Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirect


  • This topic is locked This topic is locked
42 replies to this topic

#1 thecatyodeler

thecatyodeler

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 29 January 2012 - 08:04 PM

Hello there; let me first say thank you for bringing your attention to my issue.
As the title suggests, I've got some trouble with this google redirect business; basically, when I search things on both Internet Explorer and Google Chrome, I'm redirected to advertisement links. I also want to supply some background information, because I think this issue came along with some other malware I had, which malwarebytes (I hope) took care of. I ran a full scan after I noticed something was wrong, and MWB came up with some adware and a trojan, which were supposedly quarantined and deleted. The trojan was a fake antivirus software that basically locked me out of my own computer with security warning type things. I was only able to run MWB by accessing as an administrator. That seemed to get rid of it though. In case you're wondering, my computer is an HP Probook 4520s. Anyway, I'm of course happy to answer any other questions, but I'll get to the logs now.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Olsons at 18:02:15 on 2012-01-29
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2998.1977 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Olsons\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Olsons\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Olsons\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Olsons\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Olsons\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7C027AAE-C96D-44A6-9BB5-FFF3B184C3CF} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7C027AAE-C96D-44A6-9BB5-FFF3B184C3CF}\051637A7B69656779636A7 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{7C027AAE-C96D-44A6-9BB5-FFF3B184C3CF}\74162727564747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C027AAE-C96D-44A6-9BB5-FFF3B184C3CF}\745756374737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C027AAE-C96D-44A6-9BB5-FFF3B184C3CF}\C696E6B6379737 : DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{7C027AAE-C96D-44A6-9BB5-FFF3B184C3CF}\E4567786F65737562303 : DhcpNameServer = 192.168.1.1 68.87.77.134 68.87.72.134
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-2 652872]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-6-18 2320920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-2 20464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-18 181792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-18 1343400]
.
=============== Created Last 30 ================
.
2012-01-19 20:06:32 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-19 20:06:32 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 20:06:32 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-19 20:06:32 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-19 20:06:32 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-19 20:06:32 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 20:06:32 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-19 20:06:32 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-19 20:06:32 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-19 20:06:32 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 04:16:27 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-12 04:16:27 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 04:16:26 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 04:16:26 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-09 21:11:47 -------- d-----w- c:\programdata\PC Tools
2012-01-09 20:54:47 -------- d-----w- c:\windows\pss
2012-01-07 02:05:52 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{332dc816-9853-4e4f-8820-ade861784c77}\mpengine.dll
.
==================== Find3M ====================
.
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:03:03.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 PM

Posted 29 January 2012 - 08:12 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 thecatyodeler

thecatyodeler
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 02 February 2012 - 08:47 PM

Okay, so I was able to run TDSS, but I can't shut down my firewall, and thus I can't get combofix to run correctly; I ran it overnight and it wasn't able to accomplish anything over that time. I went to the control panel, clicked system and security, clicked windows firewall, and tried to click "use recommended settings" because there's a message saying "windows firewall is not using the recommended settings to protect your computer." The error code I got was: 0x80070424 I think this may be a problem left over from when my computer got infected with the Windows Security Virus; I mentioned that in my last post, just not by name, because I forgot.


18:10:40.0662 3880 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
18:10:41.0192 3880 ============================================================
18:10:41.0192 3880 Current date / time: 2012/02/01 18:10:41.0192
18:10:41.0192 3880 SystemInfo:
18:10:41.0192 3880
18:10:41.0192 3880 OS Version: 6.1.7600 ServicePack: 0.0
18:10:41.0192 3880 Product type: Workstation
18:10:41.0192 3880 ComputerName: OLSONS-PC
18:10:41.0192 3880 UserName: Olsons
18:10:41.0192 3880 Windows directory: C:\Windows
18:10:41.0192 3880 System windows directory: C:\Windows
18:10:41.0192 3880 Processor architecture: Intel x86
18:10:41.0192 3880 Number of processors: 4
18:10:41.0192 3880 Page size: 0x1000
18:10:41.0192 3880 Boot type: Normal boot
18:10:41.0192 3880 ============================================================
18:10:42.0237 3880 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:10:42.0237 3880 \Device\Harddisk0\DR0:
18:10:42.0237 3880 MBR used
18:10:42.0237 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:10:42.0237 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
18:10:42.0253 3880 Initialize success
18:10:42.0253 3880 ============================================================
18:11:02.0182 2564 ============================================================
18:11:02.0182 2564 Scan started
18:11:02.0182 2564 Mode: Manual;
18:11:02.0182 2564 ============================================================
18:11:03.0118 2564 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:11:03.0118 2564 1394ohci - ok
18:11:03.0149 2564 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:11:03.0165 2564 Accelerometer - ok
18:11:03.0180 2564 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:11:03.0196 2564 ACPI - ok
18:11:03.0227 2564 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:11:03.0227 2564 AcpiPmi - ok
18:11:03.0289 2564 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:11:03.0289 2564 adp94xx - ok
18:11:03.0414 2564 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:11:03.0414 2564 adpahci - ok
18:11:03.0445 2564 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:11:03.0445 2564 adpu320 - ok
18:11:03.0508 2564 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
18:11:03.0508 2564 AFD - ok
18:11:03.0586 2564 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
18:11:03.0601 2564 AgereSoftModem - ok
18:11:03.0742 2564 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:11:03.0757 2564 agp440 - ok
18:11:03.0804 2564 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:11:03.0804 2564 aic78xx - ok
18:11:03.0929 2564 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:11:03.0945 2564 aliide - ok
18:11:03.0960 2564 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:11:03.0960 2564 amdagp - ok
18:11:03.0991 2564 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:11:03.0991 2564 amdide - ok
18:11:04.0023 2564 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:11:04.0023 2564 AmdK8 - ok
18:11:04.0054 2564 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:11:04.0054 2564 AmdPPM - ok
18:11:04.0085 2564 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
18:11:04.0085 2564 amdsata - ok
18:11:04.0163 2564 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:11:04.0163 2564 amdsbs - ok
18:11:04.0194 2564 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
18:11:04.0194 2564 amdxata - ok
18:11:04.0210 2564 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:11:04.0210 2564 AppID - ok
18:11:04.0303 2564 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:11:04.0303 2564 arc - ok
18:11:04.0335 2564 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:11:04.0335 2564 arcsas - ok
18:11:04.0366 2564 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:11:04.0366 2564 AsyncMac - ok
18:11:04.0459 2564 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:11:04.0459 2564 atapi - ok
18:11:04.0537 2564 athr (8a6f60baa4660bcfa1919e29e89acf89) C:\Windows\system32\DRIVERS\athr.sys
18:11:04.0553 2564 athr - ok
18:11:04.0662 2564 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:11:04.0662 2564 b06bdrv - ok
18:11:04.0693 2564 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:11:04.0693 2564 b57nd60x - ok
18:11:04.0725 2564 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:11:04.0725 2564 Beep - ok
18:11:04.0740 2564 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:11:04.0756 2564 blbdrive - ok
18:11:04.0834 2564 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
18:11:04.0834 2564 bowser - ok
18:11:04.0881 2564 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:11:04.0881 2564 BrFiltLo - ok
18:11:04.0896 2564 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:11:04.0896 2564 BrFiltUp - ok
18:11:04.0943 2564 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:11:04.0943 2564 Brserid - ok
18:11:04.0974 2564 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:11:04.0974 2564 BrSerWdm - ok
18:11:04.0990 2564 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:11:04.0990 2564 BrUsbMdm - ok
18:11:05.0005 2564 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:11:05.0005 2564 BrUsbSer - ok
18:11:05.0052 2564 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
18:11:05.0052 2564 BthEnum - ok
18:11:05.0130 2564 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:11:05.0130 2564 BTHMODEM - ok
18:11:05.0146 2564 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:11:05.0161 2564 BthPan - ok
18:11:05.0193 2564 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
18:11:05.0208 2564 BTHPORT - ok
18:11:05.0224 2564 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
18:11:05.0239 2564 BTHUSB - ok
18:11:05.0255 2564 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:11:05.0271 2564 cdfs - ok
18:11:05.0349 2564 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:11:05.0349 2564 cdrom - ok
18:11:05.0395 2564 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:11:05.0395 2564 circlass - ok
18:11:05.0427 2564 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:11:05.0427 2564 CLFS - ok
18:11:05.0458 2564 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:11:05.0458 2564 CmBatt - ok
18:11:05.0473 2564 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:11:05.0473 2564 cmdide - ok
18:11:05.0551 2564 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
18:11:05.0551 2564 CNG - ok
18:11:05.0614 2564 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:11:05.0614 2564 Compbatt - ok
18:11:05.0676 2564 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:11:05.0676 2564 CompositeBus - ok
18:11:05.0692 2564 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:11:05.0692 2564 crcdisk - ok
18:11:05.0770 2564 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
18:11:05.0785 2564 CSC - ok
18:11:05.0848 2564 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:11:05.0848 2564 ctxusbm - ok
18:11:05.0926 2564 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
18:11:05.0926 2564 DfsC - ok
18:11:05.0973 2564 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:11:05.0973 2564 discache - ok
18:11:06.0004 2564 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:11:06.0004 2564 Disk - ok
18:11:06.0066 2564 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:11:06.0066 2564 drmkaud - ok
18:11:06.0097 2564 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
18:11:06.0113 2564 DXGKrnl - ok
18:11:06.0222 2564 EagleNT - ok
18:11:06.0331 2564 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:11:06.0378 2564 ebdrv - ok
18:11:06.0519 2564 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:11:06.0534 2564 elxstor - ok
18:11:06.0550 2564 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:11:06.0550 2564 ErrDev - ok
18:11:06.0597 2564 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:11:06.0597 2564 exfat - ok
18:11:06.0612 2564 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:11:06.0612 2564 fastfat - ok
18:11:06.0721 2564 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:11:06.0721 2564 fdc - ok
18:11:06.0753 2564 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:11:06.0753 2564 FileInfo - ok
18:11:06.0768 2564 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:11:06.0768 2564 Filetrace - ok
18:11:06.0784 2564 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:11:06.0784 2564 flpydisk - ok
18:11:06.0815 2564 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:11:06.0815 2564 FltMgr - ok
18:11:06.0846 2564 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:11:06.0846 2564 FsDepends - ok
18:11:06.0877 2564 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:11:06.0877 2564 Fs_Rec - ok
18:11:06.0955 2564 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
18:11:06.0971 2564 fvevol - ok
18:11:07.0018 2564 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:11:07.0018 2564 gagp30kx - ok
18:11:07.0049 2564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:11:07.0049 2564 GEARAspiWDM - ok
18:11:07.0065 2564 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:11:07.0065 2564 hcw85cir - ok
18:11:07.0111 2564 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:11:07.0111 2564 HdAudAddService - ok
18:11:07.0221 2564 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:11:07.0236 2564 HDAudBus - ok
18:11:07.0267 2564 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
18:11:07.0267 2564 HECI - ok
18:11:07.0267 2564 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:11:07.0283 2564 HidBatt - ok
18:11:07.0299 2564 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:11:07.0299 2564 HidBth - ok
18:11:07.0314 2564 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:11:07.0330 2564 HidIr - ok
18:11:07.0377 2564 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:11:07.0377 2564 HidUsb - ok
18:11:07.0486 2564 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:11:07.0486 2564 hpdskflt - ok
18:11:07.0517 2564 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:11:07.0517 2564 HpSAMD - ok
18:11:07.0548 2564 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:11:07.0564 2564 HTTP - ok
18:11:07.0579 2564 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:11:07.0579 2564 hwpolicy - ok
18:11:07.0720 2564 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:11:07.0735 2564 i8042prt - ok
18:11:07.0782 2564 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
18:11:07.0782 2564 iaStor - ok
18:11:07.0813 2564 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
18:11:07.0829 2564 iaStorV - ok
18:11:08.0328 2564 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:11:08.0531 2564 igfx - ok
18:11:08.0640 2564 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:11:08.0640 2564 iirsp - ok
18:11:08.0671 2564 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:11:08.0671 2564 intelide - ok
18:11:08.0703 2564 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:11:08.0703 2564 intelppm - ok
18:11:08.0734 2564 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:11:08.0734 2564 IpFilterDriver - ok
18:11:08.0765 2564 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:11:08.0796 2564 IPMIDRV - ok
18:11:08.0937 2564 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:11:08.0952 2564 IPNAT - ok
18:11:09.0077 2564 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:11:09.0077 2564 IRENUM - ok
18:11:09.0093 2564 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:11:09.0093 2564 isapnp - ok
18:11:09.0108 2564 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:11:09.0124 2564 iScsiPrt - ok
18:11:09.0139 2564 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:11:09.0155 2564 kbdclass - ok
18:11:09.0186 2564 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:11:09.0186 2564 kbdhid - ok
18:11:09.0217 2564 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
18:11:09.0217 2564 KSecDD - ok
18:11:09.0280 2564 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
18:11:09.0280 2564 KSecPkg - ok
18:11:09.0342 2564 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:11:09.0342 2564 lltdio - ok
18:11:09.0389 2564 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:11:09.0389 2564 LSI_FC - ok
18:11:09.0405 2564 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:11:09.0420 2564 LSI_SAS - ok
18:11:09.0436 2564 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:11:09.0436 2564 LSI_SAS2 - ok
18:11:09.0529 2564 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:11:09.0545 2564 LSI_SCSI - ok
18:11:09.0576 2564 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:11:09.0576 2564 luafv - ok
18:11:09.0639 2564 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:11:09.0639 2564 MBAMProtector - ok
18:11:09.0685 2564 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:11:09.0685 2564 megasas - ok
18:11:09.0779 2564 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:11:09.0795 2564 MegaSR - ok
18:11:09.0826 2564 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:11:09.0826 2564 Modem - ok
18:11:09.0841 2564 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:11:09.0857 2564 monitor - ok
18:11:09.0888 2564 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:11:09.0888 2564 mouclass - ok
18:11:09.0904 2564 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:11:09.0904 2564 mouhid - ok
18:11:09.0919 2564 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:11:09.0919 2564 mountmgr - ok
18:11:09.0935 2564 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:11:09.0935 2564 mpio - ok
18:11:09.0966 2564 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:11:09.0966 2564 mpsdrv - ok
18:11:10.0138 2564 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:11:10.0153 2564 MRxDAV - ok
18:11:10.0169 2564 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:11:10.0185 2564 mrxsmb - ok
18:11:10.0216 2564 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:11:10.0216 2564 mrxsmb10 - ok
18:11:10.0263 2564 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:11:10.0263 2564 mrxsmb20 - ok
18:11:10.0325 2564 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:11:10.0325 2564 msahci - ok
18:11:10.0341 2564 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:11:10.0356 2564 msdsm - ok
18:11:10.0372 2564 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:11:10.0372 2564 Msfs - ok
18:11:10.0403 2564 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:11:10.0403 2564 mshidkmdf - ok
18:11:10.0419 2564 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:11:10.0419 2564 msisadrv - ok
18:11:10.0465 2564 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:11:10.0465 2564 MSKSSRV - ok
18:11:10.0512 2564 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:11:10.0528 2564 MSPCLOCK - ok
18:11:10.0575 2564 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:11:10.0590 2564 MSPQM - ok
18:11:10.0606 2564 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:11:10.0606 2564 MsRPC - ok
18:11:10.0621 2564 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:11:10.0637 2564 mssmbios - ok
18:11:10.0653 2564 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:11:10.0653 2564 MSTEE - ok
18:11:10.0668 2564 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:11:10.0668 2564 MTConfig - ok
18:11:10.0684 2564 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:11:10.0699 2564 Mup - ok
18:11:10.0746 2564 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:11:10.0746 2564 NativeWifiP - ok
18:11:10.0793 2564 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:11:10.0793 2564 NDIS - ok
18:11:10.0871 2564 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:11:10.0871 2564 NdisCap - ok
18:11:10.0887 2564 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:11:10.0887 2564 NdisTapi - ok
18:11:10.0918 2564 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:11:10.0918 2564 Ndisuio - ok
18:11:10.0949 2564 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:11:10.0949 2564 NdisWan - ok
18:11:10.0949 2564 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:11:10.0965 2564 NDProxy - ok
18:11:10.0980 2564 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:11:10.0980 2564 NetBIOS - ok
18:11:10.0996 2564 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:11:11.0011 2564 NetBT - ok
18:11:11.0058 2564 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:11:11.0058 2564 nfrd960 - ok
18:11:11.0136 2564 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:11:11.0152 2564 Npfs - ok
18:11:11.0183 2564 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:11:11.0183 2564 nsiproxy - ok
18:11:11.0245 2564 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
18:11:11.0261 2564 Ntfs - ok
18:11:11.0339 2564 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:11:11.0339 2564 Null - ok
18:11:11.0370 2564 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
18:11:11.0370 2564 nvraid - ok
18:11:11.0417 2564 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
18:11:11.0417 2564 nvstor - ok
18:11:11.0433 2564 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:11:11.0433 2564 nv_agp - ok
18:11:11.0464 2564 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:11:11.0464 2564 ohci1394 - ok
18:11:11.0511 2564 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:11:11.0511 2564 Parport - ok
18:11:11.0526 2564 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
18:11:11.0526 2564 partmgr - ok
18:11:11.0620 2564 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:11:11.0620 2564 Parvdm - ok
18:11:11.0682 2564 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:11:11.0682 2564 pci - ok
18:11:11.0713 2564 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:11:11.0713 2564 pciide - ok
18:11:11.0745 2564 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:11:11.0745 2564 pcmcia - ok
18:11:11.0760 2564 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:11:11.0760 2564 pcw - ok
18:11:11.0823 2564 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:11:11.0838 2564 PEAUTH - ok
18:11:12.0010 2564 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:11:12.0025 2564 PptpMiniport - ok
18:11:12.0057 2564 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:11:12.0057 2564 Processor - ok
18:11:12.0103 2564 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:11:12.0103 2564 Psched - ok
18:11:12.0150 2564 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:11:12.0166 2564 ql2300 - ok
18:11:12.0244 2564 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:11:12.0244 2564 ql40xx - ok
18:11:12.0291 2564 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:11:12.0306 2564 QWAVEdrv - ok
18:11:12.0322 2564 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:11:12.0322 2564 RasAcd - ok
18:11:12.0353 2564 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:11:12.0353 2564 RasAgileVpn - ok
18:11:12.0369 2564 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:11:12.0369 2564 Rasl2tp - ok
18:11:12.0415 2564 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:11:12.0415 2564 RasPppoe - ok
18:11:12.0478 2564 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:11:12.0478 2564 RasSstp - ok
18:11:12.0509 2564 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:11:12.0525 2564 rdbss - ok
18:11:12.0540 2564 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:11:12.0540 2564 rdpbus - ok
18:11:12.0556 2564 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:11:12.0556 2564 RDPCDD - ok
18:11:12.0587 2564 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
18:11:12.0587 2564 RDPDR - ok
18:11:12.0634 2564 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:11:12.0634 2564 RDPENCDD - ok
18:11:12.0649 2564 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:11:12.0649 2564 RDPREFMP - ok
18:11:12.0665 2564 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
18:11:12.0681 2564 RDPWD - ok
18:11:12.0696 2564 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:11:12.0712 2564 rdyboost - ok
18:11:12.0790 2564 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
18:11:12.0790 2564 RFCOMM - ok
18:11:12.0852 2564 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:11:12.0852 2564 rspndr - ok
18:11:12.0883 2564 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\Windows\system32\Drivers\RtsUStor.sys
18:11:12.0899 2564 RSUSBSTOR - ok
18:11:12.0930 2564 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:11:12.0946 2564 RTL8167 - ok
18:11:12.0993 2564 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
18:11:13.0008 2564 s3cap - ok
18:11:13.0086 2564 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:11:13.0086 2564 sbp2port - ok
18:11:13.0117 2564 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:11:13.0117 2564 scfilter - ok
18:11:13.0149 2564 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:11:13.0149 2564 secdrv - ok
18:11:13.0195 2564 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:11:13.0195 2564 Serenum - ok
18:11:13.0211 2564 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:11:13.0227 2564 Serial - ok
18:11:13.0242 2564 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:11:13.0242 2564 sermouse - ok
18:11:13.0351 2564 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:11:13.0351 2564 sffdisk - ok
18:11:13.0383 2564 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:11:13.0383 2564 sffp_mmc - ok
18:11:13.0398 2564 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:11:13.0398 2564 sffp_sd - ok
18:11:13.0414 2564 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:11:13.0414 2564 sfloppy - ok
18:11:13.0461 2564 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:11:13.0461 2564 sisagp - ok
18:11:13.0476 2564 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:11:13.0476 2564 SiSRaid2 - ok
18:11:13.0507 2564 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:11:13.0507 2564 SiSRaid4 - ok
18:11:13.0539 2564 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:11:13.0539 2564 Smb - ok
18:11:13.0617 2564 SNP2UVC (1fdd4915fd7e49d320aa8eec9827eb09) C:\Windows\system32\DRIVERS\snp2uvc.sys
18:11:13.0648 2564 SNP2UVC - ok
18:11:13.0773 2564 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:11:13.0773 2564 spldr - ok
18:11:13.0851 2564 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
18:11:13.0866 2564 srv - ok
18:11:13.0882 2564 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
18:11:13.0897 2564 srv2 - ok
18:11:13.0991 2564 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
18:11:13.0991 2564 srvnet - ok
18:11:14.0038 2564 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:11:14.0038 2564 stexstor - ok
18:11:14.0085 2564 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:11:14.0085 2564 storflt - ok
18:11:14.0100 2564 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
18:11:14.0100 2564 storvsc - ok
18:11:14.0116 2564 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:11:14.0116 2564 swenum - ok
18:11:14.0209 2564 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
18:11:14.0209 2564 SynTP - ok
18:11:14.0272 2564 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
18:11:14.0287 2564 Tcpip - ok
18:11:14.0397 2564 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
18:11:14.0397 2564 TCPIP6 - ok
18:11:14.0459 2564 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:11:14.0459 2564 tcpipreg - ok
18:11:14.0475 2564 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:11:14.0475 2564 TDPIPE - ok
18:11:14.0506 2564 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
18:11:14.0506 2564 TDTCP - ok
18:11:14.0537 2564 tdx (d95d4c2cc67e6b87fb2cbb6c99b29680) C:\Windows\system32\DRIVERS\tdx.sys
18:11:14.0537 2564 tdx ( Virus.Win32.ZAccess.k ) - infected
18:11:14.0537 2564 tdx - detected Virus.Win32.ZAccess.k (0)
18:11:14.0553 2564 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:11:14.0568 2564 TermDD - ok
18:11:14.0662 2564 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:11:14.0662 2564 tssecsrv - ok
18:11:14.0693 2564 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:11:14.0693 2564 tunnel - ok
18:11:14.0709 2564 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:11:14.0709 2564 uagp35 - ok
18:11:14.0740 2564 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:11:14.0740 2564 udfs - ok
18:11:14.0787 2564 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:11:14.0787 2564 uliagpkx - ok
18:11:14.0818 2564 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:11:14.0818 2564 umbus - ok
18:11:14.0833 2564 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:11:14.0833 2564 UmPass - ok
18:11:14.0927 2564 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:11:14.0927 2564 USBAAPL - ok
18:11:14.0974 2564 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
18:11:14.0974 2564 usbaudio - ok
18:11:15.0005 2564 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
18:11:15.0005 2564 usbccgp - ok
18:11:15.0036 2564 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:11:15.0036 2564 usbcir - ok
18:11:15.0083 2564 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
18:11:15.0083 2564 usbehci - ok
18:11:15.0177 2564 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
18:11:15.0177 2564 usbhub - ok
18:11:15.0208 2564 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
18:11:15.0208 2564 usbohci - ok
18:11:15.0223 2564 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:11:15.0239 2564 usbprint - ok
18:11:15.0255 2564 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:11:15.0270 2564 USBSTOR - ok
18:11:15.0286 2564 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
18:11:15.0286 2564 usbuhci - ok
18:11:15.0317 2564 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
18:11:15.0333 2564 usbvideo - ok
18:11:15.0395 2564 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:11:15.0395 2564 vdrvroot - ok
18:11:15.0442 2564 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:11:15.0442 2564 vga - ok
18:11:15.0457 2564 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:11:15.0457 2564 VgaSave - ok
18:11:15.0489 2564 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:11:15.0489 2564 vhdmp - ok
18:11:15.0551 2564 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:11:15.0551 2564 viaagp - ok
18:11:15.0567 2564 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:11:15.0567 2564 ViaC7 - ok
18:11:15.0582 2564 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:11:15.0582 2564 viaide - ok
18:11:15.0645 2564 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
18:11:15.0660 2564 vmbus - ok
18:11:15.0660 2564 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:11:15.0676 2564 VMBusHID - ok
18:11:15.0691 2564 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:11:15.0691 2564 volmgr - ok
18:11:15.0723 2564 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:11:15.0723 2564 volmgrx - ok
18:11:15.0754 2564 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:11:15.0754 2564 volsnap - ok
18:11:15.0801 2564 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:11:15.0801 2564 vsmraid - ok
18:11:15.0816 2564 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:11:15.0816 2564 vwifibus - ok
18:11:15.0910 2564 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:11:15.0910 2564 vwififlt - ok
18:11:15.0941 2564 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
18:11:15.0941 2564 vwifimp - ok
18:11:15.0972 2564 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:11:15.0972 2564 WacomPen - ok
18:11:16.0003 2564 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:11:16.0003 2564 WANARP - ok
18:11:16.0019 2564 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:11:16.0019 2564 Wanarpv6 - ok
18:11:16.0066 2564 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:11:16.0066 2564 Wd - ok
18:11:16.0097 2564 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:11:16.0097 2564 Wdf01000 - ok
18:11:16.0191 2564 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:11:16.0191 2564 WfpLwf - ok
18:11:16.0206 2564 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:11:16.0206 2564 WIMMount - ok
18:11:16.0284 2564 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:11:16.0284 2564 WinUsb - ok
18:11:16.0300 2564 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:11:16.0300 2564 WmiAcpi - ok
18:11:16.0347 2564 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:11:16.0347 2564 ws2ifsl - ok
18:11:16.0409 2564 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:11:16.0409 2564 WudfPf - ok
18:11:16.0440 2564 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:11:16.0456 2564 WUDFRd - ok
18:11:16.0503 2564 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:11:16.0565 2564 \Device\Harddisk0\DR0 - ok
18:11:16.0565 2564 Boot (0x1200) (678f513c093421523a5ac433af175e6e) \Device\Harddisk0\DR0\Partition0
18:11:16.0565 2564 \Device\Harddisk0\DR0\Partition0 - ok
18:11:16.0596 2564 Boot (0x1200) (61a82d13e94079d889565ae5db0bd030) \Device\Harddisk0\DR0\Partition1
18:11:16.0596 2564 \Device\Harddisk0\DR0\Partition1 - ok
18:11:16.0596 2564 ============================================================
18:11:16.0596 2564 Scan finished
18:11:16.0596 2564 ============================================================
18:11:16.0612 0520 Detected object count: 1
18:11:16.0612 0520 Actual detected object count: 1
18:11:24.0131 0520 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
18:11:24.0147 0520 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
18:11:26.0300 0520 Backup copy found, using it..
18:11:26.0315 0520 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
18:11:30.0933 0520 tdx ( Virus.Win32.ZAccess.k ) - User select action: Cure
18:11:39.0294 1468 Deinitialize success

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 PM

Posted 02 February 2012 - 08:49 PM

Please boot into safe mode and run ComboFix from safe mode


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 thecatyodeler

thecatyodeler
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 02 February 2012 - 11:56 PM

I can't get it to work in Safe Mode either. It just sits after it says "However, the time for badly infected computers may easily double..." Also, when the black box first starts up, it says PING is not a recognizable command or something. And when my computer starts up, I get a message saying that my recycle bin is corrupted even though it's empty.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 PM

Posted 03 February 2012 - 02:43 AM

Hi

Please delete the copy you have and download a fresh copy > rename it to svchost before saving it

now start it with the following command:

Press the WinKey + R to open a run box:

Copy/paste the following text into the open run box > Click OK

ComboFix /nombr

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 thecatyodeler

thecatyodeler
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 February 2012 - 05:33 AM

Well, I've tried just about everything I can think of, and when I save it as svchost and try to win+r ComboFix /nombr it says "Windows cannot find ComboFix. Make sure you typed the name correctly, and then try again." The same thing happens if I don't rename the program. I tried to "troubleshoot compatibility" and I got this error code: 0x80070426

#8 thecatyodeler

thecatyodeler
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 February 2012 - 06:26 AM

I just got my MBAM log from when I got rid of the Windows Internet Security virus. Sorry I didn't bring that earlier... >.<


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912011201

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/12/2012 5:51:38 PM
mbam-log-2012-01-12 (17-51-38).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 290422
Time elapsed: 59 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
c:\Users\Olsons\AppData\Local\fup.exe (Spyware.Agent) -> 2756 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (aGt) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Olsons\AppData\Local\fup.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\Olsons\AppData\Local\qcd.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\Olsons\AppData\Local\Temp\fhsdkxrfmh (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\Olsons\AppData\Local\Temp\xkb.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\Olsons\documents\7qknvq6.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\Users\Olsons\documents\c5H5t0.exe (Spyware.Agent) -> Quarantined and deleted successfully.

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 PM

Posted 03 February 2012 - 08:59 AM

Please give Malwarebytes another run, see if it finds anything else


did you save ComboFix to the desktop?

Give it another try

make sure you save it to the desktop > make certain your antivirus and firewall are disabled before attempting a download in case they are interfering (some AV's think it is a threat by the nature of the program)

now boot into safemode again and try running it from there

make sure you give it lots more time than you think it should take, it may appear to have stalled, but it will still be working in the background

If after an hour nothing has happened, then let me know

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 thecatyodeler

thecatyodeler
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 February 2012 - 03:02 PM

Well, I uninstalled and reinstalled ComboFix. I shut down my firewall, antivirus, and I opened the properties for ComboFix and selected Unblock. I booted into Safe Mode and ran ComboFix as an admin for two hours, and nothing happened. I restarted my computer to let you know, and when it rebooted it told me that the recycling bin was corrupted again, even though there's nothing in it. I also re-ran MBAM when you told me to and nothing came up; I ran it a lot after I initially used it to get rid of those viruses and spyware/adware programs, and nothing's come up since. Maybe there's some malware that hasn't been detected that's blocking ComboFix from running somehow, I dunno. =\

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 PM

Posted 03 February 2012 - 03:46 PM

Hi

Yes, the malware is definitely blocking comboFix from running

Please run the following:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 thecatyodeler

thecatyodeler
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 February 2012 - 04:12 PM

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 15:05:38
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKU\Olsons\...\Run: [Google Update] "C:\Users\Olsons\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-14] (Google Inc.)
HKU\Olsons\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\Olsons\...\Policies\system: [disableregistrytools] 0
HKU\Olsons\...\Run: [Google Update] "C:\Users\Olsons\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-14] (Google Inc.)
HKU\Olsons\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\Olsons\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

================================ Services (Whitelisted) ==================

2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
2 hpsrv; C:\Windows\System32\Hpservice.exe [26168 2010-07-16] (Hewlett-Packard Company)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 Akamai; c:\program files\common files\akamai/netsession_win_e286960.dll [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [35896 2010-07-16] (Hewlett-Packard Company)
3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1163328 2009-08-13] (LSI Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [65584 2009-10-05] (Citrix Systems, Inc.)
0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [25656 2010-07-16] (Hewlett-Packard Company)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2009-12-18] ()
3 catchme; \??\C:\Users\Olsons\AppData\Local\Temp\catchme.sys [x]
3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-03 12:53 - 2012-02-03 15:05 - 0000000 ____D C:\FRST
2012-02-03 10:24 - 2012-02-03 10:25 - 0000000 ___SD C:\ComboFix
2012-02-03 10:24 - 2012-02-03 10:24 - 0000000 ____D C:\Qoobox
2012-02-03 10:24 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-03 10:24 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-03 10:24 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-03 10:24 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-03 10:24 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-03 10:24 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-03 10:24 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-03 10:23 - 2012-02-03 10:24 - 0000000 ___SD C:\32788R22FWJFW
2012-02-03 10:17 - 2012-02-03 10:17 - 4394794 ___RA (Swearware) C:\Users\Olsons\Desktop\ComboFix.exe
2012-02-03 10:17 - 2012-02-03 10:17 - 4394794 ___RA (Swearware) C:\Documents and Settings\Olsons\Desktop\ComboFix.exe
2012-02-03 08:23 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-03 03:21 - 2012-02-03 03:22 - 140879600 ____A C:\Users\Olsons\Downloads\20120202-033-v5i32.exe
2012-02-03 03:21 - 2012-02-03 03:22 - 140879600 ____A C:\Documents and Settings\Olsons\Downloads\20120202-033-v5i32.exe
2012-02-02 22:12 - 2012-02-02 22:12 - 0002938 ____A C:\TDSSKiller.2.7.9.0_03.02.2012_00.12.50_log.txt
2012-02-02 21:01 - 2012-02-02 21:01 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-02 21:01 - 2012-02-02 21:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-02 21:01 - 2012-02-02 21:01 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-02 21:01 - 2012-02-02 21:01 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-02 21:01 - 2012-02-02 21:01 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-02 21:01 - 2012-02-02 21:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-02 21:01 - 2012-02-02 21:01 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-01 21:14 - 2012-02-01 21:14 - 0004566 ____A C:\Users\Olsons\Desktop\ESET Report.txt
2012-02-01 21:14 - 2012-02-01 21:14 - 0004566 ____A C:\Documents and Settings\Olsons\Desktop\ESET Report.txt
2012-02-01 18:59 - 2012-02-01 18:59 - 0000000 ____D C:\Users\Olsons\AppData\Roaming\Uniblue
2012-02-01 18:59 - 2012-02-01 18:59 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Roaming\Uniblue
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Users\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Users\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Documents and Settings\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 ____D C:\Users\Olsons\AppData\Local\PackageAware
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 ____D C:\Program Files\Uniblue
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\PackageAware
2012-02-01 18:49 - 2012-02-02 21:02 - 0005893 ____A C:\Windows\IE9_main.log
2012-02-01 18:41 - 2012-02-01 18:41 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-01 18:40 - 2012-02-01 18:40 - 0000000 ____D C:\Windows\System32\EventProviders
2012-02-01 16:22 - 2012-02-03 10:24 - 0000000 ____D C:\Windows\ERDNT
2012-02-01 16:12 - 2012-02-01 16:12 - 0001066 ____A C:\Users\Olsons\Desktop\TDSSKiller.2.7.9.0_01.02.2012_18.10.40_log - Shortcut.lnk
2012-02-01 16:12 - 2012-02-01 16:12 - 0001066 ____A C:\Documents and Settings\Olsons\Desktop\TDSSKiller.2.7.9.0_01.02.2012_18.10.40_log - Shortcut.lnk
2012-02-01 16:11 - 2012-02-01 16:11 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-01 16:10 - 2012-02-01 16:11 - 0080918 ____A C:\TDSSKiller.2.7.9.0_01.02.2012_18.10.40_log.txt
2012-02-01 16:10 - 2012-02-01 16:10 - 2040543 ____A C:\Users\Olsons\Desktop\tdsskiller.zip
2012-02-01 16:10 - 2012-02-01 16:10 - 2040543 ____A C:\Documents and Settings\Olsons\Desktop\tdsskiller.zip
2012-02-01 16:10 - 2012-02-01 16:10 - 0000000 ____D C:\Users\Olsons\Desktop\tdsskiller
2012-02-01 16:10 - 2012-02-01 16:10 - 0000000 ____D C:\Documents and Settings\Olsons\Desktop\tdsskiller
2012-01-29 16:45 - 2012-01-29 16:45 - 0020318 ____A C:\Users\Olsons\Desktop\ark.txt
2012-01-29 16:45 - 2012-01-29 16:45 - 0020318 ____A C:\Documents and Settings\Olsons\Desktop\ark.txt
2012-01-29 16:13 - 2012-01-29 16:13 - 0000000 ____D C:\Users\Olsons\Desktop\gmer
2012-01-29 16:13 - 2012-01-29 16:13 - 0000000 ____D C:\Documents and Settings\Olsons\Desktop\gmer
2012-01-29 16:12 - 2012-01-29 16:12 - 0294216 ____A C:\Users\Olsons\Desktop\gmer.zip
2012-01-29 16:12 - 2012-01-29 16:12 - 0294216 ____A C:\Documents and Settings\Olsons\Desktop\gmer.zip
2012-01-29 16:11 - 2012-01-29 16:11 - 0010151 ____A C:\Users\Olsons\Desktop\DDS.txt
2012-01-29 16:11 - 2012-01-29 16:11 - 0010151 ____A C:\Documents and Settings\Olsons\Desktop\DDS.txt
2012-01-29 16:11 - 2012-01-29 16:11 - 0008708 ____A C:\Users\Olsons\Desktop\Attach.txt
2012-01-29 16:11 - 2012-01-29 16:11 - 0008708 ____A C:\Documents and Settings\Olsons\Desktop\Attach.txt
2012-01-29 16:01 - 2012-01-29 16:01 - 0607260 ____R (Swearware) C:\Users\Olsons\Desktop\dds.com
2012-01-29 16:01 - 2012-01-29 16:01 - 0607260 ____R (Swearware) C:\Documents and Settings\Olsons\Desktop\dds.com
2012-01-19 12:06 - 2011-11-16 21:41 - 0134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-19 12:06 - 2011-11-16 21:41 - 0067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-19 12:06 - 2011-11-16 21:39 - 0369352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-19 12:06 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-19 12:06 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-19 12:06 - 2011-11-16 21:34 - 0100352 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-19 12:06 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-19 12:06 - 2011-11-16 21:34 - 0015872 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-19 12:06 - 2011-11-16 21:32 - 1038848 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-19 12:06 - 2011-11-16 21:29 - 0022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-12 16:11 - 2012-02-01 08:11 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-12 16:11 - 2012-02-01 08:11 - 0001067 ____A C:\Documents and Settings\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-11 20:16 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 20:16 - 2011-11-16 21:38 - 1288472 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 20:16 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 20:16 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-09 13:17 - 2012-01-11 20:16 - 1469006 ____A C:\Windows\System32\Drivers\Cat.DB
2012-01-09 13:11 - 2012-01-12 16:06 - 0000000 ____D C:\Users\All Users\PC Tools
2012-01-09 13:11 - 2012-01-12 16:06 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-01-09 13:11 - 2012-01-12 16:06 - 0000000 ____D C:\ProgramData\PC Tools
2012-01-09 13:11 - 2012-01-12 16:06 - 0000000 ____D C:\Documents and Settings\All Users\PC Tools
2012-01-09 13:11 - 2012-01-12 16:06 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PC Tools
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Users\Olsons\Downloads\sdasetup_revwire207.exe
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Users\Olsons\Desktop\sdasetup_revwire207.exe
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Documents and Settings\Olsons\Downloads\sdasetup_revwire207.exe
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Documents and Settings\Olsons\Desktop\sdasetup_revwire207.exe
2012-01-09 12:54 - 2012-01-09 12:54 - 0000000 ____D C:\Windows\pss
2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Users\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Users\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Users\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\ProgramData\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Documents and Settings\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Documents and Settings\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Documents and Settings\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577


============ 3 Months Modified Files and Folders ===============

2012-02-03 15:05 - 2012-02-03 12:53 - 0000000 ____D C:\FRST
2012-02-03 13:01 - 2010-12-02 17:35 - 0000000 ____D C:\Program Files\Common Files\Akamai
2012-02-03 13:01 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-03 13:01 - 2009-07-13 20:39 - 0048265 ____A C:\Windows\setupact.log
2012-02-03 13:00 - 2010-06-18 10:37 - 2357620736 __ASH C:\hiberfil.sys
2012-02-03 12:55 - 2010-06-18 08:43 - 1804867 ____A C:\Windows\WindowsUpdate.log
2012-02-03 12:54 - 2010-06-18 08:48 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-03 12:14 - 2011-09-14 12:07 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000UA.job
2012-02-03 11:55 - 2009-07-13 20:34 - 0010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-03 11:55 - 2009-07-13 20:34 - 0010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-03 11:48 - 2010-06-18 11:18 - 0045616 ____A C:\Windows\PFRO.log
2012-02-03 11:48 - 2009-07-13 18:36 - 0000000 __SHD C:\$Recycle.Bin
2012-02-03 10:25 - 2012-02-03 10:24 - 0000000 ___SD C:\ComboFix
2012-02-03 10:25 - 2011-10-03 20:34 - 0804472 ____A C:\Windows\ntbtlog.txt
2012-02-03 10:24 - 2012-02-03 10:24 - 0000000 ____D C:\Qoobox
2012-02-03 10:24 - 2012-02-03 10:23 - 0000000 ___SD C:\32788R22FWJFW
2012-02-03 10:24 - 2012-02-01 16:22 - 0000000 ____D C:\Windows\ERDNT
2012-02-03 10:17 - 2012-02-03 10:17 - 4394794 ___RA (Swearware) C:\Users\Olsons\Desktop\ComboFix.exe
2012-02-03 10:17 - 2012-02-03 10:17 - 4394794 ___RA (Swearware) C:\Documents and Settings\Olsons\Desktop\ComboFix.exe
2012-02-03 08:29 - 2011-12-11 20:24 - 0000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000UA.job
2012-02-03 03:50 - 2009-07-13 18:37 - 0000000 __RHD C:\users\Default
2012-02-03 03:34 - 2010-11-28 13:37 - 0000000 ____D C:\Users\All Users\NexonUS
2012-02-03 03:34 - 2010-11-28 13:37 - 0000000 ____D C:\Users\All Users\Application Data\NexonUS
2012-02-03 03:34 - 2010-11-28 13:37 - 0000000 ____D C:\ProgramData\NexonUS
2012-02-03 03:34 - 2010-11-28 13:37 - 0000000 ____D C:\Documents and Settings\All Users\NexonUS
2012-02-03 03:34 - 2010-11-28 13:37 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\NexonUS
2012-02-03 03:22 - 2012-02-03 03:21 - 140879600 ____A C:\Users\Olsons\Downloads\20120202-033-v5i32.exe
2012-02-03 03:22 - 2012-02-03 03:21 - 140879600 ____A C:\Documents and Settings\Olsons\Downloads\20120202-033-v5i32.exe
2012-02-02 22:12 - 2012-02-02 22:12 - 0002938 ____A C:\TDSSKiller.2.7.9.0_03.02.2012_00.12.50_log.txt
2012-02-02 21:02 - 2012-02-01 18:49 - 0005893 ____A C:\Windows\IE9_main.log
2012-02-02 21:01 - 2012-02-02 21:01 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-02 21:01 - 2012-02-02 21:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-02 21:01 - 2012-02-02 21:01 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-02 21:01 - 2012-02-02 21:01 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-02 21:01 - 2012-02-02 21:01 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-02 21:01 - 2012-02-02 21:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-02 21:01 - 2012-02-02 21:01 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-02 21:01 - 2012-02-02 21:01 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-02 21:01 - 2012-02-02 21:01 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-02 20:50 - 2011-07-13 14:35 - 0000000 ____D C:\Users\Olsons\AppData\Local\ElevatedDiagnostics
2012-02-02 20:50 - 2011-07-13 14:35 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\ElevatedDiagnostics
2012-02-01 21:14 - 2012-02-01 21:14 - 0004566 ____A C:\Users\Olsons\Desktop\ESET Report.txt
2012-02-01 21:14 - 2012-02-01 21:14 - 0004566 ____A C:\Documents and Settings\Olsons\Desktop\ESET Report.txt
2012-02-01 20:29 - 2011-12-11 20:24 - 0000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000Core.job
2012-02-01 19:17 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-01 19:04 - 2010-06-18 08:43 - 0000000 ____D C:\Users\Olsons\AppData\LocalLow
2012-02-01 19:04 - 2010-06-18 08:43 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\LocalLow
2012-02-01 19:04 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-02-01 18:59 - 2012-02-01 18:59 - 0000000 ____D C:\Users\Olsons\AppData\Roaming\Uniblue
2012-02-01 18:59 - 2012-02-01 18:59 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Roaming\Uniblue
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Users\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Users\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 __HDC C:\Documents and Settings\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 ____D C:\Users\Olsons\AppData\Local\PackageAware
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 ____D C:\Program Files\Uniblue
2012-02-01 18:58 - 2012-02-01 18:58 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\PackageAware
2012-02-01 18:55 - 2010-06-18 08:44 - 0000174 ___SH C:\Users\Olsons\Start Menu\Programs\Startup\desktop.ini
2012-02-01 18:55 - 2010-06-18 08:44 - 0000174 ___SH C:\Users\Olsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-01 18:55 - 2010-06-18 08:44 - 0000174 ___SH C:\Documents and Settings\Olsons\Start Menu\Programs\Startup\desktop.ini
2012-02-01 18:55 - 2010-06-18 08:44 - 0000174 ___SH C:\Documents and Settings\Olsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-01 18:53 - 2011-11-15 23:17 - 0000000 __SHD C:\Config.Msi
2012-02-01 18:53 - 2009-07-13 20:33 - 0409752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-01 18:51 - 2009-07-13 23:50 - 0000000 ____D C:\Program Files\Windows Journal
2012-02-01 18:51 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-02-01 18:51 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-02-01 18:51 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-02-01 18:51 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\Windows Defender
2012-02-01 18:51 - 2009-07-13 20:52 - 0000000 ____D C:\Program Files\DVD Maker
2012-02-01 18:51 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-02-01 18:51 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-02-01 18:51 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\System
2012-02-01 18:48 - 2009-07-13 18:05 - 0152576 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-02-01 18:41 - 2012-02-01 18:41 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-01 18:40 - 2012-02-01 18:40 - 0000000 ____D C:\Windows\System32\EventProviders
2012-02-01 18:40 - 2010-06-18 11:02 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-01 18:40 - 2010-06-18 11:02 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-02-01 18:40 - 2010-06-18 11:02 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-01 18:40 - 2010-06-18 11:02 - 0000000 ____D C:\Program Files\Microsoft Office
2012-02-01 18:40 - 2010-06-18 11:02 - 0000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2012-02-01 18:40 - 2010-06-18 11:02 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-02-01 18:38 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-02-01 18:36 - 2009-07-13 18:04 - 0000478 ____A C:\Windows\win.ini
2012-02-01 16:14 - 2011-09-14 12:07 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000Core.job
2012-02-01 16:12 - 2012-02-01 16:12 - 0001066 ____A C:\Users\Olsons\Desktop\TDSSKiller.2.7.9.0_01.02.2012_18.10.40_log - Shortcut.lnk
2012-02-01 16:12 - 2012-02-01 16:12 - 0001066 ____A C:\Documents and Settings\Olsons\Desktop\TDSSKiller.2.7.9.0_01.02.2012_18.10.40_log - Shortcut.lnk
2012-02-01 16:11 - 2012-02-01 16:11 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-01 16:11 - 2012-02-01 16:10 - 0080918 ____A C:\TDSSKiller.2.7.9.0_01.02.2012_18.10.40_log.txt
2012-02-01 16:10 - 2012-02-01 16:10 - 2040543 ____A C:\Users\Olsons\Desktop\tdsskiller.zip
2012-02-01 16:10 - 2012-02-01 16:10 - 2040543 ____A C:\Documents and Settings\Olsons\Desktop\tdsskiller.zip
2012-02-01 16:10 - 2012-02-01 16:10 - 0000000 ____D C:\Users\Olsons\Desktop\tdsskiller
2012-02-01 16:10 - 2012-02-01 16:10 - 0000000 ____D C:\Documents and Settings\Olsons\Desktop\tdsskiller
2012-02-01 08:11 - 2012-01-12 16:11 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-01 08:11 - 2012-01-12 16:11 - 0001067 ____A C:\Documents and Settings\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-01 08:11 - 2011-03-02 11:07 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-29 16:45 - 2012-01-29 16:45 - 0020318 ____A C:\Users\Olsons\Desktop\ark.txt
2012-01-29 16:45 - 2012-01-29 16:45 - 0020318 ____A C:\Documents and Settings\Olsons\Desktop\ark.txt
2012-01-29 16:13 - 2012-01-29 16:13 - 0000000 ____D C:\Users\Olsons\Desktop\gmer
2012-01-29 16:13 - 2012-01-29 16:13 - 0000000 ____D C:\Documents and Settings\Olsons\Desktop\gmer
2012-01-29 16:12 - 2012-01-29 16:12 - 0294216 ____A C:\Users\Olsons\Desktop\gmer.zip
2012-01-29 16:12 - 2012-01-29 16:12 - 0294216 ____A C:\Documents and Settings\Olsons\Desktop\gmer.zip
2012-01-29 16:11 - 2012-01-29 16:11 - 0010151 ____A C:\Users\Olsons\Desktop\DDS.txt
2012-01-29 16:11 - 2012-01-29 16:11 - 0010151 ____A C:\Documents and Settings\Olsons\Desktop\DDS.txt
2012-01-29 16:11 - 2012-01-29 16:11 - 0008708 ____A C:\Users\Olsons\Desktop\Attach.txt
2012-01-29 16:11 - 2012-01-29 16:11 - 0008708 ____A C:\Documents and Settings\Olsons\Desktop\Attach.txt
2012-01-29 16:01 - 2012-01-29 16:01 - 0607260 ____R (Swearware) C:\Users\Olsons\Desktop\dds.com
2012-01-29 16:01 - 2012-01-29 16:01 - 0607260 ____R (Swearware) C:\Documents and Settings\Olsons\Desktop\dds.com
2012-01-26 03:50 - 2011-09-14 12:08 - 0002403 ____A C:\Users\Olsons\Desktop\Google Chrome.lnk
2012-01-26 03:50 - 2011-09-14 12:08 - 0002403 ____A C:\Documents and Settings\Olsons\Desktop\Google Chrome.lnk
2012-01-18 22:22 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-01-18 19:17 - 2010-06-21 11:57 - 0000000 ____D C:\Users\Olsons\AppData\Roaming\Mozilla
2012-01-18 19:17 - 2010-06-21 11:57 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Roaming\Mozilla
2012-01-12 16:06 - 2012-01-09 13:11 - 0000000 ____D C:\Users\All Users\PC Tools
2012-01-12 16:06 - 2012-01-09 13:11 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-01-12 16:06 - 2012-01-09 13:11 - 0000000 ____D C:\ProgramData\PC Tools
2012-01-12 16:06 - 2012-01-09 13:11 - 0000000 ____D C:\Documents and Settings\All Users\PC Tools
2012-01-12 16:06 - 2012-01-09 13:11 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\PC Tools
2012-01-12 15:55 - 2009-07-13 23:50 - 0000000 ____D C:\Windows\CSC
2012-01-12 15:53 - 2010-06-18 09:16 - 52128560 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-11 20:16 - 2012-01-09 13:17 - 1469006 ____A C:\Windows\System32\Drivers\Cat.DB
2012-01-11 20:10 - 2012-01-09 12:33 - 0013192 __ASH C:\Users\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-11 20:10 - 2012-01-09 12:33 - 0013192 __ASH C:\Users\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-11 20:10 - 2012-01-09 12:33 - 0013192 __ASH C:\Users\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-11 20:10 - 2012-01-09 12:33 - 0013192 __ASH C:\ProgramData\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-11 20:10 - 2012-01-09 12:33 - 0013192 __ASH C:\Documents and Settings\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-11 20:10 - 2012-01-09 12:33 - 0013192 __ASH C:\Documents and Settings\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-11 20:10 - 2012-01-09 12:33 - 0013192 __ASH C:\Documents and Settings\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Users\Olsons\Downloads\sdasetup_revwire207.exe
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Users\Olsons\Desktop\sdasetup_revwire207.exe
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Documents and Settings\Olsons\Downloads\sdasetup_revwire207.exe
2012-01-09 13:11 - 2012-01-09 13:11 - 0512992 ____A C:\Documents and Settings\Olsons\Desktop\sdasetup_revwire207.exe
2012-01-09 12:54 - 2012-01-09 12:54 - 0000000 ____D C:\Windows\pss
2011-12-26 17:22 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2011-12-20 13:58 - 2011-12-20 13:58 - 0001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-12-20 13:58 - 2011-12-20 13:58 - 0001753 ____A C:\Documents and Settings\Public\Desktop\iTunes.lnk
2011-12-20 13:58 - 2011-12-20 13:57 - 0000000 ____D C:\Program Files\iTunes
2011-12-20 13:57 - 2011-12-20 13:57 - 0000000 ____D C:\Program Files\iPod
2011-12-20 13:57 - 2010-09-10 09:14 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-12-15 22:18 - 2011-11-01 14:25 - 0000000 ____D C:\Users\Olsons\AppData\Local\Akamai
2011-12-15 22:18 - 2011-11-01 14:25 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\Akamai
2011-12-14 19:00 - 2011-10-29 15:42 - 0001054 ____A C:\Windows\KB893803v2.log
2011-12-14 19:00 - 2011-10-29 15:42 - 0000937 ____A C:\Users\Public\Desktop\Origin.lnk
2011-12-14 19:00 - 2011-10-29 15:42 - 0000937 ____A C:\Documents and Settings\Public\Desktop\Origin.lnk
2011-12-14 19:00 - 2011-10-29 15:42 - 0000000 ____D C:\Program Files\Origin
2011-12-13 21:15 - 2011-09-14 12:07 - 0000000 ____D C:\Users\Olsons\AppData\Local\Google
2011-12-13 21:15 - 2011-09-14 12:07 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\Google
2011-12-11 20:24 - 2011-12-11 20:24 - 0000000 ____D C:\Users\Olsons\AppData\Local\Facebook
2011-12-11 20:24 - 2011-12-11 20:24 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\Facebook
2011-12-11 20:23 - 2011-12-11 20:23 - 0493520 ____A (Facebook Inc.) C:\Users\Olsons\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2011-12-11 20:23 - 2011-12-11 20:23 - 0493520 ____A (Facebook Inc.) C:\Documents and Settings\Olsons\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2011-12-10 13:24 - 2011-03-02 11:07 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 21:46 - 2011-12-09 21:46 - 0053128 ____A C:\Users\Olsons\Downloads\saturdaymovie2011 (2).rtf
2011-12-09 21:46 - 2011-12-09 21:46 - 0053128 ____A C:\Documents and Settings\Olsons\Downloads\saturdaymovie2011 (2).rtf
2011-12-09 21:01 - 2011-12-09 21:01 - 0043461 ____A C:\Users\Olsons\Downloads\Vertigo_d3.rtf
2011-12-09 21:01 - 2011-12-09 21:01 - 0043461 ____A C:\Documents and Settings\Olsons\Downloads\Vertigo_d3.rtf
2011-12-08 16:41 - 2011-12-08 16:41 - 0065426 ____A C:\Users\Olsons\Downloads\ENGC 1101 section 72 Fall 2011 Scott Jacobson (3).rtf
2011-12-08 16:41 - 2011-12-08 16:41 - 0065426 ____A C:\Documents and Settings\Olsons\Downloads\ENGC 1101 section 72 Fall 2011 Scott Jacobson (3).rtf
2011-12-05 01:57 - 2011-02-03 16:03 - 0000000 ____D C:\Users\Olsons\Documents\My Recordings
2011-12-05 01:57 - 2011-02-03 16:03 - 0000000 ____D C:\Documents and Settings\Olsons\Documents\My Recordings
2011-12-04 12:07 - 2011-12-04 12:07 - 0359709 ____A C:\Users\Olsons\Downloads\1203012257.3g2
2011-12-04 12:07 - 2011-12-04 12:07 - 0359709 ____A C:\Documents and Settings\Olsons\Downloads\1203012257.3g2
2011-12-04 01:20 - 2011-12-04 01:20 - 0157854 ____A C:\Users\Olsons\Downloads\December-02-2011-00-50-50-798761.jpg
2011-12-04 01:20 - 2011-12-04 01:20 - 0157854 ____A C:\Documents and Settings\Olsons\Downloads\December-02-2011-00-50-50-798761.jpg
2011-12-04 01:17 - 2011-12-04 01:17 - 0041861 ____A C:\Users\Olsons\Downloads\390792_321908481154699_100000066483375_1349572_1459638515_n.jpg
2011-12-04 01:17 - 2011-12-04 01:17 - 0041861 ____A C:\Documents and Settings\Olsons\Downloads\390792_321908481154699_100000066483375_1349572_1459638515_n.jpg
2011-12-04 01:14 - 2011-12-04 01:14 - 0036397 ____A C:\Users\Olsons\Downloads\199492_204595042886044_100000066483375_816214_5830070_n.jpg
2011-12-04 01:14 - 2011-12-04 01:14 - 0036397 ____A C:\Documents and Settings\Olsons\Downloads\199492_204595042886044_100000066483375_816214_5830070_n.jpg
2011-12-04 01:00 - 2011-12-04 01:00 - 0084440 ____A C:\Users\Olsons\Downloads\384316_202663179815018_100002140131621_434981_1041185819_n.jpg
2011-12-04 01:00 - 2011-12-04 01:00 - 0084440 ____A C:\Documents and Settings\Olsons\Downloads\384316_202663179815018_100002140131621_434981_1041185819_n.jpg
2011-11-30 00:06 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2011-11-29 23:59 - 2010-06-18 08:43 - 0000000 ____D C:\users\Olsons
2011-11-29 23:59 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2011-11-29 23:58 - 2011-07-13 14:15 - 0000000 ____D C:\Program Files\Acoustica Mixcraft 5
2011-11-29 23:58 - 2010-06-18 11:02 - 0000000 ____D C:\Users\Olsons\AppData\Local\Microsoft Help
2011-11-29 23:58 - 2010-06-18 11:02 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\Microsoft Help
2011-11-29 23:58 - 2009-07-13 23:49 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-11-29 23:58 - 2009-07-13 23:49 - 0000000 ___RD C:\Documents and Settings\Public\Recorded TV
2011-11-29 23:58 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2011-11-23 22:29 - 2011-11-23 22:29 - 0000000 ____D C:\Users\Olsons\AppData\Roaming\Real
2011-11-23 22:29 - 2011-11-23 22:29 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Roaming\Real
2011-11-23 21:26 - 2011-11-23 21:26 - 0000259 ____A C:\Windows\System32\hpl.log
2011-11-23 21:22 - 2011-11-23 21:22 - 0000000 ____D C:\Users\Olsons\Documents\Amnesia
2011-11-23 21:22 - 2011-11-23 21:22 - 0000000 ____D C:\Documents and Settings\Olsons\Documents\Amnesia
2011-11-23 20:25 - 2011-12-14 15:04 - 2342912 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-20 23:55 - 2011-11-20 23:55 - 0000000 ____D C:\Users\Olsons\AppData\Local\Unity
2011-11-20 23:55 - 2011-11-20 23:55 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Local\Unity
2011-11-19 06:01 - 2012-01-11 20:16 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-17 18:12 - 2011-11-17 18:12 - 0045386 ____A C:\Users\Olsons\Downloads\sample intros (1).rtf
2011-11-17 18:12 - 2011-11-17 18:12 - 0045386 ____A C:\Documents and Settings\Olsons\Downloads\sample intros (1).rtf
2011-11-17 17:57 - 2011-11-17 17:57 - 0045386 ____A C:\Users\Olsons\Downloads\sample intros.rtf
2011-11-17 17:57 - 2011-11-17 17:57 - 0045386 ____A C:\Documents and Settings\Olsons\Downloads\sample intros.rtf
2011-11-17 17:52 - 2011-11-17 17:52 - 0073916 ____A C:\Users\Olsons\Downloads\Film Analysis Essay Guidelines.rtf
2011-11-17 17:52 - 2011-11-17 17:52 - 0073916 ____A C:\Documents and Settings\Olsons\Downloads\Film Analysis Essay Guidelines.rtf
2011-11-17 17:51 - 2011-11-17 17:51 - 0053128 ____A C:\Users\Olsons\Downloads\saturdaymovie2011 (1).rtf
2011-11-17 17:51 - 2011-11-17 17:51 - 0053128 ____A C:\Documents and Settings\Olsons\Downloads\saturdaymovie2011 (1).rtf
2011-11-17 07:50 - 2011-11-17 07:50 - 0053128 ____A C:\Users\Olsons\Downloads\saturdaymovie2011.rtf
2011-11-17 07:50 - 2011-11-17 07:50 - 0053128 ____A C:\Documents and Settings\Olsons\Downloads\saturdaymovie2011.rtf
2011-11-17 07:49 - 2011-11-17 07:49 - 0036928 ____A C:\Users\Olsons\Downloads\Revision and Editing.rtf
2011-11-17 07:49 - 2011-11-17 07:49 - 0036928 ____A C:\Documents and Settings\Olsons\Downloads\Revision and Editing.rtf
2011-11-17 07:49 - 2011-11-17 07:49 - 0031734 ____A C:\Users\Olsons\Downloads\Revision Letter.rtf
2011-11-17 07:49 - 2011-11-17 07:49 - 0031734 ____A C:\Documents and Settings\Olsons\Downloads\Revision Letter.rtf
2011-11-16 21:41 - 2012-01-19 12:06 - 0134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 21:41 - 2012-01-19 12:06 - 0067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 21:39 - 2012-01-19 12:06 - 0369352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 21:38 - 2012-01-11 20:16 - 1288472 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 21:35 - 2012-01-19 12:06 - 0314880 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 21:34 - 2012-01-19 12:06 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 21:34 - 2012-01-19 12:06 - 0100352 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 21:34 - 2012-01-19 12:06 - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 21:34 - 2012-01-19 12:06 - 0015872 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 21:32 - 2012-01-19 12:06 - 1038848 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 21:29 - 2012-01-19 12:06 - 0022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 07:39 - 2011-11-16 07:39 - 0027119 ____A C:\Users\Olsons\Desktop\November-13-2011-16-29-54-3399.png
2011-11-16 07:39 - 2011-11-16 07:39 - 0027119 ____A C:\Documents and Settings\Olsons\Desktop\November-13-2011-16-29-54-3399.png
2011-11-16 07:37 - 2011-11-16 07:37 - 0109573 ____A C:\Users\Olsons\Desktop\November-13-2011-18-33-06-1Uirw.png
2011-11-16 07:37 - 2011-11-16 07:37 - 0109573 ____A C:\Documents and Settings\Olsons\Desktop\November-13-2011-18-33-06-1Uirw.png
2011-11-16 07:34 - 2011-11-16 07:34 - 0057699 ____A C:\Users\Olsons\Downloads\November-14-2011-12-33-53-Smart.jpg
2011-11-16 07:34 - 2011-11-16 07:34 - 0057699 ____A C:\Documents and Settings\Olsons\Downloads\November-14-2011-12-33-53-Smart.jpg
2011-11-14 19:10 - 2011-04-11 15:25 - 0000000 ____D C:\Users\Olsons\AppData\Roaming\Skype
2011-11-14 19:10 - 2011-04-11 15:25 - 0000000 ____D C:\Documents and Settings\Olsons\AppData\Roaming\Skype
2011-11-13 12:38 - 2011-11-13 12:38 - 0048145 ____A C:\Users\Olsons\Desktop\November-11-2011-02-53-53-ScreenShot20111110at5.jpg
2011-11-13 12:38 - 2011-11-13 12:38 - 0048145 ____A C:\Documents and Settings\Olsons\Desktop\November-11-2011-02-53-53-ScreenShot20111110at5.jpg
2011-11-09 21:20 - 2011-11-09 21:20 - 0045840 ____A C:\Users\Olsons\Downloads\satresearchfall11 (2).rtf
2011-11-09 21:20 - 2011-11-09 21:20 - 0045840 ____A C:\Documents and Settings\Olsons\Downloads\satresearchfall11 (2).rtf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3893.87 MB
Available physical RAM: 3301.38 MB
Total Pagefile: 3892.15 MB
Available Pagefile: 3302.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.23 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:251.4 GB) NTFS
3 Drive f: (AD-STICK) (Removable) (Total:1.95 GB) (Free:1.95 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1998 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1997 MB 16 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F AD-STICK FAT Removable 1997 MB Healthy



==========================================================

Last Boot: 2012-02-03 00:00

======================= End Of Log ==========================

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 PM

Posted 03 February 2012 - 07:20 PM

Hi,

  • We need to remove some of the entries that FRST has found.

    I am also going to remove all of the ComboFix entries, so you can start afresh in case the malware has corrupted the downloaded files

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    2012-02-03 10:24 - 2012-02-03 10:25 - 0000000 ___SD C:\ComboFix
    2012-02-03 10:24 - 2012-02-03 10:24 - 0000000 ____D C:\Qoobox
    2012-02-03 10:24 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
    2012-02-03 10:24 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
    2012-02-03 10:24 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-02-03 10:24 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-02-03 10:24 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
    2012-02-03 10:24 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
    2012-02-03 10:24 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
    2012-02-03 10:23 - 2012-02-03 10:24 - 0000000 ___SD C:\32788R22FWJFW
    2012-02-03 10:17 - 2012-02-03 10:17 - 4394794 ___RA (Swearware) C:\Users\Olsons\Desktop\ComboFix.exe
    2012-02-03 10:17 - 2012-02-03 10:17 - 4394794 ___RA (Swearware) C:\Documents and Settings\Olsons\Desktop\ComboFix.exe
    2012-02-03 08:23 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-02-03 03:21 - 2012-02-03 03:22 - 140879600 ____A C:\Users\Olsons\Downloads\20120202-033-v5i32.exe
    2012-02-03 03:21 - 2012-02-03 03:22 - 140879600 ____A C:\Documents and Settings\Olsons\Downloads\20120202-033-v5i32.exe
    2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Users\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
    2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Users\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
    2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Users\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
    2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\ProgramData\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
    2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Documents and Settings\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
    2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Documents and Settings\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
    2012-01-09 12:33 - 2012-01-11 20:10 - 0013192 __ASH C:\Documents and Settings\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577
    2012-02-03 10:25 - 2011-10-03 20:34 - 0804472 ____A C:\Windows\ntbtlog.txt
    C:\Windows\$NtUninstallKB53446$
    



    Now please enter System Recovery Options.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: explorer.exe;winlogon.exe;wininit.exe

    Click Search button and post the log it makes to your reply.


NEXT



Please download a fresh copy of ComboFix and try running it again, make sure your security programs are disabled

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 thecatyodeler

thecatyodeler
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 February 2012 - 09:34 PM

Everything worked!!! Here's ComboFix:


ComboFix 12-02-03.02 - Olsons 02/03/2012 20:18:25.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2998.2153 [GMT -6:00]
Running from: c:\users\Olsons\Desktop\ComboFix.exe
Command switches used :: /nombr
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 02:28 . 2012-02-04 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-03 20:53 . 2012-02-03 23:06 -------- d-----w- C:\FRST
2012-02-02 02:59 . 2012-02-02 02:59 -------- d-----w- c:\users\Olsons\AppData\Roaming\Uniblue
2012-02-02 02:58 . 2012-02-02 02:58 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-02 02:58 . 2012-02-02 02:58 -------- d-----w- c:\program files\Uniblue
2012-02-02 02:58 . 2012-02-02 02:58 -------- d-----w- c:\users\Olsons\AppData\Local\PackageAware
2012-02-02 02:41 . 2012-02-02 02:41 -------- d-----w- c:\windows\system32\SPReview
2012-02-02 02:40 . 2012-02-02 02:40 -------- d-----w- c:\windows\system32\EventProviders
2012-02-02 00:11 . 2012-02-02 00:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-19 20:06 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 20:06 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-19 20:06 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-19 20:06 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-19 20:06 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-19 20:06 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-19 20:06 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 20:06 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-19 20:06 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-19 20:06 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 04:16 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 04:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-12 04:16 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 04:16 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-09 21:11 . 2012-01-13 00:06 -------- d-----w- c:\programdata\PC Tools
2012-01-07 02:05 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{332DC816-9853-4E4F-8820-ADE861784C77}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-02 02:48 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-12-10 21:24 . 2011-03-02 19:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 11:13 . 2011-11-28 11:13 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:25 . 2011-12-14 23:04 2342912 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Olsons^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Olsons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-13 05:20 3305760 ----a-w- c:\users\Olsons\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-11 05:21 300400 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-12-12 04:23 137536 ----atw- c:\users\Olsons\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-14 20:07 136176 ----atw- c:\users\Olsons\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 01:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-25 14:57 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-26 01:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 20:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 01:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 354304 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-28 03:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1343400]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000Core.job
- c:\users\Olsons\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-12 04:23]
.
2012-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000UA.job
- c:\users\Olsons\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-12 04:23]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000Core.job
- c:\users\Olsons\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-14 20:07]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102023921-2220473630-900942208-1000UA.job
- c:\users\Olsons\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-14 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-52415638.sys
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1102023921-2220473630-900942208-1000\Software\SecuROM\License information*]
"datasecu"=hex:b4,ac,76,2a,2f,3b,40,c7,20,27,36,67,3a,32,bf,a0,e0,fa,b5,e9,fd,
96,2d,2c,27,a5,da,b9,b7,2a,c8,76,0e,e8,60,f9,ee,4b,26,b6,7c,c7,05,86,0d,94,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-03 20:30:38
ComboFix-quarantined-files.txt 2012-02-04 02:30
.
Pre-Run: 269,525,659,648 bytes free
Post-Run: 271,020,285,952 bytes free
.
- - End Of File - - 17CA7C060DA8511E47818423E6139CC8




And here's the Fix Log

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 20:09:48 R:1
Running from F:\

==============================================

C:\ComboFix moved successfully.
C:\Qoobox moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\SWREG.exe moved successfully.
C:\Windows\SWSC.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
C:\32788R22FWJFW moved successfully.
C:\Users\Olsons\Desktop\ComboFix.exe moved successfully.
C:\Documents and Settings\Olsons\Desktop\ComboFix.exe not found.
C:\Windows\NIRCMD.exe moved successfully.
C:\Users\Olsons\Downloads\20120202-033-v5i32.exe moved successfully.
C:\Documents and Settings\Olsons\Downloads\20120202-033-v5i32.exe not found.
C:\Users\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577 moved successfully.
C:\Users\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577 moved successfully.
C:\Users\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577 not found.
C:\ProgramData\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577 not found.
C:\Documents and Settings\Olsons\AppData\Local\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577 not found.
C:\Documents and Settings\All Users\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577 not found.
C:\Documents and Settings\All Users\Application Data\ei200oy505fhnx12471sc82433e63ee075j4if1m1de577 not found.
C:\Windows\ntbtlog.txt moved successfully.
C:\Windows\$NtUninstallKB53446$ moved successfully.

==== End of Fixlog ====



And here's the Search Log:

Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 20:10:29
Running from F:\

================== Search: "explorer.exe;winlogon.exe;wininit.exe" ===================

C:\Windows\explorer.exe
[2011-04-26 14:30] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2011-06-30 23:18] - [2010-11-20 04:17] - 0286720 ____A (Microsoft Corporation) 6D13E1406F50C66E2A95D97F22C47560

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-06-18 09:10] - [2009-10-27 21:52] - 0285696 ____A (Microsoft Corporation) 3BABE6767C78FBF5FB8435FEED187F30

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010-06-18 09:10] - [2009-10-27 22:17] - 0285696 ____A (Microsoft Corporation) 37CDB7E72EB66BA85A87CBE37E7F03FD

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009-07-13 15:37] - [2009-07-13 17:14] - 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF

C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009-07-13 15:36] - [2009-07-13 17:14] - 0096256 ____A (Microsoft Corporation) B5C5DCAD3899512020D135600129D665

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2011-04-26 14:30] - [2011-02-25 21:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2011-04-26 14:30] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011-06-30 23:18] - [2010-11-20 04:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011-04-26 14:30] - [2011-02-25 21:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010-06-18 09:10] - [2009-10-30 22:00] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010-06-18 09:10] - [2009-08-02 21:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011-04-26 14:30] - [2011-02-25 21:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010-06-18 09:10] - [2009-10-30 21:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010-06-18 09:10] - [2009-08-02 21:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009-07-13 15:41] - [2009-07-13 17:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\System32\wininit.exe
[2009-07-13 15:36] - [2009-07-13 17:14] - 0096256 ____A (Microsoft Corporation) B5C5DCAD3899512020D135600129D665

C:\Windows\System32\winlogon.exe
[2011-06-30 23:18] - [2010-11-20 04:17] - 0286720 ____A (Microsoft Corporation) 6D13E1406F50C66E2A95D97F22C47560

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012-01-12 16:11] - [2012-01-13 12:53] - 0182856 ____A () 63EEC8A8B221AB79045E776E5F592868

=== End Of Search ===

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:55 PM

Posted 03 February 2012 - 09:48 PM

Hi

That looks much better, we'll run a couple more scans in case there are any left overs. How is the computer running now?

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users