15:34:07 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-12-21 15:34:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-12-21 15:34:04 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-12-21 15:34:04 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2011-12-21 15:33:55 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-12-21 15:33:55 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-12-21 15:33:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-12-21 15:33:53 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-12-21 15:31:59 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-12-21 15:29:51 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-12-21 15:22:11 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-12-21 15:22:10 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-12-21 15:10:14 -------- d-----w- C:\3de724589155eaa6d286bf6e0045
2011-12-21 07:09:04 -------- d-----w- C:\Users\Russell\AppData\Roaming\Malwarebytes
2011-12-21 07:08:18 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-21 07:08:13 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-21 07:08:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-21 07:01:26 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-21 07:01:18 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-21 07:00:35 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-21 07:00:26 -------- d-----w- C:\ProgramData\AVAST Software
2011-12-21 07:00:26 -------- d-----w- C:\Program Files\AVAST Software
2011-12-21 06:21:42 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-12-21 06:20:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-12-21 06:18:43 704000 ----a-w- C:\Windows\System32\cohelper.dll
2011-12-21 06:18:43 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-12-21 06:12:06 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-12-21 05:32:57 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-21 05:26:56 -------- d-----w- C:\Users\Russell\AppData\Local\Thunderbird
2011-12-21 05:24:06 -------- d-----w- C:\Users\Russell\AppData\Local\Mozilla
2011-12-21 05:19:10 -------- d-----w- C:\Users\Russell\AppData\Roaming\OEM
2011-12-21 05:18:34 -------- d-----w- C:\Users\Russell\AppData\Local\VirtualStore
2011-12-21 05:17:53 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-12-21 05:16:53 -------- d-----w- C:\Users\Russell\AppData\Local\Adobe
2011-12-21 04:47:50 -------- d-----w- C:\Program Files (x86)\Barnes & Noble
2011-12-21 04:46:42 -------- d-----w- C:\Windows\en
2011-12-21 04:45:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-12-21 04:43:34 -------- d-----w- C:\Windows\PCHEALTH
2011-12-21 04:42:51 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-12-21 04:42:51 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-12-21 04:42:51 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-12-21 04:42:51 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-12-21 04:42:46 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-12-21 04:42:46 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-12-21 04:42:35 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-12-21 04:42:35 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-12-21 04:42:34 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-12-21 04:42:34 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-12-21 04:40:29 1819648 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
2011-12-21 04:40:03 26604032 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\SingleImageWW.msi
2011-12-21 04:40:02 1248016 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\PidGenX.dll
2011-12-21 04:40:00 5789544 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\osetup.dll
2011-12-21 04:40:00 149352 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
2011-12-21 04:37:33 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-12-21 04:34:04 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-12-21 04:25:42 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-12-21 03:40:03 -------- d-----r- C:\Backup
.
==================== Find3M ====================
.
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:52:35.36 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 30 December 2011 - 06:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434364 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Russell Johnson

Russell Johnson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 30 December 2011 - 10:36 PM

Still having the same problems as noted above. Computer seemed to be running better for a few days, now back to lots of problems....general sluggish response time, more scvhost.exe error messages from Avast, also lots of warnings from Avast about blocked web pages..

I did not get an original windows 7 disk when I bought the computer. Only the back-up disks I created..

Thanks in advance for all your help....

Here is the new log...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Russell at 21:23:26 on 2011-12-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.822 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{068BA458-B45C-47FE-A520-7FA3691B0CDC} : DhcpNameServer = 192.168.10.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\lmq6353j.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-21 44768]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-23 1153368]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-8-30 243232]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-30 18:54:51 -------- d-----w- C:\Program Files (x86)\Coupons
2011-12-30 17:57:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B5A2E0E-C69D-4526-8751-B1605177C192}\offreg.dll
2011-12-30 17:57:17 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B5A2E0E-C69D-4526-8751-B1605177C192}\mpengine.dll
2011-12-28 01:05:11 -------- d-----w- C:\Users\Russell\AppData\Local\Diagnostics
2011-12-27 19:13:14 -------- d-----w- C:\Users\Russell\AppData\Local\Apple Computer
2011-12-27 19:12:56 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-27 19:12:56 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-12-27 19:12:56 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-12-27 19:11:09 -------- d-----w- C:\Program Files\iPod
2011-12-27 19:11:06 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-27 19:11:06 -------- d-----w- C:\Program Files\iTunes
2011-12-27 19:11:06 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-27 19:09:55 -------- d-----w- C:\Users\Russell\AppData\Local\Apple
2011-12-27 19:07:28 -------- d-----w- C:\Program Files\Bonjour
2011-12-27 19:07:28 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-26 01:21:42 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-12-26 01:21:41 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-12-26 01:21:41 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-12-26 01:21:40 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-12-26 01:21:39 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-12-26 01:21:39 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-12-26 01:17:17 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-12-26 01:17:16 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-12-26 01:17:16 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-12-26 01:17:16 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-12-26 01:17:16 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-12-26 01:17:15 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-12-26 01:17:13 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-12-26 01:17:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-12-26 01:17:11 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-12-26 01:17:10 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-12-26 01:17:09 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-12-26 01:12:08 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-12-25 06:47:58 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-12-25 03:57:14 -------- d-----w- C:\ProgramData\VirtualizedApplications
2011-12-25 01:45:38 -------- d-----w- C:\Users\Russell\AppData\Local\SoftGrid Client
2011-12-25 01:45:37 -------- d-----w- C:\Users\Russell\AppData\Roaming\SoftGrid Client
2011-12-25 01:43:56 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-12-25 01:43:34 -------- d-----w- C:\Users\Russell\AppData\Roaming\TP
2011-12-24 05:07:30 691 ----a-w- C:\Users\Russell\AppData\Roaming\GetValue.vbs
2011-12-24 05:07:30 35 ----a-w- C:\Users\Russell\AppData\Roaming\SetValue.bat
2011-12-24 05:07:30 2192 ----a-w- C:\Windows\SysWow64\tmp.reg
2011-12-24 04:43:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-24 04:43:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-24 04:29:45 552464 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2011-12-24 04:29:44 25560 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
2011-12-24 04:29:44 140760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
2011-12-24 04:29:43 67032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
2011-12-24 04:29:42 849368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
2011-12-24 04:29:42 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcrt19.dll
2011-12-24 04:29:42 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-12-24 04:29:42 505816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll
2011-12-24 04:29:42 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2011-12-24 04:29:42 10452952 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2011-12-24 04:06:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-24 01:15:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-24 01:14:41 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-12-23 21:27:51 -------- d-----w- C:\Windows\SysWow64\Wat
2011-12-23 21:27:51 -------- d-----w- C:\Windows\System32\Wat
2011-12-23 21:03:30 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-12-23 21:03:29 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-12-23 19:46:35 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-12-23 19:46:34 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-12-23 19:46:34 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-12-23 19:46:34 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-12-23 19:46:33 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-12-23 19:46:33 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-12-23 19:46:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-12-23 19:46:33 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-12-23 19:46:32 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-12-23 19:46:30 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-12-22 18:50:45 -------- d-----w- C:\Users\Russell\AppData\Local\ElevatedDiagnostics
2011-12-22 17:24:56 -------- d-----w- C:\f15b838cb6a808f2aad5
2011-12-22 09:02:28 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-12-22 06:00:08 -------- d--h--w- C:\Windows\AxInstSV
2011-12-21 17:45:09 -------- d-----w- C:\ProgramData\WEBREG
2011-12-21 17:44:36 -------- d-----w- C:\Users\Russell\AppData\Local\HP
2011-12-21 17:39:02 -------- d-----w- C:\Windows\SysWow64\spool
2011-12-21 17:37:26 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2011-12-21 17:36:56 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-12-21 17:33:55 -------- d-----w- C:\Program Files (x86)\HP
2011-12-21 17:32:19 -------- d-----w- C:\Program Files\HP
2011-12-21 17:30:29 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2011-12-21 17:13:38 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-21 16:48:33 -------- dc----w- C:\Users\Russell\AppData\Local\MigWiz
2011-12-21 16:30:22 -------- d-----w- C:\Program Files\CCleaner
2011-12-21 15:43:17 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-12-21 15:43:17 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-12-21 15:41:58 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-12-21 15:41:50 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-21 15:41:49 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-12-21 15:41:46 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-12-21 15:41:46 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2011-12-21 15:39:10 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39:09 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39:09 2085376 ----a-w- C:\Windows\System32\ole32.dll
2011-12-21 15:39:08 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-12-21 15:39:05 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-12-21 15:39:05 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2011-12-21 15:37:59 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-21 15:36:51 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2011-12-21 15:35:50 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-12-21 15:34:58 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-12-21 15:34:12 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-12-21 15:34:10 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-12-21 15:34:07 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-12-21 15:34:07 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-12-21 15:34:06 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-12-21 15:34:04 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-12-21 15:34:04 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2011-12-21 15:33:55 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-12-21 15:33:55 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-12-21 15:33:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-12-21 15:33:53 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-12-21 15:31:59 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-12-21 15:29:51 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-12-21 15:22:11 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-12-21 15:22:10 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-12-21 15:10:14 -------- d-----w- C:\3de724589155eaa6d286bf6e0045
2011-12-21 07:09:04 -------- d-----w- C:\Users\Russell\AppData\Roaming\Malwarebytes
2011-12-21 07:08:18 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-21 07:08:13 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-21 07:08:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-21 07:01:26 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-21 07:01:18 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-21 07:00:35 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-21 07:00:26 -------- d-----w- C:\ProgramData\AVAST Software
2011-12-21 07:00:26 -------- d-----w- C:\Program Files\AVAST Software
2011-12-21 06:21:42 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-12-21 06:20:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-12-21 06:18:43 704000 ----a-w- C:\Windows\System32\cohelper.dll
2011-12-21 06:18:43 6136 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2011-12-21 06:15:43 20480 ----a-w- C:\Windows\svchost.exe
2011-12-21 06:12:06 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-12-21 05:32:57 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-21 05:26:56 -------- d-----w- C:\Users\Russell\AppData\Local\Thunderbird
2011-12-21 05:24:06 -------- d-----w- C:\Users\Russell\AppData\Local\Mozilla
2011-12-21 05:19:10 -------- d-----w- C:\Users\Russell\AppData\Roaming\OEM
2011-12-21 05:18:34 -------- d-----w- C:\Users\Russell\AppData\Local\VirtualStore
2011-12-21 05:17:53 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-12-21 05:16:53 -------- d-----w- C:\Users\Russell\AppData\Local\Adobe
2011-12-21 04:47:50 -------- d-----w- C:\Program Files (x86)\Barnes & Noble
2011-12-21 04:46:42 -------- d-----w- C:\Windows\en
2011-12-21 04:45:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-12-21 04:43:34 -------- d-----w- C:\Windows\PCHEALTH
2011-12-21 04:42:51 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-12-21 04:42:51 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-12-21 04:42:51 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-12-21 04:42:51 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-12-21 04:42:46 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-12-21 04:42:46 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-12-21 04:42:35 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2011-12-21 04:42:35 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2011-12-21 04:42:34 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2011-12-21 04:42:34 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2011-12-21 04:40:29 1819648 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
2011-12-21 04:40:03 26604032 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\SingleImageWW.msi
2011-12-21 04:40:02 1248016 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\PidGenX.dll
2011-12-21 04:40:00 5789544 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\osetup.dll
2011-12-21 04:40:00 149352 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
2011-12-21 04:37:33 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-12-21 04:34:04 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-12-21 04:25:42 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-12-21 03:40:03 -------- d-----r- C:\Backup
.
==================== Find3M ====================
.
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 21:25:49.23 ===============

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 31 December 2011 - 11:01 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Russell Johnson

Russell Johnson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 31 December 2011 - 03:41 PM

ComboFix 11-12-31.03 - Russell 12/31/2011 12:20:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.704 [GMT -6:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 18:38 . 2011-12-31 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 18:54 . 2011-12-30 18:54 -------- d-----w- c:\program files (x86)\Coupons
2011-12-30 17:57 . 2011-12-31 18:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B5A2E0E-C69D-4526-8751-B1605177C192}\offreg.dll
2011-12-30 17:57 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B5A2E0E-C69D-4526-8751-B1605177C192}\mpengine.dll
2011-12-27 19:12 . 2011-12-27 19:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-27 19:12 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-27 19:12 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-27 19:12 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-27 19:11 . 2011-12-27 19:11 -------- d-----w- c:\program files\iPod
2011-12-27 19:11 . 2011-12-27 19:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-27 19:11 . 2011-12-27 19:12 -------- d-----w- c:\program files\iTunes
2011-12-27 19:11 . 2011-12-27 19:12 -------- d-----w- c:\program files (x86)\iTunes
2011-12-27 19:11 . 2011-12-27 19:11 -------- d-----w- c:\programdata\Apple Computer
2011-12-27 19:09 . 2011-12-27 19:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-27 19:07 . 2011-12-27 19:07 -------- d-----w- c:\program files\Common Files\Apple
2011-12-27 19:07 . 2011-12-27 19:07 -------- d-----w- c:\program files\Bonjour
2011-12-27 19:07 . 2011-12-27 19:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-27 19:07 . 2011-12-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-27 19:07 . 2011-12-27 19:09 -------- d-----w- c:\programdata\Apple
2011-12-26 01:21 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-12-26 01:21 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-12-26 01:21 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-12-26 01:21 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-12-26 01:21 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-12-26 01:21 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-12-26 01:17 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-26 01:17 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-26 01:17 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-26 01:17 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-26 01:17 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-12-26 01:17 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-12-26 01:17 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-26 01:17 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-26 01:17 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-26 01:17 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-12-26 01:17 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-12-26 01:12 . 2011-12-26 01:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-12-25 06:47 . 2011-12-26 02:53 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-12-25 03:57 . 2011-12-25 04:12 -------- d-----w- c:\programdata\VirtualizedApplications
2011-12-25 01:50 . 2011-12-25 01:50 -------- d-----r- C:\MSOCache
2011-12-25 01:43 . 2011-12-26 02:53 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2011-12-24 04:43 . 2011-12-26 02:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-24 04:43 . 2011-12-24 04:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-24 04:06 . 2011-12-24 04:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-24 04:06 . 2011-12-24 04:06 -------- d-----w- c:\windows\system32\Macromed
2011-12-24 01:14 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-12-23 21:27 . 2011-12-23 21:27 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-23 21:27 . 2011-12-23 21:27 -------- d-----w- c:\windows\system32\Wat
2011-12-23 21:03 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-12-23 21:03 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-12-23 19:46 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-23 19:46 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-23 19:46 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-23 19:46 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-23 19:46 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-23 19:46 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-23 19:46 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-23 19:46 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-23 19:46 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-23 19:46 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-22 17:24 . 2011-12-22 17:24 -------- d-----w- C:\f15b838cb6a808f2aad5
2011-12-22 09:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-12-22 06:00 . 2011-12-22 06:00 -------- d--h--w- c:\windows\AxInstSV
2011-12-21 17:45 . 2011-12-21 17:45 -------- d-----w- c:\programdata\WEBREG
2011-12-21 17:39 . 2011-12-21 17:39 -------- d-----w- c:\programdata\HP Product Assistant
2011-12-21 17:39 . 2011-12-21 17:39 -------- d-----w- c:\windows\SysWow64\spool
2011-12-21 17:37 . 2011-12-21 17:37 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-12-21 17:36 . 2011-12-21 17:36 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-12-21 17:33 . 2011-12-21 17:42 -------- d-----w- c:\program files (x86)\HP
2011-12-21 17:32 . 2011-12-21 17:32 -------- d-----w- c:\program files\HP
2011-12-21 17:30 . 2011-12-21 17:46 -------- d-----w- c:\programdata\HP
2011-12-21 17:30 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-12-21 17:15 . 2011-12-21 17:15 -------- d-----w- c:\programdata\Hewlett-Packard
2011-12-21 17:13 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-21 16:30 . 2011-12-21 16:30 -------- d-----w- c:\program files\CCleaner
2011-12-21 15:43 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-12-21 15:43 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-12-21 15:41 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-21 15:41 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-21 15:41 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-12-21 15:41 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-12-21 15:41 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-12-21 15:39 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-12-21 15:39 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-12-21 15:39 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-12-21 15:39 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-12-21 15:37 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 15:36 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-12-21 15:35 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-12-21 15:34 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-21 15:34 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-12-21 15:34 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-12-21 15:34 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-21 15:34 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-21 15:34 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-12-21 15:34 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-12-21 15:34 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2011-12-21 15:33 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-12-21 15:33 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-12-21 15:33 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-21 15:33 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-12-21 15:31 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-12-21 15:29 . 2011-07-16 05:21 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-12-21 15:22 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-12-21 15:22 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-12-21 15:15 . 2011-12-21 15:16 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-21 15:15 . 2011-12-21 15:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-21 15:10 . 2011-12-21 15:15 -------- d-----w- C:\3de724589155eaa6d286bf6e0045
2011-12-21 07:08 . 2011-12-21 07:08 -------- d-----w- c:\programdata\Malwarebytes
2011-12-21 07:08 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 07:08 . 2011-12-21 07:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-21 07:01 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-21 07:01 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-21 07:01 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-21 07:01 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-21 07:01 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-21 07:01 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-21 07:01 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-21 07:00 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-21 07:00 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-21 07:00 . 2011-12-21 07:00 -------- d-----w- c:\programdata\AVAST Software
2011-12-21 07:00 . 2011-12-21 07:00 -------- d-----w- c:\program files\AVAST Software
2011-12-21 06:22 . 2011-12-21 06:22 -------- d-----w- c:\programdata\NVIDIA
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 04:43 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://emachines.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\lmq6353j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\windows\System32\eMachines.scr
.
**************************************************************************
.
Completion time: 2011-12-31 13:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 19:32
.
Pre-Run: 315,232,456,704 bytes free
Post-Run: 318,514,659,328 bytes free
.
- - End Of File - - A360815D952416C47F10E43A3349CFA4

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 31 December 2011 - 04:31 PM

Russell Johnson:

Please do this next:

Posted Image Click Start > Run or Press the Windows Key + R. copy and paste the following text into the run box that opens and press OK:
C:\Qoobox\Add-Remove Programs.txt

Post the contents of the text file that opens in your next reply.

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Please include the following in your next post:
  • Add/Remove programs list
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Russell Johnson

Russell Johnson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 31 December 2011 - 04:44 PM

18 Wheels of Steel - American Long Haul
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Advertising Center
Agatha Christie - Death on the Nile
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Application Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
BufferChm
Build-a-lot 2
C5100
c5100_Help
Carbonite
Chuzzle Deluxe
Copy
Coupon Printer for Windows
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DocProc
Dora's Carnival Adventure
eMachines Game Console
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
FATE
Fax
GPBaseService2
Hotkey Utility
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Identity Card
ImagXpress
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Mesh Runtime
Microsoft Office 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.25)
Mozilla Thunderbird 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA ForceWare Network Access Manager
Penguins!
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Scan
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
UnloadSupport
Virtual Villagers 4 - The Tree of Life
WebReg
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge

--------------

15:36:21.0827 5736 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:36:22.0326 5736 ============================================================
15:36:22.0326 5736 Current date / time: 2011/12/31 15:36:22.0326
15:36:22.0326 5736 SystemInfo:
15:36:22.0326 5736
15:36:22.0326 5736 OS Version: 6.1.7600 ServicePack: 0.0
15:36:22.0326 5736 Product type: Workstation
15:36:22.0326 5736 ComputerName: RUSSELL-PC
15:36:22.0326 5736 UserName: Russell
15:36:22.0326 5736 Windows directory: C:\Windows
15:36:22.0326 5736 System windows directory: C:\Windows
15:36:22.0326 5736 Running under WOW64
15:36:22.0326 5736 Processor architecture: Intel x64
15:36:22.0326 5736 Number of processors: 2
15:36:22.0326 5736 Page size: 0x1000
15:36:22.0326 5736 Boot type: Normal boot
15:36:22.0326 5736 ============================================================
15:36:24.0557 5736 Initialize success
15:36:39.0315 5164 ============================================================
15:36:39.0315 5164 Scan started
15:36:39.0315 5164 Mode: Manual;
15:36:39.0315 5164 ============================================================
15:36:40.0017 5164 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:36:40.0063 5164 1394ohci - ok
15:36:40.0126 5164 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:36:40.0126 5164 ACPI - ok
15:36:40.0252 5164 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:36:40.0252 5164 AcpiPmi - ok
15:36:40.0298 5164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:36:40.0314 5164 adp94xx - ok
15:36:40.0517 5164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:36:40.0548 5164 adpahci - ok
15:36:40.0969 5164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:36:40.0969 5164 adpu320 - ok
15:36:41.0219 5164 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:36:41.0250 5164 AFD - ok
15:36:41.0609 5164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:36:41.0609 5164 agp440 - ok
15:36:41.0702 5164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:36:41.0702 5164 aliide - ok
15:36:41.0749 5164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:36:41.0749 5164 amdide - ok
15:36:41.0796 5164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:36:41.0796 5164 AmdK8 - ok
15:36:41.0858 5164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:36:41.0874 5164 AmdPPM - ok
15:36:41.0936 5164 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:36:41.0936 5164 amdsata - ok
15:36:42.0046 5164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:36:42.0077 5164 amdsbs - ok
15:36:42.0233 5164 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:36:42.0233 5164 amdxata - ok
15:36:42.0420 5164 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:36:42.0420 5164 AppID - ok
15:36:42.0576 5164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:36:42.0576 5164 arc - ok
15:36:42.0623 5164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:36:42.0623 5164 arcsas - ok
15:36:42.0685 5164 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
15:36:42.0685 5164 aswFsBlk - ok
15:36:42.0794 5164 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
15:36:42.0810 5164 aswMonFlt - ok
15:36:42.0872 5164 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
15:36:42.0888 5164 aswRdr - ok
15:36:43.0309 5164 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
15:36:43.0340 5164 aswSnx - ok
15:36:43.0543 5164 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
15:36:43.0590 5164 aswSP - ok
15:36:43.0637 5164 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
15:36:43.0652 5164 aswTdi - ok
15:36:43.0762 5164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:36:43.0762 5164 AsyncMac - ok
15:36:43.0793 5164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:36:43.0808 5164 atapi - ok
15:36:43.0918 5164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:36:43.0933 5164 b06bdrv - ok
15:36:43.0949 5164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:36:43.0949 5164 b57nd60a - ok
15:36:44.0120 5164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:36:44.0120 5164 Beep - ok
15:36:44.0323 5164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:36:44.0323 5164 blbdrive - ok
15:36:44.0432 5164 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:36:44.0432 5164 bowser - ok
15:36:44.0573 5164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:36:44.0573 5164 BrFiltLo - ok
15:36:44.0682 5164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:36:44.0682 5164 BrFiltUp - ok
15:36:44.0978 5164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:36:44.0994 5164 Brserid - ok
15:36:45.0197 5164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:36:45.0212 5164 BrSerWdm - ok
15:36:45.0524 5164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:36:45.0540 5164 BrUsbMdm - ok
15:36:45.0758 5164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:36:45.0758 5164 BrUsbSer - ok
15:36:46.0086 5164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:36:46.0102 5164 BTHMODEM - ok
15:36:46.0195 5164 catchme - ok
15:36:46.0351 5164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:36:46.0351 5164 cdfs - ok
15:36:46.0429 5164 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:36:46.0429 5164 cdrom - ok
15:36:46.0538 5164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:36:46.0538 5164 circlass - ok
15:36:46.0616 5164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:36:46.0616 5164 CLFS - ok
15:36:46.0897 5164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:36:46.0897 5164 CmBatt - ok
15:36:47.0225 5164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:36:47.0240 5164 cmdide - ok
15:36:47.0521 5164 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:36:47.0552 5164 CNG - ok
15:36:47.0771 5164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:36:47.0786 5164 Compbatt - ok
15:36:47.0864 5164 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:36:47.0864 5164 CompositeBus - ok
15:36:47.0942 5164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:36:47.0942 5164 crcdisk - ok
15:36:48.0083 5164 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:36:48.0083 5164 DfsC - ok
15:36:48.0176 5164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:36:48.0176 5164 discache - ok
15:36:48.0239 5164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:36:48.0286 5164 Disk - ok
15:36:48.0364 5164 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:36:48.0379 5164 Dot4 - ok
15:36:48.0410 5164 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:36:48.0410 5164 Dot4Print - ok
15:36:48.0504 5164 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:36:48.0504 5164 dot4usb - ok
15:36:48.0551 5164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:36:48.0551 5164 drmkaud - ok
15:36:48.0800 5164 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:36:48.0816 5164 DXGKrnl - ok
15:36:49.0424 5164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:36:49.0502 5164 ebdrv - ok
15:36:49.0736 5164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:36:49.0768 5164 elxstor - ok
15:36:50.0173 5164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:36:50.0204 5164 ErrDev - ok
15:36:50.0532 5164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:36:50.0548 5164 exfat - ok
15:36:50.0735 5164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:36:50.0750 5164 fastfat - ok
15:36:50.0891 5164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:36:50.0891 5164 fdc - ok
15:36:51.0000 5164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:36:51.0016 5164 FileInfo - ok
15:36:51.0328 5164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:36:51.0328 5164 Filetrace - ok
15:36:51.0593 5164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:36:51.0593 5164 flpydisk - ok
15:36:51.0905 5164 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:36:51.0936 5164 FltMgr - ok
15:36:52.0108 5164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:36:52.0154 5164 FsDepends - ok
15:36:52.0170 5164 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:36:52.0170 5164 Fs_Rec - ok
15:36:52.0264 5164 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:36:52.0264 5164 fvevol - ok
15:36:52.0451 5164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:36:52.0466 5164 gagp30kx - ok
15:36:52.0669 5164 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:36:52.0685 5164 GEARAspiWDM - ok
15:36:52.0856 5164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:36:52.0856 5164 hcw85cir - ok
15:36:52.0950 5164 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:36:52.0950 5164 HdAudAddService - ok
15:36:53.0075 5164 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:36:53.0075 5164 HDAudBus - ok
15:36:53.0106 5164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:36:53.0122 5164 HidBatt - ok
15:36:53.0137 5164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:36:53.0153 5164 HidBth - ok
15:36:53.0418 5164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:36:53.0465 5164 HidIr - ok
15:36:53.0668 5164 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:36:53.0668 5164 HidUsb - ok
15:36:53.0902 5164 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:36:53.0933 5164 HpSAMD - ok
15:36:54.0198 5164 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:36:54.0229 5164 HTTP - ok
15:36:54.0401 5164 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:36:54.0401 5164 hwpolicy - ok
15:36:54.0541 5164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:36:54.0541 5164 i8042prt - ok
15:36:54.0619 5164 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:36:54.0619 5164 iaStorV - ok
15:36:54.0713 5164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:36:54.0744 5164 iirsp - ok
15:36:54.0884 5164 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
15:36:54.0916 5164 IntcAzAudAddService - ok
15:36:55.0259 5164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:36:55.0259 5164 intelide - ok
15:36:55.0477 5164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:36:55.0524 5164 intelppm - ok
15:36:55.0680 5164 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:36:55.0696 5164 IpFilterDriver - ok
15:36:55.0711 5164 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:36:55.0727 5164 IPMIDRV - ok
15:36:55.0852 5164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:36:55.0883 5164 IPNAT - ok
15:36:55.0976 5164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:36:55.0976 5164 IRENUM - ok
15:36:56.0023 5164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:36:56.0023 5164 isapnp - ok
15:36:56.0054 5164 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:36:56.0054 5164 iScsiPrt - ok
15:36:56.0101 5164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:36:56.0101 5164 kbdclass - ok
15:36:56.0148 5164 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:36:56.0148 5164 kbdhid - ok
15:36:56.0226 5164 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:36:56.0226 5164 KSecDD - ok
15:36:56.0320 5164 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:36:56.0320 5164 KSecPkg - ok
15:36:56.0351 5164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:36:56.0351 5164 ksthunk - ok
15:36:56.0476 5164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:36:56.0476 5164 lltdio - ok
15:36:56.0554 5164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:36:56.0569 5164 LSI_FC - ok
15:36:56.0585 5164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:36:56.0585 5164 LSI_SAS - ok
15:36:56.0632 5164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:36:56.0647 5164 LSI_SAS2 - ok
15:36:56.0694 5164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:36:56.0694 5164 LSI_SCSI - ok
15:36:56.0756 5164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:36:56.0772 5164 luafv - ok
15:36:56.0834 5164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:36:56.0834 5164 megasas - ok
15:36:56.0850 5164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:36:56.0850 5164 MegaSR - ok
15:36:56.0912 5164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:36:56.0912 5164 Modem - ok
15:36:56.0990 5164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:36:57.0006 5164 monitor - ok
15:36:57.0068 5164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:36:57.0068 5164 mouclass - ok
15:36:57.0115 5164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:36:57.0115 5164 mouhid - ok
15:36:57.0162 5164 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:36:57.0162 5164 mountmgr - ok
15:36:57.0240 5164 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:36:57.0256 5164 mpio - ok
15:36:57.0302 5164 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:36:57.0318 5164 mpsdrv - ok
15:36:57.0458 5164 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:36:57.0474 5164 MRxDAV - ok
15:36:57.0677 5164 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:36:57.0677 5164 mrxsmb - ok
15:36:57.0817 5164 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:36:57.0817 5164 mrxsmb10 - ok
15:36:57.0926 5164 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:36:57.0942 5164 mrxsmb20 - ok
15:36:58.0098 5164 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:36:58.0098 5164 msahci - ok
15:36:58.0207 5164 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:36:58.0238 5164 msdsm - ok
15:36:58.0441 5164 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:36:58.0457 5164 Msfs - ok
15:36:58.0488 5164 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:36:58.0800 5164 mshidkmdf - ok
15:36:58.0909 5164 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:36:59.0206 5164 msisadrv - ok
15:36:59.0518 5164 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:36:59.0518 5164 MSKSSRV - ok
15:36:59.0876 5164 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:36:59.0876 5164 MSPCLOCK - ok
15:37:00.0095 5164 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:37:00.0110 5164 MSPQM - ok
15:37:00.0469 5164 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:37:00.0485 5164 MsRPC - ok
15:37:00.0781 5164 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:37:00.0781 5164 mssmbios - ok
15:37:01.0031 5164 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:37:01.0062 5164 MSTEE - ok
15:37:01.0296 5164 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:37:01.0296 5164 MTConfig - ok
15:37:01.0405 5164 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:37:01.0405 5164 Mup - ok
15:37:01.0702 5164 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:37:01.0702 5164 NativeWifiP - ok
15:37:02.0123 5164 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:37:02.0154 5164 NDIS - ok
15:37:02.0450 5164 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:37:02.0450 5164 NdisCap - ok
15:37:02.0809 5164 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:37:02.0809 5164 NdisTapi - ok
15:37:03.0230 5164 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:37:03.0246 5164 Ndisuio - ok
15:37:03.0371 5164 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:37:03.0386 5164 NdisWan - ok
15:37:03.0558 5164 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:37:03.0574 5164 NDProxy - ok
15:37:03.0761 5164 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:37:03.0776 5164 NetBIOS - ok
15:37:03.0870 5164 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:37:03.0917 5164 NetBT - ok
15:37:04.0276 5164 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:37:04.0276 5164 nfrd960 - ok
15:37:04.0525 5164 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:37:04.0541 5164 Npfs - ok
15:37:04.0712 5164 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:37:04.0712 5164 nsiproxy - ok
15:37:05.0212 5164 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:37:05.0290 5164 Ntfs - ok
15:37:05.0524 5164 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:37:05.0539 5164 Null - ok
15:37:05.0976 5164 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:37:06.0054 5164 NVENETFD - ok
15:37:08.0083 5164 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:37:08.0457 5164 nvlddmkm - ok
15:37:08.0660 5164 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
15:37:08.0723 5164 NVNET - ok
15:37:09.0066 5164 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:37:09.0128 5164 nvraid - ok
15:37:09.0518 5164 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:37:09.0596 5164 nvstor - ok
15:37:09.0846 5164 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
15:37:09.0846 5164 nvstor64 - ok
15:37:10.0251 5164 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:37:10.0267 5164 nv_agp - ok
15:37:10.0657 5164 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:37:10.0673 5164 ohci1394 - ok
15:37:10.0985 5164 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:37:10.0985 5164 Parport - ok
15:37:11.0328 5164 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:37:11.0406 5164 partmgr - ok
15:37:11.0671 5164 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:37:11.0718 5164 pci - ok
15:37:11.0796 5164 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:37:11.0811 5164 pciide - ok
15:37:12.0061 5164 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:37:12.0077 5164 pcmcia - ok
15:37:12.0155 5164 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:37:12.0170 5164 pcw - ok
15:37:12.0217 5164 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:37:12.0233 5164 PEAUTH - ok
15:37:12.0389 5164 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:37:12.0420 5164 PptpMiniport - ok
15:37:12.0529 5164 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:37:12.0545 5164 Processor - ok
15:37:12.0623 5164 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:37:12.0623 5164 Psched - ok
15:37:12.0810 5164 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:37:12.0857 5164 ql2300 - ok
15:37:13.0059 5164 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:37:13.0059 5164 ql40xx - ok
15:37:13.0309 5164 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:37:13.0325 5164 QWAVEdrv - ok
15:37:13.0465 5164 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:37:13.0512 5164 RasAcd - ok
15:37:13.0761 5164 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:37:13.0777 5164 RasAgileVpn - ok
15:37:14.0058 5164 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:14.0058 5164 Rasl2tp - ok
15:37:14.0136 5164 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:14.0136 5164 RasPppoe - ok
15:37:14.0245 5164 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:37:14.0245 5164 RasSstp - ok
15:37:14.0323 5164 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:37:14.0323 5164 rdbss - ok
15:37:14.0401 5164 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:37:14.0417 5164 rdpbus - ok
15:37:14.0432 5164 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:14.0448 5164 RDPCDD - ok
15:37:14.0510 5164 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:37:14.0526 5164 RDPENCDD - ok
15:37:14.0573 5164 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:37:14.0573 5164 RDPREFMP - ok
15:37:14.0588 5164 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:37:14.0604 5164 RDPWD - ok
15:37:14.0666 5164 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
15:37:14.0666 5164 rdyboost - ok
15:37:14.0760 5164 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:37:14.0760 5164 rspndr - ok
15:37:14.0775 5164 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:37:14.0791 5164 sbp2port - ok
15:37:14.0900 5164 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:37:14.0916 5164 scfilter - ok
15:37:14.0978 5164 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:37:14.0978 5164 secdrv - ok
15:37:15.0041 5164 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:37:15.0041 5164 Serenum - ok
15:37:15.0056 5164 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:37:15.0056 5164 Serial - ok
15:37:15.0072 5164 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:37:15.0072 5164 sermouse - ok
15:37:15.0087 5164 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:37:15.0087 5164 sffdisk - ok
15:37:15.0103 5164 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:37:15.0103 5164 sffp_mmc - ok
15:37:15.0119 5164 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:37:15.0119 5164 sffp_sd - ok
15:37:15.0119 5164 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:37:15.0119 5164 sfloppy - ok
15:37:15.0228 5164 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:37:15.0228 5164 SiSRaid2 - ok
15:37:15.0243 5164 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:37:15.0243 5164 SiSRaid4 - ok
15:37:15.0321 5164 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:37:15.0321 5164 Smb - ok
15:37:15.0384 5164 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:37:15.0399 5164 spldr - ok
15:37:15.0509 5164 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:37:15.0524 5164 srv - ok
15:37:15.0945 5164 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:37:15.0977 5164 srv2 - ok
15:37:16.0211 5164 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:37:16.0289 5164 srvnet - ok
15:37:16.0601 5164 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:37:16.0647 5164 stexstor - ok
15:37:16.0819 5164 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:37:16.0866 5164 swenum - ok
15:37:17.0381 5164 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:37:17.0412 5164 Tcpip - ok
15:37:17.0880 5164 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:37:17.0895 5164 TCPIP6 - ok
15:37:18.0145 5164 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:37:18.0192 5164 tcpipreg - ok
15:37:18.0207 5164 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:37:18.0207 5164 TDPIPE - ok
15:37:18.0207 5164 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:37:18.0223 5164 TDTCP - ok
15:37:18.0270 5164 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:37:18.0270 5164 tdx - ok
15:37:18.0410 5164 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:37:18.0410 5164 TermDD - ok
15:37:18.0535 5164 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:18.0535 5164 tssecsrv - ok
15:37:18.0644 5164 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:37:18.0644 5164 tunnel - ok
15:37:18.0691 5164 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:37:18.0691 5164 uagp35 - ok
15:37:18.0722 5164 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:37:18.0738 5164 udfs - ok
15:37:18.0831 5164 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:37:18.0847 5164 uliagpkx - ok
15:37:18.0909 5164 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:37:18.0909 5164 umbus - ok
15:37:19.0050 5164 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:37:19.0065 5164 UmPass - ok
15:37:19.0268 5164 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:37:19.0284 5164 USBAAPL64 - ok
15:37:19.0580 5164 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:19.0596 5164 usbccgp - ok
15:37:19.0970 5164 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:37:19.0970 5164 usbcir - ok
15:37:20.0220 5164 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
15:37:20.0220 5164 usbehci - ok
15:37:20.0438 5164 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:37:20.0438 5164 usbhub - ok
15:37:20.0657 5164 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
15:37:20.0719 5164 usbohci - ok
15:37:20.0844 5164 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:37:20.0844 5164 usbprint - ok
15:37:20.0891 5164 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:37:20.0906 5164 usbscan - ok
15:37:21.0031 5164 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\DRIVERS\usbser.sys
15:37:21.0031 5164 usbser - ok
15:37:21.0156 5164 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:21.0156 5164 USBSTOR - ok
15:37:21.0312 5164 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
15:37:21.0327 5164 usbuhci - ok
15:37:21.0468 5164 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:37:21.0468 5164 vdrvroot - ok
15:37:21.0546 5164 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:21.0561 5164 vga - ok
15:37:21.0655 5164 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:37:21.0655 5164 VgaSave - ok
15:37:22.0061 5164 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:37:22.0092 5164 vhdmp - ok
15:37:22.0388 5164 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:37:22.0388 5164 viaide - ok
15:37:22.0466 5164 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:37:22.0482 5164 volmgr - ok
15:37:22.0497 5164 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:37:22.0513 5164 volmgrx - ok
15:37:22.0560 5164 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:37:22.0560 5164 volsnap - ok
15:37:22.0653 5164 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:37:22.0700 5164 vsmraid - ok
15:37:23.0043 5164 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:37:23.0043 5164 vwifibus - ok
15:37:23.0215 5164 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:37:23.0231 5164 WacomPen - ok
15:37:23.0730 5164 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:23.0761 5164 WANARP - ok
15:37:23.0792 5164 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:23.0792 5164 Wanarpv6 - ok
15:37:23.0901 5164 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:37:23.0901 5164 Wd - ok
15:37:23.0964 5164 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:37:23.0979 5164 Wdf01000 - ok
15:37:24.0135 5164 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:37:24.0182 5164 WfpLwf - ok
15:37:24.0557 5164 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:37:24.0572 5164 WIMMount - ok
15:37:24.0759 5164 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:37:24.0759 5164 WinUsb - ok
15:37:24.0962 5164 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:37:24.0962 5164 WmiAcpi - ok
15:37:25.0056 5164 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:37:25.0103 5164 ws2ifsl - ok
15:37:25.0149 5164 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:37:25.0165 5164 WudfPf - ok
15:37:25.0290 5164 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:25.0305 5164 WUDFRd - ok
15:37:25.0321 5164 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
15:37:25.0352 5164 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:37:25.0352 5164 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:37:25.0399 5164 Boot (0x1200) (7f8a94a5e0df110a601c59fb6a1ae568) \Device\Harddisk0\DR0\Partition0
15:37:25.0399 5164 \Device\Harddisk0\DR0\Partition0 - ok
15:37:25.0446 5164 Boot (0x1200) (f48388f2b46ca433951971c7098e4c40) \Device\Harddisk0\DR0\Partition1
15:37:25.0461 5164 \Device\Harddisk0\DR0\Partition1 - ok
15:37:25.0461 5164 ============================================================
15:37:25.0461 5164 Scan finished
15:37:25.0461 5164 ============================================================
15:37:25.0477 4716 Detected object count: 1
15:37:25.0477 4716 Actual detected object count: 1
15:37:49.0165 4716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:37:49.0211 4716 \Device\Harddisk0\DR0 - ok
15:37:49.0211 4716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:38:44.0453 0148 Deinitialize success

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 31 December 2011 - 04:50 PM

Russell Johnson:

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DirLook::

DirLook::
C:\f15b838cb6a808f2aad5

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 Russell Johnson

Russell Johnson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 31 December 2011 - 06:25 PM

I got the following error messages:

1. while creating restore point...

The Contents of folder c:/windows/erdnt/Hiv-backup could not be completely deleted!

2. After Completed stage _2

pev.3XE has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solutuon is available.

Then the scan seemed to finish normally...




ComboFix 11-12-31.03 - Russell 12/31/2011 17:02:43.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.784 [GMT -6:00]
Running from: c:\users\Russell\Desktop\ComboFix.exe
Command switches used :: c:\users\Russell\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 23:10 . 2011-12-31 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 18:54 . 2011-12-30 18:54 -------- d-----w- c:\program files (x86)\Coupons
2011-12-30 17:57 . 2011-12-31 21:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B5A2E0E-C69D-4526-8751-B1605177C192}\offreg.dll
2011-12-30 17:57 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B5A2E0E-C69D-4526-8751-B1605177C192}\mpengine.dll
2011-12-27 19:12 . 2011-12-27 19:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-27 19:12 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-27 19:12 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-27 19:12 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-27 19:11 . 2011-12-27 19:11 -------- d-----w- c:\program files\iPod
2011-12-27 19:11 . 2011-12-27 19:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-27 19:11 . 2011-12-27 19:12 -------- d-----w- c:\program files\iTunes
2011-12-27 19:11 . 2011-12-27 19:12 -------- d-----w- c:\program files (x86)\iTunes
2011-12-27 19:11 . 2011-12-27 19:11 -------- d-----w- c:\programdata\Apple Computer
2011-12-27 19:09 . 2011-12-27 19:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-27 19:07 . 2011-12-27 19:07 -------- d-----w- c:\program files\Common Files\Apple
2011-12-27 19:07 . 2011-12-27 19:07 -------- d-----w- c:\program files\Bonjour
2011-12-27 19:07 . 2011-12-27 19:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-27 19:07 . 2011-12-27 19:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-27 19:07 . 2011-12-27 19:09 -------- d-----w- c:\programdata\Apple
2011-12-26 01:21 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-12-26 01:21 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-12-26 01:21 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-12-26 01:21 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-12-26 01:21 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-12-26 01:21 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-12-26 01:17 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-12-26 01:17 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-26 01:17 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-26 01:17 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-12-26 01:17 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-12-26 01:17 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-12-26 01:17 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-12-26 01:17 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-12-26 01:17 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-26 01:17 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-12-26 01:17 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-12-26 01:12 . 2011-12-26 01:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-12-25 06:47 . 2011-12-26 02:53 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-12-25 03:57 . 2011-12-25 04:12 -------- d-----w- c:\programdata\VirtualizedApplications
2011-12-25 01:50 . 2011-12-25 01:50 -------- d-----r- C:\MSOCache
2011-12-25 01:43 . 2011-12-26 02:53 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2011-12-24 04:43 . 2011-12-26 02:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-24 04:43 . 2011-12-24 04:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-24 04:06 . 2011-12-24 04:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-24 04:06 . 2011-12-24 04:06 -------- d-----w- c:\windows\system32\Macromed
2011-12-24 01:14 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-12-23 21:27 . 2011-12-23 21:27 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-23 21:27 . 2011-12-23 21:27 -------- d-----w- c:\windows\system32\Wat
2011-12-23 21:03 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-12-23 21:03 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-12-23 19:46 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-23 19:46 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-23 19:46 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-23 19:46 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-23 19:46 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-23 19:46 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-23 19:46 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-23 19:46 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-23 19:46 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-23 19:46 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-22 17:24 . 2011-12-22 17:24 -------- d-----w- C:\f15b838cb6a808f2aad5
2011-12-22 09:02 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-12-22 06:00 . 2011-12-22 06:00 -------- d--h--w- c:\windows\AxInstSV
2011-12-21 17:45 . 2011-12-21 17:45 -------- d-----w- c:\programdata\WEBREG
2011-12-21 17:39 . 2011-12-21 17:39 -------- d-----w- c:\programdata\HP Product Assistant
2011-12-21 17:39 . 2011-12-21 17:39 -------- d-----w- c:\windows\SysWow64\spool
2011-12-21 17:37 . 2011-12-21 17:37 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2011-12-21 17:36 . 2011-12-21 17:36 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-12-21 17:33 . 2011-12-21 17:42 -------- d-----w- c:\program files (x86)\HP
2011-12-21 17:32 . 2011-12-21 17:32 -------- d-----w- c:\program files\HP
2011-12-21 17:30 . 2011-12-21 17:46 -------- d-----w- c:\programdata\HP
2011-12-21 17:30 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2011-12-21 17:15 . 2011-12-21 17:15 -------- d-----w- c:\programdata\Hewlett-Packard
2011-12-21 17:13 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-21 16:30 . 2011-12-21 16:30 -------- d-----w- c:\program files\CCleaner
2011-12-21 15:43 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-12-21 15:43 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-12-21 15:41 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-21 15:41 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-21 15:41 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-12-21 15:41 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-12-21 15:41 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-12-21 15:39 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-12-21 15:39 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-12-21 15:39 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-12-21 15:39 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-12-21 15:39 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-12-21 15:37 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-21 15:36 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-12-21 15:35 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-12-21 15:34 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-12-21 15:34 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-12-21 15:34 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-12-21 15:34 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-12-21 15:34 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-12-21 15:34 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-12-21 15:34 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-12-21 15:34 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2011-12-21 15:33 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-12-21 15:33 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-12-21 15:33 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-12-21 15:33 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-12-21 15:31 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-12-21 15:29 . 2011-07-16 05:21 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-12-21 15:22 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-12-21 15:22 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-12-21 15:15 . 2011-12-21 15:16 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-21 15:15 . 2011-12-21 15:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-12-21 15:10 . 2011-12-21 15:15 -------- d-----w- C:\3de724589155eaa6d286bf6e0045
2011-12-21 07:08 . 2011-12-21 07:08 -------- d-----w- c:\programdata\Malwarebytes
2011-12-21 07:08 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-21 07:08 . 2011-12-21 07:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-21 07:01 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-21 07:01 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-21 07:01 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-21 07:01 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-21 07:01 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-21 07:01 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-21 07:01 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-21 07:00 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-21 07:00 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-21 07:00 . 2011-12-21 07:00 -------- d-----w- c:\programdata\AVAST Software
2011-12-21 07:00 . 2011-12-21 07:00 -------- d-----w- c:\program files\AVAST Software
2011-12-21 06:22 . 2011-12-21 06:22 -------- d-----w- c:\programdata\NVIDIA
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 04:43 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\f15b838cb6a808f2aad5 ----
.
2011-12-22 17:24 . 2011-12-22 17:24 788 ---ha-w- c:\f15b838cb6a808f2aad5\$shtdwn$.req
2008-10-01 03:07 . 2008-10-01 03:07 6042112 ----a-w- c:\f15b838cb6a808f2aad5\msxml.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-31_19.10.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-12-31 23:14 37274 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-21 05:08 . 2011-12-31 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-21 05:08 . 2011-12-30 18:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 05:08 . 2011-12-31 21:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-21 05:08 . 2011-12-30 18:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-30 18:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-31 21:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-21 06:32 . 2011-12-31 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-21 06:32 . 2011-12-31 18:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 06:32 . 2011-12-31 23:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-21 06:32 . 2011-12-31 18:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-21 06:32 . 2011-12-31 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-21 06:32 . 2011-12-31 18:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-21 05:17 . 2011-12-31 23:14 5722 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2124076295-3869709370-3708648650-1001_UserData.bin
+ 2011-12-31 23:12 . 2011-12-31 23:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-31 18:41 . 2011-12-31 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-31 23:12 . 2011-12-31 23:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-31 18:41 . 2011-12-31 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-12-31 18:41 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-31 23:12 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-31 18:41 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-31 23:12 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-21 14:33 . 2011-12-31 20:39 229676 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2011-12-21 06:11 . 2011-12-31 19:09 114688 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-21 06:11 . 2011-12-31 23:14 114688 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-21 06:11 . 2011-12-31 19:09 196608 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-21 06:11 . 2011-12-31 23:14 196608 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-31 23:12 4014080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-31 18:41 4014080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2011-12-31 18:54 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-12-31 20:20 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:41 1005712 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:34 1271440 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://emachines.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Russell\AppData\Roaming\Mozilla\Firefox\Profiles\lmq6353j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-12-31 17:19:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 23:19
ComboFix2.txt 2011-12-31 19:32
.
Pre-Run: 318,430,392,320 bytes free
Post-Run: 318,073,651,200 bytes free
.
- - End Of File - - 861847B410999BDD6D80D92C712DB79D


MBAM log upcoming soon....

#10 Russell Johnson

Russell Johnson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 01 January 2012 - 02:26 AM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Russell :: RUSSELL-PC [administrator]

12/31/2011 5:26:05 PM
mbam-log-2011-12-31 (17-26-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429971
Time elapsed: 1 hour(s), 4 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Backup\Russell\AppData\Local\Temp\ywerrtyerw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Russell\Downloads\Downloads\oi_setup.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 01 January 2012 - 02:46 AM

Russell Johnson:

How is your computer running now? Please do this next:

Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 Russell Johnson

Russell Johnson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 01 January 2012 - 12:30 PM

The computer seems to be running much better, but that pattern has happened before since these problems started...great for a few days, then lots of virus and bad page warnings and sluggishness. ESET scan found 10 infections...

C:\Backup\Russell\AppData\Local\Temp\2B64.tmp a variant of Win32/Kryptik.XRY trojan
C:\Backup\Russell\AppData\Local\Temp\slp9122399593040367766.tmp Win32/Olmarik.AXW trojan
C:\Backup\Russell\AppData\Roaming\Niepell\izgizyi.exe Win32/Spy.Zbot.YW trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Windows\SysWOW64\Process.exe.vir Win32/PrcView application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\Russell\Downloads\Downloads\FCTBSetup.exe Win32/Toolbar.Zugo application
C:\Users\Russell\Downloads\Downloads\SetupArcadeWeb.exe a variant of Win32/Adware.Gamevance.BE application


Thanks, RJ

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 01 January 2012 - 01:49 PM

Russell Johnson:

This will take care of those ESET detections:

Posted Image Open notepad and copy/paste the text in the quotebox below into it:

@echo off
del "C:\Backup\Russell\AppData\Local\Temp\2B64.tmp"
del "C:\Backup\Russell\AppData\Local\Temp\slp9122399593040367766.tmp"
del "C:\Backup\Russell\AppData\Roaming\Niepell\izgizyi.exe"
del /Q %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this: Posted Image
Right click on fix.bat, select "Run as administrator" and let it run.

Your Freecorder and arcade applications were flagged because they contain adware, install toolbars or have other unclear objectives. If you no longer want them uninstall them via Control Panel > Programs > uninstall a prograam

Other than that your logs look good. All I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • TDSSKiller
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
    Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
    • Restart any anti-malware programs that we disabled while we were cleaning your machine.
    • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
    • Please read this post for some helpful information.
    Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 Russell Johnson

Russell Johnson
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 03 January 2012 - 12:52 AM

Hi, it looks like all is good! I greatly appreciate the help, especially over the holiday!

Thanks,

RJ

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 PM

Posted 03 January 2012 - 05:13 PM

You're welcome, Russell. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users