Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS alureon and blue-screening on start-up


  • This topic is locked This topic is locked
18 replies to this topic

#1 Darcemeus

Darcemeus

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 04 February 2012 - 06:30 AM

Hello, about three days ago I was checking my e-mail when my laptop decided to turn itself off all of a sudden and when I would try re-starting it I would get a blue screen three to five seconds after getting past the log on. I tried running a full scan in safe mode using both avast and malware bytes which both found several different trojans and viruses but didn't fix the start-up problem, at which point I tried to run a boot-time scan using avast only to find that some of its files had been deleted and it would take me straight to the log-in screen. (Malware Bytes also had some of its files deleted) So I performed a clean boot start up which seemed to work long enough for me to re-install avast and have it run a boot-time scan only to get a message from my campus network when I was done that I had been blocked because they'd detected that my laptop was infected with the TDSS TDL Alureon root kit trojan and that I should try running the TDSSKiller to get rid of it. Now I tried running it a few times but it never really worked until I read the guideline on how to use it here and renamed it. At that point it detected a few suspicious items that it quarantined and one that it deleted however I'm not entirely sure that that got rid of all of it because I'd also been running aswMBR to see if it could find anything else when it crashed. If someone could please help me resolve this I'd be very much in your debt, thanks in advance for your time! (Here's the DDS log)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20
Run by Alan at 4:57:06 on 2012-02-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2033 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\explorer.exe
C:\Users\Alan\Desktop\iexplore.com.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [AdobeBridge]
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\33240574A4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\5545447457563747 : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\5545447457563747 : DhcpNameServer = 129.110.10.40 129.110.31.40
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\6427563786D616E60234F657274797162746 : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\6427563786D616E60234F657274797162746 : DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C65746779676D24787 : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C65746779676D24787 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C696E6B6379737 : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C696E6B6379737 : DhcpNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
TCP: Interfaces\{30C1FB29-BE12-4EE9-A17F-F6A62049712C} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
BHO-X64: WhiteSmoke Bar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\hfwkdvjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys --> C:\windows\system32\DRIVERS\amdiox64.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 PTSimBus;PenTablet Bus Enumerator;C:\windows\system32\DRIVERS\PTSimBus.sys --> C:\windows\system32\DRIVERS\PTSimBus.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
S2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\windows\system32\DRIVERS\PTSimHid.sys --> C:\windows\system32\DRIVERS\PTSimHid.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-7 365568]
S4 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-22 44768]
S4 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-6 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-6 136176]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-27 8704]
S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-11-12 332272]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-11-12 297344]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-19 51512]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-04 03:30:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 14:20:17 -------- d-----w- C:\Users\Alan\AppData\Local\{D1978904-DB17-4BC0-9714-49BF59872A75}
2012-02-03 14:19:34 -------- d-----w- C:\Users\Alan\AppData\Local\{9AFBA6FA-1890-40E6-ADBB-4DE021A7E563}
2012-02-03 02:02:14 -------- d-----w- C:\Users\Alan\AppData\Local\{6EFD01E5-620B-4197-B56D-28F83058C5FF}
2012-02-03 02:01:52 -------- d-----w- C:\Users\Alan\AppData\Local\{EF800778-5277-4F45-858C-C9D4E8CCE975}
2012-02-02 21:26:49 20480 ----a-w- C:\windows\svchost.exe
2012-02-02 13:04:01 340992 ----a-w- C:\windows\System32\schannel.dll
2012-02-02 13:04:00 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-02-02 13:04:00 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2012-02-02 13:04:00 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2012-02-02 13:04:00 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-02-02 13:04:00 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2012-02-02 13:03:59 395776 ----a-w- C:\windows\System32\webio.dll
2012-02-02 13:03:59 314880 ----a-w- C:\windows\SysWow64\webio.dll
2012-02-02 13:03:59 31232 ----a-w- C:\windows\System32\lsass.exe
2012-02-02 13:03:58 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-02-02 13:03:58 29184 ----a-w- C:\windows\System32\sspisrv.dll
2012-02-02 13:03:58 28160 ----a-w- C:\windows\System32\secur32.dll
2012-02-02 13:03:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-02-02 13:03:58 136192 ----a-w- C:\windows\System32\sspicli.dll
2012-02-02 03:59:04 -------- d-----w- C:\windows\pss
2012-02-01 15:08:32 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7BD4.tmp
2012-02-01 15:08:32 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7B75.tmp
2012-02-01 14:31:18 -------- d-----w- C:\Users\Alan\AppData\Local\{82917D5F-553A-4422-9E4D-ED90E8B5EDF9}
2012-02-01 14:31:00 -------- d-----w- C:\Users\Alan\AppData\Local\{61357D67-67AC-4BF1-8AA1-EB3467458B89}
2012-02-01 01:33:19 -------- d-----w- C:\Users\Alan\AppData\Local\{D58CE42B-44B0-420F-B889-D7A9512C1A49}
2012-02-01 01:33:07 -------- d-----w- C:\Users\Alan\AppData\Local\{461EDA08-D6FE-4116-A08A-94C8EE9E689B}
2012-01-31 02:32:36 -------- d-----w- C:\Users\Alan\AppData\Local\{41B757FC-B99A-434C-81C1-99C93E9CE883}
2012-01-31 02:32:17 -------- d-----w- C:\Users\Alan\AppData\Local\{4C2B9B96-AFFE-47D7-A979-335CD91628D4}
2012-01-30 14:23:11 -------- d-----w- C:\Users\Alan\AppData\Local\{8AF60CB4-ACF9-4C69-A63B-2F2306744F42}
2012-01-30 14:22:15 -------- d-----w- C:\Users\Alan\AppData\Local\{923BBF86-EA0B-47CE-AC86-D7FD6DD4A77E}
2012-01-30 02:22:01 -------- d-----w- C:\Users\Alan\AppData\Local\{3E8342D0-DAE8-4291-95E3-ADC6B036D764}
2012-01-30 02:21:25 -------- d-----w- C:\Users\Alan\AppData\Local\{05B02BD1-CFD8-4243-B043-3694DF80A86A}
2012-01-29 13:32:50 -------- d-----w- C:\Users\Alan\AppData\Local\{900DF3B8-037E-4C4D-B701-65251F8CE16A}
2012-01-29 13:32:16 -------- d-----w- C:\Users\Alan\AppData\Local\{A00582EB-DE6E-4F6A-9DDB-7B27C5155C3D}
2012-01-29 01:31:59 -------- d-----w- C:\Users\Alan\AppData\Local\{3936EE58-4273-4C1E-9936-EEBA349BC07C}
2012-01-29 01:31:10 -------- d-----w- C:\Users\Alan\AppData\Local\{91C61615-99DE-4C8D-AED2-7284E37B5607}
2012-01-28 13:06:52 -------- d-----w- C:\Users\Alan\AppData\Local\{9D7E059F-ECB1-4D4D-ADB8-D11BC0157375}
2012-01-27 12:58:12 -------- d-----w- C:\Users\Alan\AppData\Local\{B2A1E75B-3154-4989-A3B5-07D36685D20B}
2012-01-27 12:57:49 -------- d-----w- C:\Users\Alan\AppData\Local\{3367697E-BE8A-47D7-A965-38C870ADC2FB}
2012-01-27 00:57:33 -------- d-----w- C:\Users\Alan\AppData\Local\{58975AEC-88C0-4B44-A0D4-F42889F6DA9A}
2012-01-27 00:56:56 -------- d-----w- C:\Users\Alan\AppData\Local\{21D44495-A3FD-4575-ACB6-0E3CD67B532E}
2012-01-26 12:57:00 -------- d-----w- C:\Users\Alan\AppData\Local\{023D532A-0758-48AF-AC22-C395854C4172}
2012-01-26 00:31:36 -------- d-----w- C:\Users\Alan\AppData\Local\{524E6764-0D76-442B-84BB-BC02D8F8B45D}
2012-01-26 00:30:47 -------- d-----w- C:\Users\Alan\AppData\Local\{552E75FC-F6BC-4F31-9EF8-59218E3764B8}
2012-01-25 12:30:32 -------- d-----w- C:\Users\Alan\AppData\Local\{D072645E-6CD3-4943-B37E-40AF45AD35B8}
2012-01-25 12:29:58 -------- d-----w- C:\Users\Alan\AppData\Local\{50399E78-9CD1-497E-9B0D-965C36C45236}
2012-01-25 00:29:43 -------- d-----w- C:\Users\Alan\AppData\Local\{7AAB2D2C-CD69-4023-A489-4A6F77B2E5CA}
2012-01-25 00:29:23 -------- d-----w- C:\Users\Alan\AppData\Local\{86C7E35B-961C-4634-8E75-B0DA503351B1}
2012-01-24 12:29:06 -------- d-----w- C:\Users\Alan\AppData\Local\{C75EAB49-E797-4505-B6BF-126F43260238}
2012-01-24 12:28:51 -------- d-----w- C:\Users\Alan\AppData\Local\{022F4620-BEE1-4E43-914C-F100D8B97E43}
2012-01-23 18:39:56 -------- d-----w- C:\Users\Alan\AppData\Local\{218131E3-8778-47A7-ADBC-9C518E9C2601}
2012-01-23 13:19:34 -------- d-----w- C:\Users\Alan\AppData\Local\{11A44888-5E61-481D-90D3-71DB189F709D}
2012-01-22 16:49:22 -------- d-----w- C:\Users\Alan\AppData\Local\{FA121E0C-0647-4FC8-BFC5-1CEECEC23EA5}
2012-01-22 16:48:47 -------- d-----w- C:\Users\Alan\AppData\Local\{627AC433-5244-4076-8EA0-92F51DD217C0}
2012-01-22 03:48:23 -------- d-----w- C:\Users\Alan\AppData\Local\{4D1E597D-CC35-4F8B-B332-9A3A6D04D832}
2012-01-22 03:47:43 -------- d-----w- C:\Users\Alan\AppData\Local\{99D7FC4F-B45E-4E93-9504-48E70A9A14C0}
2012-01-21 15:04:02 -------- d-----w- C:\Users\Alan\AppData\Local\{F7EEDA3D-F727-49C9-949D-C891C3BCF296}
2012-01-21 15:03:50 -------- d-----w- C:\Users\Alan\AppData\Local\{3473638E-7F95-4B36-B61E-5E7F149FA3ED}
2012-01-21 03:03:33 -------- d-----w- C:\Users\Alan\AppData\Local\{FA21AAA5-07C5-4F91-BF8D-E1EDB19C4F3D}
2012-01-21 03:03:16 -------- d-----w- C:\Users\Alan\AppData\Local\{382C5CF3-6134-4577-8FD0-EC7EF2E3485B}
2012-01-20 14:28:50 -------- d-----w- C:\Users\Alan\AppData\Local\{16928027-D088-4958-8B3A-99F047E489AB}
2012-01-20 14:28:15 -------- d-----w- C:\Users\Alan\AppData\Local\{152A9873-90D4-4455-9DD9-7CEC524687C5}
2012-01-20 02:27:59 -------- d-----w- C:\Users\Alan\AppData\Local\{E755D6CB-19DD-4771-BABF-0D23F4CAC564}
2012-01-20 02:27:22 -------- d-----w- C:\Users\Alan\AppData\Local\{B71F87BE-CCBD-4B3C-B2B1-4B06EF50DF35}
2012-01-19 14:27:08 -------- d-----w- C:\Users\Alan\AppData\Local\{7B611D87-FFAE-418B-A483-9DEE4863B6BF}
2012-01-19 14:26:41 -------- d-----w- C:\Users\Alan\AppData\Local\{B42148F3-6463-43D7-A02D-D9FF3798A3F9}
2012-01-19 02:01:05 -------- d-----w- C:\Users\Alan\AppData\Local\{9D16B069-485A-4D49-8CC3-B693F0A3530B}
2012-01-19 02:00:18 -------- d-----w- C:\Users\Alan\AppData\Local\{4A996BD0-77C7-48E1-8761-02DC78789B8A}
2012-01-18 13:19:33 -------- d-----w- C:\Users\Alan\AppData\Local\{D4407918-8C53-446A-A1E3-718C243A7CE9}
2012-01-18 13:18:00 -------- d-----w- C:\Users\Alan\AppData\Local\{2E2322BE-ED47-4D3C-896C-AA328FB2468E}
2012-01-18 01:17:44 -------- d-----w- C:\Users\Alan\AppData\Local\{906A66BC-0F99-4CFA-8639-B87308E48FE5}
2012-01-18 01:17:31 -------- d-----w- C:\Users\Alan\AppData\Local\{6FAB168D-7E95-4B84-81BC-A74338CFD609}
2012-01-17 13:17:17 -------- d-----w- C:\Users\Alan\AppData\Local\{0E33EEF9-CE21-4FB6-AAA8-7863E25393D7}
2012-01-17 13:16:29 -------- d-----w- C:\Users\Alan\AppData\Local\{FDD570FD-D8B4-49F5-A076-69FE66414843}
2012-01-16 19:02:24 -------- d-----w- C:\Users\Alan\AppData\Local\{827207FD-C432-4C74-8D31-BFCE1B5CF9EA}
2012-01-16 19:01:08 -------- d-----w- C:\Users\Alan\AppData\Local\{0E50F441-F66C-4703-9FCD-B1D36C342339}
2012-01-16 13:13:55 -------- d-----w- C:\Users\Alan\AppData\Local\{DD30F53E-EC37-4649-BFB3-8441E9401123}
2012-01-15 22:20:00 -------- d-----w- C:\Users\Alan\AppData\Local\{97E69BCA-D8BA-43BD-A5C3-3F4C74418DF1}
2012-01-15 02:14:20 -------- d-----w- C:\Users\Alan\AppData\Local\{3CCAA377-E15F-4CDB-A793-DF58A1910D03}
2012-01-14 14:12:58 -------- d-----w- C:\Users\Alan\AppData\Local\{D7C673B2-B0C1-4990-9647-B5A9FCB755F0}
2012-01-14 14:12:38 -------- d-----w- C:\Users\Alan\AppData\Local\{EE88A8D0-55BB-483B-879E-D116138B8A69}
2012-01-14 02:12:22 -------- d-----w- C:\Users\Alan\AppData\Local\{B99B1642-D79F-47D6-A25B-9C1F1430721A}
2012-01-14 02:11:41 -------- d-----w- C:\Users\Alan\AppData\Local\{EC4199B4-C51F-4F32-8F3C-596087E0DFCD}
2012-01-13 14:11:15 -------- d-----w- C:\Users\Alan\AppData\Local\{26C72186-D995-41E7-8152-EB24168819E1}
2012-01-13 14:10:54 -------- d-----w- C:\Users\Alan\AppData\Local\{7B3E7D34-7746-4353-823B-56DDFCB83B57}
2012-01-13 02:10:39 -------- d-----w- C:\Users\Alan\AppData\Local\{4758CB29-4689-4E33-A2A6-182DA940A99F}
2012-01-13 02:09:59 -------- d-----w- C:\Users\Alan\AppData\Local\{0ACBBBDA-9372-4C3E-B9DD-652FDB6EFAD2}
2012-01-12 14:09:43 -------- d-----w- C:\Users\Alan\AppData\Local\{7A4F4DEE-B397-4452-8270-91271D32A7DE}
2012-01-12 14:09:31 -------- d-----w- C:\Users\Alan\AppData\Local\{A398BC1A-C08D-45B3-91C6-73068A4CAB91}
2012-01-12 02:09:15 -------- d-----w- C:\Users\Alan\AppData\Local\{297D38E1-5E42-4A6D-9564-EE2021B33D18}
2012-01-12 02:09:03 -------- d-----w- C:\Users\Alan\AppData\Local\{4EF4B97E-3B13-4146-BC40-1853D342EF55}
2012-01-11 19:35:52 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 19:35:52 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 19:35:51 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 19:35:50 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 19:34:55 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 19:34:54 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 19:34:35 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 19:34:34 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-11 14:08:49 -------- d-----w- C:\Users\Alan\AppData\Local\{DE848ECC-FD12-4002-8103-8B9D34B8510B}
2012-01-11 14:08:22 -------- d-----w- C:\Users\Alan\AppData\Local\{CFD21CD7-E978-4B2C-B84A-4A0D523D1C6C}
2012-01-10 22:31:54 -------- d-----w- C:\Users\Alan\AppData\Local\{37B3A480-A96C-45CE-827A-7B929B603213}
2012-01-10 22:31:42 -------- d-----w- C:\Users\Alan\AppData\Local\{029E472F-C78F-4D35-8133-FC6AB4110A97}
2012-01-10 20:46:53 -------- d-----w- C:\Users\Alan\.netbeans
2012-01-10 19:30:49 -------- d-----w- C:\Program Files\glassfish-3.1.1
2012-01-10 19:14:26 -------- d-----w- C:\Program Files\NetBeans 7.1
2012-01-10 19:13:14 -------- d-----w- C:\Users\Alan\.nbi
2012-01-10 18:47:57 -------- d-----w- C:\Program Files\Oracle
2012-01-10 18:43:15 750488 ----a-w- C:\windows\System32\npdeployJava1.dll
2012-01-10 18:43:15 660368 ----a-w- C:\windows\System32\deployJava1.dll
2012-01-10 16:50:04 -------- d-----w- C:\Users\Alan\AppData\Local\{64A3A4F2-B792-11D6-A78A-00B0D0160100}
2012-01-10 10:21:52 -------- d-----w- C:\Users\Alan\AppData\Local\{50B8A97E-DA1D-452E-9420-5E4E94C1AFE1}
2012-01-10 10:21:25 -------- d-----w- C:\Users\Alan\AppData\Local\{71154D89-AC12-4414-B3B4-65A3F84F100C}
2012-01-09 21:50:58 -------- d-----w- C:\Users\Alan\AppData\Local\{F3443929-085D-426D-A155-81B6CC034E02}
2012-01-09 21:50:32 -------- d-----w- C:\Users\Alan\AppData\Local\{0DC0D5AA-FA44-4E9B-9760-9BEED83588BD}
2012-01-08 15:23:00 -------- d-----w- C:\Users\Alan\AppData\Local\{0E3E67D2-35C8-450D-AC4B-DFA945B4BE5D}
2012-01-08 15:22:39 -------- d-----w- C:\Users\Alan\AppData\Local\{1A4838CE-1406-454C-B7EB-88F8102EDFAE}
2012-01-08 03:22:25 -------- d-----w- C:\Users\Alan\AppData\Local\{3EC81C3A-3D45-439B-ACE5-EFD2E7B61D46}
2012-01-08 03:22:14 -------- d-----w- C:\Users\Alan\AppData\Local\{F07B14E8-382B-4F0E-88DB-78F14AE6E9D5}
2012-01-07 14:54:37 -------- d-----w- C:\Users\Alan\AppData\Local\{BB529DD2-A8B2-4C25-B13A-437D055A7208}
2012-01-07 14:54:25 -------- d-----w- C:\Users\Alan\AppData\Local\{B540EAFC-BA37-4B90-BFC8-CC7D6F1DEA33}
2012-01-07 02:54:32 -------- d-----w- C:\Users\Alan\AppData\Local\{B4D62326-2155-40AD-9961-5C6EFF5AD8A3}
2012-01-06 16:22:27 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{25192388-8D3D-4E78-827B-B32E1FB27246}\mpengine.dll
2012-01-06 14:36:30 -------- d-----w- C:\Users\Alan\AppData\Local\{88F38E98-D5D5-4C5C-B528-DB090D9A2A41}
2012-01-06 14:35:34 -------- d-----w- C:\Users\Alan\AppData\Local\{488209A0-EE91-445C-A4C0-761B42BE7F2A}
2012-01-06 01:41:58 -------- d-----w- C:\Users\Alan\AppData\Local\{933AC7E5-B155-496B-AF43-027F5A43C3B4}
2012-01-05 13:12:42 -------- d-----w- C:\Users\Alan\AppData\Local\{C3D49DE9-B5C9-4418-85DE-EB9094A7EBD0}
2012-01-05 13:12:26 -------- d-----w- C:\Users\Alan\AppData\Local\{45B2A0AE-88E9-417B-A81A-CA9A0E4CA2B0}
.
==================== Find3M ====================
.
2011-12-29 18:25:03 60 ----a-w- C:\windows\wpd99.drv
2011-12-10 21:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-11-28 18:01:25 41184 ----a-w- C:\windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-19 13:00:21 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-11-19 13:00:21 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-11-15 20:29:56 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-11-11 20:46:57 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 16:05:05 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-11-11 16:05:05 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
.
============= FINISH: 4:57:57.81 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 05 February 2012 - 12:38 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Darcemeus

Darcemeus
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 05 February 2012 - 09:31 PM

Hello, thanks for responding and sorry for the delayed response, had to run some errands. Anyways I didn't really have any problems beyond disabling Avast and combofix not detecting that it was disabled, also my computer took a little longer than usual logging me on but it seems to be working fine so far. (This is till without any of my startup programs or services enabled though so no clue how it'll work after I turn those on again.) Anyways here's the combofix log.

ComboFix 12-02-05.02 - Alan 02/05/2012 8:12.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2869 [GMT -6:00]
Running from: c:\users\Alan\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 14:28 . 2012-02-05 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 14:28 . 2012-02-05 14:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-04 03:30 . 2012-02-04 03:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-02 13:04 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-02-02 13:04 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-02 13:04 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-02 13:04 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-02 13:04 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-02 13:04 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-02-02 13:03 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-02-02 13:03 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-02-02 13:03 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-02-02 13:03 . 2011-11-17 06:35 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-02 13:03 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-02-02 13:03 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-02-02 13:03 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-02-02 13:03 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-02-01 15:08 . 2012-02-01 15:08 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7BD4.tmp
2012-02-01 15:08 . 2012-02-01 15:08 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7B75.tmp
2012-01-11 19:35 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:35 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:35 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:35 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:34 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:34 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 20:46 . 2012-01-10 20:47 -------- d-----w- c:\users\Alan\.netbeans
2012-01-10 19:30 . 2012-01-10 19:32 -------- d-----w- c:\program files\glassfish-3.1.1
2012-01-10 19:14 . 2012-01-10 19:30 -------- d-----w- c:\program files\NetBeans 7.1
2012-01-10 19:13 . 2012-01-10 19:36 -------- d-----w- c:\users\Alan\.nbi
2012-01-10 18:47 . 2012-01-10 18:49 -------- d-----w- c:\program files\Oracle
2012-01-10 18:43 . 2011-11-09 01:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-10 18:43 . 2011-11-09 01:40 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-10 16:51 . 2012-01-10 18:42 -------- d-----w- c:\program files\Java
2012-01-10 16:50 . 2012-01-10 16:50 -------- d-----w- c:\users\Alan\AppData\Local\{64A3A4F2-B792-11D6-A78A-00B0D0160100}
2012-01-06 16:22 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25192388-8D3D-4E78-827B-B32E1FB27246}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2010-10-18 15:09 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-10-26 14:23 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-26 14:23 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-10-26 14:24 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-10-26 14:24 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-26 14:25 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-26 14:25 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-26 14:25 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-26 14:24 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-10-26 14:25 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 14:04 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 13:00 . 2011-11-19 13:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-19 13:00 . 2011-11-19 13:00 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-15 20:29 . 2010-10-08 17:09 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-11 20:46 . 2011-05-15 03:41 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 16:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-11 16:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-05_13.56.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 02:45 . 2012-02-05 14:08 36400 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-05 14:31 39350 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-06 01:38 . 2012-02-05 14:31 14422 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1340885910-2993828923-4109823864-1000_UserData.bin
+ 2010-08-20 04:38 . 2012-02-05 14:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 04:38 . 2012-02-05 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:38 . 2012-02-05 14:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-20 04:38 . 2012-02-05 13:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-05 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-05 14:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-08 19:11 . 2012-02-03 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-08 19:11 . 2012-02-05 14:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-05 14:03 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-10-08 19:11 . 2012-02-03 01:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-08 19:11 . 2012-02-05 14:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-08 19:11 . 2012-02-05 14:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-08 19:11 . 2012-02-03 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-06 01:47 . 2012-02-05 14:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-06 01:47 . 2012-02-03 17:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-06 01:47 . 2012-02-03 17:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-06 01:47 . 2012-02-05 14:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-05 13:55 . 2012-02-05 13:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-05 14:29 . 2012-02-05 14:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-05 14:29 . 2012-02-05 14:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-05 13:55 . 2012-02-05 13:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-02-05 14:13 624352 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-05 14:13 106696 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-02-05 14:28 436984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-03 01:30 436984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-13 03:00 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Alan\AppData\Local\Temp\0032B45.tmp [x]
R3 X6va005;X6va005;c:\users\Alan\AppData\Local\Temp\005B32A.tmp [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R4 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 136176]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-01-17 8704]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-13 332272]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 19:56]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 19:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-13 03:00 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\5545447457563747: NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\6427563786D616E60234F657274797162746: NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C65746779676D24787: NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C696E6B6379737: NameServer = 4.2.2.2,4.2.2.3
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\hfwkdvjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-MajiroApp???? - c:\program files\Tarte\????\UnInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Alan\AppData\Local\Temp\0032B45.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Alan\AppData\Local\Temp\005B32A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1340885910-2993828923-4109823864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1340885910-2993828923-4109823864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1340885910-2993828923-4109823864-1000\Software\Tarte\񣍔󑿀_*龍罷]
"IsInst"="1"
"MultiInstStat"="0"
"InstTo"="c:\\Program Files\\Tarte\\????"
"AbnormalTerminateFlg"="0"
"WinStat"="0"
"FastModeFlg_AR"="1"
"AutoSpeed"="1000"
"MojiSpeed"="1000"
"EffectSpeed"="1000"
"VoiceVolume"="1000"
"MusicVolume"="200"
"SoundVolume"="500"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-02-05 08:36:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-05 14:36
ComboFix2.txt 2012-02-05 14:03
.
Pre-Run: 78,883,528,704 bytes free
Post-Run: 78,825,033,728 bytes free
.
- - End Of File - - AC3AE4059531ACD6F6277F351B8B6C55

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 05 February 2012 - 09:35 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Darcemeus

Darcemeus
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 06 February 2012 - 05:41 AM

Hello, here's the report log, thank you for helping!

04:35:23.0502 2044 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
04:35:23.0954 2044 ============================================================
04:35:23.0954 2044 Current date / time: 2012/02/06 04:35:23.0954
04:35:23.0954 2044 SystemInfo:
04:35:23.0954 2044
04:35:23.0954 2044 OS Version: 6.1.7601 ServicePack: 1.0
04:35:23.0954 2044 Product type: Workstation
04:35:23.0954 2044 ComputerName: ACHRIAS
04:35:23.0954 2044 UserName: Alan
04:35:23.0954 2044 Windows directory: C:\windows
04:35:23.0954 2044 System windows directory: C:\windows
04:35:23.0954 2044 Running under WOW64
04:35:23.0954 2044 Processor architecture: Intel x64
04:35:23.0954 2044 Number of processors: 2
04:35:23.0954 2044 Page size: 0x1000
04:35:23.0954 2044 Boot type: Normal boot
04:35:23.0954 2044 ============================================================
04:35:25.0452 2044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:35:25.0467 2044 \Device\Harddisk0\DR0:
04:35:25.0467 2044 MBR used
04:35:25.0467 2044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23280000
04:35:25.0514 2044 Initialize success
04:35:25.0514 2044 ============================================================
04:35:28.0384 3228 ============================================================
04:35:28.0384 3228 Scan started
04:35:28.0384 3228 Mode: Manual;
04:35:28.0384 3228 ============================================================
04:35:29.0664 3228 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
04:35:29.0679 3228 1394ohci - ok
04:35:29.0804 3228 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
04:35:29.0820 3228 ACPI - ok
04:35:29.0913 3228 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
04:35:29.0913 3228 AcpiPmi - ok
04:35:30.0022 3228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
04:35:30.0022 3228 adp94xx - ok
04:35:30.0147 3228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
04:35:30.0163 3228 adpahci - ok
04:35:30.0256 3228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
04:35:30.0256 3228 adpu320 - ok
04:35:30.0397 3228 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
04:35:30.0412 3228 AFD - ok
04:35:30.0553 3228 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
04:35:30.0568 3228 AgereSoftModem - ok
04:35:30.0631 3228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
04:35:30.0631 3228 agp440 - ok
04:35:30.0787 3228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
04:35:30.0787 3228 aliide - ok
04:35:31.0036 3228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
04:35:31.0036 3228 amdide - ok
04:35:31.0192 3228 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\windows\system32\DRIVERS\amdiox64.sys
04:35:31.0192 3228 amdiox64 - ok
04:35:31.0317 3228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
04:35:31.0317 3228 AmdK8 - ok
04:35:31.0426 3228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
04:35:31.0442 3228 AmdPPM - ok
04:35:31.0504 3228 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
04:35:31.0520 3228 amdsata - ok
04:35:31.0614 3228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
04:35:31.0614 3228 amdsbs - ok
04:35:31.0738 3228 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
04:35:31.0738 3228 amdxata - ok
04:35:31.0879 3228 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
04:35:31.0879 3228 AppID - ok
04:35:32.0035 3228 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
04:35:32.0035 3228 arc - ok
04:35:32.0144 3228 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
04:35:32.0160 3228 arcsas - ok
04:35:32.0284 3228 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\windows\system32\drivers\aswFsBlk.sys
04:35:32.0284 3228 aswFsBlk - ok
04:35:32.0440 3228 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\windows\system32\drivers\aswMonFlt.sys
04:35:32.0440 3228 aswMonFlt - ok
04:35:32.0581 3228 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\windows\system32\drivers\aswRdr.sys
04:35:32.0581 3228 aswRdr - ok
04:35:32.0737 3228 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\windows\system32\drivers\aswSnx.sys
04:35:32.0737 3228 aswSnx - ok
04:35:32.0908 3228 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\windows\system32\drivers\aswSP.sys
04:35:32.0908 3228 aswSP - ok
04:35:33.0064 3228 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\windows\system32\drivers\aswTdi.sys
04:35:33.0064 3228 aswTdi - ok
04:35:33.0111 3228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
04:35:33.0111 3228 AsyncMac - ok
04:35:33.0189 3228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
04:35:33.0189 3228 atapi - ok
04:35:33.0298 3228 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
04:35:33.0314 3228 athr - ok
04:35:33.0595 3228 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\windows\system32\DRIVERS\atikmdag.sys
04:35:33.0642 3228 atikmdag - ok
04:35:33.0766 3228 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
04:35:33.0766 3228 AtiPcie - ok
04:35:33.0922 3228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
04:35:33.0938 3228 b06bdrv - ok
04:35:34.0063 3228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
04:35:34.0063 3228 b57nd60a - ok
04:35:34.0219 3228 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
04:35:34.0219 3228 Beep - ok
04:35:34.0375 3228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
04:35:34.0375 3228 blbdrive - ok
04:35:34.0453 3228 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
04:35:34.0453 3228 bowser - ok
04:35:34.0546 3228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
04:35:34.0546 3228 BrFiltLo - ok
04:35:34.0609 3228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
04:35:34.0609 3228 BrFiltUp - ok
04:35:34.0687 3228 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
04:35:34.0687 3228 BridgeMP - ok
04:35:34.0812 3228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
04:35:34.0827 3228 Brserid - ok
04:35:34.0952 3228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
04:35:34.0952 3228 BrSerWdm - ok
04:35:35.0061 3228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
04:35:35.0061 3228 BrUsbMdm - ok
04:35:35.0077 3228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
04:35:35.0077 3228 BrUsbSer - ok
04:35:35.0233 3228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
04:35:35.0233 3228 BTHMODEM - ok
04:35:35.0264 3228 catchme - ok
04:35:35.0389 3228 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
04:35:35.0389 3228 cdfs - ok
04:35:35.0514 3228 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
04:35:35.0514 3228 cdrom - ok
04:35:35.0654 3228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
04:35:35.0654 3228 circlass - ok
04:35:35.0701 3228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
04:35:35.0701 3228 CLFS - ok
04:35:35.0826 3228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
04:35:35.0826 3228 CmBatt - ok
04:35:35.0872 3228 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
04:35:35.0872 3228 cmdide - ok
04:35:36.0153 3228 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
04:35:36.0153 3228 CNG - ok
04:35:36.0278 3228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
04:35:36.0278 3228 Compbatt - ok
04:35:36.0340 3228 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
04:35:36.0340 3228 CompositeBus - ok
04:35:36.0450 3228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
04:35:36.0450 3228 crcdisk - ok
04:35:36.0621 3228 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
04:35:36.0621 3228 DfsC - ok
04:35:36.0746 3228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
04:35:36.0746 3228 discache - ok
04:35:36.0871 3228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
04:35:36.0871 3228 Disk - ok
04:35:37.0042 3228 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
04:35:37.0042 3228 drmkaud - ok
04:35:37.0183 3228 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\windows\system32\DRIVERS\dtsoftbus01.sys
04:35:37.0183 3228 dtsoftbus01 - ok
04:35:37.0339 3228 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
04:35:37.0339 3228 DXGKrnl - ok
04:35:37.0542 3228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
04:35:37.0573 3228 ebdrv - ok
04:35:37.0713 3228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
04:35:37.0729 3228 elxstor - ok
04:35:37.0838 3228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
04:35:37.0838 3228 ErrDev - ok
04:35:37.0963 3228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
04:35:37.0978 3228 exfat - ok
04:35:38.0072 3228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
04:35:38.0072 3228 fastfat - ok
04:35:38.0197 3228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
04:35:38.0197 3228 fdc - ok
04:35:38.0212 3228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
04:35:38.0228 3228 FileInfo - ok
04:35:38.0306 3228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
04:35:38.0306 3228 Filetrace - ok
04:35:38.0322 3228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
04:35:38.0322 3228 flpydisk - ok
04:35:38.0431 3228 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
04:35:38.0446 3228 FltMgr - ok
04:35:38.0556 3228 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
04:35:38.0571 3228 FsDepends - ok
04:35:38.0712 3228 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
04:35:38.0712 3228 fssfltr - ok
04:35:38.0836 3228 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
04:35:38.0836 3228 Fs_Rec - ok
04:35:38.0914 3228 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
04:35:38.0914 3228 fvevol - ok
04:35:39.0039 3228 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
04:35:39.0039 3228 FwLnk - ok
04:35:39.0148 3228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
04:35:39.0148 3228 gagp30kx - ok
04:35:39.0304 3228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
04:35:39.0304 3228 hcw85cir - ok
04:35:39.0398 3228 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
04:35:39.0398 3228 HdAudAddService - ok
04:35:39.0507 3228 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
04:35:39.0507 3228 HDAudBus - ok
04:35:39.0554 3228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
04:35:39.0554 3228 HidBatt - ok
04:35:39.0632 3228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
04:35:39.0632 3228 HidBth - ok
04:35:39.0663 3228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
04:35:39.0663 3228 HidIr - ok
04:35:39.0788 3228 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
04:35:39.0788 3228 HidUsb - ok
04:35:39.0960 3228 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
04:35:39.0960 3228 HpSAMD - ok
04:35:40.0022 3228 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
04:35:40.0022 3228 HTTP - ok
04:35:40.0116 3228 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
04:35:40.0131 3228 hwpolicy - ok
04:35:40.0209 3228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
04:35:40.0209 3228 i8042prt - ok
04:35:40.0334 3228 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
04:35:40.0350 3228 iaStorV - ok
04:35:40.0459 3228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
04:35:40.0474 3228 iirsp - ok
04:35:40.0662 3228 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
04:35:40.0677 3228 IntcAzAudAddService - ok
04:35:40.0802 3228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
04:35:40.0802 3228 intelide - ok
04:35:40.0911 3228 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
04:35:40.0911 3228 intelppm - ok
04:35:41.0020 3228 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
04:35:41.0036 3228 IpFilterDriver - ok
04:35:41.0130 3228 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
04:35:41.0130 3228 IPMIDRV - ok
04:35:41.0270 3228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
04:35:41.0270 3228 IPNAT - ok
04:35:41.0379 3228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
04:35:41.0395 3228 IRENUM - ok
04:35:41.0426 3228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
04:35:41.0426 3228 isapnp - ok
04:35:41.0520 3228 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
04:35:41.0535 3228 iScsiPrt - ok
04:35:41.0644 3228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
04:35:41.0660 3228 kbdclass - ok
04:35:41.0785 3228 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
04:35:41.0785 3228 kbdhid - ok
04:35:41.0910 3228 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
04:35:41.0925 3228 KSecDD - ok
04:35:42.0003 3228 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
04:35:42.0003 3228 KSecPkg - ok
04:35:42.0081 3228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
04:35:42.0081 3228 ksthunk - ok
04:35:42.0237 3228 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
04:35:42.0237 3228 lltdio - ok
04:35:42.0362 3228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
04:35:42.0362 3228 LSI_FC - ok
04:35:42.0456 3228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
04:35:42.0456 3228 LSI_SAS - ok
04:35:42.0518 3228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
04:35:42.0518 3228 LSI_SAS2 - ok
04:35:42.0643 3228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
04:35:42.0643 3228 LSI_SCSI - ok
04:35:42.0768 3228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
04:35:42.0783 3228 luafv - ok
04:35:42.0799 3228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
04:35:42.0799 3228 megasas - ok
04:35:42.0877 3228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
04:35:42.0892 3228 MegaSR - ok
04:35:42.0986 3228 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
04:35:43.0002 3228 Modem - ok
04:35:43.0126 3228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
04:35:43.0126 3228 monitor - ok
04:35:43.0251 3228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
04:35:43.0251 3228 mouclass - ok
04:35:43.0376 3228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
04:35:43.0376 3228 mouhid - ok
04:35:43.0423 3228 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
04:35:43.0423 3228 mountmgr - ok
04:35:43.0516 3228 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
04:35:43.0516 3228 mpio - ok
04:35:43.0579 3228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
04:35:43.0579 3228 mpsdrv - ok
04:35:43.0672 3228 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
04:35:43.0672 3228 MRxDAV - ok
04:35:43.0782 3228 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
04:35:43.0782 3228 mrxsmb - ok
04:35:43.0844 3228 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
04:35:43.0860 3228 mrxsmb10 - ok
04:35:43.0984 3228 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
04:35:43.0984 3228 mrxsmb20 - ok
04:35:44.0016 3228 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
04:35:44.0016 3228 msahci - ok
04:35:44.0109 3228 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
04:35:44.0109 3228 msdsm - ok
04:35:44.0172 3228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
04:35:44.0172 3228 Msfs - ok
04:35:44.0250 3228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
04:35:44.0265 3228 mshidkmdf - ok
04:35:44.0296 3228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
04:35:44.0296 3228 msisadrv - ok
04:35:44.0421 3228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
04:35:44.0437 3228 MSKSSRV - ok
04:35:44.0546 3228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
04:35:44.0546 3228 MSPCLOCK - ok
04:35:44.0624 3228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
04:35:44.0624 3228 MSPQM - ok
04:35:44.0702 3228 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
04:35:44.0702 3228 MsRPC - ok
04:35:44.0796 3228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
04:35:44.0796 3228 mssmbios - ok
04:35:44.0920 3228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
04:35:44.0920 3228 MSTEE - ok
04:35:44.0936 3228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
04:35:44.0936 3228 MTConfig - ok
04:35:45.0030 3228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
04:35:45.0030 3228 Mup - ok
04:35:45.0154 3228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
04:35:45.0170 3228 NativeWifiP - ok
04:35:45.0264 3228 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
04:35:45.0279 3228 NDIS - ok
04:35:45.0404 3228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
04:35:45.0404 3228 NdisCap - ok
04:35:45.0451 3228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
04:35:45.0451 3228 NdisTapi - ok
04:35:45.0560 3228 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
04:35:45.0560 3228 Ndisuio - ok
04:35:45.0669 3228 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
04:35:45.0669 3228 NdisWan - ok
04:35:45.0716 3228 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
04:35:45.0716 3228 NDProxy - ok
04:35:45.0841 3228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
04:35:45.0841 3228 NetBIOS - ok
04:35:45.0888 3228 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
04:35:45.0888 3228 NetBT - ok
04:35:46.0028 3228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
04:35:46.0028 3228 nfrd960 - ok
04:35:46.0153 3228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
04:35:46.0153 3228 Npfs - ok
04:35:46.0356 3228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
04:35:46.0356 3228 nsiproxy - ok
04:35:46.0543 3228 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
04:35:46.0558 3228 Ntfs - ok
04:35:46.0668 3228 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
04:35:46.0668 3228 Null - ok
04:35:46.0746 3228 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
04:35:46.0746 3228 nvraid - ok
04:35:46.0839 3228 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
04:35:46.0839 3228 nvstor - ok
04:35:46.0964 3228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
04:35:46.0964 3228 nv_agp - ok
04:35:47.0058 3228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
04:35:47.0073 3228 ohci1394 - ok
04:35:47.0182 3228 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
04:35:47.0182 3228 Parport - ok
04:35:47.0292 3228 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
04:35:47.0307 3228 partmgr - ok
04:35:47.0370 3228 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
04:35:47.0370 3228 pci - ok
04:35:47.0479 3228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
04:35:47.0479 3228 pciide - ok
04:35:47.0572 3228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
04:35:47.0588 3228 pcmcia - ok
04:35:47.0619 3228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
04:35:47.0619 3228 pcw - ok
04:35:47.0728 3228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
04:35:47.0728 3228 PEAUTH - ok
04:35:47.0900 3228 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
04:35:47.0900 3228 PGEffect - ok
04:35:48.0056 3228 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
04:35:48.0072 3228 PptpMiniport - ok
04:35:48.0103 3228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
04:35:48.0103 3228 Processor - ok
04:35:48.0259 3228 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
04:35:48.0259 3228 Psched - ok
04:35:48.0399 3228 PTSimBus (b0776cbfe6e5c5fed6ff1547fbd77bd7) C:\windows\system32\DRIVERS\PTSimBus.sys
04:35:48.0399 3228 PTSimBus - ok
04:35:48.0524 3228 PTSimHid (e5fb14783019bacaf5cfc10fc1ad582e) C:\windows\system32\DRIVERS\PTSimHid.sys
04:35:48.0524 3228 PTSimHid - ok
04:35:48.0586 3228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
04:35:48.0586 3228 ql2300 - ok
04:35:48.0664 3228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
04:35:48.0664 3228 ql40xx - ok
04:35:48.0711 3228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
04:35:48.0711 3228 QWAVEdrv - ok
04:35:48.0789 3228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
04:35:48.0789 3228 RasAcd - ok
04:35:48.0867 3228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
04:35:48.0867 3228 RasAgileVpn - ok
04:35:48.0976 3228 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
04:35:48.0976 3228 Rasl2tp - ok
04:35:49.0117 3228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
04:35:49.0117 3228 RasPppoe - ok
04:35:49.0242 3228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
04:35:49.0242 3228 RasSstp - ok
04:35:49.0288 3228 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
04:35:49.0288 3228 rdbss - ok
04:35:49.0382 3228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
04:35:49.0398 3228 rdpbus - ok
04:35:49.0413 3228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
04:35:49.0413 3228 RDPCDD - ok
04:35:49.0538 3228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
04:35:49.0538 3228 RDPENCDD - ok
04:35:49.0554 3228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
04:35:49.0569 3228 RDPREFMP - ok
04:35:49.0632 3228 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
04:35:49.0632 3228 RDPWD - ok
04:35:49.0741 3228 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
04:35:49.0741 3228 rdyboost - ok
04:35:49.0897 3228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
04:35:49.0897 3228 rspndr - ok
04:35:50.0022 3228 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\windows\system32\Drivers\RtsUStor.sys
04:35:50.0022 3228 RSUSBSTOR - ok
04:35:50.0084 3228 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\windows\system32\DRIVERS\Rt64win7.sys
04:35:50.0084 3228 RTL8167 - ok
04:35:50.0224 3228 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
04:35:50.0256 3228 rtl8192se - ok
04:35:50.0349 3228 RtsUIR - ok
04:35:50.0412 3228 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
04:35:50.0412 3228 sbp2port - ok
04:35:50.0521 3228 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
04:35:50.0521 3228 scfilter - ok
04:35:50.0677 3228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
04:35:50.0677 3228 secdrv - ok
04:35:50.0770 3228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
04:35:50.0770 3228 Serenum - ok
04:35:50.0880 3228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
04:35:50.0880 3228 Serial - ok
04:35:50.0973 3228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
04:35:50.0973 3228 sermouse - ok
04:35:51.0067 3228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
04:35:51.0067 3228 sffdisk - ok
04:35:51.0114 3228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
04:35:51.0129 3228 sffp_mmc - ok
04:35:51.0207 3228 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
04:35:51.0207 3228 sffp_sd - ok
04:35:51.0238 3228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
04:35:51.0238 3228 sfloppy - ok
04:35:51.0394 3228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
04:35:51.0410 3228 SiSRaid2 - ok
04:35:51.0426 3228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
04:35:51.0426 3228 SiSRaid4 - ok
04:35:51.0597 3228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
04:35:51.0597 3228 Smb - ok
04:35:51.0738 3228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
04:35:51.0738 3228 spldr - ok
04:35:51.0878 3228 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
04:35:51.0894 3228 srv - ok
04:35:52.0018 3228 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
04:35:52.0018 3228 srv2 - ok
04:35:52.0128 3228 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
04:35:52.0143 3228 srvnet - ok
04:35:52.0284 3228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
04:35:52.0284 3228 stexstor - ok
04:35:52.0408 3228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
04:35:52.0408 3228 swenum - ok
04:35:52.0580 3228 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
04:35:52.0580 3228 SynTP - ok
04:35:52.0611 3228 Tablet2k - ok
04:35:52.0736 3228 TClass2k (f96e9f71f611093e67d8c78a8ccc9a0a) C:\windows\system32\DRIVERS\TClass2k.sys
04:35:52.0752 3228 TClass2k - ok
04:35:52.0908 3228 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
04:35:52.0939 3228 Tcpip - ok
04:35:53.0110 3228 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
04:35:53.0126 3228 TCPIP6 - ok
04:35:53.0235 3228 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
04:35:53.0235 3228 tcpipreg - ok
04:35:53.0360 3228 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
04:35:53.0360 3228 tdcmdpst - ok
04:35:53.0469 3228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
04:35:53.0469 3228 TDPIPE - ok
04:35:53.0532 3228 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
04:35:53.0532 3228 TDTCP - ok
04:35:53.0578 3228 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
04:35:53.0578 3228 tdx - ok
04:35:53.0688 3228 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
04:35:53.0688 3228 TermDD - ok
04:35:53.0922 3228 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
04:35:53.0922 3228 tos_sps64 - ok
04:35:54.0031 3228 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
04:35:54.0031 3228 tssecsrv - ok
04:35:54.0156 3228 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
04:35:54.0156 3228 TsUsbFlt - ok
04:35:54.0296 3228 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
04:35:54.0296 3228 tunnel - ok
04:35:54.0374 3228 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
04:35:54.0374 3228 TVALZ - ok
04:35:54.0499 3228 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
04:35:54.0499 3228 TVALZFL - ok
04:35:54.0592 3228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
04:35:54.0592 3228 uagp35 - ok
04:35:54.0717 3228 UCTblHid (07ab2724e78a094f24e0e90089ef3999) C:\windows\system32\DRIVERS\UCTblHid.sys
04:35:54.0717 3228 UCTblHid - ok
04:35:54.0826 3228 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
04:35:54.0826 3228 udfs - ok
04:35:54.0951 3228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
04:35:54.0951 3228 uliagpkx - ok
04:35:55.0060 3228 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
04:35:55.0076 3228 umbus - ok
04:35:55.0107 3228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
04:35:55.0107 3228 UmPass - ok
04:35:55.0201 3228 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
04:35:55.0201 3228 usbccgp - ok
04:35:55.0279 3228 USBCCID - ok
04:35:55.0388 3228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
04:35:55.0388 3228 usbcir - ok
04:35:55.0450 3228 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
04:35:55.0450 3228 usbehci - ok
04:35:55.0591 3228 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
04:35:55.0591 3228 usbhub - ok
04:35:55.0622 3228 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
04:35:55.0622 3228 usbohci - ok
04:35:55.0716 3228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
04:35:55.0716 3228 usbprint - ok
04:35:55.0825 3228 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
04:35:55.0825 3228 USBSTOR - ok
04:35:55.0918 3228 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
04:35:55.0918 3228 usbuhci - ok
04:35:56.0043 3228 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
04:35:56.0043 3228 usbvideo - ok
04:35:56.0199 3228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
04:35:56.0199 3228 vdrvroot - ok
04:35:56.0324 3228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
04:35:56.0340 3228 vga - ok
04:35:56.0433 3228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
04:35:56.0433 3228 VgaSave - ok
04:35:56.0542 3228 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
04:35:56.0542 3228 vhdmp - ok
04:35:56.0636 3228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
04:35:56.0652 3228 viaide - ok
04:35:56.0683 3228 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
04:35:56.0683 3228 volmgr - ok
04:35:56.0792 3228 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
04:35:56.0808 3228 volmgrx - ok
04:35:56.0917 3228 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
04:35:56.0917 3228 volsnap - ok
04:35:57.0026 3228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
04:35:57.0042 3228 vsmraid - ok
04:35:57.0057 3228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
04:35:57.0073 3228 vwifibus - ok
04:35:57.0182 3228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
04:35:57.0182 3228 vwififlt - ok
04:35:57.0213 3228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
04:35:57.0213 3228 WacomPen - ok
04:35:57.0338 3228 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
04:35:57.0354 3228 WANARP - ok
04:35:57.0369 3228 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
04:35:57.0369 3228 Wanarpv6 - ok
04:35:57.0510 3228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
04:35:57.0510 3228 Wd - ok
04:35:57.0557 3228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
04:35:57.0572 3228 Wdf01000 - ok
04:35:57.0713 3228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
04:35:57.0713 3228 WfpLwf - ok
04:35:57.0744 3228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
04:35:57.0744 3228 WIMMount - ok
04:35:57.0915 3228 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
04:35:57.0915 3228 WinUsb - ok
04:35:58.0071 3228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
04:35:58.0071 3228 WmiAcpi - ok
04:35:58.0227 3228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
04:35:58.0227 3228 ws2ifsl - ok
04:35:58.0368 3228 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
04:35:58.0383 3228 WudfPf - ok
04:35:58.0508 3228 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
04:35:58.0508 3228 WUDFRd - ok
04:35:59.0007 3228 X6va003 - ok
04:35:59.0522 3228 X6va005 - ok
04:35:59.0616 3228 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
04:35:59.0678 3228 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
04:35:59.0741 3228 \Device\Harddisk0\DR0 - ok
04:35:59.0756 3228 Boot (0x1200) (0f7fa043ffa98979f520c713dc8f5830) \Device\Harddisk0\DR0\Partition0
04:35:59.0756 3228 \Device\Harddisk0\DR0\Partition0 - ok
04:35:59.0756 3228 ============================================================
04:35:59.0756 3228 Scan finished
04:35:59.0756 3228 ============================================================
04:35:59.0787 3216 Detected object count: 0
04:35:59.0787 3216 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 06 February 2012 - 03:16 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Darcemeus

Darcemeus
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 06 February 2012 - 07:33 PM

Hello, I ran MBR but it didn't ask me about any extra definitions and then when I stepped away from the laptop for a few minutes to take care of some chores I came back to find that my computer had turned itself off for some reason instead of going to the screen saver and had interrupted the scan, anyways I'm trying to run MBR's quickscan right now and see if I can't get it done before running the full scan.

EDIT:
Okay here's the quickscan results

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-06 18:30:47
-----------------------------
18:30:47.805 OS Version: Windows x64 6.1.7601 Service Pack 1
18:30:47.805 Number of processors: 2 586 0x602
18:30:47.805 ComputerName: ACHRIAS UserName: Alan
18:30:49.677 Initialize success
18:30:50.395 AVAST engine defs: 12020300
18:30:55.153 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:30:55.168 Disk 0 Vendor: FUJITSU_MJA2320BH_G2 00400018 Size: 305245MB BusType: 11
18:30:55.184 Disk 0 MBR read successfully
18:30:55.200 Disk 0 MBR scan
18:30:55.246 Disk 0 Windows VISTA default MBR code
18:30:55.262 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:30:55.309 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288000 MB offset 3074048
18:30:55.340 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15743 MB offset 592898048
18:30:55.340 Service scanning
18:30:56.744 Service Tablet2k C:\windows\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
18:30:57.384 Modules scanning
18:30:57.384 Disk 0 trace - called modules:
18:30:57.415 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:30:57.430 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042db510]
18:30:57.446 3 CLASSPNP.SYS[fffff880019ce43f] -> nt!IofCallDriver -> [0xfffffa80042eb9b0]
18:30:57.462 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80042c5680]
18:30:58.585 AVAST engine scan C:\windows
18:31:03.015 AVAST engine scan C:\windows\system32
18:34:09.794 AVAST engine scan C:\windows\system32\drivers
18:34:20.184 AVAST engine scan C:\Users\Alan
18:44:01.020 AVAST engine scan C:\ProgramData
18:48:40.635 Scan finished successfully
18:50:00.881 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Documents\MBR.dat"
18:50:00.881 The log file has been saved successfully to "C:\Users\Alan\Documents\aswMBR.txt"

Edited by Darcemeus, 06 February 2012 - 07:51 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 06 February 2012 - 08:09 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Darcemeus

Darcemeus
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 06 February 2012 - 08:14 PM

Hello, is this the report you want?

Update for Microsoft Office 2007 (KB2508958)
????
礣orrent
7-Zip 4.65
AC3Filter 1.63b
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Swarm
Amazon Links
AMD VISION Engine Control Center
AOAInstallprogram
Apple Application Support
Apple Software Update
Astroburn Lite
Astroburn Toolbar
avast! Free Antivirus
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Compatibility Pack for the 2007 Office system
Conduit Engine
CosmicBreak_eng
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
DigimonBattle Beta
DivX Setup
Driver Sweeper version 2.5.0
Emil Chronicle Online
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print
EpsonNet Setup
Faerie Solitaire
FATE Undiscovered Realms
Fiesta
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
Grand Fantasia
Hi-Rez Studios Authenticate and Update Service
Hotfix for Office (KB975927)
Java Auto Updater
Java™ 6 Update 20
Java™ SE Development Kit 6 Update 10
Junk Mail filter update
Label@Once 1.0
League of Legends
Left 4 Dead 2
Lightning Warrior Raidy
Luvinia
Malwarebytes Anti-Malware version 1.60.1.1000
Media Go
Media Go Video Playback Engine 1.84.107.07010
Mesh Runtime
Messenger Companion
Metal Fatigue Uninstall
Microsoft AppLocale
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Monopoly
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MyPaint 1.0.0
Mystery P.I. - The Vegas Heist
Neo Steam : The Shattered Continent
NetZero Launcher
Oblivion
Oblivion - Construction Set
Oblivion - Horse Armor Pack
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - The Fighter's Stronghold
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OpenOffice.org 3.2
Pando Media Booster
PDF Settings CS5
Pdf995
PlayStation®Network Downloader
PlayStation®Store
Polar Bowler
Quickbooks Financial Center
QuickTime
Raptr
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
RGSS-RTP Standard
RPGXP
RustyHearts PWE
Safari
Scrabble Plus
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype Launcher
Skype 5.5
StarCraft II
Steam
Super Collapse! 3 Unlimited
Team Fortress 2
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Tribes Ascend Closed Beta
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
Vegas Pro 10.0
Virtual Families
Virtual Villagers - The Secret City
VLC
VLC media player 1.1.5
WhiteSmoke Bar Toolbar
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xfire (remove only)
ZeroOnline

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 06 February 2012 - 08:39 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

礣orrent
Adobe Reader 9.1
Bing Bar
Conduit Engine
DAEMON Tools Toolbar
Java 6 Update 20
Java SE Development Kit 6 Update 10
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Darcemeus

Darcemeus
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 06 February 2012 - 10:34 PM

Hello here's the MBAM log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Alan :: ACHRIAS [administrator]

2/6/2012 9:22:46 PM
mbam-log-2012-02-06 (21-22-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189649
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here's the HjT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:32:11 PM, on 2/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3007394
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8576 bytes

Haven't had any problems so far and the computer seems to be running a bit smoother, though I still haven't turned on my start-up and services items yet.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 06 February 2012 - 10:39 PM

Greetings Darcemeus

Haven't had any problems so far and the computer seems to be running a bit smoother, though I still haven't turned on my start-up and services items yet.

Turn them back on

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

Edited by gringo_pr, 06 February 2012 - 10:39 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Darcemeus

Darcemeus
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 07 February 2012 - 08:04 PM

Hello, here's the ESET scan log, thanks again for your time! =)

C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application
C:\ProgramData\Microsoft\Windows\DRM\7B75.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\7BD4.tmp Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\03.02.2012_21.27.43\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\03.02.2012_21.27.43\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\03.02.2012_21.27.43\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\03.02.2012_21.27.43\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\03.02.2012_21.27.43\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\Alan\AppData\Roaming\OpenCandy\OpenCandy_27AE2F1620284EB4B0EE94478158E90F\GameHouseSupercollapse3_p1v6.exe Win32/OpenCandy application
C:\Users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\crack&keygen.backup rar.rar multiple threats
C:\Users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\Keygen.exe a variant of Win32/Keygen.AR application
C:\Users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\SonyVegasProCRACK.exe probably a variant of Win32/Agent.BCOVDCM trojan
C:\Users\All Users\Microsoft\Windows\DRM\7B75.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\7BD4.tmp Win64/Olmarik.AD trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:54 AM

Posted 08 February 2012 - 12:40 PM

Greetings

There are somethings in the online scan I want to remove so run this scrript for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll
C:\ProgramData\Microsoft\Windows\DRM\7B75.tmp
C:\ProgramData\Microsoft\Windows\DRM\7BD4.tmp
C:\Users\Alan\AppData\Roaming\OpenCandy\OpenCandy_27AE2F1620284EB4B0EE94478158E90F\GameHouseSupercollapse3_p1v6.exe
C:\Users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\crack&keygen.backup rar.rar
C:\Users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\Keygen.exe
C:\Users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\SonyVegasProCRACK.exe
C:\Users\All Users\Microsoft\Windows\DRM\7B75.tmp
C:\Users\All Users\Microsoft\Windows\DRM\7BD4.tmp

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Darcemeus

Darcemeus
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 08 February 2012 - 02:01 PM

Hello, I didn't have any problems beyond combofix once again not detecting that avast had been disabled and the computer seems to be running fine so far after running the script. Anyways here's the report! =)

ComboFix 12-02-05.02 - Alan 02/08/2012 12:27:28.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2177 [GMT -6:00]
Running from: c:\users\Alan\Desktop\ComboFix.exe
Command switches used :: c:\users\Alan\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll"
"c:\programdata\Microsoft\Windows\DRM\7B75.tmp"
"c:\programdata\Microsoft\Windows\DRM\7BD4.tmp"
"c:\users\Alan\AppData\Roaming\OpenCandy\OpenCandy_27AE2F1620284EB4B0EE94478158E90F\GameHouseSupercollapse3_p1v6.exe"
"c:\users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\crack&keygen.backup rar.rar"
"c:\users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\Keygen.exe"
"c:\users\Alan\Favorites\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\SonyVegasProCRACK.exe"
"c:\users\All Users\Microsoft\Windows\DRM\7B75.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\7BD4.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 18:38 . 2012-02-08 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 18:38 . 2012-02-08 18:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-07 12:16 . 2012-02-07 12:16 -------- d-----w- c:\program files (x86)\ESET
2012-02-07 03:30 . 2012-02-07 03:30 388096 ----a-r- c:\users\Alan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-07 03:30 . 2012-02-07 03:30 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-07 03:08 . 2012-02-07 03:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-07 03:08 . 2012-02-07 03:07 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-07 02:30 . 2012-02-07 02:30 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-02-04 03:30 . 2012-02-04 03:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-02 13:04 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-02-02 13:04 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-02 13:04 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-02 13:04 . 2011-11-17 06:44 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-02 13:04 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-02 13:04 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-02-02 13:03 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-02-02 13:03 . 2011-11-17 06:33 31232 ----a-w- c:\windows\system32\lsass.exe
2012-02-02 13:03 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-02-02 13:03 . 2011-11-17 06:35 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-02 13:03 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-02-02 13:03 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-02-02 13:03 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-02-02 13:03 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-02-01 15:08 . 2012-02-01 15:08 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7BD4.tmp
2012-02-01 15:08 . 2012-02-01 15:08 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7B75.tmp
2012-01-11 19:35 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:35 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:35 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:35 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:34 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:34 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:34 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:34 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 20:46 . 2012-01-10 20:47 -------- d-----w- c:\users\Alan\.netbeans
2012-01-10 19:30 . 2012-01-10 19:32 -------- d-----w- c:\program files\glassfish-3.1.1
2012-01-10 19:14 . 2012-01-10 19:30 -------- d-----w- c:\program files\NetBeans 7.1
2012-01-10 19:13 . 2012-01-10 19:36 -------- d-----w- c:\users\Alan\.nbi
2012-01-10 18:47 . 2012-01-10 18:49 -------- d-----w- c:\program files\Oracle
2012-01-10 18:43 . 2011-11-09 01:40 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-10 18:43 . 2011-11-09 01:40 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-10 16:51 . 2012-01-10 18:42 -------- d-----w- c:\program files\Java
2012-01-10 16:50 . 2012-01-10 16:50 -------- d-----w- c:\users\Alan\AppData\Local\{64A3A4F2-B792-11D6-A78A-00B0D0160100}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 03:07 . 2010-10-31 16:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-10 21:24 . 2010-10-18 15:09 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-10-26 14:23 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-26 14:23 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-10-26 14:24 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-10-26 14:24 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-26 14:25 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-26 14:25 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-26 14:25 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-26 14:24 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-10-26 14:25 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 14:04 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-06 16:22 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25192388-8D3D-4E78-827B-B32E1FB27246}\mpengine.dll
2011-11-19 13:00 . 2011-11-19 13:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-19 13:00 . 2011-11-19 13:00 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-15 20:29 . 2010-10-08 17:09 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-11 20:46 . 2011-05-15 03:41 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 16:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-11 16:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-05_13.56.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 02:45 . 2012-02-06 02:26 36568 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-08 18:42 39542 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-06 01:38 . 2012-02-08 18:42 14638 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1340885910-2993828923-4109823864-1000_UserData.bin
- 2010-08-20 04:38 . 2012-02-05 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:38 . 2012-02-08 18:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 04:38 . 2012-02-05 13:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-07 03:13 . 2012-02-08 18:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-05 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-08 18:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-08 19:11 . 2012-02-07 12:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-08 19:11 . 2012-02-03 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-05 14:03 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-10-08 19:11 . 2012-02-03 01:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-08 19:11 . 2012-02-07 12:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-08 19:11 . 2012-02-07 12:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-08 19:11 . 2012-02-03 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-06 01:47 . 2012-02-08 18:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-06 01:47 . 2012-02-03 17:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-06 01:47 . 2012-02-08 18:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-06 01:47 . 2012-02-03 17:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 18:55 . 2011-06-06 18:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
- 2012-02-05 13:55 . 2012-02-05 13:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-08 18:39 . 2012-02-08 18:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-05 13:55 . 2012-02-05 13:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-08 18:39 . 2012-02-08 18:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-07 03:08 . 2012-02-07 03:07 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-02-07 03:08 . 2012-02-07 03:07 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-02-07 03:08 . 2012-02-07 03:07 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 04:54 . 2012-02-03 14:23 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-08 18:39 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-08 18:39 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-03 01:33 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-06 05:20 . 2012-02-08 18:22 293112 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-02-07 12:12 624352 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-07 12:12 106696 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-02-03 01:30 436984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-08 18:38 436984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-07 03:08 . 2012-02-07 03:08 207360 c:\windows\Installer\8732bd.msi
+ 2011-06-06 18:55 . 2011-06-06 18:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2009-07-14 04:54 . 2012-02-08 18:39 1851392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-03 14:23 1851392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-09 01:42 . 2012-02-08 18:38 1312744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-09 06:40 . 2012-02-02 21:53 2868639 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1340885910-2993828923-4109823864-1000-8192.dat
+ 2010-10-09 06:40 . 2012-02-08 18:38 2868639 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1340885910-2993828923-4109823864-1000-8192.dat
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\8732b2.msi
+ 2012-02-07 03:28 . 2012-02-07 03:28 1402880 c:\windows\Installer\100550.msi
+ 2011-06-06 18:55 . 2011-06-06 18:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 18:55 . 2011-06-06 18:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-02-07 03:07 . 2012-02-07 03:07 12905472 c:\windows\Installer\8732b8.msi
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\8732b3.msp
+ 2011-06-06 18:55 . 2011-06-06 18:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-13 03:00 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="c:\users\Alan\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
.
c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 136176]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 136176]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Alan\AppData\Local\Temp\0032B45.tmp [x]
R3 X6va005;X6va005;c:\users\Alan\AppData\Local\Temp\005B32A.tmp [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R4 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-13 332272]
R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 19:56]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-06 19:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-13 03:00 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\5545447457563747: NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\6427563786D616E60234F657274797162746: NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C65746779676D24787: NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{0447CEFC-F748-4FA9-B2FD-8EE7622B4D3F}\C696E6B6379737: NameServer = 4.2.2.2,4.2.2.3
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\hfwkdvjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-MajiroApp???? - c:\program files\Tarte\????\UnInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Alan\AppData\Local\Temp\0032B45.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Alan\AppData\Local\Temp\005B32A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1340885910-2993828923-4109823864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1340885910-2993828923-4109823864-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1340885910-2993828923-4109823864-1000\Software\Tarte\񣍔󑿀_*龍罷]
"IsInst"="1"
"MultiInstStat"="0"
"InstTo"="c:\\Program Files\\Tarte\\????"
"AbnormalTerminateFlg"="0"
"WinStat"="0"
"FastModeFlg_AR"="1"
"AutoSpeed"="1000"
"MojiSpeed"="1000"
"EffectSpeed"="1000"
"VoiceVolume"="1000"
"MusicVolume"="200"
"SoundVolume"="500"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\System32\Drivers\WTSRV.EXE
.
**************************************************************************
.
Completion time: 2012-02-08 12:52:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-08 18:52
ComboFix2.txt 2012-02-05 14:37
ComboFix3.txt 2012-02-05 14:03
.
Pre-Run: 70,072,877,056 bytes free
Post-Run: 69,967,966,208 bytes free
.
- - End Of File - - 5EE7F629CE1BDD536E25C26D5C1FFC54




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users