Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection


  • This topic is locked This topic is locked
42 replies to this topic

#1 Webdoc

Webdoc

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 09 January 2012 - 01:44 AM

Having trouble with a persistent sirefef infestation.

I can't enable windows firewall. "Due to an unidentified problem, Windows cannot display Windows Firewall settings."

DDS.txt says that Windows Defender is running, though I cannot see its service, nor can I open it. "Application failed to initialize: 0x80070006. The handle is invalid"

The computer has been suffering from search redirects, though I seem to have gotten rid of that little beasty.

I ran a DDS and GMER scan, but the screen I got when running GMER was not as pictured. The checkboxes above Services are all greyed out and cannot be selected.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_30
Run by User at 20:02:31 on 2012-01-08
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.1209 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\User\Desktop\aswMBR.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes\mbamgui.exe" /install /silent
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469} : NameServer = 192.168.1.245
TCP: Interfaces\{73A6117C-8419-4351-BC2A-27451FC492EB} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe"
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes\mbamgui.exe" /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gw2npr2x.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [?]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-12-24 5790064]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-12-24 487280]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-2-9 116096]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\DB3G.sys --> C:\Windows\system32\drivers\DB3G.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-4-18 359624]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-4-18 1141712]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-22 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-08 16:47:35 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 16:47:35 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 16:47:35 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 16:47:35 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 20:21:07 98816 ----a-w- C:\Windows\sed.exe
2012-01-07 20:21:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-07 20:21:07 256000 ----a-w- C:\Windows\PEV.exe
2012-01-07 20:21:07 208896 ----a-w- C:\Windows\MBR.exe
2012-01-06 03:53:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-27 20:01:09 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-17 01:44:08 644368 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2011-12-10 22:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-10 19:06:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 12:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 20:03:17.98 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2009 7:07:52 PM
System Uptime: 1/7/2012 3:48:36 PM (29 hours ago)
.
Motherboard: Hewlett-Packard | | 3624
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 74.799 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 176.887 GiB free.
E: is FIXED (NTFS) - 13 GiB total, 1.982 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP413: 12/26/2011 9:22:45 PM - Scheduled Checkpoint
RP414: 12/27/2011 8:28:58 PM - Scheduled Checkpoint
RP415: 1/5/2012 8:52:44 PM - Windows Update
RP416: 1/5/2012 9:26:19 PM - Windows Update
RP417: 1/6/2012 3:00:15 AM - Windows Update
RP418: 1/6/2012 7:00:44 PM - Restore Operation
RP419: 1/7/2012 12:10:09 PM - Installed Java™ 6 Update 30
RP420: 1/8/2012 3:09:22 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Illustrator CS5.1
Adobe Photoshop CS5.1
Adobe Reader 9.4.7
Apple Application Support
Apple Software Update
ArmA 2 Free Uninstall
Audacity 1.3.12 (Unicode)
Audiosurf
BattlEye (A2Free) Uninstall
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDex - Open Source Digital Audio CD Extractor
Champions Online: Free For All
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
Enemy Territory - Quake Wars™
ESET Online Scanner v3
ESU for Microsoft Vista
Eternal Silence
GIMP 2.6.11
Google Updater
GoToMeeting 4.5.0.456
Half-Life
Half-Life 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP User Guides 0134
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Inkscape 0.48.2
inSSIDer
Java Auto Updater
Java™ 6 Update 30
JMicron JMB38X Flash Media Controller Driver
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software 1.14.17.1
LightScribe Template Designs - Straight Text
LightScribe Template Labeler
Lightworks
LogMeIn
Malwarebytes Anti-Malware version 1.60.0.1800
Media Converter for Philips
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Studio 3
Microsoft Expression Web 3
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MilkShape 3D 1.8.5
Monday Night Combat
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Natural Selection 3.2
NVIDIA PhysX
Origin
Password Safe
PDF Settings CS5
Picasa 3
Pivot Stickfigure Animator
Plants vs. Zombies: Game of the Year
Portal
Power2Go
PowerDirector
QuickTime
Razer Diamondback 3G
Realtek 8169 8168 8101E 8102E Ethernet Driver
RescueTime 2.4.0
RIFT
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skins
Skype Toolbars
Skype™ 4.2
SlimDX Redistributable (March 2009)
Slingbox - Watch Your TV Anywhere
SlingPlayer
Songbird 1.4.3 (Build 1438)
SPORE Creature Creator Trial Edition
Spykee
Spyware Doctor 7.0
Star Wars: Knights of the Old Republic
Star Wars: The Old Republic
Steam
System Requirements Lab
Team Fortress 2
The Lord of the Rings Online™
The Sims™ 3
The Sims™ 3 Create a Pattern Tool
The Sims™ 3 Create a World Tool - Beta
The Sims™ 3 Late Night
The Sims™ 3 Pets Create A Pet Demo
TSR Workshop
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VDownloader 1.12
VDownloader 2.9.435
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
WinMerge 2.12.4
WPF Toolkit June 2009 (Version 3.5.40619.1)
.
==== Event Viewer Messages From Past Week ========
.
1/8/2012 8:38:33 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0025561D0F73 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/7/2012 1:48:02 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.
1/7/2012 1:45:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SRTSP SRTSPX
1/7/2012 1:41:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/7/2012 1:29:43 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/6/2012 9:11:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
1/6/2012 9:02:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 0025561D0F73 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/6/2012 8:03:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows Vista for x64-based Systems (KB2533623).
1/6/2012 8:03:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows Vista for x64-based Systems (KB2561109).
1/6/2012 8:03:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows Vista for x64-based Systems (KB2555917).
1/6/2012 8:03:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows Vista for x64-based Systems (KB2536276).
1/6/2012 8:03:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows Vista for x64-based Systems (KB2507938).
1/6/2012 6:49:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
1/6/2012 6:49:46 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2012 6:31:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr SRTSP SRTSPX Wanarpv6
1/6/2012 6:31:04 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
1/6/2012 6:30:37 PM, Error: EventLog [6008] - The previous system shutdown at 6:28:44 PM on 1/6/2012 was unexpected.
1/6/2012 5:01:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/6/2012 5:00:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSP SRTSPX tdx viaide Wanarpv6
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/6/2012 5:00:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/6/2012 5:00:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/6/2012 5:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/6/2012 5:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/6/2012 5:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/6/2012 5:00:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/6/2012 4:59:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/6/2012 4:59:45 PM, Error: EventLog [6008] - The previous system shutdown at 4:57:59 PM on 1/6/2012 was unexpected.
1/6/2012 3:33:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0025561D0F73 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/5/2012 9:28:28 PM, Error: Microsoft Antimalware [3002] -
1/5/2012 9:04:57 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/5/2012 7:05:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 0025561D0F73 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/5/2012 7:02:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/5/2012 7:02:32 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2012 7:02:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/5/2012 4:18:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
1/5/2012 4:18:02 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/5/2012 4:18:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/5/2012 4:18:02 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/5/2012 4:18:02 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 09 January 2012 - 01:46 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 22:48:56
Windows 6.0.6001 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e5d86aa
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00247e5d86aa (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 10 January 2012 - 12:13 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 10 January 2012 - 02:12 AM

Hi Gringo, Thanks for taking a look here.


ComboFix 12-01-09.07 - User 01/09/2012 23:48:09.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.2050 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 07:04 . 2012-01-10 07:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-08 16:47 . 2012-01-08 16:47 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 16:47 . 2012-01-08 16:47 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 16:47 . 2012-01-08 16:47 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 16:47 . 2012-01-08 16:47 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 03:53 . 2012-01-06 03:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\program files (x86)\ESET
2011-12-22 05:51 . 2012-01-07 20:22 -------- d-----w- c:\users\LogMeInRemoteUser
2011-12-17 01:44 . 2011-12-17 01:44 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 22:24 . 2011-08-01 16:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 19:06 . 2011-06-18 15:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 12:54 . 2010-05-12 23:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 08:27 . 2011-11-06 19:19 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B0911F-687F-4670-B26C-622F3857ED69}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-07_20.45.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-01-09 16:09 65842 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-09 16:09 97092 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-03 18:01 . 2012-01-09 16:09 13548 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4216355369-1755594082-3271658695-1000_UserData.bin
+ 2009-10-03 18:01 . 2012-01-09 16:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-03 18:01 . 2012-01-07 17:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-03 18:01 . 2012-01-09 16:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-03 18:01 . 2012-01-07 17:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-03 18:01 . 2012-01-07 17:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-03 18:01 . 2012-01-09 16:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-06 21:00 . 2012-01-07 20:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-06 21:00 . 2012-01-09 06:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-06 21:00 . 2012-01-09 06:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-06 21:00 . 2012-01-07 20:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-06 21:00 . 2012-01-09 06:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-06 21:00 . 2012-01-07 20:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-22 23:52 . 2012-01-07 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-22 23:52 . 2012-01-07 16:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-22 23:52 . 2012-01-07 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-22 23:52 . 2012-01-07 16:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-07 20:44 . 2012-01-07 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-09 16:07 . 2012-01-09 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-07 20:44 . 2012-01-07 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-09 16:07 . 2012-01-09 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-03 19:18 . 2012-01-08 20:15 396178 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-09-20 01:36 . 2012-01-09 06:56 3989800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-09-23 27763336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-10 206120]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-17 74752]
"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2010-02-27 1148200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2011-11-7 2697728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-18 14:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: NameServer = 192.168.1.245
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gw2npr2x.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4216355369-1755594082-3271658695-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,bd,8f,2d,49,0c,a5,20,c1,ed,14,a6,80,e4,cd,89,29,4b,71,41,83,
d3,17,c2,fb,f0,ae,13,8e,66,2a,c0,5f,ae,cd,af,6d,ac,3b,3b,a9,be,7a,94,52,94,\
"rkeysecu"=hex:5c,4f,e6,3e,8c,8b,04,aa,3b,ef,ca,c7,d8,79,4a,2e
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-10 00:07:33
ComboFix-quarantined-files.txt 2012-01-10 07:07
ComboFix2.txt 2012-01-08 17:13
ComboFix3.txt 2012-01-08 00:40
ComboFix4.txt 2012-01-07 20:55
.
Pre-Run: 80,586,002,432 bytes free
Post-Run: 80,073,625,600 bytes free
.
- - End Of File - - 413D0DC704ACA5C647C781FD622059C3

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 10 January 2012 - 09:29 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 10 January 2012 - 10:44 AM

08:40:20.0039 4312 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
08:40:20.0647 4312 ============================================================
08:40:20.0647 4312 Current date / time: 2012/01/10 08:40:20.0647
08:40:20.0647 4312 SystemInfo:
08:40:20.0647 4312
08:40:20.0647 4312 OS Version: 6.0.6001 ServicePack: 1.0
08:40:20.0647 4312 Product type: Workstation
08:40:20.0647 4312 ComputerName: USER-PC
08:40:20.0647 4312 UserName: User
08:40:20.0647 4312 Windows directory: C:\Windows
08:40:20.0647 4312 System windows directory: C:\Windows
08:40:20.0647 4312 Running under WOW64
08:40:20.0647 4312 Processor architecture: Intel x64
08:40:20.0647 4312 Number of processors: 2
08:40:20.0647 4312 Page size: 0x1000
08:40:20.0647 4312 Boot type: Normal boot
08:40:20.0647 4312 ============================================================
08:40:21.0739 4312 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
08:40:21.0739 4312 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
08:40:22.0270 4312 Initialize success
08:40:49.0273 4340 ============================================================
08:40:49.0273 4340 Scan started
08:40:49.0273 4340 Mode: Manual;
08:40:49.0273 4340 ============================================================
08:40:50.0163 4340 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:40:50.0163 4340 Accelerometer - ok
08:40:50.0225 4340 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
08:40:50.0225 4340 ACPI - ok
08:40:50.0256 4340 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
08:40:50.0256 4340 adp94xx - ok
08:40:50.0287 4340 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
08:40:50.0287 4340 adpahci - ok
08:40:50.0303 4340 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
08:40:50.0319 4340 adpu160m - ok
08:40:50.0334 4340 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
08:40:50.0334 4340 adpu320 - ok
08:40:50.0443 4340 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
08:40:50.0443 4340 AFD - ok
08:40:50.0553 4340 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys
08:40:50.0553 4340 AgereSoftModem - ok
08:40:50.0615 4340 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
08:40:50.0615 4340 agp440 - ok
08:40:50.0677 4340 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
08:40:50.0677 4340 aic78xx - ok
08:40:50.0693 4340 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
08:40:50.0693 4340 aliide - ok
08:40:50.0709 4340 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
08:40:50.0724 4340 amdide - ok
08:40:50.0740 4340 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
08:40:50.0740 4340 AmdK8 - ok
08:40:50.0818 4340 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
08:40:50.0818 4340 arc - ok
08:40:50.0833 4340 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
08:40:50.0849 4340 arcsas - ok
08:40:50.0927 4340 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
08:40:50.0927 4340 AsyncMac - ok
08:40:50.0974 4340 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
08:40:50.0974 4340 atapi - ok
08:40:51.0145 4340 atikmdag (4b42547ae95a31d0e1e200b68a6c7647) C:\Windows\system32\DRIVERS\atikmdag.sys
08:40:51.0192 4340 atikmdag - ok
08:40:51.0333 4340 BCM43XX (eef98ddd0fc6a5da452eb8120d57ce44) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:40:51.0364 4340 BCM43XX - ok
08:40:51.0395 4340 Beep - ok
08:40:51.0457 4340 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
08:40:51.0457 4340 blbdrive - ok
08:40:51.0535 4340 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
08:40:51.0535 4340 bowser - ok
08:40:51.0567 4340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
08:40:51.0567 4340 BrFiltLo - ok
08:40:51.0582 4340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
08:40:51.0582 4340 BrFiltUp - ok
08:40:51.0629 4340 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
08:40:51.0629 4340 Brserid - ok
08:40:51.0645 4340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
08:40:51.0660 4340 BrSerWdm - ok
08:40:51.0676 4340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
08:40:51.0676 4340 BrUsbMdm - ok
08:40:51.0691 4340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
08:40:51.0691 4340 BrUsbSer - ok
08:40:51.0723 4340 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
08:40:51.0723 4340 BthEnum - ok
08:40:51.0738 4340 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
08:40:51.0754 4340 BTHMODEM - ok
08:40:51.0785 4340 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
08:40:51.0785 4340 BthPan - ok
08:40:51.0847 4340 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
08:40:51.0879 4340 BTHPORT - ok
08:40:51.0894 4340 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
08:40:51.0894 4340 BTHUSB - ok
08:40:51.0957 4340 btwaudio (0c5d9c8b412be72c4535ec67a24c01db) C:\Windows\system32\drivers\btwaudio.sys
08:40:51.0972 4340 btwaudio - ok
08:40:51.0988 4340 btwavdt (df18e4291c43bed05b1d0c2d5c0e96d6) C:\Windows\system32\drivers\btwavdt.sys
08:40:51.0988 4340 btwavdt - ok
08:40:52.0019 4340 btwrchid (637a44c54520a9958e2e5e3ee9e26c4a) C:\Windows\system32\DRIVERS\btwrchid.sys
08:40:52.0019 4340 btwrchid - ok
08:40:52.0035 4340 catchme - ok
08:40:52.0050 4340 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
08:40:52.0066 4340 cdfs - ok
08:40:52.0097 4340 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
08:40:52.0113 4340 cdrom - ok
08:40:52.0159 4340 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
08:40:52.0159 4340 circlass - ok
08:40:52.0206 4340 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
08:40:52.0206 4340 CLFS - ok
08:40:52.0315 4340 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
08:40:52.0315 4340 CmBatt - ok
08:40:52.0331 4340 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
08:40:52.0331 4340 cmdide - ok
08:40:52.0393 4340 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
08:40:52.0393 4340 Compbatt - ok
08:40:52.0409 4340 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
08:40:52.0409 4340 crcdisk - ok
08:40:52.0503 4340 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
08:40:52.0518 4340 DfsC - ok
08:40:52.0581 4340 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
08:40:52.0581 4340 disk - ok
08:40:52.0659 4340 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
08:40:52.0659 4340 drmkaud - ok
08:40:52.0705 4340 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
08:40:52.0737 4340 DXGKrnl - ok
08:40:52.0752 4340 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
08:40:52.0752 4340 E1G60 - ok
08:40:52.0799 4340 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
08:40:52.0799 4340 Ecache - ok
08:40:52.0861 4340 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
08:40:52.0861 4340 elxstor - ok
08:40:52.0924 4340 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
08:40:52.0924 4340 enecir - ok
08:40:52.0939 4340 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
08:40:52.0939 4340 ErrDev - ok
08:40:52.0971 4340 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
08:40:52.0986 4340 exfat - ok
08:40:53.0017 4340 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
08:40:53.0033 4340 fastfat - ok
08:40:53.0049 4340 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
08:40:53.0049 4340 fdc - ok
08:40:53.0064 4340 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
08:40:53.0080 4340 FileInfo - ok
08:40:53.0095 4340 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
08:40:53.0095 4340 Filetrace - ok
08:40:53.0111 4340 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:40:53.0111 4340 flpydisk - ok
08:40:53.0127 4340 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
08:40:53.0127 4340 FltMgr - ok
08:40:53.0189 4340 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
08:40:53.0189 4340 Fs_Rec - ok
08:40:53.0205 4340 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
08:40:53.0205 4340 gagp30kx - ok
08:40:53.0314 4340 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
08:40:53.0314 4340 GEARAspiWDM - ok
08:40:53.0376 4340 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
08:40:53.0376 4340 HdAudAddService - ok
08:40:53.0423 4340 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:40:53.0423 4340 HDAudBus - ok
08:40:53.0439 4340 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
08:40:53.0439 4340 HidBth - ok
08:40:53.0517 4340 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
08:40:53.0517 4340 HidIr - ok
08:40:53.0579 4340 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
08:40:53.0579 4340 HidUsb - ok
08:40:53.0610 4340 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
08:40:53.0610 4340 HpCISSs - ok
08:40:53.0641 4340 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:40:53.0641 4340 hpdskflt - ok
08:40:53.0657 4340 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:40:53.0657 4340 HpqKbFiltr - ok
08:40:53.0735 4340 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
08:40:53.0766 4340 HTTP - ok
08:40:53.0782 4340 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
08:40:53.0782 4340 i2omp - ok
08:40:53.0829 4340 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
08:40:53.0829 4340 i8042prt - ok
08:40:53.0891 4340 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
08:40:53.0891 4340 iaStorV - ok
08:40:53.0938 4340 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
08:40:53.0938 4340 iirsp - ok
08:40:53.0985 4340 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
08:40:53.0985 4340 intelide - ok
08:40:54.0016 4340 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
08:40:54.0016 4340 intelppm - ok
08:40:54.0031 4340 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:40:54.0031 4340 IpFilterDriver - ok
08:40:54.0047 4340 IpInIp - ok
08:40:54.0063 4340 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
08:40:54.0078 4340 IPMIDRV - ok
08:40:54.0094 4340 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
08:40:54.0094 4340 IPNAT - ok
08:40:54.0156 4340 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
08:40:54.0156 4340 IRENUM - ok
08:40:54.0187 4340 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
08:40:54.0187 4340 isapnp - ok
08:40:54.0234 4340 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
08:40:54.0234 4340 iScsiPrt - ok
08:40:54.0250 4340 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
08:40:54.0250 4340 iteatapi - ok
08:40:54.0297 4340 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
08:40:54.0297 4340 iteraid - ok
08:40:54.0343 4340 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
08:40:54.0343 4340 JMCR - ok
08:40:54.0390 4340 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
08:40:54.0390 4340 kbdclass - ok
08:40:54.0406 4340 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
08:40:54.0406 4340 kbdhid - ok
08:40:54.0484 4340 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
08:40:54.0499 4340 KSecDD - ok
08:40:54.0562 4340 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
08:40:54.0562 4340 ksthunk - ok
08:40:54.0624 4340 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
08:40:54.0624 4340 lltdio - ok
08:40:54.0780 4340 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:40:54.0780 4340 LMIInfo - ok
08:40:54.0827 4340 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
08:40:54.0827 4340 lmimirr - ok
08:40:54.0858 4340 LMIRfsClientNP - ok
08:40:54.0874 4340 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:40:54.0874 4340 LMIRfsDriver - ok
08:40:54.0905 4340 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
08:40:54.0921 4340 LSI_FC - ok
08:40:54.0936 4340 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
08:40:54.0936 4340 LSI_SAS - ok
08:40:54.0952 4340 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
08:40:54.0952 4340 LSI_SCSI - ok
08:40:54.0999 4340 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
08:40:54.0999 4340 luafv - ok
08:40:55.0030 4340 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
08:40:55.0030 4340 megasas - ok
08:40:55.0061 4340 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
08:40:55.0061 4340 MegaSR - ok
08:40:55.0077 4340 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
08:40:55.0092 4340 Modem - ok
08:40:55.0139 4340 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
08:40:55.0139 4340 monitor - ok
08:40:55.0155 4340 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
08:40:55.0170 4340 mouclass - ok
08:40:55.0201 4340 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
08:40:55.0201 4340 mouhid - ok
08:40:55.0217 4340 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
08:40:55.0233 4340 MountMgr - ok
08:40:55.0248 4340 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
08:40:55.0248 4340 mpio - ok
08:40:55.0279 4340 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
08:40:55.0279 4340 mpsdrv - ok
08:40:55.0295 4340 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
08:40:55.0295 4340 Mraid35x - ok
08:40:55.0326 4340 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
08:40:55.0326 4340 MRxDAV - ok
08:40:55.0389 4340 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:40:55.0389 4340 mrxsmb - ok
08:40:55.0435 4340 mrxsmb10 (c3c8ad9591db473690a743b69de829f4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:40:55.0435 4340 mrxsmb10 - ok
08:40:55.0451 4340 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:40:55.0467 4340 mrxsmb20 - ok
08:40:55.0498 4340 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
08:40:55.0498 4340 msahci - ok
08:40:55.0513 4340 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
08:40:55.0529 4340 msdsm - ok
08:40:55.0545 4340 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
08:40:55.0545 4340 Msfs - ok
08:40:55.0591 4340 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
08:40:55.0591 4340 msisadrv - ok
08:40:55.0607 4340 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
08:40:55.0623 4340 MSKSSRV - ok
08:40:55.0638 4340 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
08:40:55.0638 4340 MSPCLOCK - ok
08:40:55.0654 4340 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
08:40:55.0654 4340 MSPQM - ok
08:40:55.0669 4340 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
08:40:55.0685 4340 MsRPC - ok
08:40:55.0701 4340 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
08:40:55.0701 4340 mssmbios - ok
08:40:55.0732 4340 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
08:40:55.0732 4340 MSTEE - ok
08:40:55.0779 4340 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
08:40:55.0779 4340 Mup - ok
08:40:55.0857 4340 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
08:40:55.0857 4340 NativeWifiP - ok
08:40:55.0903 4340 NAVENG - ok
08:40:55.0919 4340 NAVEX15 - ok
08:40:55.0966 4340 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
08:40:55.0981 4340 NDIS - ok
08:40:56.0044 4340 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
08:40:56.0044 4340 NdisTapi - ok
08:40:56.0059 4340 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
08:40:56.0059 4340 Ndisuio - ok
08:40:56.0075 4340 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
08:40:56.0075 4340 NdisWan - ok
08:40:56.0106 4340 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
08:40:56.0106 4340 NDProxy - ok
08:40:56.0137 4340 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
08:40:56.0137 4340 NetBIOS - ok
08:40:56.0153 4340 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
08:40:56.0169 4340 netbt - ok
08:40:56.0309 4340 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
08:40:56.0340 4340 NETw3v64 - ok
08:40:56.0356 4340 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
08:40:56.0356 4340 nfrd960 - ok
08:40:56.0387 4340 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
08:40:56.0387 4340 Npfs - ok
08:40:56.0403 4340 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
08:40:56.0403 4340 nsiproxy - ok
08:40:56.0481 4340 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
08:40:56.0496 4340 Ntfs - ok
08:40:56.0512 4340 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
08:40:56.0512 4340 Null - ok
08:40:56.0543 4340 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
08:40:56.0543 4340 nvraid - ok
08:40:56.0559 4340 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
08:40:56.0559 4340 nvstor - ok
08:40:56.0574 4340 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
08:40:56.0574 4340 nv_agp - ok
08:40:56.0590 4340 NwlnkFlt - ok
08:40:56.0605 4340 NwlnkFwd - ok
08:40:56.0652 4340 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
08:40:56.0652 4340 ohci1394 - ok
08:40:56.0668 4340 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
08:40:56.0683 4340 Parport - ok
08:40:56.0715 4340 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
08:40:56.0715 4340 partmgr - ok
08:40:56.0777 4340 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
08:40:56.0777 4340 pci - ok
08:40:56.0793 4340 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
08:40:56.0793 4340 pciide - ok
08:40:56.0824 4340 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
08:40:56.0824 4340 pcmcia - ok
08:40:56.0855 4340 PCTCore (aea68392399a11a8c4f9db0fa47dc0dd) C:\Windows\system32\drivers\PCTCore64.sys
08:40:56.0871 4340 PCTCore - ok
08:40:56.0933 4340 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
08:40:56.0949 4340 PEAUTH - ok
08:40:57.0058 4340 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
08:40:57.0058 4340 PptpMiniport - ok
08:40:57.0073 4340 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
08:40:57.0073 4340 Processor - ok
08:40:57.0167 4340 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
08:40:57.0167 4340 PSched - ok
08:40:57.0229 4340 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
08:40:57.0245 4340 ql2300 - ok
08:40:57.0261 4340 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
08:40:57.0261 4340 ql40xx - ok
08:40:57.0276 4340 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
08:40:57.0276 4340 QWAVEdrv - ok
08:40:57.0292 4340 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
08:40:57.0292 4340 RasAcd - ok
08:40:57.0307 4340 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:40:57.0323 4340 Rasl2tp - ok
08:40:57.0339 4340 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
08:40:57.0339 4340 RasPppoe - ok
08:40:57.0354 4340 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
08:40:57.0370 4340 RasSstp - ok
08:40:57.0417 4340 Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) C:\Windows\system32\drivers\DB3G.sys
08:40:57.0417 4340 Razerlow - ok
08:40:57.0432 4340 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
08:40:57.0432 4340 rdbss - ok
08:40:57.0448 4340 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:40:57.0463 4340 RDPCDD - ok
08:40:57.0510 4340 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
08:40:57.0510 4340 rdpdr - ok
08:40:57.0526 4340 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
08:40:57.0526 4340 RDPENCDD - ok
08:40:57.0557 4340 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
08:40:57.0557 4340 RDPWD - ok
08:40:57.0635 4340 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
08:40:57.0635 4340 RFCOMM - ok
08:40:57.0666 4340 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
08:40:57.0666 4340 rspndr - ok
08:40:57.0713 4340 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
08:40:57.0713 4340 RTL8169 - ok
08:40:57.0760 4340 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
08:40:57.0760 4340 sbp2port - ok
08:40:57.0807 4340 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
08:40:57.0807 4340 sdbus - ok
08:40:57.0838 4340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:40:57.0838 4340 secdrv - ok
08:40:57.0869 4340 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
08:40:57.0869 4340 Serenum - ok
08:40:57.0885 4340 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
08:40:57.0885 4340 Serial - ok
08:40:57.0900 4340 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
08:40:57.0900 4340 sermouse - ok
08:40:57.0931 4340 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
08:40:57.0931 4340 sffdisk - ok
08:40:57.0947 4340 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
08:40:57.0947 4340 sffp_mmc - ok
08:40:57.0963 4340 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
08:40:57.0963 4340 sffp_sd - ok
08:40:57.0994 4340 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
08:40:57.0994 4340 sfloppy - ok
08:40:58.0025 4340 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
08:40:58.0025 4340 SiSRaid2 - ok
08:40:58.0041 4340 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
08:40:58.0056 4340 SiSRaid4 - ok
08:40:58.0072 4340 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
08:40:58.0072 4340 Smb - ok
08:40:58.0119 4340 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
08:40:58.0134 4340 spldr - ok
08:40:58.0150 4340 SRTSP - ok
08:40:58.0165 4340 SRTSPX - ok
08:40:58.0212 4340 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
08:40:58.0228 4340 srv - ok
08:40:58.0290 4340 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
08:40:58.0306 4340 srv2 - ok
08:40:58.0384 4340 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
08:40:58.0384 4340 srvnet - ok
08:40:58.0493 4340 STHDA (0c2bf91cdc0575f5713a4d2d5118bc06) C:\Windows\system32\DRIVERS\stwrt64.sys
08:40:58.0493 4340 STHDA - ok
08:40:58.0555 4340 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
08:40:58.0555 4340 swenum - ok
08:40:58.0587 4340 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
08:40:58.0587 4340 Symc8xx - ok
08:40:58.0602 4340 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
08:40:58.0618 4340 Sym_hi - ok
08:40:58.0633 4340 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
08:40:58.0633 4340 Sym_u3 - ok
08:40:58.0680 4340 SynTP (5bfcf934891022e15404befe0f5ece9f) C:\Windows\system32\DRIVERS\SynTP.sys
08:40:58.0696 4340 SynTP - ok
08:40:58.0805 4340 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
08:40:58.0805 4340 Tcpip - ok
08:40:58.0867 4340 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
08:40:58.0883 4340 Tcpip6 - ok
08:40:58.0883 4340 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
08:40:58.0899 4340 tcpipreg - ok
08:40:58.0899 4340 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
08:40:58.0914 4340 TDPIPE - ok
08:40:58.0914 4340 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
08:40:58.0930 4340 TDTCP - ok
08:40:58.0930 4340 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
08:40:58.0945 4340 tdx - ok
08:40:58.0945 4340 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
08:40:58.0961 4340 TermDD - ok
08:40:59.0008 4340 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:40:59.0023 4340 tssecsrv - ok
08:40:59.0070 4340 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
08:40:59.0070 4340 tunmp - ok
08:40:59.0086 4340 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
08:40:59.0086 4340 tunnel - ok
08:40:59.0117 4340 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
08:40:59.0117 4340 uagp35 - ok
08:40:59.0133 4340 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
08:40:59.0148 4340 udfs - ok
08:40:59.0164 4340 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
08:40:59.0164 4340 uliagpkx - ok
08:40:59.0211 4340 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
08:40:59.0211 4340 uliahci - ok
08:40:59.0226 4340 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
08:40:59.0226 4340 UlSata - ok
08:40:59.0242 4340 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
08:40:59.0242 4340 ulsata2 - ok
08:40:59.0289 4340 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
08:40:59.0289 4340 umbus - ok
08:40:59.0335 4340 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
08:40:59.0335 4340 usbccgp - ok
08:40:59.0351 4340 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
08:40:59.0367 4340 usbcir - ok
08:40:59.0367 4340 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
08:40:59.0382 4340 usbehci - ok
08:40:59.0429 4340 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
08:40:59.0429 4340 usbhub - ok
08:40:59.0445 4340 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
08:40:59.0445 4340 usbohci - ok
08:40:59.0460 4340 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
08:40:59.0460 4340 usbprint - ok
08:40:59.0523 4340 usbser (5a8d98330f21e69d19459ed65847111d) C:\Windows\system32\DRIVERS\usbser.sys
08:40:59.0523 4340 usbser - ok
08:40:59.0585 4340 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:40:59.0585 4340 USBSTOR - ok
08:40:59.0601 4340 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
08:40:59.0601 4340 usbuhci - ok
08:40:59.0647 4340 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
08:40:59.0663 4340 usbvideo - ok
08:40:59.0694 4340 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
08:40:59.0694 4340 vga - ok
08:40:59.0710 4340 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
08:40:59.0710 4340 VgaSave - ok
08:40:59.0741 4340 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
08:40:59.0741 4340 viaide - ok
08:40:59.0772 4340 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
08:40:59.0772 4340 volmgr - ok
08:40:59.0835 4340 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
08:40:59.0835 4340 volmgrx - ok
08:40:59.0881 4340 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
08:40:59.0897 4340 volsnap - ok
08:40:59.0913 4340 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
08:40:59.0913 4340 vsmraid - ok
08:40:59.0975 4340 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
08:40:59.0991 4340 wacmoumonitor - ok
08:41:00.0022 4340 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
08:41:00.0037 4340 wacommousefilter - ok
08:41:00.0053 4340 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
08:41:00.0053 4340 WacomPen - ok
08:41:00.0069 4340 wacomvhid - ok
08:41:00.0084 4340 WacomVKHid - ok
08:41:00.0115 4340 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
08:41:00.0115 4340 Wanarp - ok
08:41:00.0131 4340 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
08:41:00.0131 4340 Wanarpv6 - ok
08:41:00.0147 4340 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
08:41:00.0147 4340 Wd - ok
08:41:00.0209 4340 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
08:41:00.0240 4340 Wdf01000 - ok
08:41:00.0334 4340 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:41:00.0334 4340 WmiAcpi - ok
08:41:00.0412 4340 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
08:41:00.0412 4340 WpdUsb - ok
08:41:00.0427 4340 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
08:41:00.0427 4340 ws2ifsl - ok
08:41:00.0474 4340 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:41:00.0474 4340 WUDFRd - ok
08:41:00.0505 4340 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
08:41:00.0505 4340 yukonx64 - ok
08:41:00.0552 4340 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk1\DR1
08:41:00.0583 4340 \Device\Harddisk1\DR1 - ok
08:41:00.0583 4340 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:41:00.0599 4340 \Device\Harddisk0\DR0 - ok
08:41:00.0615 4340 Boot (0x1200) (111da60e755c706855842882adc64824) \Device\Harddisk1\DR1\Partition0
08:41:00.0615 4340 \Device\Harddisk1\DR1\Partition0 - ok
08:41:00.0646 4340 Boot (0x1200) (dc4260bb355214e36c76ab2a7cc5b851) \Device\Harddisk1\DR1\Partition1
08:41:00.0646 4340 \Device\Harddisk1\DR1\Partition1 - ok
08:41:00.0661 4340 Boot (0x1200) (dd444622aef993e17d27af2bcb6e7e9d) \Device\Harddisk0\DR0\Partition0
08:41:00.0661 4340 \Device\Harddisk0\DR0\Partition0 - ok
08:41:00.0661 4340 ============================================================
08:41:00.0661 4340 Scan finished
08:41:00.0661 4340 ============================================================
08:41:00.0677 1488 Detected object count: 0
08:41:00.0677 1488 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 10 January 2012 - 12:17 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 10 January 2012 - 09:37 PM

This one looks different from the last one I ran.

The File: C:\Windows\PEV.exe is new.

Would you like to see the most recent, previous aswmbr log?





aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-07 23:07:25
-----------------------------
23:07:25.421 OS Version: Windows x64 6.0.6001 Service Pack 1
23:07:25.421 Number of processors: 2 586 0x170A
23:07:25.422 ComputerName: USER-PC UserName: User
23:07:26.852 Initialize success
23:16:36.536 AVAST engine defs: 12010701
23:18:59.845 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1
23:18:59.849 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
23:18:59.852 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
23:18:59.856 Disk 1 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
23:18:59.887 Disk 1 MBR read successfully
23:18:59.891 Disk 1 MBR scan
23:18:59.899 Disk 1 unknown MBR code
23:18:59.912 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225594 MB offset 2048
23:18:59.943 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 12877 MB offset 462018560
23:18:59.952 Service scanning
23:19:01.579 Modules scanning
23:19:01.584 Disk 1 trace - called modules:
23:19:01.591 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:19:01.598 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8005d85790]
23:19:01.603 3 CLASSPNP.SYS[fffffa6000aecb3a] -> nt!IofCallDriver -> [0xfffffa8004daa440]
23:19:01.609 5 hpdskflt.sys[fffffa6001bf80ee] -> nt!IofCallDriver -> [0xfffffa8004daacf0]
23:19:01.615 7 PCTCore64.sys[fffffa6001333600] -> nt!IofCallDriver -> [0xfffffa8004c29520]
23:19:01.621 9 acpi.sys[fffffa60008f7ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bfd940]
23:19:02.660 AVAST engine scan C:\Windows
23:19:06.485 AVAST engine scan C:\Windows\system32
23:21:03.311 AVAST engine scan C:\Windows\system32\drivers
23:21:16.599 AVAST engine scan C:\Users\User
23:28:24.919 AVAST engine scan C:\ProgramData
23:34:23.320 Scan finished successfully
23:47:36.332 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
23:47:36.338 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-08 09:22:05
-----------------------------
09:22:05.892 OS Version: Windows x64 6.0.6001 Service Pack 1
09:22:05.892 Number of processors: 2 586 0x170A
09:22:05.893 ComputerName: USER-PC UserName: User
09:22:07.336 Initialize success
09:22:12.274 AVAST engine defs: 12010701
09:22:33.434 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1
09:22:33.438 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
09:22:33.442 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
09:22:33.446 Disk 1 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
09:22:33.646 Disk 1 MBR read successfully
09:22:33.649 Disk 1 MBR scan
09:22:33.655 Disk 1 unknown MBR code
09:22:33.742 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225594 MB offset 2048
09:22:33.795 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 12877 MB offset 462018560
09:22:33.839 Service scanning
09:22:36.342 Modules scanning
09:22:36.348 Disk 1 trace - called modules:
09:22:36.473 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:22:36.482 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8005d85790]
09:22:36.489 3 CLASSPNP.SYS[fffffa6000aecb3a] -> nt!IofCallDriver -> [0xfffffa8004daa440]
09:22:36.496 5 hpdskflt.sys[fffffa6001bf80ee] -> nt!IofCallDriver -> [0xfffffa8004daacf0]
09:22:36.504 7 PCTCore64.sys[fffffa6001333600] -> nt!IofCallDriver -> [0xfffffa8004c29520]
09:22:36.511 9 acpi.sys[fffffa60008f7ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bfd940]
09:22:37.701 AVAST engine scan C:\Windows\assembly
09:22:57.054 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
09:23:14.080 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
09:30:43.078 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win32:Malware-gen
09:30:43.642 Scan finished successfully
09:42:53.069 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:42:53.081 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-08 10:16:04
-----------------------------
10:16:04.041 OS Version: Windows x64 6.0.6001 Service Pack 1
10:16:04.041 Number of processors: 2 586 0x170A
10:16:04.042 ComputerName: USER-PC UserName: User
10:16:05.406 Initialize success
10:23:07.870 AVAST engine defs: 12010800
10:40:18.272 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1
10:40:18.276 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
10:40:18.279 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
10:40:18.284 Disk 1 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
10:40:18.500 Disk 1 MBR read successfully
10:40:18.503 Disk 1 MBR scan
10:40:18.508 Disk 1 unknown MBR code
10:40:18.629 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225594 MB offset 2048
10:40:18.716 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 12877 MB offset 462018560
10:40:18.789 Service scanning
10:40:20.296 Modules scanning
10:40:20.301 Disk 1 trace - called modules:
10:40:20.375 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:40:20.712 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8005d85790]
10:40:20.719 3 CLASSPNP.SYS[fffffa6000aecb3a] -> nt!IofCallDriver -> [0xfffffa8004daa440]
10:40:20.726 5 hpdskflt.sys[fffffa6001bf80ee] -> nt!IofCallDriver -> [0xfffffa8004daacf0]
10:40:20.733 7 PCTCore64.sys[fffffa6001333600] -> nt!IofCallDriver -> [0xfffffa8004c29520]
10:40:20.741 9 acpi.sys[fffffa60008f7ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bfd940]
10:40:22.000 AVAST engine scan C:\Windows\assembly
10:40:49.248 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
10:41:06.036 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
10:46:39.667 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win32:Malware-gen
10:46:39.987 Scan finished successfully
20:04:57.444 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
20:04:57.452 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-10 19:02:32
-----------------------------
19:02:32.833 OS Version: Windows x64 6.0.6001 Service Pack 1
19:02:32.833 Number of processors: 2 586 0x170A
19:02:32.834 ComputerName: USER-PC UserName: User
19:02:34.416 Initialize success
19:09:23.444 AVAST engine defs: 12011001
19:09:36.172 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:09:36.176 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
19:09:36.180 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
19:09:36.184 Disk 1 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
19:09:36.228 Disk 1 MBR read successfully
19:09:36.232 Disk 1 MBR scan
19:09:36.239 Disk 1 unknown MBR code
19:09:36.252 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225594 MB offset 2048
19:09:36.284 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 12877 MB offset 462018560
19:09:36.293 Service scanning
19:09:37.841 Modules scanning
19:09:37.846 Disk 1 trace - called modules:
19:09:37.852 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:09:37.860 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800517a790]
19:09:37.866 3 CLASSPNP.SYS[fffffa6000a81b3a] -> nt!IofCallDriver -> [0xfffffa8004da32e0]
19:09:37.871 5 hpdskflt.sys[fffffa6001bf70ee] -> nt!IofCallDriver -> [0xfffffa8005142460]
19:09:37.877 7 PCTCore64.sys[fffffa600131a600] -> nt!IofCallDriver -> [0xfffffa8004bef520]
19:09:37.882 9 acpi.sys[fffffa60008f4ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bf9060]
19:09:39.045 AVAST engine scan C:\Windows
19:09:41.281 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
19:09:43.026 AVAST engine scan C:\Windows\system32
19:11:34.472 AVAST engine scan C:\Windows\system32\drivers
19:11:48.704 AVAST engine scan C:\Users\User
19:19:46.476 AVAST engine scan C:\ProgramData
19:25:10.784 Scan finished successfully
19:33:55.985 Disk 1 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
19:33:55.993 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 10 January 2012 - 09:44 PM

That is a known false positive


how is the computer doing now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 11 January 2012 - 02:06 AM

I can't enable the firewall, nor can I run Windows Defender.

Did you want a quick scan with aswmbr or full scan?

Full scan finds more stuff.

#11 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 11 January 2012 - 02:19 AM

Full aswmbr scan, which unfortunately just crashed, says:

C;\windows\assembly\GAC_32\Desktop.ini **Infected** win32:Sirefef-FQ
C:\windows\assembly\GAC_64\Desktop.ini **Infected** win64:Sirefef-C
C:\windows\assembly\temp\U\00000002.@ **Infected** win32:Agent-ANRV
C:\windows\assembly\temp\U\80000004.@ **Infected** win64:ZAccess-A
C:\windows\PEV.exe ** Infected** win32:Rootkit-gen
Scanning: C:windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd[cut off here][this is where it was scanning when it crashed]

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 11 January 2012 - 08:37 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 11 January 2012 - 11:56 AM

I don't think aswmbr cleaned up anything did it? If I scan the windows\assembly\ folder I get this log:


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-11 09:47:40
-----------------------------
09:47:40.777 OS Version: Windows x64 6.0.6001 Service Pack 1
09:47:40.777 Number of processors: 2 586 0x170A
09:47:40.777 ComputerName: USER-PC UserName: User
09:47:41.931 Initialize success
09:47:46.424 AVAST engine defs: 12011001
09:48:20.916 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:48:20.916 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
09:48:20.931 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
09:48:20.931 Disk 1 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 3
09:48:20.947 Disk 0 MBR read successfully
09:48:20.947 Disk 0 MBR scan
09:48:20.947 Disk 0 unknown MBR code
09:48:20.963 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225594 MB offset 2048
09:48:20.994 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12877 MB offset 462018560
09:48:21.009 Service scanning
09:48:22.585 Modules scanning
09:48:22.585 Disk 0 trace - called modules:
09:48:22.585 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys PCTCore64.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:48:22.601 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fa1660]
09:48:22.601 3 CLASSPNP.SYS[fffffa6000a83b3a] -> nt!IofCallDriver -> [0xfffffa8004dbd280]
09:48:22.601 5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> [0xfffffa8004dbdcf0]
09:48:22.616 7 PCTCore64.sys[fffffa6001313600] -> nt!IofCallDriver -> [0xfffffa8004c12760]
09:48:22.616 9 acpi.sys[fffffa6000900ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bf4060]
09:48:23.630 AVAST engine scan C:\Windows\assembly
09:48:28.560 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
09:48:31.727 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
09:48:53.193 Scanning: C:\Windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll ??????????????
09:48:53.193 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR1.txt"
09:50:23.615 File: C:\Windows\assembly\temp\U\00000002.@ **INFECTED** Win32:Agent-ANRV [Trj]
09:50:23.755 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
09:50:23.865 Scan finished successfully
09:50:42.273 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:50:42.288 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR-still.txt"


I saved a log while it was scanning because I was afraid it might crash.

Last night it blue screened the computer while scanning in C:windows\SoftwareDistribution\Download\

It's a sunny day here in Montana. :thumbsup: Hope your day dawned brightly as well.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:50 PM

Posted 11 January 2012 - 12:44 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Webdoc

Webdoc
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 11 January 2012 - 01:11 PM

ComboFix 12-01-09.07 - User 01/11/2012 10:50:23.5.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.1951 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 18:05 . 2012-01-11 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-08 16:47 . 2012-01-08 16:47 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 16:47 . 2012-01-08 16:47 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 16:47 . 2012-01-08 16:47 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 16:47 . 2012-01-08 16:47 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-06 03:53 . 2012-01-06 03:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 20:01 . 2011-12-27 20:01 -------- d-----w- c:\program files (x86)\ESET
2011-12-22 05:51 . 2012-01-07 20:22 -------- d-----w- c:\users\LogMeInRemoteUser
2011-12-17 01:44 . 2011-12-17 01:44 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 22:24 . 2011-08-01 16:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 19:06 . 2011-06-18 15:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 12:54 . 2010-05-12 23:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 08:27 . 2011-11-06 19:19 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B0911F-687F-4670-B26C-622F3857ED69}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-07_20.45.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-01-11 07:37 65858 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-11 07:37 97148 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-03 18:01 . 2012-01-11 07:37 13564 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4216355369-1755594082-3271658695-1000_UserData.bin
+ 2009-10-03 18:01 . 2012-01-11 07:28 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-03 18:01 . 2012-01-07 17:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-03 18:01 . 2012-01-11 07:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-03 18:01 . 2012-01-07 17:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-03 18:01 . 2012-01-07 17:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-03 18:01 . 2012-01-11 07:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-06 21:00 . 2012-01-07 20:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-06 21:00 . 2012-01-11 02:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-06 21:00 . 2012-01-11 02:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-06 21:00 . 2012-01-07 20:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-06 21:00 . 2012-01-11 02:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-06 21:00 . 2012-01-07 20:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-22 23:52 . 2012-01-07 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-22 23:52 . 2012-01-07 16:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-22 23:52 . 2012-01-07 21:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-22 23:52 . 2012-01-07 16:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-07 20:44 . 2012-01-07 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 07:35 . 2012-01-11 07:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-07 20:44 . 2012-01-07 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 07:35 . 2012-01-11 07:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-03 19:18 . 2012-01-11 16:31 396178 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-09-20 01:36 . 2012-01-11 07:34 3989880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-10 206120]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-17 74752]
"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2010-02-27 1148200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2011-11-7 2697728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-18 14:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1BC2929E-B9E6-4589-A980-0CD02A9CA469}: NameServer = 192.168.1.245
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gw2npr2x.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4216355369-1755594082-3271658695-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,bd,8f,2d,49,0c,a5,20,c1,ed,14,a6,80,e4,cd,89,29,4b,71,41,83,
d3,17,c2,fb,f0,ae,13,8e,66,2a,c0,5f,ae,cd,af,6d,ac,3b,3b,a9,be,7a,94,52,94,\
"rkeysecu"=hex:5c,4f,e6,3e,8c,8b,04,aa,3b,ef,ca,c7,d8,79,4a,2e
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-11 11:08:21
ComboFix-quarantined-files.txt 2012-01-11 18:08
ComboFix2.txt 2012-01-10 07:07
ComboFix3.txt 2012-01-08 17:13
ComboFix4.txt 2012-01-08 00:40
ComboFix5.txt 2012-01-11 17:48
.
Pre-Run: 81,043,267,584 bytes free
Post-Run: 79,022,628,864 bytes free
.
- - End Of File - - 6D990916408E8F3010EA1BEC85264F43




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users