Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection? please look


  • This topic is locked This topic is locked
27 replies to this topic

#1 AbDuCt

AbDuCt

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 25 January 2012 - 04:20 AM

lots of "missing files" in hjt log. also a while ago i have a weird executable file in my users root directory in windows 7 and i googled it and people said combofix deletes it so i ran it and it has since been gone (although combofix didnt run properly. after the computer restart it reopened and stalled for half hour)

windows 7 64bit
4gb of ram
ati 5850
amd phenom II 3.4ghz

MSE and malwarebytes for protection as well as a virtual machine with install watch pro, reshacker, bin2text, and wireshark for basic malware analysis.

im just wondering if it is safe to remove the missing file entries or if there is more to it then i am seeing.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:09:28 AM, on 1/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\abduct\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Mal Updater 2] C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe
O4 - HKCU\..\Run: [Hyperdesktop] C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: I2P Service (i2p) - Unknown owner - C:\Program Files (x86)\i2p\I2Psvc.exe (file missing)
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 9668 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 29 January 2012 - 02:46 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 AbDuCt

AbDuCt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 29 January 2012 - 01:23 PM

I havent been having any symptoms I was only curious as to why all those files were missing in htj. i was also worried because my girlfriend has been downloading games into my computer before i could inspect them inside a virtual machine. The only sign of malware I had was a randomly named executable file in the root of my users directory (C:/Users/abduct). i ran combofix the first time and it removed it, but upon the reboot combofix suggested, combofix reran itself and appeared to have stalled as it was running for more than a half hour.

ive attached the logs

edit:: i cant seem to attach the "attach" text file you asked for so i will post it.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2010 10:40:06 PM
System Uptime: 1/29/2012 10:12:14 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A785TD-V EVO
Processor: AMD Phenom™ II X4 965 Processor | AM3 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 314.688 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP525: 1/16/2012 9:31:21 AM - Windows Update
RP526: 1/18/2012 12:48:13 AM - Windows Update
RP527: 1/21/2012 10:56:17 AM - Windows Update
RP528: 1/22/2012 12:48:53 PM - Removed TheSims3EP4
RP529: 1/22/2012 1:34:21 PM - Installed The Sims 3
RP530: 1/22/2012 1:41:01 PM - Installed The Sims 3
RP531: 1/22/2012 1:54:56 PM - Removed The Sims 3
RP532: 1/22/2012 1:57:26 PM - Removed The Sims 3 Ambitions
RP533: 1/22/2012 1:59:48 PM - Removed The Sims 3 Late Night
RP534: 1/25/2012 12:53:26 AM - Removed The Sims 3 Create A World
RP535: 1/25/2012 12:56:28 AM - Removed Google SketchUp 8
RP536: 1/25/2012 10:53:56 AM - Windows Update
RP537: 1/28/2012 11:33:39 PM - Windows Update
.
==== Installed Programs ======================
.
ÁTorrent
Adobe AIR
Adobe Anchor Service CS4
Adobe Community Help
Adobe CSI CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Update Manager CS4
ASIO4ALL
ATI Catalyst Registration
ATI Stream Profiler 2.1
ATI Stream SDK v2 Samples
Bamboo
Battlefield Play4Free
Borland Delphi 7
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CodeBlocks
Collab
Combined Community Codec Pack 2009-09-09
Connect
ConvertXtoDVD 4.0.12.327
Counter-Strike
Crystal Reports for Visual Studio
D3DX10
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp CD Writer
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Diablo II
DisplayFusion 3.4.0
Dotfuscator Software Services - Community Edition
erLT
FileZilla Client 3.3.4.1
FINAL FANTASY XIV
FL Studio 8
Fraps (remove only)
Futuremark SystemInfo
GraphicsGale FreeEdition version 1.93.16
Gtk# for .Net 2.12.10
HashCheck Shell Extension (x86-32)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
HP USB Disk Storage Format Tool
IconPackager
IL Download Manager
Imgur Uploader
InterBase 6.5
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 27
Java™ SE Development Kit 6 Update 27
kuler
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Macromedia FreeHand MXa
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Mal Updater 2.80
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual Basic 6.0 Enterprise Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Web Publishing Wizard 1.53
Microsoft WSE 3.0 Runtime
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
Notepad++
Origin
PDF Settings CS5
Pidgin
pidgin-otr 3.2.0-1
PoiZone
Project64 1.6
PunkBuster Services
Rainmeter
Runes of Magic
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
Skype Click to Call
SkypeÖ 5.5
SMPlayer 0.6.9
StarCraft II
Steam
Stream KernelAnalyzer 1.7
Streamripper (Remove only)
Suite Shared Configuration CS4
swMSM
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 6
The Lord of the Rings FREE Trial
Topaz Adjust 4
Topaz Clean 3
Topaz DeNoise 5
Topaz Detail 2
Topaz ReMask 2
Topaz Simplify 3
Toxic Biohazard
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Virtual DJ - Atomix Productions
VisiBroker for Cpp 4.5
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Detector Plug-in
WindowBlinds
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
Wireshark 1.4.4
Xilisoft Audio Converter 6
.
==== Event Viewer Messages From Past Week ========
.
1/29/2012 10:12:35 AM, Error: Service Control Manager [7000] - The I2P Service service failed to start

due to the following error: The system cannot find the file specified.
1/28/2012 11:23:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection

feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005

Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order

to function. You must install the latest definition updates in order to enable real-time protection.
1/26/2012 9:35:20 PM, Error: Disk [11] - The driver detected a controller error on \Device

\Harddisk1\DR4.
1/26/2012 12:16:50 PM, Error: Disk [11] - The driver detected a controller error on \Device

\Harddisk1\DR3.
1/26/2012 12:16:05 PM, Error: Disk [11] - The driver detected a controller error on \Device

\Harddisk1\DR2.
1/24/2012 10:39:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection

feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005

Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order

to function. You must install the latest definition updates in order to enable real-time protection.
1/23/2012 11:01:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection

feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005

Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order

to function. You must install the latest definition updates in order to enable real-time protection.
1/22/2012 9:11:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection

feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005

Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order

to function. You must install the latest definition updates in order to enable real-time protection.
1/22/2012 6:13:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection

feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005

Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order

to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

Attached Files

  • Attached File  dds.txt   19.92KB   0 downloads

Edited by AbDuCt, 29 January 2012 - 01:24 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 29 January 2012 - 02:00 PM

Hello

as to why all those files were missing in htj.
Hijackthis is not fully 64 bit compatible so it is going to report missing files in that section - the files are not missing hijackthis is just looking in the incorect location

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 AbDuCt

AbDuCt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 30 January 2012 - 12:59 AM

the file doesn't exist. after it went through all its steps and let me restart my computer i restarted and it reran. once it reran i let it sit for half hour - 45 minutes and it appeared to have stalled so i closed combofix.

i also looked for the log file after i closed it to see if it had written it and it was just hanging on something and it was not in my root folder of my c:/ drive.

ive viewed my history and here is the virustotal log of the executable i found in my users root directory.

https://www.virustotal.com/file/acb5b4bce2dc8948f770561deeb0e668fb537804a87504bf37729d30f1c4e568/analysis/1327903107/

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 30 January 2012 - 01:09 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 AbDuCt

AbDuCt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 30 January 2012 - 03:08 AM

ive successfully let it run in safemode and let it do its scan and ive successfully got it back into safemode and it reopened with the message "preparing logs dont run other applications" or something of the like. i let it sit there for a half hour and a bit, but it was still stalling there.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 30 January 2012 - 03:15 AM

let it sit for a few more minutes and if it still does not complete then stop it and do this


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 AbDuCt

AbDuCt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 30 January 2012 - 03:25 AM

00:24:07.0924 5704 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
00:24:08.0517 5704 ============================================================
00:24:08.0518 5704 Current date / time: 2012/01/30 00:24:08.0517
00:24:08.0518 5704 SystemInfo:
00:24:08.0518 5704
00:24:08.0518 5704 OS Version: 6.1.7601 ServicePack: 1.0
00:24:08.0518 5704 Product type: Workstation
00:24:08.0518 5704 ComputerName: ABDUCT-PC
00:24:08.0518 5704 UserName: abduct
00:24:08.0518 5704 Windows directory: C:\Windows
00:24:08.0518 5704 System windows directory: C:\Windows
00:24:08.0518 5704 Running under WOW64
00:24:08.0518 5704 Processor architecture: Intel x64
00:24:08.0518 5704 Number of processors: 4
00:24:08.0518 5704 Page size: 0x1000
00:24:08.0518 5704 Boot type: Normal boot
00:24:08.0518 5704 ============================================================
00:24:09.0243 5704 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:24:09.0278 5704 Initialize success
00:24:24.0609 4300 ============================================================
00:24:24.0609 4300 Scan started
00:24:24.0609 4300 Mode: Manual;
00:24:24.0609 4300 ============================================================
00:24:24.0904 4300 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:24:24.0906 4300 1394ohci - ok
00:24:24.0948 4300 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:24:24.0951 4300 ACPI - ok
00:24:24.0990 4300 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:24:24.0991 4300 AcpiPmi - ok
00:24:25.0052 4300 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:24:25.0056 4300 adp94xx - ok
00:24:25.0066 4300 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:24:25.0069 4300 adpahci - ok
00:24:25.0083 4300 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:24:25.0085 4300 adpu320 - ok
00:24:25.0145 4300 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:24:25.0150 4300 AFD - ok
00:24:25.0185 4300 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:24:25.0186 4300 agp440 - ok
00:24:25.0201 4300 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:24:25.0202 4300 aliide - ok
00:24:25.0267 4300 ALSysIO - ok
00:24:25.0290 4300 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:24:25.0291 4300 amdide - ok
00:24:25.0316 4300 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:24:25.0317 4300 AmdK8 - ok
00:24:25.0435 4300 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
00:24:25.0540 4300 amdkmdag - ok
00:24:25.0627 4300 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
00:24:25.0629 4300 amdkmdap - ok
00:24:25.0639 4300 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:24:25.0640 4300 AmdPPM - ok
00:24:25.0654 4300 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:24:25.0655 4300 amdsata - ok
00:24:25.0667 4300 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:24:25.0668 4300 amdsbs - ok
00:24:25.0684 4300 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:24:25.0684 4300 amdxata - ok
00:24:25.0717 4300 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:24:25.0718 4300 AppID - ok
00:24:25.0748 4300 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:24:25.0749 4300 arc - ok
00:24:25.0768 4300 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:24:25.0769 4300 arcsas - ok
00:24:25.0793 4300 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:24:25.0794 4300 AsyncMac - ok
00:24:25.0812 4300 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:24:25.0812 4300 atapi - ok
00:24:25.0839 4300 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
00:24:25.0840 4300 AtiHDAudioService - ok
00:24:25.0858 4300 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
00:24:25.0860 4300 AtiHdmiService - ok
00:24:25.0885 4300 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:24:25.0890 4300 b06bdrv - ok
00:24:25.0909 4300 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:24:25.0912 4300 b57nd60a - ok
00:24:25.0936 4300 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:24:25.0936 4300 Beep - ok
00:24:25.0967 4300 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:24:25.0968 4300 blbdrive - ok
00:24:26.0002 4300 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:24:26.0003 4300 bowser - ok
00:24:26.0023 4300 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:24:26.0023 4300 BrFiltLo - ok
00:24:26.0038 4300 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:24:26.0038 4300 BrFiltUp - ok
00:24:26.0069 4300 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:24:26.0070 4300 BridgeMP - ok
00:24:26.0080 4300 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:24:26.0083 4300 Brserid - ok
00:24:26.0098 4300 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:24:26.0099 4300 BrSerWdm - ok
00:24:26.0114 4300 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:24:26.0115 4300 BrUsbMdm - ok
00:24:26.0128 4300 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:24:26.0128 4300 BrUsbSer - ok
00:24:26.0143 4300 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:24:26.0144 4300 BTHMODEM - ok
00:24:26.0273 4300 catchme - ok
00:24:26.0291 4300 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:24:26.0292 4300 cdfs - ok
00:24:26.0313 4300 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:24:26.0315 4300 cdrom - ok
00:24:26.0340 4300 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:24:26.0341 4300 circlass - ok
00:24:26.0364 4300 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:24:26.0367 4300 CLFS - ok
00:24:26.0391 4300 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:24:26.0391 4300 CmBatt - ok
00:24:26.0406 4300 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:24:26.0406 4300 cmdide - ok
00:24:26.0444 4300 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:24:26.0447 4300 CNG - ok
00:24:26.0454 4300 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:24:26.0454 4300 Compbatt - ok
00:24:26.0490 4300 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:24:26.0490 4300 CompositeBus - ok
00:24:26.0559 4300 cpuz130 - ok
00:24:26.0576 4300 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:24:26.0576 4300 crcdisk - ok
00:24:26.0618 4300 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:24:26.0623 4300 CSC - ok
00:24:26.0657 4300 DCamUSBET (04f1dc6d20e145fb29c9536a5e4fda90) C:\Windows\system32\DRIVERS\etDevice64.sys
00:24:26.0662 4300 DCamUSBET - ok
00:24:26.0706 4300 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:24:26.0708 4300 DfsC - ok
00:24:26.0719 4300 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:24:26.0720 4300 discache - ok
00:24:26.0743 4300 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:24:26.0744 4300 Disk - ok
00:24:26.0780 4300 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:24:26.0781 4300 drmkaud - ok
00:24:26.0827 4300 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:24:26.0831 4300 DXGKrnl - ok
00:24:26.0888 4300 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:24:26.0932 4300 ebdrv - ok
00:24:26.0976 4300 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:24:26.0981 4300 elxstor - ok
00:24:27.0029 4300 emAudio (09cdf93151ae257c40591905975c0e36) C:\Windows\system32\drivers\emAudio64.sys
00:24:27.0030 4300 emAudio - ok
00:24:27.0049 4300 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:24:27.0049 4300 ErrDev - ok
00:24:27.0071 4300 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:24:27.0073 4300 exfat - ok
00:24:27.0088 4300 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:24:27.0090 4300 fastfat - ok
00:24:27.0116 4300 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:24:27.0117 4300 fdc - ok
00:24:27.0142 4300 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:24:27.0143 4300 FileInfo - ok
00:24:27.0154 4300 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:24:27.0155 4300 Filetrace - ok
00:24:27.0177 4300 FiltUSBET (059b282b748d5e027b60e276cf424bad) C:\Windows\system32\DRIVERS\etFilter64.sys
00:24:27.0180 4300 FiltUSBET - ok
00:24:27.0206 4300 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:24:27.0207 4300 flpydisk - ok
00:24:27.0252 4300 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:24:27.0279 4300 FltMgr - ok
00:24:27.0372 4300 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:24:27.0373 4300 FsDepends - ok
00:24:27.0387 4300 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:24:27.0388 4300 Fs_Rec - ok
00:24:27.0447 4300 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:24:27.0449 4300 fvevol - ok
00:24:27.0463 4300 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:24:27.0464 4300 gagp30kx - ok
00:24:27.0495 4300 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:24:27.0496 4300 hcw85cir - ok
00:24:27.0543 4300 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:24:27.0546 4300 HdAudAddService - ok
00:24:27.0574 4300 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:24:27.0575 4300 HDAudBus - ok
00:24:27.0596 4300 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:24:27.0597 4300 HidBatt - ok
00:24:27.0612 4300 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:24:27.0613 4300 HidBth - ok
00:24:27.0633 4300 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:24:27.0633 4300 HidIr - ok
00:24:27.0671 4300 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:24:27.0672 4300 HidUsb - ok
00:24:27.0690 4300 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:24:27.0691 4300 HpSAMD - ok
00:24:27.0744 4300 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:24:27.0751 4300 HTTP - ok
00:24:27.0787 4300 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:24:27.0788 4300 hwpolicy - ok
00:24:27.0816 4300 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:24:27.0817 4300 i8042prt - ok
00:24:27.0855 4300 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:24:27.0859 4300 iaStorV - ok
00:24:27.0878 4300 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:24:27.0879 4300 iirsp - ok
00:24:27.0910 4300 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:24:27.0911 4300 intelide - ok
00:24:27.0928 4300 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:24:27.0929 4300 intelppm - ok
00:24:27.0996 4300 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:24:27.0998 4300 IpFilterDriver - ok
00:24:28.0018 4300 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:24:28.0019 4300 IPMIDRV - ok
00:24:28.0054 4300 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:24:28.0055 4300 IPNAT - ok
00:24:28.0069 4300 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:24:28.0069 4300 IRENUM - ok
00:24:28.0083 4300 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:24:28.0083 4300 isapnp - ok
00:24:28.0105 4300 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:24:28.0108 4300 iScsiPrt - ok
00:24:28.0124 4300 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:24:28.0125 4300 kbdclass - ok
00:24:28.0131 4300 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:24:28.0132 4300 kbdhid - ok
00:24:28.0178 4300 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:24:28.0179 4300 KSecDD - ok
00:24:28.0194 4300 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:24:28.0195 4300 KSecPkg - ok
00:24:28.0207 4300 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:24:28.0207 4300 ksthunk - ok
00:24:28.0235 4300 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:24:28.0235 4300 LHidFilt - ok
00:24:28.0263 4300 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:24:28.0264 4300 lltdio - ok
00:24:28.0281 4300 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:24:28.0282 4300 LMouFilt - ok
00:24:28.0301 4300 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:24:28.0303 4300 LSI_FC - ok
00:24:28.0315 4300 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:24:28.0317 4300 LSI_SAS - ok
00:24:28.0333 4300 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:24:28.0334 4300 LSI_SAS2 - ok
00:24:28.0348 4300 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:24:28.0349 4300 LSI_SCSI - ok
00:24:28.0374 4300 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:24:28.0375 4300 luafv - ok
00:24:28.0449 4300 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
00:24:28.0450 4300 mcdbus - ok
00:24:28.0475 4300 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:24:28.0475 4300 megasas - ok
00:24:28.0496 4300 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:24:28.0499 4300 MegaSR - ok
00:24:28.0517 4300 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:24:28.0518 4300 Modem - ok
00:24:28.0538 4300 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:24:28.0539 4300 monitor - ok
00:24:28.0546 4300 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:24:28.0546 4300 mouclass - ok
00:24:28.0556 4300 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:24:28.0557 4300 mouhid - ok
00:24:28.0596 4300 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:24:28.0597 4300 mountmgr - ok
00:24:28.0663 4300 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
00:24:28.0664 4300 MpFilter - ok
00:24:28.0684 4300 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:24:28.0686 4300 mpio - ok
00:24:28.0704 4300 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:24:28.0705 4300 MpNWMon - ok
00:24:28.0719 4300 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:24:28.0720 4300 mpsdrv - ok
00:24:28.0765 4300 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:24:28.0767 4300 MRxDAV - ok
00:24:28.0796 4300 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:24:28.0798 4300 mrxsmb - ok
00:24:28.0834 4300 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:24:28.0837 4300 mrxsmb10 - ok
00:24:28.0849 4300 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:24:28.0850 4300 mrxsmb20 - ok
00:24:28.0880 4300 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:24:28.0881 4300 msahci - ok
00:24:28.0893 4300 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:24:28.0895 4300 msdsm - ok
00:24:28.0907 4300 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:24:28.0907 4300 Msfs - ok
00:24:28.0925 4300 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:24:28.0926 4300 mshidkmdf - ok
00:24:28.0940 4300 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:24:28.0940 4300 msisadrv - ok
00:24:28.0962 4300 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:24:28.0962 4300 MSKSSRV - ok
00:24:28.0996 4300 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:24:28.0997 4300 MSPCLOCK - ok
00:24:29.0004 4300 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:24:29.0004 4300 MSPQM - ok
00:24:29.0041 4300 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:24:29.0044 4300 MsRPC - ok
00:24:29.0055 4300 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:24:29.0055 4300 mssmbios - ok
00:24:29.0072 4300 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:24:29.0072 4300 MSTEE - ok
00:24:29.0090 4300 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:24:29.0091 4300 MTConfig - ok
00:24:29.0113 4300 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
00:24:29.0114 4300 MTsensor - ok
00:24:29.0129 4300 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:24:29.0130 4300 Mup - ok
00:24:29.0153 4300 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:24:29.0156 4300 NativeWifiP - ok
00:24:29.0197 4300 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:24:29.0205 4300 NDIS - ok
00:24:29.0212 4300 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:24:29.0212 4300 NdisCap - ok
00:24:29.0221 4300 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:24:29.0221 4300 NdisTapi - ok
00:24:29.0244 4300 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:24:29.0245 4300 Ndisuio - ok
00:24:29.0276 4300 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:24:29.0278 4300 NdisWan - ok
00:24:29.0286 4300 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:24:29.0287 4300 NDProxy - ok
00:24:29.0294 4300 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:24:29.0294 4300 NetBIOS - ok
00:24:29.0337 4300 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:24:29.0340 4300 NetBT - ok
00:24:29.0394 4300 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:24:29.0395 4300 nfrd960 - ok
00:24:29.0427 4300 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:24:29.0428 4300 NisDrv - ok
00:24:29.0505 4300 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
00:24:29.0505 4300 NPF - ok
00:24:29.0513 4300 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:24:29.0514 4300 Npfs - ok
00:24:29.0523 4300 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:24:29.0524 4300 nsiproxy - ok
00:24:29.0557 4300 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:24:29.0584 4300 Ntfs - ok
00:24:29.0601 4300 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:24:29.0602 4300 Null - ok
00:24:29.0637 4300 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:24:29.0639 4300 nvraid - ok
00:24:29.0675 4300 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:24:29.0677 4300 nvstor - ok
00:24:29.0700 4300 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:24:29.0701 4300 nv_agp - ok
00:24:29.0722 4300 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:24:29.0723 4300 ohci1394 - ok
00:24:29.0746 4300 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:24:29.0747 4300 Parport - ok
00:24:29.0760 4300 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:24:29.0761 4300 partmgr - ok
00:24:29.0777 4300 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:24:29.0778 4300 pci - ok
00:24:29.0800 4300 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:24:29.0801 4300 pciide - ok
00:24:29.0827 4300 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:24:29.0829 4300 pcmcia - ok
00:24:29.0874 4300 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
00:24:29.0875 4300 pcouffin - ok
00:24:29.0882 4300 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:24:29.0882 4300 pcw - ok
00:24:29.0905 4300 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:24:29.0911 4300 PEAUTH - ok
00:24:30.0007 4300 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:24:30.0008 4300 PptpMiniport - ok
00:24:30.0023 4300 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:24:30.0024 4300 Processor - ok
00:24:30.0066 4300 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:24:30.0067 4300 Psched - ok
00:24:30.0101 4300 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:24:30.0126 4300 ql2300 - ok
00:24:30.0166 4300 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:24:30.0168 4300 ql40xx - ok
00:24:30.0189 4300 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:24:30.0190 4300 QWAVEdrv - ok
00:24:30.0210 4300 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:24:30.0210 4300 RasAcd - ok
00:24:30.0239 4300 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:24:30.0240 4300 RasAgileVpn - ok
00:24:30.0281 4300 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:24:30.0282 4300 Rasl2tp - ok
00:24:30.0294 4300 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:24:30.0295 4300 RasPppoe - ok
00:24:30.0305 4300 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:24:30.0306 4300 RasSstp - ok
00:24:30.0354 4300 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:24:30.0357 4300 rdbss - ok
00:24:30.0369 4300 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:24:30.0370 4300 rdpbus - ok
00:24:30.0385 4300 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:24:30.0385 4300 RDPCDD - ok
00:24:30.0422 4300 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:24:30.0424 4300 RDPDR - ok
00:24:30.0430 4300 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:24:30.0431 4300 RDPENCDD - ok
00:24:30.0449 4300 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:24:30.0449 4300 RDPREFMP - ok
00:24:30.0489 4300 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:24:30.0490 4300 RdpVideoMiniport - ok
00:24:30.0526 4300 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:24:30.0528 4300 RDPWD - ok
00:24:30.0569 4300 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:24:30.0571 4300 rdyboost - ok
00:24:30.0629 4300 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:24:30.0630 4300 RimUsb - ok
00:24:30.0699 4300 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
00:24:30.0702 4300 RsFx0103 - ok
00:24:30.0717 4300 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:24:30.0718 4300 rspndr - ok
00:24:30.0760 4300 rt70x64 (3641e624c8c5d5ea089ae9b5340b5b79) C:\Windows\system32\DRIVERS\netr7064.sys
00:24:30.0763 4300 rt70x64 - ok
00:24:30.0808 4300 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:24:30.0809 4300 RTL8167 - ok
00:24:30.0849 4300 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:24:30.0850 4300 s3cap - ok
00:24:30.0896 4300 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
00:24:30.0897 4300 SbieDrv - ok
00:24:30.0931 4300 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:24:30.0932 4300 sbp2port - ok
00:24:30.0964 4300 ScanUSBET (7ad81db1549878deeaaeced63981c8fc) C:\Windows\system32\DRIVERS\etScan64.sys
00:24:30.0964 4300 ScanUSBET - ok
00:24:30.0986 4300 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:24:30.0986 4300 scfilter - ok
00:24:31.0046 4300 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:24:31.0046 4300 secdrv - ok
00:24:31.0063 4300 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:24:31.0063 4300 Serenum - ok
00:24:31.0074 4300 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:24:31.0075 4300 Serial - ok
00:24:31.0106 4300 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:24:31.0106 4300 sermouse - ok
00:24:31.0143 4300 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:24:31.0144 4300 sffdisk - ok
00:24:31.0152 4300 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:24:31.0153 4300 sffp_mmc - ok
00:24:31.0168 4300 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:24:31.0169 4300 sffp_sd - ok
00:24:31.0187 4300 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:24:31.0188 4300 sfloppy - ok
00:24:31.0221 4300 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:24:31.0222 4300 SiSRaid2 - ok
00:24:31.0236 4300 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:24:31.0237 4300 SiSRaid4 - ok
00:24:31.0247 4300 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:24:31.0248 4300 Smb - ok
00:24:31.0265 4300 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:24:31.0266 4300 spldr - ok
00:24:31.0315 4300 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:24:31.0319 4300 srv - ok
00:24:31.0337 4300 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:24:31.0341 4300 srv2 - ok
00:24:31.0358 4300 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:24:31.0360 4300 srvnet - ok
00:24:31.0386 4300 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:24:31.0387 4300 stexstor - ok
00:24:31.0395 4300 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:24:31.0396 4300 storflt - ok
00:24:31.0409 4300 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:24:31.0409 4300 storvsc - ok
00:24:31.0426 4300 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:24:31.0427 4300 swenum - ok
00:24:31.0447 4300 Synth3dVsc - ok
00:24:31.0506 4300 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
00:24:31.0507 4300 tap0901 - ok
00:24:31.0569 4300 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:24:31.0593 4300 Tcpip - ok
00:24:31.0617 4300 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:24:31.0625 4300 TCPIP6 - ok
00:24:31.0666 4300 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:24:31.0666 4300 tcpipreg - ok
00:24:31.0680 4300 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:24:31.0681 4300 TDPIPE - ok
00:24:31.0701 4300 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:24:31.0702 4300 TDTCP - ok
00:24:31.0738 4300 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:24:31.0739 4300 tdx - ok
00:24:31.0771 4300 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:24:31.0771 4300 TermDD - ok
00:24:31.0816 4300 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:24:31.0817 4300 tssecsrv - ok
00:24:31.0846 4300 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:24:31.0847 4300 TsUsbFlt - ok
00:24:31.0853 4300 tsusbhub - ok
00:24:31.0900 4300 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:24:31.0901 4300 tunnel - ok
00:24:31.0918 4300 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:24:31.0919 4300 uagp35 - ok
00:24:31.0956 4300 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:24:31.0959 4300 udfs - ok
00:24:31.0983 4300 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:24:31.0984 4300 uliagpkx - ok
00:24:32.0008 4300 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:24:32.0009 4300 umbus - ok
00:24:32.0029 4300 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:24:32.0029 4300 UmPass - ok
00:24:32.0069 4300 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:24:32.0070 4300 usbaudio - ok
00:24:32.0081 4300 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:24:32.0082 4300 usbccgp - ok
00:24:32.0117 4300 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:24:32.0119 4300 usbcir - ok
00:24:32.0133 4300 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:24:32.0133 4300 usbehci - ok
00:24:32.0152 4300 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:24:32.0156 4300 usbhub - ok
00:24:32.0172 4300 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:24:32.0172 4300 usbohci - ok
00:24:32.0193 4300 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:24:32.0194 4300 usbprint - ok
00:24:32.0216 4300 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:24:32.0217 4300 USBSTOR - ok
00:24:32.0233 4300 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:24:32.0234 4300 usbuhci - ok
00:24:32.0300 4300 VBoxDrv (4fe30ec910ba4d18d1b0e51c7780053c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:24:32.0301 4300 VBoxDrv - ok
00:24:32.0319 4300 VBoxNetAdp (47499fe912f0b4e7664f8498f2906f0e) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:24:32.0320 4300 VBoxNetAdp - ok
00:24:32.0335 4300 VBoxNetFlt (032d3d3f93eef92fda895e87f28a0a0b) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:24:32.0336 4300 VBoxNetFlt - ok
00:24:32.0373 4300 VBoxUSB (c328afba2bbaf5ab3dcd2170910648e7) C:\Windows\system32\Drivers\VBoxUSB.sys
00:24:32.0387 4300 VBoxUSB - ok
00:24:32.0430 4300 VBoxUSBMon (7a15bbaa003de45a8dba5e72fec0c704) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:24:32.0430 4300 VBoxUSBMon - ok
00:24:32.0446 4300 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:24:32.0446 4300 vdrvroot - ok
00:24:32.0468 4300 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:24:32.0469 4300 vga - ok
00:24:32.0482 4300 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:24:32.0483 4300 VgaSave - ok
00:24:32.0497 4300 VGPU - ok
00:24:32.0513 4300 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:24:32.0515 4300 vhdmp - ok
00:24:32.0552 4300 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:24:32.0553 4300 viaide - ok
00:24:32.0575 4300 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:24:32.0576 4300 vmbus - ok
00:24:32.0588 4300 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:24:32.0589 4300 VMBusHID - ok
00:24:32.0607 4300 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:24:32.0608 4300 volmgr - ok
00:24:32.0649 4300 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:24:32.0652 4300 volmgrx - ok
00:24:32.0668 4300 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:24:32.0670 4300 volsnap - ok
00:24:32.0700 4300 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:24:32.0702 4300 vsmraid - ok
00:24:32.0837 4300 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) c:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
00:24:32.0838 4300 VSPerfDrv100 - ok
00:24:32.0858 4300 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:24:32.0859 4300 vwifibus - ok
00:24:32.0917 4300 wacmoumonitor (6b6718dc4b4597ec10f4f8c614282ee1) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
00:24:32.0918 4300 wacmoumonitor - ok
00:24:32.0956 4300 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
00:24:32.0956 4300 wacommousefilter - ok
00:24:32.0972 4300 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:24:32.0973 4300 WacomPen - ok
00:24:33.0019 4300 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
00:24:33.0019 4300 wacomvhid - ok
00:24:33.0030 4300 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:24:33.0031 4300 WANARP - ok
00:24:33.0034 4300 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:24:33.0035 4300 Wanarpv6 - ok
00:24:33.0062 4300 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:24:33.0063 4300 Wd - ok
00:24:33.0088 4300 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:24:33.0093 4300 Wdf01000 - ok
00:24:33.0120 4300 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:24:33.0121 4300 WfpLwf - ok
00:24:33.0132 4300 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:24:33.0132 4300 WIMMount - ok
00:24:33.0205 4300 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:24:33.0206 4300 WinUsb - ok
00:24:33.0252 4300 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:24:33.0252 4300 WmiAcpi - ok
00:24:33.0267 4300 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:24:33.0268 4300 ws2ifsl - ok
00:24:33.0305 4300 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:24:33.0305 4300 WSDPrintDevice - ok
00:24:33.0321 4300 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
00:24:33.0322 4300 WSDScan - ok
00:24:33.0370 4300 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:24:33.0372 4300 WudfPf - ok
00:24:33.0398 4300 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:24:33.0400 4300 WUDFRd - ok
00:24:33.0452 4300 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
00:24:33.0453 4300 xusb21 - ok
00:24:33.0475 4300 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:24:33.0523 4300 \Device\Harddisk0\DR0 - ok
00:24:33.0525 4300 Boot (0x1200) (9c4a1732996bb4cf07cb4db7a2f64772) \Device\Harddisk0\DR0\Partition0
00:24:33.0526 4300 \Device\Harddisk0\DR0\Partition0 - ok
00:24:33.0539 4300 Boot (0x1200) (31f2d41b5803975d26a72a87cb6b517a) \Device\Harddisk0\DR0\Partition1
00:24:33.0540 4300 \Device\Harddisk0\DR0\Partition1 - ok
00:24:33.0540 4300 ============================================================
00:24:33.0540 4300 Scan finished
00:24:33.0540 4300 ============================================================
00:24:33.0548 0824 Detected object count: 0
00:24:33.0548 0824 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 30 January 2012 - 03:28 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 AbDuCt

AbDuCt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 30 January 2012 - 04:10 AM

most of these are false positives such as SPB.exe and BnetAuth.dll since i know the author of SPB.exe and have the source code and bnetauth was an opensource library for connecting to a gaming platform called "battle.net" to program chat clients.

and the cerbus was a remote admistrative tool i used to use for my network. i no longer use it and i dont know why i still have it on my drive.


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-30 00:34:32
-----------------------------
00:34:32.150 OS Version: Windows x64 6.1.7601 Service Pack 1
00:34:32.150 Number of processors: 4 586 0x403
00:34:32.151 ComputerName: ABDUCT-PC UserName: abduct
00:34:33.075 Initialize success
00:38:14.308 AVAST engine defs: 12013000
00:39:00.487 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
00:39:00.489 Disk 0 Vendor: WDC_WD7501AALS-00E3A0 05.01D05 Size: 715404MB BusType: 3
00:39:00.500 Disk 0 MBR read successfully
00:39:00.502 Disk 0 MBR scan
00:39:00.504 Disk 0 Windows 7 default MBR code
00:39:00.506 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:39:00.523 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
00:39:00.525 Service scanning
00:39:00.882 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
00:39:01.475 Modules scanning
00:39:01.477 Disk 0 trace - called modules:
00:39:01.480 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:39:01.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a5e060]
00:39:01.487 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8003ad7670]
00:39:01.490 5 ACPI.sys[fffff88000f537a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004403060]
00:39:02.313 AVAST engine scan C:\Windows
00:39:04.805 AVAST engine scan C:\Windows\system32
00:41:36.616 AVAST engine scan C:\Windows\system32\drivers
00:41:45.401 AVAST engine scan C:\Users\abduct
00:47:36.515 File: C:\Users\abduct\Desktop\d2 scam\cerbus\Config\as.exe **INFECTED** Win32:Delf-GIY [Drp]
00:49:14.492 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\l2uthless_Chat\l2uthless Chat\l2uthless Updater.exe **INFECTED** Win32:Malware-gen
00:49:58.809 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\source codes\delphi recon bot\SPB\SPB.exe **INFECTED** Win32:Trojan-gen
00:50:14.108 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\source codes\NefariousMassbot\NefariousMassbot\NefariousMassbot\bnetauth.dll **INFECTED** Win32:Malware-gen
00:50:18.515 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\source codes\sp1der\BnetAuth.dll **INFECTED** Win32:Malware-gen
00:50:22.211 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\source codes\zoan-2.0-source\Source\Zoan.dll **INFECTED** Win32:Malware-gen
00:50:23.358 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\warnet\Copy (2) of SPB\SPB.exe **INFECTED** Win32:Trojan-gen
00:50:23.376 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\warnet\Copy of SPB\SPB.exe **INFECTED** Win32:Trojan-gen
00:50:25.305 File: C:\Users\abduct\Desktop\stevens stuff\stevens stuff\warnet\SPB\SPB.exe **INFECTED** Win32:Trojan-gen
00:57:17.287 AVAST engine scan C:\ProgramData
01:01:36.214 Scan finished successfully
01:01:51.702 Disk 0 MBR has been saved successfully to "C:\Users\abduct\Desktop\MBR.dat"
01:01:51.706 The log file has been saved successfully to "C:\Users\abduct\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 30 January 2012 - 06:23 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 AbDuCt

AbDuCt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 30 January 2012 - 01:01 PM

OTL logfile created on: 1/30/2012 9:31:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\abduct\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.05% Memory free
8.00 Gb Paging File | 6.26 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 314.33 Gb Free Space | 45.00% Space Free | Partition Type: NTFS

Computer Name: ABDUCT-PC | User Name: abduct | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\abduct\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DisplayFusion\AppHookx86.exe (Binary Fortress Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe (Hyperdesktop)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
PRC - C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe (Stardock Corporation)
SRV - (InterBaseServer) -- C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (rt70x64) -- C:\Windows\SysNative\drivers\netr7064.sys (Ralink Technology Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBET) -- C:\Windows\SysNative\drivers\etScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBET) -- C:\Windows\SysNative\drivers\etDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBET) -- C:\Windows\SysNative\drivers\etFilter64.sys (eMPIA Technology Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 92 F8 B2 83 C2 CC 01 [binary data]
IE - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.42.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: pastebin.com@gmail.com:2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 4444
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 10:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 11:11:41 | 000,000,000 | ---D | M]

[2010/07/27 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abduct\AppData\Roaming\Mozilla\Extensions
[2012/01/28 10:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abduct\AppData\Roaming\Mozilla\Firefox\Profiles\lq00lvlu.default\extensions
[2011/12/24 12:09:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\abduct\AppData\Roaming\Mozilla\Firefox\Profiles\lq00lvlu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/26 13:18:17 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\abduct\AppData\Roaming\Mozilla\Firefox\Profiles\lq00lvlu.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/01/07 09:41:23 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\abduct\AppData\Roaming\Mozilla\Firefox\Profiles\lq00lvlu.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/12/26 11:22:33 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\abduct\AppData\Roaming\Mozilla\Firefox\Profiles\lq00lvlu.default\extensions\battlefieldplay4free@ea.com
[2011/12/04 22:27:52 | 000,000,000 | ---D | M] (Diccionario en Espa├▒ol para Venezuela) -- C:\Users\abduct\AppData\Roaming\Mozilla\Firefox\Profiles\lq00lvlu.default\extensions\es-ve@dictionaries.addons.mozilla.org
[2011/12/19 16:07:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\abduct\AppData\Roaming\Mozilla\Firefox\Profiles\lq00lvlu.default\extensions\foxyproxy@eric.h.jung
[2012/01/07 10:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/21 12:38:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99}.XPI
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\GIORGIO@GILESTRO.TK.XPI
() (No name found) -- C:\USERS\ABDUCT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQ00LVLU.DEFAULT\EXTENSIONS\PASTEBIN.COM@GMAIL.COM.XPI
[2012/01/07 10:56:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/09 11:25:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 08:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/01 08:48:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 08:19:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/29 23:31:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [etMonitor] C:\Windows\etMon.exe File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000..\Run: [Hyperdesktop] C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe (Hyperdesktop)
O4 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000..\Run: [Mal Updater 2] C:\Program Files (x86)\Mal Updater 2\MalUpdater.exe (Techsuki.net)
O4 - Startup: C:\Users\abduct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DFA6945-D3B8-4ADD-8744-0A18F29B5888}: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 09:16:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\abduct\Desktop\OTL.exe
[2012/01/30 00:30:22 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\abduct\Desktop\aswMBR.exe
[2012/01/30 00:23:54 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\abduct\Desktop\tdsskiller.exe
[2012/01/29 23:31:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/29 23:30:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/29 23:20:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/29 23:20:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/29 23:01:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/29 23:01:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/29 23:01:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/29 22:58:08 | 004,393,882 | R--- | C] (Swearware) -- C:\Users\abduct\Desktop\ComboFix.exe
[2012/01/29 16:44:33 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Roaming\SYSTEMAX Software Development
[2012/01/29 16:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SYSTEMAX Software Development
[2012/01/29 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PaintTool SAI English Pack
[2012/01/29 16:44:30 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Local\Zame
[2012/01/29 10:15:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\abduct\Desktop\dds.scr
[2012/01/27 18:48:06 | 000,000,000 | ---D | C] -- C:\Users\abduct\Desktop\que Barbaro!!!
[2012/01/26 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Local\{87BC0F8D-274D-4CEB-AD52-4D4D98A542D0}
[2012/01/26 16:14:52 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Local\{A8019D88-4A25-4C13-91F7-D0888FCDC67C}
[2012/01/25 01:05:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\abduct\Desktop\HijackThis.exe
[2012/01/22 13:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PWD
[2012/01/22 12:48:08 | 000,000,000 | ---D | C] -- C:\Users\abduct\Desktop\New folder (2)
[2012/01/21 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Local\{817084F3-11D4-4EC2-8C28-6CB920269601}
[2012/01/17 22:03:10 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/17 22:03:09 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/17 22:03:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/17 22:03:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/17 22:03:09 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/17 22:03:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/16 10:24:16 | 000,000,000 | ---D | C] -- C:\Users\abduct\Desktop\nc111nt
[2012/01/14 10:49:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/11 10:16:37 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 10:16:37 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 10:16:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 10:16:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 10:16:35 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/01/11 10:16:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/01/11 10:16:33 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 10:16:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 10:16:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/06 19:33:16 | 000,000,000 | ---D | C] -- C:\Users\abduct\Desktop\New folder
[2012/01/04 22:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/01/04 22:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/01/04 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Roaming\Origin
[2012/01/04 21:58:20 | 000,000,000 | ---D | C] -- C:\Users\abduct\AppData\Local\Origin
[2012/01/04 21:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/01/04 21:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/01/04 21:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/01/04 21:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/01/04 21:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/01/01 16:29:07 | 000,000,000 | ---D | C] -- C:\Users\abduct\Desktop\to edit
[2010/08/19 19:23:11 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\abduct\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/01/30 09:19:07 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 09:19:07 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 09:16:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\abduct\Desktop\OTL.exe
[2012/01/30 09:11:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/30 09:11:38 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/30 01:01:51 | 000,000,512 | ---- | M] () -- C:\Users\abduct\Desktop\MBR.dat
[2012/01/30 00:34:26 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\abduct\Desktop\aswMBR.exe
[2012/01/30 00:23:59 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\abduct\Desktop\tdsskiller.exe
[2012/01/29 23:31:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/29 22:58:21 | 004,393,882 | R--- | M] (Swearware) -- C:\Users\abduct\Desktop\ComboFix.exe
[2012/01/29 16:44:31 | 000,002,230 | ---- | M] () -- C:\Users\abduct\Desktop\PaintTool SAI.lnk
[2012/01/29 16:44:22 | 002,114,015 | ---- | M] () -- C:\Users\abduct\Desktop\sai-eng-pack-1.1.0-f1.exe
[2012/01/29 10:15:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\abduct\Desktop\dds.scr
[2012/01/29 10:15:22 | 000,000,000 | ---- | M] () -- C:\Users\abduct\defogger_reenable
[2012/01/29 10:14:55 | 000,050,477 | ---- | M] () -- C:\Users\abduct\Desktop\Defogger.exe
[2012/01/28 12:01:36 | 000,057,790 | ---- | M] () -- C:\Users\abduct\Desktop\ON-LINE - CIC EN LIGNE.png
[2012/01/27 18:48:01 | 002,043,749 | ---- | M] () -- C:\Users\abduct\Desktop\que Barbaro!!!.zip
[2012/01/26 21:37:46 | 000,473,956 | ---- | M] () -- C:\Users\abduct\Desktop\Portfolio - Liz Fox.zip
[2012/01/26 12:08:12 | 000,000,132 | ---- | M] () -- C:\Users\abduct\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/26 11:53:21 | 000,888,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/26 11:53:21 | 000,736,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/26 11:53:21 | 000,151,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/26 11:18:52 | 000,000,600 | ---- | M] () -- C:\Users\abduct\AppData\Local\PUTTY.RND
[2012/01/25 11:54:28 | 000,233,646 | ---- | M] () -- C:\Users\abduct\Desktop\visa form filled.pdf
[2012/01/25 11:39:55 | 000,204,089 | ---- | M] () -- C:\Users\abduct\Desktop\visa form.pdf
[2012/01/25 11:39:39 | 000,038,705 | ---- | M] () -- C:\Users\abduct\Desktop\checklist.pdf
[2012/01/25 01:05:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\abduct\Desktop\HijackThis.exe
[2012/01/22 13:04:34 | 000,001,662 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/01/21 11:33:18 | 000,010,299 | ---- | M] () -- C:\Users\abduct\Desktop\zodiac.c
[2012/01/20 20:46:13 | 000,001,184 | ---- | M] () -- C:\Users\abduct\Desktop\cpu.c
[2012/01/19 21:43:08 | 298,194,438 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/18 11:58:16 | 000,000,600 | ---- | M] () -- C:\Users\abduct\AppData\Roaming\winscp.rnd
[2012/01/18 11:37:30 | 000,039,019 | ---- | M] () -- C:\Users\abduct\Desktop\kaiten.c
[2012/01/17 11:10:57 | 000,012,198 | ---- | M] () -- C:\Users\abduct\Desktop\zodiac
[2012/01/16 10:23:31 | 000,001,180 | ---- | M] () -- C:\Users\abduct\Desktop\main.c
[2012/01/14 12:21:22 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/01/14 12:21:22 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/11 00:27:07 | 000,882,342 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 10:57:11 | 000,002,056 | ---- | M] () -- C:\Users\abduct\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/01/30 01:01:51 | 000,000,512 | ---- | C] () -- C:\Users\abduct\Desktop\MBR.dat
[2012/01/29 23:01:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/29 23:01:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/29 23:01:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/29 23:01:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/29 23:01:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/29 16:44:31 | 000,002,230 | ---- | C] () -- C:\Users\abduct\Desktop\PaintTool SAI.lnk
[2012/01/29 16:44:14 | 002,114,015 | ---- | C] () -- C:\Users\abduct\Desktop\sai-eng-pack-1.1.0-f1.exe
[2012/01/29 10:15:22 | 000,000,000 | ---- | C] () -- C:\Users\abduct\defogger_reenable
[2012/01/29 10:14:54 | 000,050,477 | ---- | C] () -- C:\Users\abduct\Desktop\Defogger.exe
[2012/01/28 12:01:35 | 000,057,790 | ---- | C] () -- C:\Users\abduct\Desktop\ON-LINE - CIC EN LIGNE.png
[2012/01/27 18:47:58 | 002,043,749 | ---- | C] () -- C:\Users\abduct\Desktop\que Barbaro!!!.zip
[2012/01/26 21:37:46 | 000,473,956 | ---- | C] () -- C:\Users\abduct\Desktop\Portfolio - Liz Fox.zip
[2012/01/25 11:54:28 | 000,233,646 | ---- | C] () -- C:\Users\abduct\Desktop\visa form filled.pdf
[2012/01/25 11:39:55 | 000,204,089 | ---- | C] () -- C:\Users\abduct\Desktop\visa form.pdf
[2012/01/25 11:39:39 | 000,038,705 | ---- | C] () -- C:\Users\abduct\Desktop\checklist.pdf
[2012/01/20 20:32:26 | 000,001,184 | ---- | C] () -- C:\Users\abduct\Desktop\cpu.c
[2012/01/18 11:37:30 | 000,039,019 | ---- | C] () -- C:\Users\abduct\Desktop\kaiten.c
[2012/01/17 11:26:40 | 000,012,198 | ---- | C] () -- C:\Users\abduct\Desktop\zodiac
[2012/01/17 11:05:35 | 000,010,299 | ---- | C] () -- C:\Users\abduct\Desktop\zodiac.c
[2012/01/16 10:31:49 | 000,001,180 | ---- | C] () -- C:\Users\abduct\Desktop\main.c
[2012/01/08 22:15:42 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mullvad.lnk
[2011/12/16 18:38:19 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2011/05/13 09:25:14 | 000,000,132 | ---- | C] () -- C:\Users\abduct\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/12 14:26:44 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2011/01/12 14:26:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2011/01/12 14:26:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2010/12/31 10:46:19 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/16 23:12:35 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2010/12/16 23:12:34 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2010/12/16 23:12:33 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2010/12/16 23:12:32 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2010/12/16 23:12:28 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2010/12/16 23:12:27 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2010/12/16 23:12:20 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2010/12/16 23:12:14 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2010/12/16 23:12:08 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2010/12/16 23:12:02 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/12/16 23:11:56 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/12/16 23:11:49 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/12/16 23:11:28 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2010/12/16 23:11:21 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2010/12/16 23:11:13 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/12/16 23:11:05 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2010/12/16 23:10:57 | 000,002,903 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2010/12/16 23:10:49 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2010/12/16 23:10:39 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2010/12/16 23:10:31 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2010/12/16 23:10:23 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2010/12/16 23:10:12 | 000,510,840 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/12/16 23:10:12 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2010/12/10 09:45:31 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/10 09:45:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/29 15:40:38 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/29 15:40:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/29 15:40:38 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/29 15:40:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/29 15:40:38 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/29 15:40:38 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/29 15:40:38 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/29 15:40:38 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/29 15:40:38 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/29 15:40:38 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/29 15:40:38 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/29 15:40:38 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/29 15:40:38 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/29 15:40:38 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/29 15:40:38 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/29 15:40:38 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/11/29 15:39:03 | 000,000,079 | ---- | C] () -- C:\Windows\EWF325.ini
[2010/11/25 23:16:32 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/25 23:16:32 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/26 00:21:05 | 000,000,600 | ---- | C] () -- C:\Users\abduct\AppData\Local\PUTTY.RND
[2010/10/25 23:19:49 | 000,000,600 | ---- | C] () -- C:\Users\abduct\AppData\Roaming\winscp.rnd
[2010/09/27 18:16:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/09/27 18:16:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/09/27 18:16:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/09/27 18:10:15 | 000,039,479 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/09/08 17:39:37 | 000,000,094 | ---- | C] () -- C:\Users\abduct\AppData\Local\fusioncache.dat
[2010/08/19 19:23:11 | 000,007,859 | ---- | C] () -- C:\Users\abduct\AppData\Roaming\pcouffin.cat
[2010/08/19 19:23:11 | 000,001,167 | ---- | C] () -- C:\Users\abduct\AppData\Roaming\pcouffin.inf
[2010/08/08 19:09:02 | 000,000,210 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/08/08 12:47:32 | 000,007,597 | ---- | C] () -- C:\Users\abduct\AppData\Local\Resmon.ResmonCfg
[2010/08/06 11:22:21 | 000,000,132 | ---- | C] () -- C:\Users\abduct\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/02 20:06:56 | 000,882,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/02 16:36:35 | 000,001,662 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/07/27 21:49:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002/08/09 06:00:00 | 000,375,296 | ---- | C] () -- C:\Windows\SysWow64\WSIHK32.DLL
[2002/08/09 06:00:00 | 000,131,584 | ---- | C] () -- C:\Windows\SysWow64\WSIWIN32.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:08 AM

Posted 30 January 2012 - 02:30 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O4:64bit: - HKLM..\Run: [etMonitor] C:\Windows\etMon.exe File not found
    O4 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-1430028833-3567072449-1818196103-1000..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 4444
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 AbDuCt

AbDuCt
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 30 January 2012 - 03:04 PM

it has been running fine the entire time. i was just a bit worried when i noticed combofix not finishing properly and that randomly named executable in my users root directory which was removed by it which came up as worm on virus total (i forgot to do analysis on it on my VM before i ran combofix)

after i restarted from OTL my screen was black for about 30 seconds. i assume this was OTL preventing explorer from starting while it removed files but all is back and is normal.

All processes killed
========== OTL ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\etMonitor deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1430028833-3567072449-1818196103-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1430028833-3567072449-1818196103-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 4444 removed from network.proxy.socks_port
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\abduct\Desktop\cmd.bat deleted successfully.
C:\Users\abduct\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: abduct
->Temp folder emptied: 54608010 bytes
->Temporary Internet Files folder emptied: 2695506 bytes
->Java cache emptied: 6344868 bytes
->FireFox cache emptied: 455373108 bytes
->Flash cache emptied: 69821 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-ABDUCT-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19048 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 495.00 mb


[EMPTYJAVA]

User: abduct
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Mcx1-ABDUCT-PC

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: abduct
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-ABDUCT-PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01302012_115629

Files\Folders moved on Reboot...
C:\Users\abduct\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users