Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something that stops my computer


  • This topic is locked This topic is locked
26 replies to this topic

#1 NinjaTaco

NinjaTaco

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 14 February 2012 - 10:32 AM

Hi all,

I am trying to help my parents with their laptop, it has some sort of malware or virus that suddenly takes over the computer.
I have pasted the DDS log and attached the ATTACH.txt as per the prep guide.

If you can provide any sort of direction I would certainly appreciate it.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7600.16385
Run by Acer at 10:21:45 on 2012-02-14
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3001.1650 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\FortiSslvpnDaemon.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McUICnt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ihanotify] C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe BalloonCount=1012 RunNotify=fios BalloonMsg=init
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://216.244.124.18:10443/sslvpn.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9E0F8FF4-15E9-4021-9462-E79AB778616E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9E0F8FF4-15E9-4021-9462-E79AB778616E}\0516E64697160275962756C6563737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5} : DhcpNameServer = 192.168.147.8 192.168.148.4
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll
BHO-X64:     Trend Micro NSC BHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
BHO-X64:     TmBpIeBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 tmevtmgr;tmevtmgr;C:\windows\system32\DRIVERS\tmevtmgr.sys --> C:\windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-1-22 275912]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-24 844320]
R2 FortiSslvpnDaemon;FortiSslvpnDaemon;C:\Windows\System32\FortiSslvpnDaemon.exe [2011-6-7 510496]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 290832]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-15 652360]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-3-4 517632]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-2-1 206120]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-6 2337144]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-2-1 185640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 pppop;PPPoP WAN Adapter;C:\windows\system32\DRIVERS\pppop64.sys --> C:\windows\system32\DRIVERS\pppop64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-3 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-3 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-14 15:05:13	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-01-31 01:07:50	98816	----a-w-	C:\windows\sed.exe
2012-01-31 01:07:50	518144	----a-w-	C:\windows\SWREG.exe
2012-01-31 01:07:50	256000	----a-w-	C:\windows\PEV.exe
2012-01-31 01:07:50	208896	----a-w-	C:\windows\MBR.exe
2012-01-31 01:07:46	--------	d-s---w-	C:\ComboFix
2012-01-22 18:47:49	--------	d-----w-	C:\temp
2012-01-22 18:27:59	--------	d-----w-	C:\Users\Acer\AppData\Local\Trend Micro
2012-01-22 18:27:39	21520	----a-w-	C:\windows\DCEBoot64.exe
2012-01-22 18:18:11	105744	----a-w-	C:\windows\System32\drivers\tmtdi.sys
2012-01-22 18:17:33	91920	----a-w-	C:\windows\System32\drivers\tmactmon.sys
2012-01-22 18:17:33	70928	----a-w-	C:\windows\System32\drivers\tmevtmgr.sys
2012-01-22 18:17:33	167696	----a-w-	C:\windows\System32\drivers\tmcomm.sys
2012-01-22 18:14:48	56	----a-w-	C:\windows\System32\SupportTool.exe.bat
2012-01-22 18:13:10	--------	d-----w-	C:\Program Files\Trend Micro
2012-01-22 18:12:23	--------	d-----w-	C:\ProgramData\Trend Micro
2012-01-15 23:36:30	--------	d-----w-	C:\Users\Acer\AppData\Roaming\Malwarebytes
2012-01-15 23:36:22	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-01-15 23:36:21	23152	----a-w-	C:\windows\System32\drivers\mbam.sys
2012-01-15 23:36:21	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2011-11-24 05:00:47	3141632	----a-w-	C:\windows\System32\win32k.sys
2011-11-19 15:07:41	77312	----a-w-	C:\windows\System32\packager.dll
2011-11-19 14:06:13	67072	----a-w-	C:\windows\SysWow64\packager.dll
2011-11-17 07:14:10	1739160	----a-w-	C:\windows\System32\ntdll.dll
2011-11-17 05:41:38	1292592	----a-w-	C:\windows\SysWow64\ntdll.dll
.
============= FINISH: 10:22:37.57 ===============



Thank you & Kind regards,
Abby

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 16 February 2012 - 11:09 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NinjaTaco

NinjaTaco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 February 2012 - 01:04 PM

Dear Gringo,

Thank you for your help!

Kindly note, Combo Fix requested I turn off Ad Aware. I uninstalled the program completely, and it still requests that I disable it.
Here is the report:

ComboFix 12-02-16.02 - Acer 02/16/2012 12:12:30.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3001.1785 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
---- Previous Run -------
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\system32\consrv.dll
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 17:23 . 2012-02-16 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 17:23 . 2012-02-16 17:23 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-01-23 02:40 . 2012-01-23 02:40 -------- d-----w- c:\users\admin\AppData\Roaming\Apple Computer
2012-01-22 18:47 . 2012-01-22 18:47 -------- d-----w- C:\temp
2012-01-22 18:27 . 2012-01-22 18:27 -------- d-----w- c:\users\Acer\AppData\Local\Trend Micro
2012-01-22 18:27 . 2012-01-31 01:01 21520 ----a-w- c:\windows\DCEBoot64.exe
2012-01-22 18:18 . 2011-08-02 20:45 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-01-22 18:17 . 2011-07-12 11:13 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-01-22 18:17 . 2011-07-12 11:13 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-01-22 18:17 . 2011-07-12 11:13 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-01-22 18:14 . 2012-01-22 18:14 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-01-22 18:13 . 2012-01-22 18:14 -------- d-----w- c:\program files\Trend Micro
2012-01-22 18:12 . 2012-01-22 18:27 -------- d-----w- c:\programdata\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2012-01-15 23:36 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-14 01:34 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-14 02:33 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73A7FC72-6635-43A0-831D-172304C4F835}\mpengine.dll
2011-11-19 15:07 . 2012-01-11 01:40 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ihanotify"="c:\program files (x86)\Verizon\FiOS\ihs\IHANotify.exe" [2010-12-28 237568]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 01:55]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cceb29e5ad6158.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04 01:55]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925948597-774147762-3265653811-1000Core.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 06:16]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925948597-774147762-3265653811-1000UA.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 06:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-08 200704]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-08-02 204048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://216.244.124.18:10443/sslvpn.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-combofix - c:\combofix\CF14691.3XE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\FortiSslvpnDaemon.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-02-16 12:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 17:51
.
Pre-Run: 269,382,246,400 bytes free
Post-Run: 269,231,824,896 bytes free
.
- - End Of File - - 47B7E36143EDD00AD42AE12CF342744A




The computer is still showing the same behaviors, I have not connected it to the internet and am using another system to communicate with you and download software as required.
Even when Idle the cpu usage randomly goes up to 99% and remains in that area for a few minutes, then back down, and up again.

Please take a look, I thank you in advance!
-Abby

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 16 February 2012 - 01:38 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NinjaTaco

NinjaTaco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 February 2012 - 03:19 PM

Thank you Gringo,

Here is the TDS report:


14:47:40.0305 3708 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
14:47:40.0383 3708 ============================================================
14:47:40.0383 3708 Current date / time: 2012/02/16 14:47:40.0383
14:47:40.0383 3708 SystemInfo:
14:47:40.0383 3708
14:47:40.0383 3708 OS Version: 6.1.7600 ServicePack: 0.0
14:47:40.0383 3708 Product type: Workstation
14:47:40.0383 3708 ComputerName: ACER-PC
14:47:40.0383 3708 UserName: Acer
14:47:40.0383 3708 Windows directory: C:\windows
14:47:40.0383 3708 System windows directory: C:\windows
14:47:40.0383 3708 Running under WOW64
14:47:40.0383 3708 Processor architecture: Intel x64
14:47:40.0383 3708 Number of processors: 2
14:47:40.0383 3708 Page size: 0x1000
14:47:40.0383 3708 Boot type: Normal boot
14:47:40.0383 3708 ============================================================
14:47:45.0048 3708 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:47:45.0063 3708 Drive \Device\Harddisk1\DR1 - Size: 0x77E0000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:47:45.0063 3708 \Device\Harddisk0\DR0:
14:47:45.0063 3708 MBR used
14:47:45.0063 3708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
14:47:45.0063 3708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8B800
14:47:45.0063 3708 \Device\Harddisk1\DR1:
14:47:45.0063 3708 MBR used
14:47:45.0063 3708 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3BEE0
14:47:45.0095 3708 Initialize success
14:47:45.0095 3708 ============================================================
14:47:51.0631 3232 ============================================================
14:47:51.0631 3232 Scan started
14:47:51.0631 3232 Mode: Manual;
14:47:51.0631 3232 ============================================================
14:47:52.0473 3232 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
14:47:52.0489 3232 1394ohci - ok
14:47:52.0614 3232 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
14:47:52.0629 3232 ACPI - ok
14:47:52.0754 3232 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
14:47:52.0770 3232 AcpiPmi - ok
14:47:52.0895 3232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
14:47:52.0910 3232 adp94xx - ok
14:47:53.0051 3232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
14:47:53.0066 3232 adpahci - ok
14:47:53.0207 3232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
14:47:53.0222 3232 adpu320 - ok
14:47:53.0378 3232 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
14:47:53.0409 3232 AFD - ok
14:47:53.0550 3232 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\windows\system32\DRIVERS\agrsm64.sys
14:47:53.0597 3232 AgereSoftModem - ok
14:47:53.0737 3232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
14:47:53.0753 3232 agp440 - ok
14:47:53.0877 3232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
14:47:53.0893 3232 aliide - ok
14:47:53.0940 3232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
14:47:53.0940 3232 amdide - ok
14:47:54.0065 3232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
14:47:54.0080 3232 AmdK8 - ok
14:47:54.0096 3232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
14:47:54.0096 3232 AmdPPM - ok
14:47:54.0158 3232 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
14:47:54.0174 3232 amdsata - ok
14:47:54.0267 3232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
14:47:54.0283 3232 amdsbs - ok
14:47:54.0408 3232 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
14:47:54.0439 3232 amdxata - ok
14:47:54.0595 3232 ApfiltrService - ok
14:47:54.0673 3232 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
14:47:54.0673 3232 AppID - ok
14:47:54.0907 3232 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
14:47:54.0907 3232 arc - ok
14:47:54.0969 3232 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
14:47:54.0985 3232 arcsas - ok
14:47:55.0063 3232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:47:55.0079 3232 AsyncMac - ok
14:47:55.0172 3232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
14:47:55.0188 3232 atapi - ok
14:47:55.0313 3232 athr (5d4529ac4156e16bedb01441ae0cf984) C:\windows\system32\DRIVERS\athrx.sys
14:47:55.0359 3232 athr - ok
14:47:55.0515 3232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
14:47:55.0547 3232 b06bdrv - ok
14:47:55.0656 3232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:47:55.0671 3232 b57nd60a - ok
14:47:55.0859 3232 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\windows\system32\DRIVERS\bcmwl664.sys
14:47:55.0905 3232 BCM43XX - ok
14:47:55.0952 3232 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:47:55.0968 3232 Beep - ok
14:47:56.0061 3232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:47:56.0077 3232 blbdrive - ok
14:47:56.0264 3232 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
14:47:56.0280 3232 bowser - ok
14:47:56.0358 3232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:47:56.0358 3232 BrFiltLo - ok
14:47:56.0373 3232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:47:56.0389 3232 BrFiltUp - ok
14:47:56.0436 3232 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
14:47:56.0451 3232 BridgeMP - ok
14:47:56.0483 3232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:47:56.0498 3232 Brserid - ok
14:47:56.0514 3232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:47:56.0529 3232 BrSerWdm - ok
14:47:56.0545 3232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:47:56.0545 3232 BrUsbMdm - ok
14:47:56.0561 3232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:47:56.0576 3232 BrUsbSer - ok
14:47:56.0654 3232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
14:47:56.0670 3232 BTHMODEM - ok
14:47:56.0717 3232 catchme - ok
14:47:56.0748 3232 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:47:56.0763 3232 cdfs - ok
14:47:56.0810 3232 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
14:47:56.0826 3232 cdrom - ok
14:47:56.0857 3232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
14:47:56.0873 3232 circlass - ok
14:47:56.0919 3232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:47:56.0935 3232 CLFS - ok
14:47:57.0029 3232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:47:57.0044 3232 CmBatt - ok
14:47:57.0060 3232 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
14:47:57.0075 3232 cmdide - ok
14:47:57.0107 3232 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
14:47:57.0138 3232 CNG - ok
14:47:57.0185 3232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
14:47:57.0185 3232 Compbatt - ok
14:47:57.0231 3232 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
14:47:57.0231 3232 CompositeBus - ok
14:47:57.0278 3232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
14:47:57.0294 3232 crcdisk - ok
14:47:57.0372 3232 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
14:47:57.0387 3232 ctxusbm - ok
14:47:57.0450 3232 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
14:47:57.0481 3232 DfsC - ok
14:47:57.0512 3232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:47:57.0528 3232 discache - ok
14:47:57.0559 3232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
14:47:57.0590 3232 Disk - ok
14:47:57.0606 3232 DKbFltr - ok
14:47:57.0653 3232 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:47:57.0668 3232 drmkaud - ok
14:47:57.0731 3232 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
14:47:57.0777 3232 DXGKrnl - ok
14:47:57.0871 3232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
14:47:57.0996 3232 ebdrv - ok
14:47:58.0027 3232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
14:47:58.0058 3232 elxstor - ok
14:47:58.0121 3232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
14:47:58.0121 3232 ErrDev - ok
14:47:58.0152 3232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:47:58.0183 3232 exfat - ok
14:47:58.0199 3232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:47:58.0199 3232 fastfat - ok
14:47:58.0230 3232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
14:47:58.0245 3232 fdc - ok
14:47:58.0277 3232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:47:58.0292 3232 FileInfo - ok
14:47:58.0323 3232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:47:58.0339 3232 Filetrace - ok
14:47:58.0355 3232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
14:47:58.0355 3232 flpydisk - ok
14:47:58.0386 3232 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
14:47:58.0417 3232 FltMgr - ok
14:47:58.0464 3232 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:47:58.0464 3232 FsDepends - ok
14:47:58.0495 3232 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
14:47:58.0511 3232 Fs_Rec - ok
14:47:58.0573 3232 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
14:47:58.0589 3232 fvevol - ok
14:47:58.0620 3232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
14:47:58.0635 3232 gagp30kx - ok
14:47:58.0698 3232 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:58.0698 3232 GEARAspiWDM - ok
14:47:58.0807 3232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:47:58.0823 3232 hcw85cir - ok
14:47:58.0854 3232 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
14:47:58.0885 3232 HdAudAddService - ok
14:47:58.0916 3232 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:47:58.0932 3232 HDAudBus - ok
14:47:58.0947 3232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
14:47:58.0947 3232 HidBatt - ok
14:47:58.0963 3232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
14:47:58.0979 3232 HidBth - ok
14:47:58.0994 3232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
14:47:59.0010 3232 HidIr - ok
14:47:59.0057 3232 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
14:47:59.0072 3232 HidUsb - ok
14:47:59.0103 3232 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
14:47:59.0119 3232 HpSAMD - ok
14:47:59.0197 3232 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
14:47:59.0228 3232 HTTP - ok
14:47:59.0259 3232 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
14:47:59.0259 3232 hwpolicy - ok
14:47:59.0322 3232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:47:59.0337 3232 i8042prt - ok
14:47:59.0415 3232 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys
14:47:59.0415 3232 iaStor - ok
14:47:59.0462 3232 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
14:47:59.0478 3232 iaStorV - ok
14:47:59.0696 3232 igfx (dfeaf0a1d98d397035012c8e28d1520f) C:\windows\system32\DRIVERS\igdkmd64.sys
14:47:59.0915 3232 igfx - ok
14:48:00.0055 3232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
14:48:00.0071 3232 iirsp - ok
14:48:00.0195 3232 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\windows\system32\drivers\RTKVHD64.sys
14:48:00.0258 3232 IntcAzAudAddService - ok
14:48:00.0289 3232 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\windows\system32\drivers\IntcHdmi.sys
14:48:00.0305 3232 IntcHdmiAddService - ok
14:48:00.0336 3232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
14:48:00.0351 3232 intelide - ok
14:48:00.0398 3232 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:48:00.0414 3232 intelppm - ok
14:48:00.0445 3232 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:48:00.0461 3232 IpFilterDriver - ok
14:48:00.0492 3232 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
14:48:00.0507 3232 IPMIDRV - ok
14:48:00.0539 3232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:48:00.0554 3232 IPNAT - ok
14:48:00.0585 3232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:48:00.0601 3232 IRENUM - ok
14:48:00.0617 3232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
14:48:00.0632 3232 isapnp - ok
14:48:00.0648 3232 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
14:48:00.0663 3232 iScsiPrt - ok
14:48:00.0726 3232 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\windows\system32\DRIVERS\k57nd60a.sys
14:48:00.0757 3232 k57nd60a - ok
14:48:00.0788 3232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:48:00.0804 3232 kbdclass - ok
14:48:00.0851 3232 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
14:48:00.0882 3232 kbdhid - ok
14:48:00.0913 3232 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
14:48:00.0913 3232 KSecDD - ok
14:48:00.0960 3232 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
14:48:00.0975 3232 KSecPkg - ok
14:48:01.0022 3232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:48:01.0022 3232 ksthunk - ok
14:48:01.0069 3232 L1E (2ac603c3188c704cfce353659aa7ad71) C:\windows\system32\DRIVERS\L1E62x64.sys
14:48:01.0085 3232 L1E - ok
14:48:01.0178 3232 Lavasoft Kernexplorer - ok
14:48:01.0225 3232 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\windows\system32\DRIVERS\Lbd.sys
14:48:01.0241 3232 Lbd - ok
14:48:01.0303 3232 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:48:01.0319 3232 lltdio - ok
14:48:01.0381 3232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
14:48:01.0397 3232 LSI_FC - ok
14:48:01.0412 3232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
14:48:01.0428 3232 LSI_SAS - ok
14:48:01.0443 3232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:48:01.0459 3232 LSI_SAS2 - ok
14:48:01.0475 3232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:48:01.0490 3232 LSI_SCSI - ok
14:48:01.0521 3232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:48:01.0537 3232 luafv - ok
14:48:01.0568 3232 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
14:48:01.0584 3232 MBAMProtector - ok
14:48:01.0677 3232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
14:48:01.0693 3232 megasas - ok
14:48:01.0709 3232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
14:48:01.0724 3232 MegaSR - ok
14:48:01.0755 3232 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:48:01.0771 3232 Modem - ok
14:48:01.0818 3232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:48:01.0818 3232 monitor - ok
14:48:01.0865 3232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:48:01.0865 3232 mouclass - ok
14:48:01.0880 3232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:48:01.0896 3232 mouhid - ok
14:48:01.0927 3232 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
14:48:01.0943 3232 mountmgr - ok
14:48:01.0974 3232 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
14:48:01.0989 3232 mpio - ok
14:48:02.0005 3232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:48:02.0021 3232 mpsdrv - ok
14:48:02.0099 3232 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
14:48:02.0099 3232 MRxDAV - ok
14:48:02.0145 3232 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
14:48:02.0161 3232 mrxsmb - ok
14:48:02.0208 3232 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:48:02.0208 3232 mrxsmb10 - ok
14:48:02.0270 3232 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:48:02.0286 3232 mrxsmb20 - ok
14:48:02.0301 3232 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
14:48:02.0317 3232 msahci - ok
14:48:02.0333 3232 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
14:48:02.0348 3232 msdsm - ok
14:48:02.0379 3232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:48:02.0395 3232 Msfs - ok
14:48:02.0426 3232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:48:02.0426 3232 mshidkmdf - ok
14:48:02.0457 3232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
14:48:02.0473 3232 msisadrv - ok
14:48:02.0504 3232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:48:02.0520 3232 MSKSSRV - ok
14:48:02.0535 3232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:48:02.0551 3232 MSPCLOCK - ok
14:48:02.0582 3232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:48:02.0582 3232 MSPQM - ok
14:48:02.0613 3232 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
14:48:02.0645 3232 MsRPC - ok
14:48:02.0660 3232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:48:02.0676 3232 mssmbios - ok
14:48:02.0691 3232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:48:02.0707 3232 MSTEE - ok
14:48:02.0723 3232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
14:48:02.0723 3232 MTConfig - ok
14:48:02.0769 3232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:48:02.0785 3232 Mup - ok
14:48:02.0816 3232 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\windows\system32\DRIVERS\mwlPSDFilter.sys
14:48:02.0832 3232 mwlPSDFilter - ok
14:48:02.0847 3232 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\windows\system32\DRIVERS\mwlPSDNServ.sys
14:48:02.0863 3232 mwlPSDNServ - ok
14:48:02.0879 3232 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
14:48:02.0910 3232 mwlPSDVDisk - ok
14:48:02.0988 3232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:48:03.0019 3232 NativeWifiP - ok
14:48:03.0081 3232 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
14:48:03.0128 3232 NDIS - ok
14:48:03.0159 3232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:48:03.0191 3232 NdisCap - ok
14:48:03.0237 3232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:48:03.0237 3232 NdisTapi - ok
14:48:03.0284 3232 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
14:48:03.0300 3232 Ndisuio - ok
14:48:03.0315 3232 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
14:48:03.0347 3232 NdisWan - ok
14:48:03.0378 3232 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
14:48:03.0393 3232 NDProxy - ok
14:48:03.0425 3232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:48:03.0440 3232 NetBIOS - ok
14:48:03.0456 3232 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
14:48:03.0487 3232 NetBT - ok
14:48:03.0534 3232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
14:48:03.0534 3232 nfrd960 - ok
14:48:03.0581 3232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:48:03.0596 3232 Npfs - ok
14:48:03.0627 3232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:48:03.0627 3232 nsiproxy - ok
14:48:03.0705 3232 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
14:48:03.0768 3232 Ntfs - ok
14:48:03.0861 3232 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
14:48:03.0877 3232 NTIDrvr - ok
14:48:03.0924 3232 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:48:03.0924 3232 Null - ok
14:48:03.0986 3232 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
14:48:04.0002 3232 nvraid - ok
14:48:04.0033 3232 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
14:48:04.0033 3232 nvstor - ok
14:48:04.0080 3232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
14:48:04.0095 3232 nv_agp - ok
14:48:04.0111 3232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
14:48:04.0127 3232 ohci1394 - ok
14:48:04.0173 3232 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
14:48:04.0189 3232 Parport - ok
14:48:04.0205 3232 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
14:48:04.0220 3232 partmgr - ok
14:48:04.0251 3232 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
14:48:04.0267 3232 pci - ok
14:48:04.0283 3232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
14:48:04.0298 3232 pciide - ok
14:48:04.0314 3232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
14:48:04.0329 3232 pcmcia - ok
14:48:04.0361 3232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:48:04.0376 3232 pcw - ok
14:48:04.0407 3232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:48:04.0439 3232 PEAUTH - ok
14:48:04.0563 3232 pppop (adcb0e48d9ca816255ac0999f433c9c8) C:\windows\system32\DRIVERS\pppop64.sys
14:48:04.0579 3232 pppop - ok
14:48:04.0610 3232 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
14:48:04.0626 3232 PptpMiniport - ok
14:48:04.0641 3232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
14:48:04.0673 3232 Processor - ok
14:48:04.0735 3232 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
14:48:04.0751 3232 Psched - ok
14:48:04.0797 3232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
14:48:04.0860 3232 ql2300 - ok
14:48:04.0875 3232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
14:48:04.0891 3232 ql40xx - ok
14:48:04.0907 3232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:48:04.0938 3232 QWAVEdrv - ok
14:48:04.0953 3232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:48:04.0953 3232 RasAcd - ok
14:48:05.0016 3232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:48:05.0016 3232 RasAgileVpn - ok
14:48:05.0047 3232 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
14:48:05.0063 3232 Rasl2tp - ok
14:48:05.0078 3232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:48:05.0094 3232 RasPppoe - ok
14:48:05.0141 3232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:48:05.0156 3232 RasSstp - ok
14:48:05.0172 3232 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
14:48:05.0203 3232 rdbss - ok
14:48:05.0219 3232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
14:48:05.0234 3232 rdpbus - ok
14:48:05.0265 3232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:48:05.0281 3232 RDPCDD - ok
14:48:05.0328 3232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:48:05.0343 3232 RDPENCDD - ok
14:48:05.0359 3232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:48:05.0375 3232 RDPREFMP - ok
14:48:05.0390 3232 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
14:48:05.0406 3232 RDPWD - ok
14:48:05.0437 3232 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
14:48:05.0453 3232 rdyboost - ok
14:48:05.0546 3232 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys
14:48:05.0562 3232 RimUsb - ok
14:48:05.0609 3232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:48:05.0624 3232 rspndr - ok
14:48:05.0655 3232 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\windows\system32\Drivers\RtsUStor.sys
14:48:05.0671 3232 RSUSBSTOR - ok
14:48:05.0702 3232 RtsUIR - ok
14:48:05.0733 3232 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
14:48:05.0733 3232 sbp2port - ok
14:48:05.0780 3232 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
14:48:05.0780 3232 scfilter - ok
14:48:05.0858 3232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:48:05.0858 3232 secdrv - ok
14:48:05.0889 3232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
14:48:05.0905 3232 Serenum - ok
14:48:05.0952 3232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
14:48:05.0967 3232 Serial - ok
14:48:05.0983 3232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
14:48:05.0983 3232 sermouse - ok
14:48:06.0014 3232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
14:48:06.0030 3232 sffdisk - ok
14:48:06.0045 3232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
14:48:06.0045 3232 sffp_mmc - ok
14:48:06.0061 3232 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
14:48:06.0077 3232 sffp_sd - ok
14:48:06.0092 3232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
14:48:06.0108 3232 sfloppy - ok
14:48:06.0139 3232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:48:06.0139 3232 SiSRaid2 - ok
14:48:06.0155 3232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
14:48:06.0201 3232 SiSRaid4 - ok
14:48:06.0233 3232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:48:06.0248 3232 Smb - ok
14:48:06.0326 3232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:48:06.0326 3232 spldr - ok
14:48:06.0404 3232 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
14:48:06.0435 3232 srv - ok
14:48:06.0467 3232 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
14:48:06.0498 3232 srv2 - ok
14:48:06.0529 3232 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
14:48:06.0545 3232 srvnet - ok
14:48:06.0591 3232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
14:48:06.0607 3232 stexstor - ok
14:48:06.0654 3232 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
14:48:06.0669 3232 StillCam - ok
14:48:06.0685 3232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:48:06.0701 3232 swenum - ok
14:48:06.0763 3232 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\windows\system32\DRIVERS\SynTP.sys
14:48:06.0779 3232 SynTP - ok
14:48:06.0888 3232 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
14:48:06.0950 3232 Tcpip - ok
14:48:07.0028 3232 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
14:48:07.0044 3232 TCPIP6 - ok
14:48:07.0075 3232 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
14:48:07.0091 3232 tcpipreg - ok
14:48:07.0137 3232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:48:07.0137 3232 TDPIPE - ok
14:48:07.0153 3232 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
14:48:07.0169 3232 TDTCP - ok
14:48:07.0200 3232 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
14:48:07.0200 3232 tdx - ok
14:48:07.0262 3232 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
14:48:07.0293 3232 TermDD - ok
14:48:07.0356 3232 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\windows\system32\DRIVERS\tmactmon.sys
14:48:07.0371 3232 tmactmon - ok
14:48:07.0418 3232 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\windows\system32\DRIVERS\tmcomm.sys
14:48:07.0434 3232 tmcomm - ok
14:48:07.0481 3232 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\windows\system32\DRIVERS\tmevtmgr.sys
14:48:07.0496 3232 tmevtmgr - ok
14:48:07.0559 3232 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\windows\system32\DRIVERS\tmtdi.sys
14:48:07.0574 3232 tmtdi - ok
14:48:07.0605 3232 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
14:48:07.0637 3232 tssecsrv - ok
14:48:07.0683 3232 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
14:48:07.0699 3232 tunnel - ok
14:48:07.0730 3232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
14:48:07.0746 3232 uagp35 - ok
14:48:07.0793 3232 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
14:48:07.0793 3232 UBHelper - ok
14:48:07.0824 3232 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
14:48:07.0855 3232 udfs - ok
14:48:07.0902 3232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
14:48:07.0917 3232 uliagpkx - ok
14:48:07.0949 3232 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
14:48:07.0964 3232 umbus - ok
14:48:07.0980 3232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
14:48:07.0995 3232 UmPass - ok
14:48:08.0042 3232 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
14:48:08.0058 3232 USBAAPL64 - ok
14:48:08.0105 3232 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
14:48:08.0105 3232 usbccgp - ok
14:48:08.0120 3232 USBCCID - ok
14:48:08.0151 3232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
14:48:08.0151 3232 usbcir - ok
14:48:08.0183 3232 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
14:48:08.0198 3232 usbehci - ok
14:48:08.0292 3232 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
14:48:08.0307 3232 usbhub - ok
14:48:08.0354 3232 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
14:48:08.0370 3232 usbohci - ok
14:48:08.0401 3232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
14:48:08.0432 3232 usbprint - ok
14:48:08.0479 3232 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:48:08.0495 3232 USBSTOR - ok
14:48:08.0541 3232 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\DRIVERS\usbuhci.sys
14:48:08.0541 3232 usbuhci - ok
14:48:08.0604 3232 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
14:48:08.0619 3232 usbvideo - ok
14:48:08.0666 3232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
14:48:08.0682 3232 vdrvroot - ok
14:48:08.0713 3232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:48:08.0729 3232 vga - ok
14:48:08.0744 3232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:48:08.0760 3232 VgaSave - ok
14:48:08.0775 3232 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
14:48:08.0791 3232 vhdmp - ok
14:48:08.0807 3232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
14:48:08.0822 3232 viaide - ok
14:48:08.0838 3232 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
14:48:08.0838 3232 volmgr - ok
14:48:08.0869 3232 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
14:48:08.0885 3232 volmgrx - ok
14:48:08.0916 3232 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
14:48:08.0931 3232 volsnap - ok
14:48:08.0963 3232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
14:48:08.0963 3232 vsmraid - ok
14:48:08.0994 3232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:48:09.0009 3232 vwifibus - ok
14:48:09.0041 3232 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:48:09.0056 3232 vwififlt - ok
14:48:09.0072 3232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
14:48:09.0087 3232 WacomPen - ok
14:48:09.0119 3232 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:48:09.0134 3232 WANARP - ok
14:48:09.0150 3232 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:48:09.0150 3232 Wanarpv6 - ok
14:48:09.0181 3232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
14:48:09.0197 3232 Wd - ok
14:48:09.0243 3232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:48:09.0275 3232 Wdf01000 - ok
14:48:09.0337 3232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:48:09.0353 3232 WfpLwf - ok
14:48:09.0368 3232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:48:09.0384 3232 WIMMount - ok
14:48:09.0540 3232 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
14:48:09.0555 3232 WinUsb - ok
14:48:09.0602 3232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:48:09.0618 3232 WmiAcpi - ok
14:48:09.0665 3232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:48:09.0680 3232 ws2ifsl - ok
14:48:09.0727 3232 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
14:48:09.0743 3232 WudfPf - ok
14:48:09.0789 3232 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
14:48:09.0789 3232 WUDFRd - ok
14:48:09.0821 3232 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
14:48:12.0114 3232 \Device\Harddisk0\DR0 - ok
14:48:12.0114 3232 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:48:12.0301 3232 \Device\Harddisk1\DR1 - ok
14:48:12.0317 3232 Boot (0x1200) (5d7bc16fe657994d400a46dcec81c098) \Device\Harddisk0\DR0\Partition0
14:48:12.0317 3232 \Device\Harddisk0\DR0\Partition0 - ok
14:48:12.0332 3232 Boot (0x1200) (0d76b54d6fd6531c7945d06646d043ed) \Device\Harddisk0\DR0\Partition1
14:48:12.0332 3232 \Device\Harddisk0\DR0\Partition1 - ok
14:48:12.0348 3232 Boot (0x1200) (ae552c23273a93147df0d7a6b2d9120b) \Device\Harddisk1\DR1\Partition0
14:48:12.0348 3232 \Device\Harddisk1\DR1\Partition0 - ok
14:48:12.0348 3232 ============================================================
14:48:12.0348 3232 Scan finished
14:48:12.0348 3232 ============================================================
14:48:12.0363 1652 Detected object count: 0
14:48:12.0363 1652 Actual detected object count: 0

TDS did not locate any infected or suspicious files.



And the ASW log:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 14:52:15
-----------------------------
14:52:15.880 OS Version: Windows x64 6.1.7600
14:52:15.880 Number of processors: 2 586 0x170A
14:52:15.880 ComputerName: ACER-PC UserName: Acer
14:52:16.660 Initialize success
14:52:50.793 AVAST engine defs: 12021600
15:02:20.053 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:02:20.053 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:02:20.116 Disk 0 MBR read successfully
15:02:20.116 Disk 0 MBR scan
15:02:20.131 Disk 0 unknown MBR code
15:02:20.147 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
15:02:20.162 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
15:02:20.178 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293143 MB offset 24782848
15:02:20.194 Service scanning
15:02:21.972 Modules scanning
15:02:21.972 Disk 0 trace - called modules:
15:02:22.034 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:02:22.050 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800306f060]
15:02:22.050 3 CLASSPNP.SYS[fffff880015a743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002dc8050]
15:02:22.752 AVAST engine scan C:\windows
15:02:31.691 AVAST engine scan C:\windows\system32
15:08:05.539 AVAST engine scan C:\windows\system32\drivers
15:08:33.728 AVAST engine scan C:\Users\Acer
15:12:00.335 AVAST engine scan C:\ProgramData
15:14:24.011 Scan finished successfully
15:19:13.879 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
15:19:14.144 The log file has been saved successfully to "E:\aswMBR.txt"




Kindly note the following threats were removed upon restarting my system:

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir TROJ_ZACCES64.SM
C:\Windows\assembly\temp\U\800000c0.@ TROJ_FAKEAV.DAM
C:\Windows\assembly\temp\U\800000cb.@ TROJ_FAKEAV.DAM
C:\Windows\assembly\temp\U\00000002.@ TROJ_FAKEAV.DAM
C:\Windows\assembly\temp\U\00000004.@ TROJ_FAKEAV.DAM
C:\Windows\assembly\temp\U\000000c0.$ TROJ_FAKEAV.DAM
C:\Windows\assembly\temp\U\000000c0.@ TROJ_FAKEAV.DAM
C:\Windows\assembly\temp\U\000000cb.@ TROJ_FAKEAV.DAM
C:\Windows\assembly\temp\U\80000032.@ TROJ_SPNR.04BD12

Trend Micro Titanium picked up these as I forgot to disable it upon start up.
Going forward, should I keep all security software disabled?

Thank you Gringo.
-Abby

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 16 February 2012 - 06:13 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 NinjaTaco

NinjaTaco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 February 2012 - 08:47 PM

Hello and Thank you Gringo

Here is the Combo Fix Log


ComboFix 12-02-16.02 - Acer 02/16/2012 18:29:45.3.2 - x64
Microsoft Windows 7 Home Premium

6.1.7600.0.1252.1.1033.18.3001.1713 [GMT -5:00]
Running from: c:\users\Acer\Desktop\ComboFix.exe
Command switches used :: c:\users\Acer\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated*

{7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated*

{CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-

02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 00:15 . 2012-02-17 00:15 -------- d-----w-

c:\users\Default\AppData\Local\temp
2012-02-17 00:15 . 2012-02-17 00:15 -------- d-----w-

c:\users\admin\AppData\Local\temp
2012-01-23 02:40 . 2012-01-23 02:40 -------- d-----w-

c:\users\admin\AppData\Roaming\Apple Computer
2012-01-22 18:47 . 2012-01-22 18:47 -------- d-----w-

C:\temp
2012-01-22 18:27 . 2012-01-22 18:27 -------- d-----w-

c:\users\Acer\AppData\Local\Trend Micro
2012-01-22 18:27 . 2012-01-31 01:01 21520 ----a-w- c:

\windows\DCEBoot64.exe
2012-01-22 18:18 . 2011-08-02 20:45 105744 ----a-w- c:

\windows\system32\drivers\tmtdi.sys
2012-01-22 18:17 . 2011-07-12 11:13 91920 ----a-w- c:

\windows\system32\drivers\tmactmon.sys
2012-01-22 18:17 . 2011-07-12 11:13 70928 ----a-w- c:

\windows\system32\drivers\tmevtmgr.sys
2012-01-22 18:17 . 2011-07-12 11:13 167696 ----a-w- c:

\windows\system32\drivers\tmcomm.sys
2012-01-22 18:14 . 2012-01-22 18:14 56 ----a-w- c:

\windows\system32\SupportTool.exe.bat
2012-01-22 18:13 . 2012-01-22 18:14 -------- d-----w-

c:\program files\Trend Micro
2012-01-22 18:12 . 2012-01-22 18:27 -------- d-----w-

c:\programdata\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2012-01-15 23:36 23152 ----a-w- c:

\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-14 01:34 3141632 ----a-w- c:

\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-14 02:33 8822856 ----a-w- c:

\programdata\Microsoft\Windows Defender\Definition Updates

\{73A7FC72-6635-43A0-831D-172304C4F835}\mpengine.dll
2011-11-19 15:07 . 2012-01-11 01:40 77312 ----a-w- c:

\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 01:40 67072 ----a-w- c:

\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_17.27.08

)))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 05:15 . 2012-02-16 17:59 67254 c:

\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-08-22 05:15 . 2012-02-16 17:27 67254 c:

\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-16 23:26 44166 c:

\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-04 02:09 . 2012-02-16 23:26 16120 c:

\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-

21-3925948597-774147762-3265653811-1000_UserData.bin
- 2012-02-16 17:25 . 2012-02-16 17:25 2048 c:

\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-16 23:19 . 2012-02-16 23:24 2048 c:

\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-16 17:25 . 2012-02-16 17:25 2048 c:

\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-16 23:19 . 2012-02-16 23:24 2048 c:

\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-02-16 17:25 360448 c:

\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft

\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-16 23:24 360448 c:

\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft

\Windows\Cookies\index.dat
+ 2010-08-07 20:40 . 2012-02-17 00:51 235644 c:

\windows\system32\wdi

\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-02-16 20:27 308556 c:

\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-

System.dat
- 2009-07-14 05:01 . 2012-02-16 17:24 308556 c:

\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-

System.dat
- 2009-07-14 04:54 . 2012-02-16 17:25 3833856 c:

\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft

\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 23:24 3833856 c:

\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft

\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-16 17:25 2146304 c:

\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft

\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 23:24 2146304 c:

\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft

\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-02-14 15:20 10223616 c:

\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-16 18:13 10223616 c:

\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows

\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files

(x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ihanotify"="c:\program files (x86)\Verizon\FiOS\ihs\IHANotify.exe"

[2010-12-28 237568]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14

1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier

\GoogleToolbarNotifier.exe" [2009-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows

\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton

Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer

Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software

Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe"

[2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer

Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie

\PMVService.exe" [2009-08-05 181480]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client

\concentr.exe" [2009-09-13 103768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java

Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader

10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe" [2012-01-03 843712]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe"

[2011-02-01 206120]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe"

[2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

[2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes'

Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee

Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion

\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt

\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel

wdigest tspkg pku2u livessp
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro

\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;c:\windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files

(x86)\Google\Update\GoogleUpdate.exe [2010-08-04 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files

(x86)\Google\Update\GoogleUpdate.exe [2010-08-04 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files

(x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host

Service;c:\program files (x86)\McAfee Security Scan

\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files

(x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18

50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows

\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS

\Rts516xIR.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers

\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows

\system32\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft

\BingBar\BBSvc.EXE [2011-02-28 183560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS

\ctxusbm.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS

\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS

\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS

\mwlPSDVDisk.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS

\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower

Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer

\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files

(x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

[2011-12-12 290832]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes'

Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McciCMService64;McciCMService64;c:\program files\Common Files

\Motive\McciCMService.exe [2010-03-17 517632]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec

\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech

Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program

files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

[2009-06-18 144640]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:

\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer

\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:

\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer

Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:

\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:

\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

[x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys

[x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04

01:55]
.
2012-02-17 c:\windows\Tasks

\GoogleUpdateTaskMachineUA1cceb29e5ad6158.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-04

01:55]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925948597

-774147762-3265653811-1000Core.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-

08-22 06:16]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925948597

-774147762-3265653811-1000UA.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-

08-22 06:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion

\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files

(x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage

Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker

3\x86\mwlDaemon.exe" [2009-08-07 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-

08-06 8060960]
"Acer ePower Management"="c:\program files\Acer\Acer ePower

Management\ePowerTray.exe" [2009-08-06 828960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-08 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe"

[BU]
"Trend Micro Client Framework"="c:\program files\Trend Micro

\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-08-02 204048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:

\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} -

hxxps://216.244.124.18:10443/sslvpn.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-

CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\

\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-

CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-

CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-

CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-

AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-

AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-

AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-

AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-

AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-

AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-

AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-

AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface

\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface

\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface

\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-

E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-16 20:13:29
ComboFix-quarantined-files.txt 2012-02-17 01:13
ComboFix2.txt 2012-02-16 17:51
.
Pre-Run: 269,226,209,280 bytes free
Post-Run: 269,224,509,440 bytes free
.
- - End Of File - - 1ECB1179C8DD25D5AB4C6CE701D63982



I am using the laptop now and notice when I am connected to the internet the CPU usage remains above 90%, without even opening a browser.
Simply disrupting the connection to the wireless internet allows for the CPU usage to be around 0-12%.
It seems something is going on in the background when I am connected to the wireless internet!

Thank you Gringo,
Abby

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 16 February 2012 - 08:54 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 NinjaTaco

NinjaTaco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 February 2012 - 09:24 PM

Not a problem. Please see FRST.txt below
I finally have access to the ADMIN account, they did not remember the password.

I apologize, you should have been notified of this issue much earlier.





Scan result of Farbar Recovery Scan Tool Version: 15-02-2012
Ran by SYSTEM at 2012-02-16 21:19:13
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-07] (Egis Technology Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-08-12] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-08-12] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-08-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [PLFSetI] C:\windows\PLFSetI.exe [200704 2010-07-08] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [204048 2011-08-02] (Trend Micro Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [261888 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2011-02-01] (SupportSoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Acer\...\Run: [ihanotify] C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe BalloonCount=1021 RunNotify=fios BalloonMsg=init [237568 2010-12-28] (COLLABERA)
HKU\Acer\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-21] (Google Inc.)
HKU\admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-21] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated)
2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [290832 2011-12-12] (Verizon)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-03-17] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-03-17] (Alcatel-Lucent)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.)
2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe /service /p verizondm [206120 2011-02-01] (SupportSoft, Inc.)
2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2011-02-01] (SupportSoft, Inc.)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
2 FortiSslvpnDaemon; C:\windows\system32\FortiSslvpnDaemon.exe [x]
2 wlidsvc; "c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-09-22] (Lavasoft AB)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42144 2011-06-07] (Fortinet Inc.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [91920 2011-07-12] (Trend Micro Inc.)
1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [167696 2011-07-12] (Trend Micro Inc.)
1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-02] (Trend Micro Inc.)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-16 21:18 - 2012-02-16 21:19 - 0000000 ____D C:\FRST
2012-02-16 17:34 - 2012-02-16 17:34 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-16 17:13 - 2012-02-16 17:13 - 0018924 ____A C:\ComboFix.txt
2012-02-16 15:28 - 2012-02-16 09:08 - 4406022 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2012-02-16 11:49 - 2012-02-16 11:43 - 4733440 ____A (AVAST Software) C:\Users\Acer\Desktop\aswMBR.exe
2012-02-16 11:47 - 2012-02-16 11:49 - 0080390 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_14.47.40_log.txt
2012-02-16 11:47 - 2012-02-16 11:43 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\Acer\Desktop\tdsskiller.exe
2012-02-16 09:11 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-16 09:11 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-16 09:11 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-16 09:11 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-16 09:11 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-16 09:11 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-16 09:11 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-16 09:11 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-14 07:24 - 2012-02-14 07:24 - 0006270 ____A C:\Users\Acer\Desktop\Attach.txt
2012-02-14 07:24 - 2012-02-14 07:24 - 0002275 ____A C:\Users\Acer\Desktop\Attach.zip
2012-02-14 07:23 - 2012-02-14 07:23 - 0020262 ____A C:\Users\Acer\Desktop\DDS.txt
2012-02-14 07:20 - 2012-02-14 07:18 - 0607260 ____R (Swearware) C:\Users\Acer\Desktop\dds.scr
2012-02-14 07:17 - 2012-02-14 07:19 - 0000470 ____A C:\Users\Acer\Desktop\defogger_disable.log
2012-02-14 07:17 - 2012-02-14 07:17 - 0000000 ____A C:\Users\Acer\defogger_reenable
2012-02-14 07:17 - 2012-02-14 07:13 - 0050477 ____A C:\Users\Acer\Desktop\Defogger.exe
2012-02-14 07:04 - 2012-02-16 17:09 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cceb29e5ad6158.job
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-01-30 17:22 - 2012-02-16 09:26 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-30 17:07 - 2012-02-16 09:43 - 0000000 ____D C:\Windows\ERDNT
2012-01-30 17:04 - 2012-02-16 17:14 - 0000000 ____D C:\Qoobox
2012-01-30 15:17 - 2012-01-30 15:17 - 0067548 ____A C:\Windows\ntbtlog.txt
2012-01-22 18:42 - 2012-01-22 18:42 - 0001373 ____A C:\Users\admin\Desktop\Trend Micro Titanium Internet Security 2012.lnk
2012-01-22 18:40 - 2012-01-22 18:40 - 0000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2012-01-22 10:34 - 2012-01-30 17:24 - 0000000 ____A C:\Windows\DCEBOOT.LOG
2012-01-22 10:27 - 2012-01-30 17:01 - 0021520 ____A C:\Windows\DCEBoot64.exe
2012-01-22 10:27 - 2012-01-22 10:27 - 0000000 ____D C:\Users\Acer\AppData\Local\Trend Micro
2012-01-22 10:19 - 2012-01-22 10:19 - 0001373 ____A C:\Users\Acer\Desktop\Trend Micro Titanium Internet Security 2012.lnk
2012-01-22 10:18 - 2011-08-02 12:45 - 0105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2012-01-22 10:17 - 2011-07-12 03:13 - 0167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-01-22 10:17 - 2011-07-12 03:13 - 0091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2012-01-22 10:17 - 2011-07-12 03:13 - 0070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2012-01-22 10:14 - 2012-02-16 18:10 - 0000258 _RASH C:\Users\All Users\ntuser.pol
2012-01-22 10:14 - 2012-02-16 18:10 - 0000258 _RASH C:\ProgramData\ntuser.pol
2012-01-22 10:14 - 2012-01-22 10:14 - 0000056 ____A C:\Windows\System32\SupportTool.exe.bat
2012-01-22 10:13 - 2012-01-22 10:14 - 0000000 ____D C:\Program Files\Trend Micro
2012-01-22 10:12 - 2012-01-22 10:27 - 0000000 ____D C:\Users\All Users\Trend Micro
2012-01-22 10:12 - 2012-01-22 10:27 - 0000000 ____D C:\ProgramData\Trend Micro
2012-01-18 18:15 - 2012-01-18 18:15 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Mozilla

============ 3 Months Modified Files and Folders =============

2012-02-16 18:10 - 2012-01-22 10:14 - 0000258 _RASH C:\Users\All Users\ntuser.pol
2012-02-16 18:10 - 2012-01-22 10:14 - 0000258 _RASH C:\ProgramData\ntuser.pol
2012-02-16 18:10 - 2010-07-08 05:39 - 2360020992 __ASH C:\hiberfil.sys
2012-02-16 18:10 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-16 18:10 - 2009-07-13 20:51 - 0159217 ____A C:\Windows\setupact.log
2012-02-16 17:46 - 2009-11-24 12:23 - 1418503 ____A C:\Windows\WindowsUpdate.log
2012-02-16 17:41 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-16 17:41 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-16 17:34 - 2012-02-16 17:34 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-16 17:33 - 2010-08-03 17:56 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-16 17:33 - 2009-08-22 14:18 - 0810836 ____A C:\Windows\PFRO.log
2012-02-16 17:14 - 2012-01-30 17:04 - 0000000 ____D C:\Qoobox
2012-02-16 17:13 - 2012-02-16 17:13 - 0018924 ____A C:\ComboFix.txt
2012-02-16 17:09 - 2012-02-14 07:04 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cceb29e5ad6158.job
2012-02-16 16:52 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-02-16 11:49 - 2012-02-16 11:47 - 0080390 ____A C:\TDSSKiller.2.7.13.0_16.02.2012_14.47.40_log.txt
2012-02-16 11:43 - 2012-02-16 11:49 - 4733440 ____A (AVAST Software) C:\Users\Acer\Desktop\aswMBR.exe
2012-02-16 11:43 - 2012-02-16 11:47 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\Acer\Desktop\tdsskiller.exe
2012-02-16 09:51 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-16 09:43 - 2012-01-30 17:07 - 0000000 ____D C:\Windows\ERDNT
2012-02-16 09:26 - 2012-01-30 17:22 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-16 09:08 - 2012-02-16 15:28 - 4406022 ____R (Swearware) C:\Users\Acer\Desktop\ComboFix.exe
2012-02-16 08:48 - 2010-12-14 18:42 - 0000000 __HDC C:\Users\All Users\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2012-02-16 08:48 - 2010-12-14 18:42 - 0000000 __HDC C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2012-02-16 08:47 - 2010-12-14 18:42 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-02-14 07:24 - 2012-02-14 07:24 - 0006270 ____A C:\Users\Acer\Desktop\Attach.txt
2012-02-14 07:24 - 2012-02-14 07:24 - 0002275 ____A C:\Users\Acer\Desktop\Attach.zip
2012-02-14 07:23 - 2012-02-14 07:23 - 0020262 ____A C:\Users\Acer\Desktop\DDS.txt
2012-02-14 07:19 - 2012-02-14 07:17 - 0000470 ____A C:\Users\Acer\Desktop\defogger_disable.log
2012-02-14 07:18 - 2012-02-14 07:20 - 0607260 ____R (Swearware) C:\Users\Acer\Desktop\dds.scr
2012-02-14 07:17 - 2012-02-14 07:17 - 0000000 ____A C:\Users\Acer\defogger_reenable
2012-02-14 07:17 - 2010-08-03 17:51 - 0000000 ____D C:\users\Acer
2012-02-14 07:13 - 2012-02-14 07:17 - 0050477 ____A C:\Users\Acer\Desktop\Defogger.exe
2012-01-30 17:24 - 2012-01-22 10:34 - 0000000 ____A C:\Windows\DCEBOOT.LOG
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-01-30 17:23 - 2012-01-30 17:23 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-01-30 17:23 - 2009-07-13 18:34 - 62128128 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-01-30 17:23 - 2009-07-13 18:34 - 17039360 ____A C:\Windows\System32\config\SYSTEM.bak
2012-01-30 17:23 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-01-30 17:23 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-01-30 17:23 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-01-30 17:01 - 2012-01-22 10:27 - 0021520 ____A C:\Windows\DCEBoot64.exe
2012-01-30 16:09 - 2011-02-26 14:54 - 0000000 ____D C:\Users\Acer\Tracing
2012-01-30 15:20 - 2012-01-15 15:36 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-30 15:20 - 2012-01-15 15:36 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-30 15:17 - 2012-01-30 15:17 - 0067548 ____A C:\Windows\ntbtlog.txt
2012-01-29 02:10 - 2010-08-04 08:31 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-24 18:51 - 2011-06-06 19:08 - 0000000 ____D C:\Users\admin\AppData\Local\Google
2012-01-22 19:12 - 2011-06-06 19:08 - 0000000 ____D C:\Users\admin\AppData\Roaming\Google
2012-01-22 18:51 - 2011-06-06 19:07 - 0000000 ____D C:\Users\admin\AppData\LocalLow
2012-01-22 18:42 - 2012-01-22 18:42 - 0001373 ____A C:\Users\admin\Desktop\Trend Micro Titanium Internet Security 2012.lnk
2012-01-22 18:40 - 2012-01-22 18:40 - 0000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2012-01-22 10:27 - 2012-01-22 10:27 - 0000000 ____D C:\Users\Acer\AppData\Local\Trend Micro
2012-01-22 10:27 - 2012-01-22 10:12 - 0000000 ____D C:\Users\All Users\Trend Micro
2012-01-22 10:27 - 2012-01-22 10:12 - 0000000 ____D C:\ProgramData\Trend Micro
2012-01-22 10:19 - 2012-01-22 10:19 - 0001373 ____A C:\Users\Acer\Desktop\Trend Micro Titanium Internet Security 2012.lnk
2012-01-22 10:17 - 2009-07-13 21:13 - 0743598 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-22 10:14 - 2012-01-22 10:14 - 0000056 ____A C:\Windows\System32\SupportTool.exe.bat
2012-01-22 10:14 - 2012-01-22 10:13 - 0000000 ____D C:\Program Files\Trend Micro
2012-01-22 10:14 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-01-22 09:26 - 2010-10-19 19:28 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-01-22 09:26 - 2010-10-19 19:28 - 0000000 ____D C:\ProgramData\Lavasoft
2012-01-22 09:10 - 2010-10-20 18:50 - 0183769 ____A C:\aaw7boot.log
2012-01-20 21:25 - 2011-04-26 18:49 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-01-20 21:25 - 2011-04-26 18:49 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-01-19 19:10 - 2009-08-21 21:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-18 18:15 - 2012-01-18 18:15 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Mozilla
2012-01-15 15:36 - 2012-01-15 15:36 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-15 15:36 - 2012-01-15 15:36 - 0000000 ____D C:\Users\Acer\AppData\Roaming\Malwarebytes
2012-01-15 15:36 - 2012-01-15 15:36 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-15 15:36 - 2012-01-15 15:35 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Acer\Desktop\mbam-setup-1.60.0.1800.exe
2012-01-15 15:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-15 15:31 - 2012-01-15 15:31 - 0000398 ____A C:\rkill.log
2012-01-15 15:30 - 2012-01-15 15:30 - 0000297 ____A C:\Users\Acer\Desktop\iExplore - Shortcut.lnk
2012-01-15 15:22 - 2012-01-15 14:36 - 0008866 ____A C:\Users\Acer\AppData\Local\f0c12774
2012-01-15 15:22 - 2012-01-15 14:36 - 0008810 ____A C:\Users\All Users\4d41aec7
2012-01-15 15:22 - 2012-01-15 14:36 - 0008810 ____A C:\ProgramData\4d41aec7
2012-01-15 15:22 - 2012-01-15 14:36 - 0008785 ____A C:\Users\Acer\AppData\Roaming\fe981e64
2012-01-15 14:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-01-14 16:58 - 2009-07-13 21:08 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-06 18:30 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-12-18 08:31 - 2011-12-18 08:31 - 0000000 ____D C:\Windows\CheckSur
2011-12-14 18:52 - 2009-07-13 20:45 - 0343552 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 17:47 - 2009-08-22 14:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-14 17:47 - 2009-08-22 14:20 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-10 12:24 - 2012-01-15 15:36 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-03 14:28 - 2010-09-10 15:43 - 0000000 ____D C:\Users\Acer\Desktop\Tx
2011-11-25 16:54 - 2011-11-25 16:54 - 0781319 ____A C:\Users\Acer\Documents\p.pdf
2011-11-23 21:00 - 2011-12-13 17:34 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-19 07:07 - 2012-01-10 17:40 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:06 - 2012-01-10 17:40 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 3000.93 MB
Available physical RAM: 2383.73 MB
Total Pagefile: 2999.07 MB
Available Pagefile: 2377.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:286.27 GB) (Free:250.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:1.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (CARD) (Removable) (Total:0.11 GB) (Free:0.1 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 119 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 11 GB 1024 KB
Partition 2 Primary 100 MB 11 GB
Partition 3 Primary 286 GB 11 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 286 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 119 MB 16 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G CARD FAT32 Removable 119 MB Healthy



==========================================================

Last Boot: 2011-10-11 17:24

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 16 February 2012 - 09:41 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 NinjaTaco

NinjaTaco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 February 2012 - 10:00 PM

Here are the contents of the OTL.txt

Thank you Gringo!


OTL logfile created on: 2/16/2012 9:51:53 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 63.11% Memory free
5.86 Gb Paging File | 4.67 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 250.22 Gb Free Space | 87.41% Space Free | Partition Type: NTFS
Drive E: | 115.86 Mb Total Space | 102.25 Mb Free Space | 88.25% Space Free | Partition Type: FAT32

Computer Name: ACER-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\FortiSslvpnDaemon.exe (Fortinet Inc.)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (FortiSslvpnDaemon) -- C:\Windows\SysWOW64\FortiSslvpnDaemon.exe (Fortinet Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (pppop) -- C:\Windows\SysNative\drivers\pppop64.sys (Fortinet Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3925948597-774147762-3265653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3925948597-774147762-3265653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3925948597-774147762-3265653811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 00 CE 3C 79 D9 CC 01 [binary data]
IE - HKU\S-1-5-21-3925948597-774147762-3265653811-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\firefoxextension [2012/01/22 13:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/01/22 13:47:50 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/16 12:26:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3925948597-774147762-3265653811-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3925948597-774147762-3265653811-1001\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} https://216.244.124.18:10443/sslvpn.cab (fortisslvpn Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E0F8FF4-15E9-4021-9462-E79AB778616E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5}: DhcpNameServer = 192.168.147.8 192.168.148.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 00:18:51 | 000,000,000 | ---D | C] -- C:\FRST
[2012/02/16 21:50:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/02/16 20:34:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/16 20:13:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012/02/16 12:11:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/02/16 12:11:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/02/16 12:11:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/30 20:07:46 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/30 20:04:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012
[2012/01/22 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/01/22 13:47:49 | 000,000,000 | ---D | C] -- C:\temp
[2012/01/22 13:18:11 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysNative\drivers\tmtdi.sys
[2012/01/22 13:17:33 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysNative\drivers\tmcomm.sys
[2012/01/22 13:17:33 | 000,091,920 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysNative\drivers\tmactmon.sys
[2012/01/22 13:17:33 | 000,070,928 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysNative\drivers\tmevtmgr.sys
[2012/01/22 13:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/22 13:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro

========== Files - Modified Within 30 Days ==========

[2012/02/16 21:53:55 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 21:53:55 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 21:48:03 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 21:46:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/16 21:46:13 | 2360,020,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 21:43:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/02/16 21:10:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/16 20:09:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cceb29e5ad6158.job
[2012/02/16 12:26:36 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/01/30 20:01:51 | 000,021,520 | ---- | M] () -- C:\windows\DCEBoot64.exe
[2012/01/30 18:20:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/22 21:42:00 | 000,001,373 | ---- | M] () -- C:\Users\admin\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2012/01/22 13:17:29 | 000,743,598 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/01/22 13:17:29 | 000,635,590 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/01/22 13:17:29 | 000,110,274 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/01/22 13:14:48 | 000,000,056 | ---- | M] () -- C:\windows\SysNative\SupportTool.exe.bat
[2012/01/21 00:25:59 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/01/21 00:25:59 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat

========== Files Created - No Company Name ==========

[2012/02/16 12:11:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/02/16 12:11:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/02/16 12:11:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/02/16 12:11:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/02/16 12:11:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/14 10:04:06 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cceb29e5ad6158.job
[2012/01/22 21:42:00 | 000,001,373 | ---- | C] () -- C:\Users\admin\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2012/01/22 13:27:39 | 000,021,520 | ---- | C] () -- C:\windows\DCEBoot64.exe
[2012/01/22 13:14:48 | 000,000,056 | ---- | C] () -- C:\windows\SysNative\SupportTool.exe.bat
[2012/01/22 13:14:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/15 17:36:23 | 000,008,810 | ---- | C] () -- C:\ProgramData\4d41aec7
[2011/04/26 21:49:24 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/04/26 21:49:24 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2010/12/20 22:05:11 | 000,176,394 | ---- | C] () -- C:\windows\hpoins35.dat
[2010/12/20 22:05:11 | 000,001,062 | ---- | C] () -- C:\windows\hpomdl35.dat
[2010/12/19 12:46:34 | 000,176,394 | ---- | C] () -- C:\windows\hpoins35.dat.temp
[2010/12/19 12:46:34 | 000,001,062 | ---- | C] () -- C:\windows\hpomdl35.dat.temp
[2010/07/08 09:12:40 | 000,200,704 | ---- | C] () -- C:\windows\PLFSetI.exe
[2010/07/08 09:12:40 | 000,106,496 | ---- | C] () -- C:\windows\FixUVC.exe
[2010/07/08 09:12:40 | 000,000,074 | ---- | C] () -- C:\windows\PidList.ini
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2009/11/24 15:06:20 | 000,982,220 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/11/24 15:06:20 | 000,439,300 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/11/24 15:06:20 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/11/24 15:06:20 | 000,092,216 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/11/24 14:51:27 | 000,001,512 | ---- | C] () -- C:\windows\WPatchProgress.ini
[2009/08/22 01:01:23 | 000,872,448 | ---- | C] () -- C:\windows\iconv.dll
[2009/08/22 01:01:23 | 000,743,424 | ---- | C] () -- C:\windows\libxml2.dll
[2009/08/22 01:01:21 | 000,000,193 | ---- | C] () -- C:\windows\Prelaunch.ini
[2009/08/22 01:01:21 | 000,000,147 | ---- | C] () -- C:\windows\WisPriority.ini
[2009/08/22 01:01:21 | 000,000,119 | ---- | C] () -- C:\windows\WisLangCode.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:FCB70953

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 16 February 2012 - 10:09 PM

Hello

Because there is more info in this report I will not be able to respond untill I get home later



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NinjaTaco

NinjaTaco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 February 2012 - 10:09 AM

Not a problem, Gringo.

I am not in a hurry, and do appreciate your help.

Thank you!
Abby

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 AM

Posted 18 February 2012 - 01:02 AM

Hello Abby

sorry for not responding - at home the internet was out all day!! will do this first thing in the morning


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 NinjaTaco

NinjaTaco
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 18 February 2012 - 09:11 AM

Hey Gringo,

No sweat, please take your time.
Thanks again!

-Abby




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users