Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Torpig


  • This topic is locked This topic is locked
37 replies to this topic

#1 DannieW

DannieW

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 07 January 2012 - 02:57 AM

The following is copied from CBL Lookup "This IP is infected with, or is NATting for a machine infected with Torpig, also known by Symantec as Anserin.

This was detected by observing this IP attempting to make contact to a Torpig Command and Control server at 84.163.151.128, with contents unique to Torpig C&C command protocols.

Torpig is a banking trojan, specializing in stealing personal information (passwords, account information, etc) from interactions with banking sites.

Torpig is normally dropped by Mebroot. Mebroot is a Rootkit that installs itself into the MBR (Master Boot Record)."

I have tried going through their instructions but to be honest they confused me more than anything. I used the tcpview program they recommended but really did not see anything (like I would know really) that seemed suspicious. I also used the netstat 5 command again with the same results.

Not sure if it matters or not but I am on a wireless home network with wireless internet.

I am not completely computer stupid but this is beyond my knowledge so any and all help would be greatly appreciated before I result to wiping my hard drive to zero's and reinstalling. Due to the nature of this Torpig obviously getting it cleaned out asap is a must. Thank you in advance.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mom at 1:13:39 on 2012-01-07
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2166 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
C:\Users\Mom\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\SearchIndexer.exe
E:\autorun.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Users\Mom\AppData\Roaming\mjusbsp\magicJack.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com
mWinlogon: Userinit=userinit.exe,
BHO: Picasa: {138b4b0a-923a-4981-ae90-ee90fac91ce0} - C:\Users\Mom\AppData\LocalLow\Picasa\IE\Picasa.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [cdloader] "C:\Users\Mom\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN193434MJ05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9A982324-5525-4E2B-B797-3AF3E31CB4E0} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{A2D740A6-43C1-44AE-93C0-09DAACEF6D14} : DhcpNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
BHO-X64: Picasa: {138B4B0A-923A-4981-AE90-EE90FAC91CE0} - C:\Users\Mom\AppData\LocalLow\Picasa\IE\Picasa.dll
BHO-X64: Picasa - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\byxive2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Mom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mom\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-7-18 146816]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-5 44768]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-6 652872]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [2011-11-27 287024]
R2 PicasaUpdater;Picasa Updater;C:\Users\Mom\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe [2011-9-2 18432]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2012-1-2 45056]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?]
R3 pctNdisMP;PC Tools Driver;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
R3 pctplfw;pctplfw;\??\C:\Windows\System32\drivers\pctplfw64.sys --> C:\Windows\System32\drivers\pctplfw64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-07 06:17:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0AAA46A-8DB1-486A-9EF1-4E684519D094}\offreg.dll
2012-01-07 06:12:35 -------- d-----w- C:\Users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 06:12:16 -------- d-----w- C:\ProgramData\!SASCORE
2012-01-07 06:12:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-07 05:35:29 -------- d-----w- C:\Users\Mom\AppData\Roaming\Malwarebytes
2012-01-07 05:35:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-07 05:35:14 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-07 05:35:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-07 05:07:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-01-07 04:48:07 -------- d-----w- C:\ProgramData\SecTaskMan
2012-01-07 04:15:32 388096 ----a-r- C:\Users\Mom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-07 04:15:32 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-07 03:42:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-07 03:39:37 -------- d-----w- C:\Program Files\CCleaner
2012-01-07 02:44:42 -------- d-----w- C:\Windows\pss
2012-01-02 20:57:00 -------- d-----w- C:\ProgramData\SLGenie
2012-01-02 18:07:57 -------- d-----w- C:\ProgramData\TEBrowser
2012-01-02 18:07:16 -------- d-----w- C:\Program Files (x86)\Webily Project
2012-01-02 16:46:45 380928 ----a-w- C:\Windows\RtlUI2.exe
2012-01-02 16:46:44 614400 ----a-w- C:\Windows\SysWow64\Rtlihvs.dll
2012-01-02 16:46:43 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2012-01-02 16:46:43 188416 ----a-w- C:\Windows\SysWow64\RTLExtUI.dll
2012-01-01 17:07:06 -------- d-----w- C:\Program Files (x86)\Affiliate ID Manager
2012-01-01 01:52:29 -------- d-----w- C:\Program Files (x86)\Viral Article Publisher
2011-12-30 21:48:34 598048 ----a-w- C:\Windows\System32\drivers\RTL8192cu.sys
2011-12-30 21:41:30 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2011-12-30 21:40:00 -------- d-----w- C:\Netgear
2011-12-30 20:43:37 16200 ----a-w- C:\Windows\stinger.sys
2011-12-27 17:55:08 -------- d-----w- C:\Windows\Hewlett-Packard
2011-12-25 23:16:58 -------- d-----w- C:\Users\Mom\AppData\Local\Diagnostics
2011-12-25 03:47:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-24 18:03:29 -------- d-----w- C:\Program Files (x86)\SpeedBit Video Accelerator
2011-12-24 17:52:12 -------- d-----w- C:\ProgramData\SpeedBit
2011-12-24 17:52:08 84480 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2011-12-24 17:52:08 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2011-12-24 17:52:08 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2011-12-24 17:52:06 -------- d-----w- C:\Program Files (x86)\DAP
2011-12-24 17:51:20 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2011-12-23 22:35:59 -------- d-----w- C:\The Elder Scrolls V Skyrim
2011-12-23 06:23:48 -------- d-----w- C:\Program Files (x86)\Steam
2011-12-23 05:26:12 -------- d-----w- C:\Nexus Mod Manager
2011-12-23 05:11:16 -------- d-----w- C:\Users\Mom\AppData\Local\Black_Tree_Gaming
2011-12-22 22:01:13 -------- d-----w- C:\Users\Mom\AppData\Local\Skyrim
2011-12-22 20:23:59 238088 ----a-w- C:\Windows\SysWow64\xactengine3_0.dll
2011-12-21 22:54:43 -------- d-----w- C:\Windows\System32\appmgmt
2011-12-21 20:35:00 -------- d-----w- C:\Users\Mom\AppData\Roaming\FrostWire
2011-12-21 20:34:38 -------- d-----w- C:\Program Files (x86)\FrostWire
2011-12-21 20:23:49 -------- d-----w- C:\Users\Mom\AppData\Local\APN
2011-12-21 05:13:31 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-12-20 22:02:21 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-12-20 22:02:21 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-12-20 22:02:21 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-12-20 22:02:21 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-12-20 22:02:21 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-12-20 22:02:21 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-12-20 22:02:21 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-12-20 22:02:15 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-12-20 22:02:15 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-12-20 21:48:40 -------- d-----w- C:\Users\Mom\AppData\Roaming\DAEMON Tools Lite
2011-12-20 21:48:37 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2011-12-20 21:30:33 530488 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-12-20 20:01:55 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-12-20 20:01:55 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-12-20 20:01:55 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-12-20 20:01:55 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-12-20 20:01:55 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-12-20 20:01:55 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-12-20 20:01:55 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-12-20 20:01:55 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-12-20 20:01:55 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-12-20 20:01:55 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-12-20 20:01:54 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-20 20:01:50 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D0AAA46A-8DB1-486A-9EF1-4E684519D094}\mpengine.dll
2011-12-20 19:38:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-20 19:38:12 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-20 19:36:38 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-20 19:35:53 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-20 19:35:53 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-20 19:35:50 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-20 19:31:54 -------- d-----w- C:\Program Files (x86)\ADLSoft UnCompressor
2011-12-20 05:23:28 -------- d-----w- C:\Program Files (x86)\WinAce
2011-12-20 01:37:59 -------- d-----w- C:\Program Files (x86)\Kyodai Mahjongg
2011-12-20 01:28:03 -------- d-----w- C:\Users\Mom\AppData\Local\Oblivion
2011-12-18 22:15:53 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-12-18 22:15:09 -------- d-----w- C:\Users\Mom\AppData\Roaming\BitTorrent
2011-12-18 21:17:57 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2011-12-13 05:16:44 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-12-13 05:16:43 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-12-13 04:23:42 -------- d-----w- C:\ATI
2011-12-13 03:31:43 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-11 01:56:38 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-12-11 01:34:15 -------- d-----w- C:\Windows\SysWow64\Wat
2011-12-11 01:34:15 -------- d-----w- C:\Windows\System32\Wat
2011-12-11 01:15:52 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-12-11 01:15:52 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-12-11 00:55:02 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-12-11 00:55:02 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-12-11 00:48:45 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-12-11 00:41:23 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-12-11 00:37:32 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-12-11 00:37:32 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-12-11 00:37:32 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-12-11 00:37:32 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-12-11 00:35:15 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-12-11 00:35:15 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-12-11 00:33:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-12-11 00:32:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-12-11 00:31:59 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-11 00:30:59 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-12-11 00:29:17 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-12-11 00:28:39 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-12-11 00:28:39 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-12-11 00:28:38 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-12-11 00:28:38 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-12-11 00:28:27 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2011-12-11 00:26:51 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2011-12-11 00:24:25 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-12-11 00:23:53 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-12-11 00:23:53 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-12-11 00:23:52 112000 ----a-w- C:\Windows\System32\consent.exe
2011-12-11 00:23:51 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-12-11 00:23:51 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-12-11 00:23:51 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-12-11 00:23:51 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-12-11 00:23:11 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-12-11 00:01:16 -------- d-----w- C:\ProgramData\RegInOut
2011-12-11 00:01:09 -------- d-----w- C:\Windows\RegInOut System Utilities
2011-12-10 06:09:26 -------- d-----w- C:\Users\Mom\AppData\Local\DDMSettings
2011-12-10 06:06:02 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-12-10 06:05:14 -------- d-----w- C:\Program Files\DivX
2011-12-10 06:04:54 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2011-12-10 05:56:05 -------- d-----w- C:\Program Files (x86)\DivX
2011-12-10 05:51:54 -------- d-----w- C:\ProgramData\DivX
2011-12-10 05:31:52 -------- d-----w- C:\Users\Mom\AppData\Local\Ilivid Player
2011-12-10 05:26:55 -------- dc-h--w- C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
2011-12-10 05:22:58 -------- d-----w- C:\Users\Mom\AppData\Local\PackageAware
.
==================== Find3M ====================
.
2011-12-20 22:58:33 187392 ----a-w- C:\Windows\SysWow64\binkw32.dll
2011-12-20 22:56:55 187392 ----a-w- C:\Windows\System32\binkw32.dll
2011-11-30 15:10:27 15664 ----a-w- C:\Windows\SysWow64\drivers\GEARAspiWDM.sys
2011-11-30 15:10:27 109360 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-28 03:39:32 0 ----a-w- C:\Windows\ativpsrm.bin
2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-20 23:26:22 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
.
============= FINISH: 1:14:28.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DannieW

DannieW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 07 January 2012 - 03:20 AM

This log may or may not help so attaching it anyway just in case.

Thanks again

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 12 January 2012 - 01:54 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 DannieW

DannieW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 January 2012 - 02:55 AM

No other problems to report as of yet. Just ran the Combofix so can't really tell you how the computer is doing yet but I can tell you that CB Lookup no longer has my ip adress blocked. Very odd as I haven't really done anything except scans. Anyway here is the Cobofix log

ComboFix 12-01-12.02 - Mom 01/12/2012 1:38.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2754 [GMT -6:00]
Running from: c:\users\Mom\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\ReadMe.txt
c:\windows\SysWow64\ReadMe.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 07:41 . 2012-01-12 07:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 07:06 . 2011-11-28 17:54 140120 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-01-12 07:05 . 2011-11-28 17:53 258392 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-01-12 07:05 . 2011-11-28 17:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-01-12 06:54 . 2012-01-12 06:54 -------- d-----w- c:\users\Mom\AppData\Roaming\RoboForm
2012-01-12 06:22 . 2012-01-12 06:22 -------- d-----w- c:\program files\Samsung
2012-01-08 17:32 . 2012-01-08 17:32 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 17:32 . 2012-01-08 17:32 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 17:32 . 2012-01-08 17:32 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 17:32 . 2012-01-08 17:32 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-08 15:18 . 2012-01-08 15:18 -------- d-----w- c:\program files (x86)\TeamViewer
2012-01-08 00:39 . 2012-01-08 00:39 -------- d-----w- c:\program files (x86)\Glary Utilities
2012-01-07 06:12 . 2012-01-07 06:12 -------- d-----w- c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 06:12 . 2012-01-07 06:12 -------- d-----w- c:\programdata\!SASCORE
2012-01-07 06:12 . 2012-01-09 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-07 05:35 . 2012-01-07 05:35 -------- d-----w- c:\users\Mom\AppData\Roaming\Malwarebytes
2012-01-07 05:35 . 2012-01-07 05:35 -------- d-----w- c:\programdata\Malwarebytes
2012-01-07 05:35 . 2012-01-07 05:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-07 05:35 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 05:07 . 2012-01-07 05:07 -------- d-----w- c:\program files (x86)\ESET
2012-01-07 04:48 . 2012-01-07 06:07 -------- d-----w- c:\programdata\SecTaskMan
2012-01-07 04:15 . 2012-01-07 04:15 388096 ----a-r- c:\users\Mom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-07 04:15 . 2012-01-07 04:15 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-07 03:42 . 2012-01-07 03:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-07 03:39 . 2012-01-07 03:39 -------- d-----w- c:\program files\CCleaner
2012-01-02 20:57 . 2012-01-02 20:57 -------- d-----w- c:\programdata\SLGenie
2012-01-02 18:07 . 2012-01-02 18:28 -------- d-----w- c:\programdata\TEBrowser
2012-01-02 18:07 . 2012-01-02 20:56 -------- d-----w- c:\program files (x86)\Webily Project
2012-01-02 16:46 . 2009-03-31 20:31 380928 ----a-w- c:\windows\RtlUI2.exe
2012-01-02 16:46 . 2008-07-01 18:31 614400 ----a-w- c:\windows\SysWow64\Rtlihvs.dll
2012-01-02 16:46 . 2009-04-02 16:27 188416 ----a-w- c:\windows\SysWow64\RTLExtUI.dll
2012-01-02 16:46 . 2009-02-05 08:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2012-01-01 17:07 . 2012-01-01 17:07 -------- d-----w- c:\program files (x86)\Affiliate ID Manager
2012-01-01 01:52 . 2012-01-01 01:52 -------- d-----w- c:\program files (x86)\Viral Article Publisher
2011-12-30 21:48 . 2010-03-26 23:43 598048 ----a-w- c:\windows\system32\drivers\RTL8192cu.sys
2011-12-30 21:41 . 2010-06-30 08:27 35840 ----a-r- c:\windows\system32\drivers\BVRPMPR5a64.SYS
2011-12-30 21:40 . 2011-12-30 21:47 -------- d-----w- C:\Netgear
2011-12-30 20:43 . 2011-12-30 21:24 16200 ----a-w- c:\windows\stinger.sys
2011-12-27 17:55 . 2011-12-27 17:55 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-25 23:16 . 2012-01-08 20:17 -------- d-----w- c:\users\Mom\AppData\Local\Diagnostics
2011-12-25 03:47 . 2011-12-25 03:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-24 18:03 . 2012-01-07 06:14 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2011-12-24 17:52 . 2011-12-24 17:52 -------- d-----w- c:\programdata\SpeedBit
2011-12-24 17:52 . 2011-12-24 17:52 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2011-12-24 17:52 . 2011-12-24 17:51 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2011-12-24 17:52 . 2011-12-24 17:51 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2011-12-24 17:52 . 2011-12-24 17:55 -------- d-----w- c:\program files (x86)\DAP
2011-12-24 17:51 . 2011-12-24 17:51 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2011-12-23 22:35 . 2011-12-30 00:04 -------- d-----w- C:\The Elder Scrolls V Skyrim
2011-12-23 06:23 . 2012-01-07 03:51 -------- d-----w- c:\program files (x86)\Steam
2011-12-23 05:26 . 2011-12-23 05:26 -------- d-----w- C:\Nexus Mod Manager
2011-12-23 05:11 . 2011-12-23 05:26 -------- d-----w- c:\users\Mom\AppData\Local\Black_Tree_Gaming
2011-12-22 22:01 . 2011-12-22 22:01 -------- d-----w- c:\users\Mom\AppData\Local\Skyrim
2011-12-22 20:23 . 2008-03-05 22:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2011-12-21 22:54 . 2011-12-21 22:54 -------- d-----w- c:\windows\system32\appmgmt
2011-12-21 20:35 . 2012-01-07 03:51 -------- d-----w- c:\users\Mom\AppData\Roaming\FrostWire
2011-12-21 20:34 . 2011-12-21 22:29 -------- d-----w- c:\program files (x86)\FrostWire
2011-12-21 20:23 . 2011-12-21 20:23 -------- d-----w- c:\users\Mom\AppData\Local\APN
2011-12-21 05:13 . 2011-12-24 18:19 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-12-20 22:02 . 2005-04-04 05:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-12-20 22:02 . 2005-04-04 05:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-12-20 22:02 . 2005-04-04 05:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-12-20 22:02 . 2005-04-04 05:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-12-20 22:02 . 2005-04-04 05:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-12-20 22:02 . 2005-04-04 04:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-12-20 22:02 . 2005-04-04 04:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-12-20 22:02 . 2011-12-20 22:02 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-12-20 22:02 . 2011-12-20 22:02 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-12-20 21:48 . 2012-01-07 03:51 -------- d-----w- c:\users\Mom\AppData\Roaming\DAEMON Tools Lite
2011-12-20 21:48 . 2011-12-20 21:48 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-20 21:30 . 2011-12-20 21:30 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-20 20:01 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-20 20:01 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-20 20:01 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-20 20:01 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-20 20:01 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-20 20:01 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-20 20:01 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-20 20:01 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-20 20:01 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-20 20:01 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-20 20:01 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0AAA46A-8DB1-486A-9EF1-4E684519D094}\mpengine.dll
2011-12-20 19:38 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-20 19:38 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-20 19:36 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-20 19:35 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-20 19:35 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-20 19:35 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-20 19:31 . 2011-12-20 19:31 -------- d-----w- c:\program files (x86)\ADLSoft UnCompressor
2011-12-20 05:23 . 2011-12-20 05:23 -------- d-----w- c:\program files (x86)\WinAce
2011-12-20 02:28 . 2011-12-20 18:14 -------- d-----w- c:\program files (x86)\7-Zip
2011-12-20 01:37 . 2011-12-20 01:38 -------- d-----w- c:\program files (x86)\Kyodai Mahjongg
2011-12-20 01:28 . 2011-12-20 23:15 -------- d-----w- c:\users\Mom\AppData\Local\Oblivion
2011-12-18 22:15 . 2011-12-18 22:15 -------- d-----w- c:\program files (x86)\BitTorrent
2011-12-18 22:15 . 2012-01-07 03:51 -------- d-----w- c:\users\Mom\AppData\Roaming\BitTorrent
2011-12-18 21:17 . 2011-12-20 22:02 -------- d-----w- c:\program files (x86)\Bethesda Softworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 22:58 . 2011-06-14 16:35 187392 ----a-w- c:\windows\SysWow64\binkw32.dll
2011-12-20 22:56 . 2011-06-14 16:35 187392 ----a-w- c:\windows\system32\binkw32.dll
2011-12-11 01:36 . 2011-12-11 01:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-11 01:36 . 2011-12-11 01:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-11 01:36 . 2011-12-11 01:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-11 01:36 . 2011-12-11 01:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-11 01:36 . 2011-12-11 01:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-11 01:36 . 2011-12-11 01:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-11 01:36 . 2011-12-11 01:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-11 01:36 . 2011-12-11 01:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-11 01:36 . 2011-12-11 01:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-11 01:36 . 2011-12-11 01:36 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-11 01:36 . 2011-12-11 01:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-11 01:36 . 2011-12-11 01:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-11 01:36 . 2011-12-11 01:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-11 01:36 . 2011-12-11 01:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-11 01:36 . 2011-12-11 01:36 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-11 01:36 . 2011-12-11 01:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-11 01:36 . 2011-12-11 01:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-11 01:36 . 2011-12-11 01:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-11 01:36 . 2011-12-11 01:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-11 01:36 . 2011-12-11 01:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-11 01:36 . 2011-12-11 01:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-11 01:36 . 2011-12-11 01:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-11 01:36 . 2011-12-11 01:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-11 01:36 . 2011-12-11 01:36 448512 ----a-w- c:\windows\system32\html.iec
2011-12-11 01:36 . 2011-12-11 01:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-11 01:36 . 2011-12-11 01:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-11 01:36 . 2011-12-11 01:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-11 01:36 . 2011-12-11 01:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-11 01:36 . 2011-12-11 01:36 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-11 01:36 . 2011-12-11 01:36 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-11 01:36 . 2011-12-11 01:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-11 01:36 . 2011-12-11 01:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-11 01:36 . 2011-12-11 01:36 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-11 01:36 . 2011-12-11 01:36 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-11 01:36 . 2011-12-11 01:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-11 01:36 . 2011-12-11 01:36 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-12-11 01:36 . 2011-12-11 01:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-11 01:36 . 2011-12-11 01:36 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-11 01:36 . 2011-12-11 01:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-11 01:36 . 2011-12-11 01:36 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-11 01:36 . 2011-12-11 01:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-11 01:36 . 2011-12-11 01:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-30 15:10 . 2011-11-30 14:39 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2011-11-30 15:10 . 2011-11-30 14:39 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-28 18:01 . 2011-11-28 05:41 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-11-28 05:41 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-11-28 05:41 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-11-28 05:41 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-11-28 05:42 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-11-28 05:42 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-11-28 05:42 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-11-28 05:41 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-11-28 05:42 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-15 20:29 . 2011-11-28 04:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-26 03:05 . 2011-10-26 03:05 10496512 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:16 . 2011-10-26 02:16 24866816 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2010-05-27 17:02 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2011-01-27 04:59 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-26 01:55 . 2010-05-27 16:54 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-26 01:46 . 2011-01-27 04:40 5041664 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-26 01:43 . 2011-10-26 01:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-26 01:43 . 2011-01-27 04:32 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-26 01:38 . 2011-10-26 01:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-26 01:38 . 2011-10-26 01:38 9978880 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-26 01:35 . 2010-05-27 16:37 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-26 01:32 . 2010-05-27 16:31 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-26 01:29 . 2011-01-27 04:22 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-26 01:29 . 2011-11-28 03:37 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-26 01:22 . 2011-10-26 01:22 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2010-05-27 16:25 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-26 01:21 . 2010-05-27 16:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-26 01:21 . 2011-01-27 04:12 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-26 01:20 . 2010-05-27 16:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"cdloader"="c:\users\Mom\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 2676584]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-12-24 2980016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-09 5486464]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-01-12 96016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-01-09 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 PicasaUpdater;Picasa Updater;c:\users\Mom\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe [2011-09-02 18432]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-01-21 45056]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-08 22:09]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001Core.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 03:45]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001UA.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 03:45]
.
2012-01-12 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-12 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001Core.job
- c:\users\Mom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-11-28 03:48]
.
2012-01-12 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001UA.job
- c:\users\Mom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-11-28 03:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: avast! EasyPass Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 10.0.0.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\byxive2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\users\Mom\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
c:\users\Mom\AppData\Roaming\mjusbsp\magicJack.exe
.
**************************************************************************
.
Completion time: 2012-01-12 01:46:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 07:46
.
Pre-Run: 898,180,800,512 bytes free
Post-Run: 898,017,849,344 bytes free
.
- - End Of File - - 036BFE64D0F8093E348DEB94BC27CDE8

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 12 January 2012 - 03:17 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 DannieW

DannieW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 January 2012 - 10:11 AM

TDSKiller report

09:08:49.0347 3272 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
09:08:49.0830 3272 ============================================================
09:08:49.0830 3272 Current date / time: 2012/01/12 09:08:49.0830
09:08:49.0830 3272 SystemInfo:
09:08:49.0830 3272
09:08:49.0830 3272 OS Version: 6.1.7600 ServicePack: 0.0
09:08:49.0830 3272 Product type: Workstation
09:08:49.0830 3272 ComputerName: PAININTHEASS
09:08:49.0830 3272 UserName: Mom
09:08:49.0830 3272 Windows directory: C:\Windows
09:08:49.0830 3272 System windows directory: C:\Windows
09:08:49.0830 3272 Running under WOW64
09:08:49.0830 3272 Processor architecture: Intel x64
09:08:49.0830 3272 Number of processors: 4
09:08:49.0830 3272 Page size: 0x1000
09:08:49.0830 3272 Boot type: Normal boot
09:08:49.0830 3272 ============================================================
09:08:50.0782 3272 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
09:08:50.0844 3272 Initialize success
09:08:52.0732 4596 ============================================================
09:08:52.0732 4596 Scan started
09:08:52.0732 4596 Mode: Manual;
09:08:52.0732 4596 ============================================================
09:08:53.0699 4596 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:08:53.0699 4596 1394ohci - ok
09:08:53.0715 4596 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:08:53.0730 4596 ACPI - ok
09:08:53.0746 4596 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:08:53.0746 4596 AcpiPmi - ok
09:08:53.0762 4596 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:08:53.0762 4596 adp94xx - ok
09:08:53.0777 4596 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:08:53.0777 4596 adpahci - ok
09:08:53.0793 4596 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:08:53.0793 4596 adpu320 - ok
09:08:53.0824 4596 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
09:08:53.0840 4596 AFD - ok
09:08:53.0918 4596 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:08:53.0918 4596 agp440 - ok
09:08:53.0964 4596 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:08:53.0964 4596 aliide - ok
09:08:53.0996 4596 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:08:53.0996 4596 amdide - ok
09:08:54.0011 4596 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:08:54.0011 4596 AmdK8 - ok
09:08:54.0198 4596 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
09:08:54.0276 4596 amdkmdag - ok
09:08:54.0386 4596 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
09:08:54.0386 4596 amdkmdap - ok
09:08:54.0432 4596 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:08:54.0432 4596 AmdPPM - ok
09:08:54.0448 4596 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
09:08:54.0464 4596 amdsata - ok
09:08:54.0479 4596 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:08:54.0479 4596 amdsbs - ok
09:08:54.0557 4596 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
09:08:54.0573 4596 amdxata - ok
09:08:54.0604 4596 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:08:54.0604 4596 AppID - ok
09:08:54.0635 4596 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:08:54.0651 4596 arc - ok
09:08:54.0666 4596 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:08:54.0666 4596 arcsas - ok
09:08:54.0666 4596 AsIO - ok
09:08:54.0760 4596 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
09:08:54.0760 4596 aswFsBlk - ok
09:08:54.0807 4596 aswFW (78c8f46f4bd5f9dcfe2af5dfea33f334) C:\Windows\system32\drivers\aswFW.sys
09:08:54.0807 4596 aswFW - ok
09:08:54.0822 4596 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
09:08:54.0822 4596 aswMonFlt - ok
09:08:54.0854 4596 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
09:08:54.0854 4596 aswNdis - ok
09:08:54.0885 4596 aswNdis2 (a985fa77a3262bc119e6e520cda645b0) C:\Windows\system32\drivers\aswNdis2.sys
09:08:54.0885 4596 aswNdis2 - ok
09:08:54.0900 4596 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
09:08:54.0900 4596 aswRdr - ok
09:08:54.0994 4596 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
09:08:55.0010 4596 aswSnx - ok
09:08:55.0025 4596 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
09:08:55.0025 4596 aswSP - ok
09:08:55.0041 4596 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
09:08:55.0041 4596 aswTdi - ok
09:08:55.0072 4596 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:08:55.0072 4596 AsyncMac - ok
09:08:55.0150 4596 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:08:55.0150 4596 atapi - ok
09:08:55.0212 4596 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
09:08:55.0212 4596 AtiHDAudioService - ok
09:08:55.0244 4596 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
09:08:55.0244 4596 AtiHdmiService - ok
09:08:55.0275 4596 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:08:55.0275 4596 AtiPcie - ok
09:08:55.0400 4596 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:08:55.0400 4596 b06bdrv - ok
09:08:55.0431 4596 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:08:55.0431 4596 b57nd60a - ok
09:08:55.0462 4596 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:08:55.0462 4596 Beep - ok
09:08:55.0493 4596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:08:55.0509 4596 blbdrive - ok
09:08:55.0587 4596 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
09:08:55.0587 4596 bowser - ok
09:08:55.0618 4596 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:08:55.0618 4596 BrFiltLo - ok
09:08:55.0634 4596 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:08:55.0634 4596 BrFiltUp - ok
09:08:55.0665 4596 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:08:55.0665 4596 BridgeMP - ok
09:08:55.0680 4596 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:08:55.0680 4596 Brserid - ok
09:08:55.0680 4596 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:08:55.0680 4596 BrSerWdm - ok
09:08:55.0696 4596 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:08:55.0696 4596 BrUsbMdm - ok
09:08:55.0696 4596 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:08:55.0696 4596 BrUsbSer - ok
09:08:55.0712 4596 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:08:55.0712 4596 BTHMODEM - ok
09:08:55.0805 4596 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
09:08:55.0805 4596 BVRPMPR5a64 - ok
09:08:55.0821 4596 catchme - ok
09:08:55.0883 4596 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:08:55.0883 4596 cdfs - ok
09:08:55.0930 4596 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:08:55.0930 4596 cdrom - ok
09:08:55.0961 4596 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:08:55.0961 4596 circlass - ok
09:08:56.0102 4596 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:08:56.0117 4596 CLFS - ok
09:08:56.0164 4596 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:08:56.0164 4596 CmBatt - ok
09:08:56.0180 4596 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:08:56.0180 4596 cmdide - ok
09:08:56.0211 4596 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
09:08:56.0211 4596 CNG - ok
09:08:56.0273 4596 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:08:56.0273 4596 Compbatt - ok
09:08:56.0304 4596 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:08:56.0304 4596 CompositeBus - ok
09:08:56.0367 4596 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:08:56.0367 4596 crcdisk - ok
09:08:56.0414 4596 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
09:08:56.0414 4596 CSC - ok
09:08:56.0523 4596 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
09:08:56.0523 4596 DfsC - ok
09:08:56.0554 4596 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:08:56.0554 4596 discache - ok
09:08:56.0601 4596 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:08:56.0601 4596 Disk - ok
09:08:56.0648 4596 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:08:56.0648 4596 drmkaud - ok
09:08:56.0679 4596 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
09:08:56.0679 4596 DXGKrnl - ok
09:08:56.0804 4596 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:08:56.0835 4596 ebdrv - ok
09:08:56.0882 4596 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:08:56.0897 4596 elxstor - ok
09:08:56.0913 4596 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:08:56.0928 4596 ErrDev - ok
09:08:57.0006 4596 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:08:57.0006 4596 exfat - ok
09:08:57.0022 4596 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:08:57.0038 4596 fastfat - ok
09:08:57.0053 4596 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:08:57.0053 4596 fdc - ok
09:08:57.0116 4596 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:08:57.0116 4596 FileInfo - ok
09:08:57.0131 4596 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:08:57.0131 4596 Filetrace - ok
09:08:57.0147 4596 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:08:57.0147 4596 flpydisk - ok
09:08:57.0162 4596 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:08:57.0162 4596 FltMgr - ok
09:08:57.0178 4596 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:08:57.0178 4596 FsDepends - ok
09:08:57.0240 4596 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:08:57.0240 4596 Fs_Rec - ok
09:08:57.0272 4596 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:08:57.0287 4596 fvevol - ok
09:08:57.0303 4596 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:08:57.0303 4596 gagp30kx - ok
09:08:57.0396 4596 GEARAspiWDM - ok
09:08:57.0474 4596 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:08:57.0490 4596 hcw85cir - ok
09:08:57.0552 4596 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
09:08:57.0552 4596 HdAudAddService - ok
09:08:57.0599 4596 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:08:57.0615 4596 HDAudBus - ok
09:08:57.0630 4596 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:08:57.0630 4596 HidBatt - ok
09:08:57.0646 4596 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:08:57.0646 4596 HidBth - ok
09:08:57.0724 4596 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:08:57.0724 4596 HidIr - ok
09:08:57.0786 4596 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:08:57.0786 4596 HidUsb - ok
09:08:57.0802 4596 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:08:57.0802 4596 HpSAMD - ok
09:08:57.0849 4596 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:08:57.0849 4596 HTTP - ok
09:08:57.0864 4596 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:08:57.0864 4596 hwpolicy - ok
09:08:57.0942 4596 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:08:57.0942 4596 i8042prt - ok
09:08:57.0974 4596 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
09:08:57.0974 4596 iaStorV - ok
09:08:58.0005 4596 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:08:58.0005 4596 iirsp - ok
09:08:58.0036 4596 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:08:58.0036 4596 intelide - ok
09:08:58.0067 4596 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:08:58.0067 4596 intelppm - ok
09:08:58.0083 4596 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:08:58.0083 4596 IpFilterDriver - ok
09:08:58.0098 4596 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:08:58.0098 4596 IPMIDRV - ok
09:08:58.0098 4596 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:08:58.0098 4596 IPNAT - ok
09:08:58.0114 4596 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:08:58.0114 4596 IRENUM - ok
09:08:58.0145 4596 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:08:58.0145 4596 isapnp - ok
09:08:58.0176 4596 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:08:58.0176 4596 iScsiPrt - ok
09:08:58.0254 4596 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:08:58.0254 4596 kbdclass - ok
09:08:58.0270 4596 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:08:58.0270 4596 kbdhid - ok
09:08:58.0301 4596 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
09:08:58.0301 4596 KSecDD - ok
09:08:58.0332 4596 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
09:08:58.0332 4596 KSecPkg - ok
09:08:58.0348 4596 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:08:58.0348 4596 ksthunk - ok
09:08:58.0426 4596 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:08:58.0426 4596 lltdio - ok
09:08:58.0504 4596 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:08:58.0520 4596 LSI_FC - ok
09:08:58.0535 4596 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:08:58.0535 4596 LSI_SAS - ok
09:08:58.0551 4596 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:08:58.0551 4596 LSI_SAS2 - ok
09:08:58.0566 4596 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:08:58.0566 4596 LSI_SCSI - ok
09:08:58.0598 4596 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:08:58.0598 4596 luafv - ok
09:08:58.0613 4596 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:08:58.0613 4596 megasas - ok
09:08:58.0629 4596 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:08:58.0629 4596 MegaSR - ok
09:08:58.0691 4596 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:08:58.0707 4596 Modem - ok
09:08:58.0722 4596 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:08:58.0738 4596 monitor - ok
09:08:58.0769 4596 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:08:58.0769 4596 mouclass - ok
09:08:58.0816 4596 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:08:58.0816 4596 mouhid - ok
09:08:58.0847 4596 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:08:58.0847 4596 mountmgr - ok
09:08:58.0863 4596 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:08:58.0863 4596 mpio - ok
09:08:58.0941 4596 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:08:58.0941 4596 mpsdrv - ok
09:08:58.0972 4596 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:08:58.0972 4596 MRxDAV - ok
09:08:59.0019 4596 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:08:59.0019 4596 mrxsmb - ok
09:08:59.0066 4596 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:08:59.0066 4596 mrxsmb10 - ok
09:08:59.0097 4596 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:08:59.0097 4596 mrxsmb20 - ok
09:08:59.0128 4596 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:08:59.0128 4596 msahci - ok
09:08:59.0206 4596 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:08:59.0206 4596 msdsm - ok
09:08:59.0222 4596 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:08:59.0237 4596 Msfs - ok
09:08:59.0237 4596 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:08:59.0237 4596 mshidkmdf - ok
09:08:59.0253 4596 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:08:59.0253 4596 msisadrv - ok
09:08:59.0300 4596 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:08:59.0300 4596 MSKSSRV - ok
09:08:59.0315 4596 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:08:59.0315 4596 MSPCLOCK - ok
09:08:59.0331 4596 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:08:59.0331 4596 MSPQM - ok
09:08:59.0409 4596 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:08:59.0409 4596 MsRPC - ok
09:08:59.0440 4596 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:08:59.0440 4596 mssmbios - ok
09:08:59.0456 4596 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:08:59.0456 4596 MSTEE - ok
09:08:59.0471 4596 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:08:59.0471 4596 MTConfig - ok
09:08:59.0502 4596 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
09:08:59.0502 4596 MTsensor - ok
09:08:59.0534 4596 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:08:59.0534 4596 Mup - ok
09:08:59.0627 4596 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:08:59.0643 4596 NativeWifiP - ok
09:08:59.0690 4596 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:08:59.0705 4596 NDIS - ok
09:08:59.0721 4596 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:08:59.0721 4596 NdisCap - ok
09:08:59.0768 4596 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:08:59.0768 4596 NdisTapi - ok
09:08:59.0830 4596 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:08:59.0846 4596 Ndisuio - ok
09:08:59.0861 4596 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:08:59.0861 4596 NdisWan - ok
09:08:59.0892 4596 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:08:59.0892 4596 NDProxy - ok
09:08:59.0908 4596 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:08:59.0908 4596 NetBIOS - ok
09:08:59.0939 4596 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:08:59.0939 4596 NetBT - ok
09:08:59.0986 4596 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:08:59.0986 4596 nfrd960 - ok
09:09:00.0064 4596 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:09:00.0064 4596 Npfs - ok
09:09:00.0095 4596 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:09:00.0095 4596 nsiproxy - ok
09:09:00.0142 4596 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
09:09:00.0158 4596 Ntfs - ok
09:09:00.0189 4596 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:09:00.0189 4596 Null - ok
09:09:00.0236 4596 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
09:09:00.0236 4596 nvraid - ok
09:09:00.0282 4596 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
09:09:00.0282 4596 nvstor - ok
09:09:00.0314 4596 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:09:00.0314 4596 nv_agp - ok
09:09:00.0314 4596 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:09:00.0314 4596 ohci1394 - ok
09:09:00.0345 4596 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:09:00.0345 4596 Parport - ok
09:09:00.0376 4596 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
09:09:00.0376 4596 partmgr - ok
09:09:00.0438 4596 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:09:00.0438 4596 pci - ok
09:09:00.0470 4596 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:09:00.0485 4596 pciide - ok
09:09:00.0501 4596 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:09:00.0501 4596 pcmcia - ok
09:09:00.0516 4596 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:09:00.0516 4596 pcw - ok
09:09:00.0548 4596 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:09:00.0548 4596 PEAUTH - ok
09:09:00.0672 4596 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:09:00.0688 4596 PptpMiniport - ok
09:09:00.0704 4596 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:09:00.0704 4596 Processor - ok
09:09:00.0750 4596 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:09:00.0750 4596 Psched - ok
09:09:00.0782 4596 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:09:00.0797 4596 ql2300 - ok
09:09:00.0813 4596 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:09:00.0813 4596 ql40xx - ok
09:09:00.0906 4596 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:09:00.0906 4596 QWAVEdrv - ok
09:09:00.0922 4596 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:09:00.0922 4596 RasAcd - ok
09:09:00.0953 4596 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:09:00.0969 4596 RasAgileVpn - ok
09:09:00.0984 4596 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:09:00.0984 4596 Rasl2tp - ok
09:09:01.0062 4596 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:09:01.0078 4596 RasPppoe - ok
09:09:01.0187 4596 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:09:01.0203 4596 RasSstp - ok
09:09:01.0234 4596 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:09:01.0250 4596 rdbss - ok
09:09:01.0343 4596 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:09:01.0343 4596 rdpbus - ok
09:09:01.0452 4596 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:09:01.0468 4596 RDPCDD - ok
09:09:01.0530 4596 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
09:09:01.0546 4596 RDPDR - ok
09:09:01.0655 4596 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:09:01.0655 4596 RDPENCDD - ok
09:09:01.0733 4596 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:09:01.0733 4596 RDPREFMP - ok
09:09:01.0780 4596 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
09:09:01.0796 4596 RDPWD - ok
09:09:01.0842 4596 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:09:01.0842 4596 rdyboost - ok
09:09:01.0936 4596 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:09:01.0936 4596 rspndr - ok
09:09:01.0983 4596 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:09:01.0998 4596 RTL8167 - ok
09:09:02.0092 4596 RTL8192cu (a9a97e2b999ace3e5dfd72034f376d06) C:\Windows\system32\DRIVERS\RTL8192cu.sys
09:09:02.0092 4596 RTL8192cu - ok
09:09:02.0123 4596 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
09:09:02.0123 4596 s3cap - ok
09:09:02.0201 4596 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:09:02.0201 4596 SASDIFSV - ok
09:09:02.0217 4596 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:09:02.0217 4596 SASKUTIL - ok
09:09:02.0326 4596 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:09:02.0326 4596 sbp2port - ok
09:09:02.0404 4596 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:09:02.0420 4596 scfilter - ok
09:09:02.0451 4596 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:09:02.0451 4596 secdrv - ok
09:09:02.0466 4596 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:09:02.0482 4596 Serenum - ok
09:09:02.0498 4596 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:09:02.0498 4596 Serial - ok
09:09:02.0544 4596 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:09:02.0544 4596 sermouse - ok
09:09:02.0607 4596 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:09:02.0607 4596 sffdisk - ok
09:09:02.0669 4596 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:09:02.0685 4596 sffp_mmc - ok
09:09:02.0700 4596 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:09:02.0700 4596 sffp_sd - ok
09:09:02.0716 4596 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:09:02.0716 4596 sfloppy - ok
09:09:02.0747 4596 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:09:02.0747 4596 SiSRaid2 - ok
09:09:02.0810 4596 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:09:02.0810 4596 SiSRaid4 - ok
09:09:02.0888 4596 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:09:02.0888 4596 Smb - ok
09:09:02.0919 4596 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:09:02.0919 4596 spldr - ok
09:09:03.0044 4596 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
09:09:03.0044 4596 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
09:09:03.0044 4596 sptd ( LockedFile.Multi.Generic ) - warning
09:09:03.0044 4596 sptd - detected LockedFile.Multi.Generic (1)
09:09:03.0122 4596 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
09:09:03.0137 4596 srv - ok
09:09:03.0168 4596 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
09:09:03.0200 4596 srv2 - ok
09:09:03.0246 4596 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
09:09:03.0246 4596 srvnet - ok
09:09:03.0387 4596 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:09:03.0402 4596 stexstor - ok
09:09:03.0449 4596 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:09:03.0449 4596 StillCam - ok
09:09:03.0527 4596 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:09:03.0527 4596 storflt - ok
09:09:03.0543 4596 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
09:09:03.0543 4596 storvsc - ok
09:09:03.0558 4596 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:09:03.0558 4596 swenum - ok
09:09:03.0683 4596 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
09:09:03.0714 4596 Tcpip - ok
09:09:03.0792 4596 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
09:09:03.0792 4596 TCPIP6 - ok
09:09:03.0870 4596 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:09:03.0870 4596 tcpipreg - ok
09:09:03.0886 4596 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:09:03.0902 4596 TDPIPE - ok
09:09:03.0902 4596 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:09:03.0902 4596 TDTCP - ok
09:09:03.0933 4596 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:09:03.0933 4596 tdx - ok
09:09:03.0964 4596 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:09:03.0964 4596 TermDD - ok
09:09:04.0167 4596 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:09:04.0167 4596 tssecsrv - ok
09:09:04.0260 4596 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:09:04.0260 4596 tunnel - ok
09:09:04.0276 4596 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:09:04.0292 4596 uagp35 - ok
09:09:04.0323 4596 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:09:04.0338 4596 udfs - ok
09:09:04.0370 4596 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:09:04.0370 4596 uliagpkx - ok
09:09:04.0385 4596 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:09:04.0385 4596 umbus - ok
09:09:04.0385 4596 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:09:04.0385 4596 UmPass - ok
09:09:04.0432 4596 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
09:09:04.0448 4596 usbaudio - ok
09:09:04.0526 4596 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
09:09:04.0526 4596 usbccgp - ok
09:09:04.0572 4596 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:09:04.0572 4596 usbcir - ok
09:09:04.0588 4596 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
09:09:04.0604 4596 usbehci - ok
09:09:04.0635 4596 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
09:09:04.0635 4596 usbhub - ok
09:09:04.0666 4596 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
09:09:04.0666 4596 usbohci - ok
09:09:04.0744 4596 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:09:04.0744 4596 usbprint - ok
09:09:04.0775 4596 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:09:04.0775 4596 USBSTOR - ok
09:09:04.0791 4596 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:09:04.0791 4596 usbuhci - ok
09:09:04.0806 4596 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:09:04.0806 4596 vdrvroot - ok
09:09:04.0853 4596 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:09:04.0853 4596 vga - ok
09:09:04.0869 4596 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:09:04.0869 4596 VgaSave - ok
09:09:04.0884 4596 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:09:04.0884 4596 vhdmp - ok
09:09:04.0994 4596 VIAHdAudAddService (712bfd5dac2668fba4a2435fb06c3d00) C:\Windows\system32\drivers\viahduaa.sys
09:09:05.0009 4596 VIAHdAudAddService - ok
09:09:05.0056 4596 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:09:05.0056 4596 viaide - ok
09:09:05.0072 4596 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
09:09:05.0072 4596 vmbus - ok
09:09:05.0087 4596 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:09:05.0087 4596 VMBusHID - ok
09:09:05.0103 4596 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:09:05.0103 4596 volmgr - ok
09:09:05.0134 4596 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:09:05.0150 4596 volmgrx - ok
09:09:05.0212 4596 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:09:05.0212 4596 volsnap - ok
09:09:05.0274 4596 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:09:05.0290 4596 vsmraid - ok
09:09:05.0306 4596 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:09:05.0306 4596 vwifibus - ok
09:09:05.0321 4596 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:09:05.0337 4596 WacomPen - ok
09:09:05.0399 4596 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:09:05.0399 4596 WANARP - ok
09:09:05.0399 4596 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:09:05.0415 4596 Wanarpv6 - ok
09:09:05.0477 4596 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:09:05.0477 4596 Wd - ok
09:09:05.0508 4596 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:09:05.0508 4596 Wdf01000 - ok
09:09:05.0618 4596 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:09:05.0633 4596 WfpLwf - ok
09:09:05.0680 4596 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:09:05.0680 4596 WIMMount - ok
09:09:05.0742 4596 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:09:05.0742 4596 WmiAcpi - ok
09:09:05.0758 4596 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:09:05.0758 4596 ws2ifsl - ok
09:09:05.0789 4596 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:09:05.0789 4596 WudfPf - ok
09:09:05.0836 4596 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:09:05.0852 4596 WUDFRd - ok
09:09:05.0898 4596 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:09:05.0961 4596 \Device\Harddisk0\DR0 - ok
09:09:05.0992 4596 Boot (0x1200) (68a8373e5969015f73a7d052a92c13d6) \Device\Harddisk0\DR0\Partition0
09:09:06.0023 4596 \Device\Harddisk0\DR0\Partition0 - ok
09:09:06.0054 4596 Boot (0x1200) (0dedbb336650768fbed9e981a389e6d9) \Device\Harddisk0\DR0\Partition1
09:09:06.0054 4596 \Device\Harddisk0\DR0\Partition1 - ok
09:09:06.0054 4596 ============================================================
09:09:06.0054 4596 Scan finished
09:09:06.0054 4596 ============================================================
09:09:06.0070 4604 Detected object count: 1
09:09:06.0070 4604 Actual detected object count: 1
09:09:11.0624 4604 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:09:11.0624 4604 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 12 January 2012 - 02:01 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 DannieW

DannieW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 January 2012 - 04:34 PM

Here is the aswMBR scan and I don't like it. When I ran this scan previously the item showing as "infected" was not infected at that time however the other 3 items where highlighted same as today's scan.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 15:17:15
-----------------------------
15:17:15.626 OS Version: Windows x64 6.1.7600
15:17:15.627 Number of processors: 4 586 0x403
15:17:15.627 ComputerName: PAININTHEASS UserName: Mom
15:17:17.796 Initialize success
15:17:17.869 AVAST engine defs: 12011200
15:17:22.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:17:22.342 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
15:17:22.380 Disk 0 MBR read successfully
15:17:22.381 Disk 0 MBR scan
15:17:22.383 Disk 0 Windows 7 default MBR code
15:17:22.387 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:17:22.395 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
15:17:22.398 Service scanning
15:17:23.202 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:17:23.768 Modules scanning
15:17:23.771 Disk 0 trace - called modules:
15:17:23.813 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039ae2c0]<<
15:17:23.816 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a4d790]
15:17:23.819 3 CLASSPNP.SYS[fffff880016a643f] -> nt!IofCallDriver -> [0xfffffa8004913940]
15:17:23.822 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049dc060]
15:17:23.834 \Driver\atapi[0xfffffa80043b5b10] -> IRP_MJ_CREATE -> 0xfffffa80039ae2c0
15:17:25.254 AVAST engine scan C:\Windows
15:17:28.013 AVAST engine scan C:\Windows\system32
15:18:26.645 AVAST engine scan C:\Windows\system32\drivers
15:18:32.420 AVAST engine scan C:\Users\Mom
15:26:31.052 File: C:\Users\Mom\Desktop\Dannie\Data\skyrim4gb.exe **INFECTED** Win32:Ransom [Trj]
15:28:04.938 AVAST engine scan C:\ProgramData
15:28:29.538 Scan finished successfully
15:29:26.927 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
15:29:26.932 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 12 January 2012 - 04:57 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 DannieW

DannieW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 January 2012 - 05:28 PM

TDSS said no infection found. awsMBR looks the same to me.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 16:10:48
-----------------------------
16:10:48.226 OS Version: Windows x64 6.1.7600
16:10:48.226 Number of processors: 4 586 0x403
16:10:48.226 ComputerName: PAININTHEASS UserName: Mom
16:10:53.701 Initialize success
16:10:53.810 AVAST engine defs: 12011201
16:13:25.836 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:13:25.836 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
16:13:25.867 Disk 0 MBR read successfully
16:13:25.867 Disk 0 MBR scan
16:13:25.867 Disk 0 Windows 7 default MBR code
16:13:25.883 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:13:25.899 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
16:13:25.899 Service scanning
16:13:28.051 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:13:28.660 Modules scanning
16:13:28.660 Disk 0 trace - called modules:
16:13:28.675 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046a72c0]<<
16:13:28.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a36060]
16:13:29.206 3 CLASSPNP.SYS[fffff880015b943f] -> nt!IofCallDriver -> [0xfffffa80048f49b0]
16:13:29.206 5 ACPI.sys[fffff880011a7781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049bd060]
16:13:29.221 \Driver\atapi[0xfffffa800475a9b0] -> IRP_MJ_CREATE -> 0xfffffa80046a72c0
16:13:31.577 AVAST engine scan C:\Windows
16:13:34.291 AVAST engine scan C:\Windows\system32
16:14:31.653 AVAST engine scan C:\Windows\system32\drivers
16:14:37.394 AVAST engine scan C:\Users\Mom
16:23:03.848 File: C:\Users\Mom\Desktop\Dannie\Data\skyrim4gb.exe **INFECTED** Win32:Ransom [Trj]
16:24:32.207 AVAST engine scan C:\ProgramData
16:24:51.348 Scan finished successfully
16:27:03.887 Disk 0 MBR has been saved successfully to "C:\Users\Mom\Desktop\MBR.dat"
16:27:03.887 The log file has been saved successfully to "C:\Users\Mom\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 12 January 2012 - 05:39 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
skyrim4gb.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 DannieW

DannieW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 January 2012 - 05:49 PM

SystemLook Report

SystemLook 30.07.11 by jpshortstuff
Log created at 16:47 on 12/01/2012 by Mom
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "skyrim4gb.exe"
C:\The Elder Scrolls V Skyrim\Data\skyrim4gb.exe --a---- 41472 bytes [03:01 24/12/2011] [03:01 24/12/2011] 0775A8AE6F34E2B25A2B1E618945AC4D
C:\Users\Mom\Desktop\Dannie\Data\skyrim4gb.exe --a---- 41472 bytes [06:51 09/01/2012] [02:20 27/12/2011] 0775A8AE6F34E2B25A2B1E618945AC4D

-= EOF =-

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 12 January 2012 - 06:18 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Users\Mom\Desktop\Dannie\Data\skyrim4gb.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 DannieW

DannieW
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 12 January 2012 - 06:59 PM

Computer seems to be running a bit faster but not really done enough on it to be able to tell much. New ComboFix report

ComboFix 12-01-12.04 - Mom 01/12/2012 17:30:28.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2257 [GMT -6:00]
Running from: c:\users\Mom\Desktop\ComboFix.exe
Command switches used :: c:\users\Mom\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Mom\Desktop\Dannie\Data\skyrim4gb.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mom\Desktop\Dannie\Data\skyrim4gb.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 23:33 . 2012-01-12 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 07:06 . 2011-11-28 17:54 140120 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-01-12 07:05 . 2011-11-28 17:53 258392 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-01-12 07:05 . 2011-11-28 17:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-01-12 06:54 . 2012-01-12 06:54 -------- d-----w- c:\users\Mom\AppData\Roaming\RoboForm
2012-01-12 06:22 . 2010-01-29 21:39 16800 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-01-12 06:22 . 2010-01-29 21:39 159136 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-01-12 06:22 . 2010-01-29 21:39 13728 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-01-12 06:22 . 2010-01-29 21:39 13728 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-01-12 06:22 . 2010-01-29 21:39 13216 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-01-12 06:22 . 2010-01-29 21:39 13216 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-01-12 06:22 . 2010-01-29 21:39 125344 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-01-12 06:22 . 2012-01-12 06:22 -------- d-----w- c:\program files\Samsung
2012-01-08 17:32 . 2012-01-08 17:32 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 17:32 . 2012-01-08 17:32 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 17:32 . 2012-01-08 17:32 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 17:32 . 2012-01-08 17:32 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-08 15:18 . 2012-01-08 15:18 -------- d-----w- c:\program files (x86)\TeamViewer
2012-01-08 00:39 . 2012-01-08 00:39 -------- d-----w- c:\program files (x86)\Glary Utilities
2012-01-07 06:12 . 2012-01-07 06:12 -------- d-----w- c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 06:12 . 2012-01-07 06:12 -------- d-----w- c:\programdata\!SASCORE
2012-01-07 06:12 . 2012-01-09 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-07 05:35 . 2012-01-07 05:35 -------- d-----w- c:\users\Mom\AppData\Roaming\Malwarebytes
2012-01-07 05:35 . 2012-01-07 05:35 -------- d-----w- c:\programdata\Malwarebytes
2012-01-07 05:35 . 2012-01-12 15:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-07 05:07 . 2012-01-07 05:07 -------- d-----w- c:\program files (x86)\ESET
2012-01-07 04:48 . 2012-01-07 06:07 -------- d-----w- c:\programdata\SecTaskMan
2012-01-07 04:15 . 2012-01-07 04:15 388096 ----a-r- c:\users\Mom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-07 04:15 . 2012-01-07 04:15 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-07 03:42 . 2012-01-07 03:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-07 03:39 . 2012-01-07 03:39 -------- d-----w- c:\program files\CCleaner
2012-01-02 20:57 . 2012-01-02 20:57 -------- d-----w- c:\programdata\SLGenie
2012-01-02 18:07 . 2012-01-02 18:28 -------- d-----w- c:\programdata\TEBrowser
2012-01-02 18:07 . 2012-01-12 15:15 -------- d-----w- c:\program files (x86)\Webily Project
2012-01-02 16:46 . 2009-03-31 20:31 380928 ----a-w- c:\windows\RtlUI2.exe
2012-01-02 16:46 . 2008-07-01 18:31 614400 ----a-w- c:\windows\SysWow64\Rtlihvs.dll
2012-01-02 16:46 . 2009-04-02 16:27 188416 ----a-w- c:\windows\SysWow64\RTLExtUI.dll
2012-01-02 16:46 . 2009-02-05 08:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2012-01-01 17:07 . 2012-01-01 17:07 -------- d-----w- c:\program files (x86)\Affiliate ID Manager
2012-01-01 01:52 . 2012-01-01 01:52 -------- d-----w- c:\program files (x86)\Viral Article Publisher
2011-12-30 21:48 . 2010-03-26 23:43 598048 ----a-w- c:\windows\system32\drivers\RTL8192cu.sys
2011-12-30 21:41 . 2010-06-30 08:27 35840 ----a-r- c:\windows\system32\drivers\BVRPMPR5a64.SYS
2011-12-30 21:40 . 2011-12-30 21:47 -------- d-----w- C:\Netgear
2011-12-30 20:43 . 2011-12-30 21:24 16200 ----a-w- c:\windows\stinger.sys
2011-12-27 17:55 . 2011-12-27 17:55 -------- d-----w- c:\windows\Hewlett-Packard
2011-12-25 23:16 . 2012-01-08 20:17 -------- d-----w- c:\users\Mom\AppData\Local\Diagnostics
2011-12-25 03:47 . 2011-12-25 03:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-24 18:03 . 2012-01-07 06:14 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2011-12-24 17:52 . 2011-12-24 17:52 -------- d-----w- c:\programdata\SpeedBit
2011-12-24 17:52 . 2011-12-24 17:52 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2011-12-24 17:52 . 2011-12-24 17:51 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2011-12-24 17:52 . 2011-12-24 17:51 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2011-12-24 17:52 . 2011-12-24 17:55 -------- d-----w- c:\program files (x86)\DAP
2011-12-24 17:51 . 2011-12-24 17:51 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2011-12-23 22:35 . 2011-12-30 00:04 -------- d-----w- C:\The Elder Scrolls V Skyrim
2011-12-23 06:23 . 2012-01-07 03:51 -------- d-----w- c:\program files (x86)\Steam
2011-12-23 05:26 . 2011-12-23 05:26 -------- d-----w- C:\Nexus Mod Manager
2011-12-23 05:11 . 2011-12-23 05:26 -------- d-----w- c:\users\Mom\AppData\Local\Black_Tree_Gaming
2011-12-22 22:01 . 2011-12-22 22:01 -------- d-----w- c:\users\Mom\AppData\Local\Skyrim
2011-12-22 20:23 . 2008-03-05 22:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2011-12-21 22:54 . 2011-12-21 22:54 -------- d-----w- c:\windows\system32\appmgmt
2011-12-21 20:35 . 2012-01-07 03:51 -------- d-----w- c:\users\Mom\AppData\Roaming\FrostWire
2011-12-21 20:34 . 2011-12-21 22:29 -------- d-----w- c:\program files (x86)\FrostWire
2011-12-21 20:23 . 2011-12-21 20:23 -------- d-----w- c:\users\Mom\AppData\Local\APN
2011-12-21 05:13 . 2011-12-24 18:19 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-12-20 22:02 . 2005-04-04 05:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-12-20 22:02 . 2005-04-04 05:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-12-20 22:02 . 2005-04-04 05:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-12-20 22:02 . 2005-04-04 05:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-12-20 22:02 . 2005-04-04 05:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-12-20 22:02 . 2005-04-04 04:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-12-20 22:02 . 2005-04-04 04:57 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-12-20 22:02 . 2011-12-20 22:02 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-12-20 22:02 . 2011-12-20 22:02 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-12-20 21:48 . 2012-01-07 03:51 -------- d-----w- c:\users\Mom\AppData\Roaming\DAEMON Tools Lite
2011-12-20 21:48 . 2011-12-20 21:48 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-12-20 21:30 . 2011-12-20 21:30 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-12-20 20:01 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-12-20 20:01 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-12-20 20:01 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-12-20 20:01 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-12-20 20:01 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-12-20 20:01 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-12-20 20:01 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-12-20 20:01 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-12-20 20:01 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-12-20 20:01 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-12-20 20:01 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0AAA46A-8DB1-486A-9EF1-4E684519D094}\mpengine.dll
2011-12-20 19:38 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-20 19:38 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-20 19:36 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-20 19:35 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-20 19:35 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-20 19:35 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-20 19:31 . 2011-12-20 19:31 -------- d-----w- c:\program files (x86)\ADLSoft UnCompressor
2011-12-20 05:23 . 2011-12-20 05:23 -------- d-----w- c:\program files (x86)\WinAce
2011-12-20 02:28 . 2011-12-20 18:14 -------- d-----w- c:\program files (x86)\7-Zip
2011-12-20 01:37 . 2011-12-20 01:38 -------- d-----w- c:\program files (x86)\Kyodai Mahjongg
2011-12-20 01:28 . 2011-12-20 23:15 -------- d-----w- c:\users\Mom\AppData\Local\Oblivion
2011-12-18 22:15 . 2011-12-18 22:15 -------- d-----w- c:\program files (x86)\BitTorrent
2011-12-18 22:15 . 2012-01-07 03:51 -------- d-----w- c:\users\Mom\AppData\Roaming\BitTorrent
2011-12-18 21:17 . 2011-12-20 22:02 -------- d-----w- c:\program files (x86)\Bethesda Softworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 22:58 . 2011-06-14 16:35 187392 ----a-w- c:\windows\SysWow64\binkw32.dll
2011-12-20 22:56 . 2011-06-14 16:35 187392 ----a-w- c:\windows\system32\binkw32.dll
2011-12-11 01:36 . 2011-12-11 01:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-11 01:36 . 2011-12-11 01:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-11 01:36 . 2011-12-11 01:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-11 01:36 . 2011-12-11 01:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-11 01:36 . 2011-12-11 01:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-11 01:36 . 2011-12-11 01:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-11 01:36 . 2011-12-11 01:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-11 01:36 . 2011-12-11 01:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-11 01:36 . 2011-12-11 01:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-11 01:36 . 2011-12-11 01:36 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-11 01:36 . 2011-12-11 01:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-11 01:36 . 2011-12-11 01:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-11 01:36 . 2011-12-11 01:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-11 01:36 . 2011-12-11 01:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-11 01:36 . 2011-12-11 01:36 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-11 01:36 . 2011-12-11 01:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-11 01:36 . 2011-12-11 01:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-11 01:36 . 2011-12-11 01:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-11 01:36 . 2011-12-11 01:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-11 01:36 . 2011-12-11 01:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-11 01:36 . 2011-12-11 01:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-11 01:36 . 2011-12-11 01:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-11 01:36 . 2011-12-11 01:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-11 01:36 . 2011-12-11 01:36 448512 ----a-w- c:\windows\system32\html.iec
2011-12-11 01:36 . 2011-12-11 01:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-11 01:36 . 2011-12-11 01:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-11 01:36 . 2011-12-11 01:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-11 01:36 . 2011-12-11 01:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-11 01:36 . 2011-12-11 01:36 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-11 01:36 . 2011-12-11 01:36 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-11 01:36 . 2011-12-11 01:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-11 01:36 . 2011-12-11 01:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-11 01:36 . 2011-12-11 01:36 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-11 01:36 . 2011-12-11 01:36 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-11 01:36 . 2011-12-11 01:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-11 01:36 . 2011-12-11 01:36 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-12-11 01:36 . 2011-12-11 01:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-11 01:36 . 2011-12-11 01:36 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-11 01:36 . 2011-12-11 01:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-11 01:36 . 2011-12-11 01:36 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-11 01:36 . 2011-12-11 01:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-11 01:36 . 2011-12-11 01:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-30 15:10 . 2011-11-30 14:39 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2011-11-30 15:10 . 2011-11-30 14:39 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-28 18:01 . 2011-11-28 05:41 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-11-28 05:41 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-11-28 05:41 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-11-28 05:41 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-11-28 05:42 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-11-28 05:42 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-11-28 05:42 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-11-28 05:41 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-11-28 05:42 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-15 20:29 . 2011-11-28 04:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-26 03:05 . 2011-10-26 03:05 10496512 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:16 . 2011-10-26 02:16 24866816 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2010-05-27 17:02 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2011-01-27 04:59 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-26 01:55 . 2010-05-27 16:54 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-26 01:46 . 2011-01-27 04:40 5041664 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-26 01:43 . 2011-10-26 01:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-26 01:43 . 2011-01-27 04:32 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-26 01:38 . 2011-10-26 01:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-26 01:38 . 2011-10-26 01:38 9978880 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-26 01:35 . 2010-05-27 16:37 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-26 01:32 . 2010-05-27 16:31 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-26 01:29 . 2011-01-27 04:22 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-26 01:29 . 2011-11-28 03:37 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-26 01:22 . 2011-10-26 01:22 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2010-05-27 16:25 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-26 01:21 . 2010-05-27 16:24 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-26 01:21 . 2011-01-27 04:12 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-26 01:20 . 2010-05-27 16:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_07.43.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-12 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-12 23:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-12 07:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-12 23:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-12 23:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 07:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-28 03:41 . 2012-01-12 22:11 40380 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-12 22:11 30402 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-01-12 07:15 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-01-12 21:35 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-11-28 03:33 . 2012-01-12 22:11 5924 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1296306841-716288872-4068519653-1001_UserData.bin
+ 2012-01-12 23:34 . 2012-01-12 23:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-12 07:42 . 2012-01-12 07:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:30 . 2012-01-12 21:35 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-12 07:15 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:01 . 2012-01-12 07:42 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-12 23:33 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-01-12 05:06 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-12 23:23 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-30 03:05 . 2012-01-12 23:33 28904664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1296306841-716288872-4068519653-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"cdloader"="c:\users\Mom\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 2676584]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-12-24 2980016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-09 5486464]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-01-12 96016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-01-09 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
S2 PicasaUpdater;Picasa Updater;c:\users\Mom\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe [2011-09-02 18432]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-01-21 45056]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-08 22:09]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001Core.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 03:45]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001UA.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 03:45]
.
2012-01-12 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-12 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001Core.job
- c:\users\Mom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-11-28 03:48]
.
2012-01-12 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-1296306841-716288872-4068519653-1001UA.job
- c:\users\Mom\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-11-28 03:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: avast! EasyPass Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 10.0.0.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\byxive2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Completion time: 2012-01-12 17:37:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 23:37
ComboFix2.txt 2012-01-12 07:46
.
Pre-Run: 897,788,723,200 bytes free
Post-Run: 897,714,950,144 bytes free
.
- - End Of File - - DC6D373070CAF3586876AE7AD4D2600C

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 12 January 2012 - 08:31 PM

Hello

rerun ASWmbr for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users