Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another SVChost Infection


  • This topic is locked This topic is locked
22 replies to this topic

#1 cdrm25

cdrm25

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 25 February 2012 - 05:21 PM

Hi,

My computer has the SVChost.exe infection that seems to be rampant as of late. It isn't causing any major problems, primarily an occasional crash and a slight slow down in performance.

DDS log is below, and attach.txt and ark.txt are attached.

Thanks for your help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Mitch at 15:17:08 on 2012-02-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.873 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mitch\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Softonic Helper Object: {e87806b5-e908-45fd-af5e-957d83e58e68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
TB: Softonic Toolbar: {5018cfd2-804d-4c99-9f81-25eaea2769de} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Mitch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Users\Mitch\AppData\Local\Temp\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{22F686B7-7878-4D25-B114-0A67DEB3FE74} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{22F686B7-7878-4D25-B114-0A67DEB3FE74}\56C6F6E657 : DhcpNameServer = 10.17.1.3 10.17.1.1
TCP: Interfaces\{22F686B7-7878-4D25-B114-0A67DEB3FE74}\8416070797541676C656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{22F686B7-7878-4D25-B114-0A67DEB3FE74}\8416070797541676C656D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
BHO-X64: Softonic Helper Object - No File
TB-X64: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\kpz384c8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mitch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\kpz384c8.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-5-31 89600]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-22 652360]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-11-2 68896]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-9 660800]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-25 19:54:03 -------- d-s---w- C:\ComboFix
2012-02-25 04:35:45 20480 ----a-w- C:\Windows\svchost.exe
2012-02-24 03:32:06 -------- d-----w- C:\Users\Mitch\AppData\Roaming\SUPERAntiSpyware.com
2012-02-24 03:31:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-24 03:31:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-23 15:35:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 01:42:17 -------- d-----w- C:\$RECYCLE.BIN
2012-02-23 01:40:27 -------- d-----w- C:\Windows\system64
2012-02-23 00:46:07 98816 ----a-w- C:\Windows\sed.exe
2012-02-23 00:46:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-23 00:46:07 256000 ----a-w- C:\Windows\PEV.exe
2012-02-23 00:46:07 208896 ----a-w- C:\Windows\MBR.exe
2012-02-22 21:05:19 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4C18.tmp
2012-02-22 21:05:19 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4BD8.tmp
2012-02-22 21:05:17 -------- d-----w- C:\Users\Mitch\AppData\Roaming\Riasur
2012-02-22 21:05:17 -------- d-----w- C:\Users\Mitch\AppData\Roaming\Opxek
2012-02-22 18:47:46 -------- d-----w- C:\Users\Mitch\AppData\Local\HandlerPadUsb
2012-02-15 23:18:07 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 23:18:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 23:17:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 23:17:57 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 23:17:56 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 23:17:56 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 23:17:52 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 23:17:52 634368 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-02-23 14:37:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-21 00:02:26 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-04 22:09:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:20:01.55 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:45 AM

Posted 26 February 2012 - 02:31 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cdrm25

cdrm25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 February 2012 - 11:34 AM

Hi, Gringo!

ComboFix ran without any problems, and my computer appears to be working fine.

Here is the requested log:

ComboFix 12-02-22.01 - Mitch 02/26/2012 9:37.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.1103 [GMT -5:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 14:51 . 2012-02-26 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 03:32 . 2012-02-24 03:32 -------- d-----w- c:\users\Mitch\AppData\Roaming\SUPERAntiSpyware.com
2012-02-24 03:31 . 2012-02-24 03:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-24 03:31 . 2012-02-24 03:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-23 15:35 . 2012-02-25 16:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 14:39 . 2012-02-23 14:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-23 14:37 . 2012-02-23 14:37 -------- d-----w- c:\program files (x86)\Java
2012-02-22 22:11 . 2012-02-22 22:11 -------- d-----w- c:\windows\Sun
2012-02-22 21:05 . 2012-02-22 21:05 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4C18.tmp
2012-02-22 21:05 . 2012-02-22 21:05 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BD8.tmp
2012-02-22 21:05 . 2012-02-22 22:44 -------- d-----w- c:\users\Mitch\AppData\Roaming\Riasur
2012-02-22 21:05 . 2012-02-22 21:05 -------- d-----w- c:\users\Mitch\AppData\Roaming\Opxek
2012-02-22 18:47 . 2012-02-22 22:45 -------- d-----w- c:\users\Mitch\AppData\Local\HandlerPadUsb
2012-02-15 23:18 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 23:18 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 23:17 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 23:17 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 23:17 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 23:17 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 23:17 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 23:17 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:37 . 2010-07-10 04:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-21 00:02 . 2011-12-21 00:02 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-12-10 20:24 . 2011-12-12 00:45 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:09 . 2011-12-04 22:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\users\Mitch\AppData\Local\Temp\quickstart.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-11-02 68896]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"combofix"="c:\combofix\CF4350.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\kpz384c8.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-26 10:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 15:28
.
Pre-Run: 195,697,385,472 bytes free
Post-Run: 195,487,318,016 bytes free
.
- - End Of File - - B4FDFD8AA4EB7036BEF862816948D648

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:45 AM

Posted 26 February 2012 - 12:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cdrm25

cdrm25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 February 2012 - 01:56 PM

Hello again, Gringo.

No issues with the TDSS scan. I did, however, have problems with aswMBR. I tried to run the program three times, but it kept getting hung up and eventually crashing to a blue screen. So, the log attached was saved at the point of crashing rather than after a completed scan.

Here they are:

13:46:23.0559 3064 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
13:46:23.0826 3064 ============================================================
13:46:23.0826 3064 Current date / time: 2012/02/26 13:46:23.0826
13:46:23.0827 3064 SystemInfo:
13:46:23.0827 3064
13:46:23.0827 3064 OS Version: 6.1.7600 ServicePack: 0.0
13:46:23.0827 3064 Product type: Workstation
13:46:23.0827 3064 ComputerName: MITCH-PC
13:46:23.0827 3064 UserName: Mitch
13:46:23.0827 3064 Windows directory: C:\Windows
13:46:23.0827 3064 System windows directory: C:\Windows
13:46:23.0827 3064 Running under WOW64
13:46:23.0827 3064 Processor architecture: Intel x64
13:46:23.0827 3064 Number of processors: 2
13:46:23.0827 3064 Page size: 0x1000
13:46:23.0827 3064 Boot type: Normal boot
13:46:23.0827 3064 ============================================================
13:46:24.0568 3064 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:46:24.0579 3064 \Device\Harddisk0\DR0:
13:46:24.0583 3064 MBR used
13:46:24.0583 3064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
13:46:24.0583 3064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
13:46:24.0670 3064 Initialize success
13:46:24.0670 3064 ============================================================
13:46:25.0749 1832 ============================================================
13:46:25.0749 1832 Scan started
13:46:25.0749 1832 Mode: Manual;
13:46:25.0749 1832 ============================================================
13:46:27.0510 1832 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
13:46:27.0521 1832 1394ohci - ok
13:46:27.0937 1832 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:46:27.0945 1832 ACPI - ok
13:46:28.0294 1832 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:46:28.0296 1832 AcpiPmi - ok
13:46:28.0790 1832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:46:28.0799 1832 adp94xx - ok
13:46:29.0194 1832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:46:29.0200 1832 adpahci - ok
13:46:29.0718 1832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:46:29.0722 1832 adpu320 - ok
13:46:30.0118 1832 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:46:30.0126 1832 AFD - ok
13:46:30.0443 1832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:46:30.0445 1832 agp440 - ok
13:46:30.0804 1832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:46:30.0806 1832 aliide - ok
13:46:31.0201 1832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:46:31.0203 1832 amdide - ok
13:46:31.0540 1832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:46:31.0543 1832 AmdK8 - ok
13:46:31.0896 1832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:46:31.0898 1832 AmdPPM - ok
13:46:32.0334 1832 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:46:32.0336 1832 amdsata - ok
13:46:32.0699 1832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:46:32.0703 1832 amdsbs - ok
13:46:33.0044 1832 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:46:33.0046 1832 amdxata - ok
13:46:33.0451 1832 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:46:33.0456 1832 ApfiltrService - ok
13:46:33.0742 1832 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:46:33.0744 1832 AppID - ok
13:46:34.0183 1832 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:46:34.0185 1832 arc - ok
13:46:34.0536 1832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:46:34.0538 1832 arcsas - ok
13:46:34.0835 1832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:46:34.0836 1832 AsyncMac - ok
13:46:35.0185 1832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:46:35.0186 1832 atapi - ok
13:46:35.0698 1832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:46:35.0704 1832 b06bdrv - ok
13:46:36.0164 1832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:46:36.0169 1832 b57nd60a - ok
13:46:36.0572 1832 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
13:46:36.0574 1832 BCM42RLY - ok
13:46:37.0581 1832 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:46:38.0024 1832 BCM43XX - ok
13:46:38.0482 1832 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:46:38.0484 1832 Beep - ok
13:46:38.0643 1832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:46:38.0645 1832 blbdrive - ok
13:46:38.0790 1832 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:46:38.0792 1832 bowser - ok
13:46:38.0830 1832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:46:38.0831 1832 BrFiltLo - ok
13:46:38.0865 1832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:46:38.0866 1832 BrFiltUp - ok
13:46:39.0065 1832 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:46:39.0068 1832 BridgeMP - ok
13:46:39.0139 1832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:46:39.0144 1832 Brserid - ok
13:46:39.0170 1832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:46:39.0172 1832 BrSerWdm - ok
13:46:39.0218 1832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:46:39.0220 1832 BrUsbMdm - ok
13:46:39.0256 1832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:46:39.0257 1832 BrUsbSer - ok
13:46:39.0361 1832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:46:39.0363 1832 BTHMODEM - ok
13:46:39.0512 1832 catchme - ok
13:46:39.0565 1832 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:46:39.0567 1832 cdfs - ok
13:46:39.0665 1832 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:46:39.0668 1832 cdrom - ok
13:46:39.0817 1832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:46:39.0819 1832 circlass - ok
13:46:39.0941 1832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:46:39.0947 1832 CLFS - ok
13:46:40.0356 1832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:46:40.0358 1832 CmBatt - ok
13:46:40.0401 1832 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:46:40.0403 1832 cmdide - ok
13:46:40.0498 1832 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:46:40.0506 1832 CNG - ok
13:46:40.0721 1832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:46:40.0722 1832 Compbatt - ok
13:46:40.0782 1832 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:46:40.0784 1832 CompositeBus - ok
13:46:40.0849 1832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:46:40.0851 1832 crcdisk - ok
13:46:41.0109 1832 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:46:41.0112 1832 DfsC - ok
13:46:41.0219 1832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:46:41.0220 1832 discache - ok
13:46:41.0276 1832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:46:41.0278 1832 Disk - ok
13:46:41.0765 1832 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:46:41.0766 1832 drmkaud - ok
13:46:41.0941 1832 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:46:41.0957 1832 DXGKrnl - ok
13:46:42.0419 1832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:46:42.0472 1832 ebdrv - ok
13:46:42.0828 1832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:46:42.0837 1832 elxstor - ok
13:46:43.0123 1832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:46:43.0125 1832 ErrDev - ok
13:46:43.0376 1832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:46:43.0380 1832 exfat - ok
13:46:43.0726 1832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:46:43.0728 1832 fastfat - ok
13:46:43.0801 1832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:46:43.0806 1832 fdc - ok
13:46:43.0864 1832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:46:43.0866 1832 FileInfo - ok
13:46:43.0900 1832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:46:43.0902 1832 Filetrace - ok
13:46:43.0962 1832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:46:43.0963 1832 flpydisk - ok
13:46:44.0058 1832 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:46:44.0063 1832 FltMgr - ok
13:46:44.0120 1832 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:46:44.0122 1832 FsDepends - ok
13:46:44.0152 1832 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:46:44.0154 1832 Fs_Rec - ok
13:46:44.0307 1832 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:46:44.0311 1832 fvevol - ok
13:46:44.0342 1832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:46:44.0343 1832 gagp30kx - ok
13:46:44.0748 1832 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
13:46:44.0749 1832 grmnusb - ok
13:46:44.0897 1832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:46:44.0898 1832 hcw85cir - ok
13:46:45.0009 1832 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:46:45.0011 1832 HDAudBus - ok
13:46:45.0032 1832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:46:45.0034 1832 HidBatt - ok
13:46:45.0062 1832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:46:45.0064 1832 HidBth - ok
13:46:45.0084 1832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:46:45.0086 1832 HidIr - ok
13:46:45.0416 1832 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:46:45.0418 1832 HidUsb - ok
13:46:45.0689 1832 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:46:45.0692 1832 HpSAMD - ok
13:46:45.0835 1832 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:46:45.0847 1832 HTTP - ok
13:46:45.0873 1832 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:46:45.0875 1832 hwpolicy - ok
13:46:45.0927 1832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:46:45.0929 1832 i8042prt - ok
13:46:46.0070 1832 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:46:46.0075 1832 iaStor - ok
13:46:46.0381 1832 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:46:46.0387 1832 iaStorV - ok
13:46:48.0395 1832 igfx (44a4cfdf95dec95cfe8a5c111a2cbf71) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:46:48.0607 1832 igfx - ok
13:46:48.0861 1832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:46:48.0862 1832 iirsp - ok
13:46:49.0216 1832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:46:49.0217 1832 intelide - ok
13:46:49.0450 1832 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:46:49.0452 1832 intelppm - ok
13:46:49.0774 1832 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:46:49.0776 1832 IpFilterDriver - ok
13:46:50.0157 1832 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:46:50.0161 1832 IPMIDRV - ok
13:46:50.0500 1832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:46:50.0502 1832 IPNAT - ok
13:46:50.0870 1832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:46:50.0871 1832 IRENUM - ok
13:46:51.0188 1832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:46:51.0189 1832 isapnp - ok
13:46:51.0536 1832 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:46:51.0540 1832 iScsiPrt - ok
13:46:51.0841 1832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:46:51.0842 1832 kbdclass - ok
13:46:52.0248 1832 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:46:52.0249 1832 kbdhid - ok
13:46:52.0501 1832 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:46:52.0503 1832 KSecDD - ok
13:46:52.0703 1832 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:46:52.0706 1832 KSecPkg - ok
13:46:52.0915 1832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:46:52.0916 1832 ksthunk - ok
13:46:53.0281 1832 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:46:53.0282 1832 lltdio - ok
13:46:53.0615 1832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:46:53.0618 1832 LSI_FC - ok
13:46:53.0867 1832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:46:53.0870 1832 LSI_SAS - ok
13:46:54.0187 1832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:46:54.0188 1832 LSI_SAS2 - ok
13:46:54.0495 1832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:46:54.0498 1832 LSI_SCSI - ok
13:46:54.0786 1832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:46:54.0789 1832 luafv - ok
13:46:55.0193 1832 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:46:55.0194 1832 MBAMProtector - ok
13:46:55.0480 1832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:46:55.0482 1832 megasas - ok
13:46:55.0749 1832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:46:55.0754 1832 MegaSR - ok
13:46:55.0935 1832 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:46:55.0937 1832 Modem - ok
13:46:56.0286 1832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:46:56.0287 1832 monitor - ok
13:46:56.0541 1832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:46:56.0543 1832 mouclass - ok
13:46:56.0796 1832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:46:56.0798 1832 mouhid - ok
13:46:56.0875 1832 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:46:56.0878 1832 mountmgr - ok
13:46:56.0939 1832 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:46:56.0942 1832 mpio - ok
13:46:56.0983 1832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:46:56.0985 1832 mpsdrv - ok
13:46:57.0296 1832 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:46:57.0299 1832 MRxDAV - ok
13:46:57.0496 1832 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:46:57.0500 1832 mrxsmb - ok
13:46:57.0714 1832 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:46:57.0720 1832 mrxsmb10 - ok
13:46:57.0937 1832 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:46:57.0940 1832 mrxsmb20 - ok
13:46:58.0239 1832 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
13:46:58.0240 1832 msahci - ok
13:46:58.0442 1832 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:46:58.0445 1832 msdsm - ok
13:46:58.0639 1832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:46:58.0640 1832 Msfs - ok
13:46:58.0867 1832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:46:58.0867 1832 mshidkmdf - ok
13:46:59.0061 1832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:46:59.0063 1832 msisadrv - ok
13:46:59.0324 1832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:46:59.0325 1832 MSKSSRV - ok
13:46:59.0572 1832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:46:59.0572 1832 MSPCLOCK - ok
13:46:59.0802 1832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:46:59.0803 1832 MSPQM - ok
13:46:59.0906 1832 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:46:59.0913 1832 MsRPC - ok
13:47:00.0140 1832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:47:00.0141 1832 mssmbios - ok
13:47:00.0412 1832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:47:00.0413 1832 MSTEE - ok
13:47:00.0505 1832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:47:00.0506 1832 MTConfig - ok
13:47:00.0554 1832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:47:00.0557 1832 Mup - ok
13:47:00.0828 1832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:47:00.0833 1832 NativeWifiP - ok
13:47:01.0128 1832 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:47:01.0139 1832 NDIS - ok
13:47:01.0399 1832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:47:01.0400 1832 NdisCap - ok
13:47:01.0637 1832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:47:01.0638 1832 NdisTapi - ok
13:47:01.0862 1832 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:47:01.0864 1832 Ndisuio - ok
13:47:02.0062 1832 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:47:02.0066 1832 NdisWan - ok
13:47:02.0293 1832 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:47:02.0295 1832 NDProxy - ok
13:47:02.0513 1832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:47:02.0514 1832 NetBIOS - ok
13:47:02.0806 1832 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:47:02.0829 1832 NetBT - ok
13:47:03.0070 1832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:47:03.0072 1832 nfrd960 - ok
13:47:03.0371 1832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:47:03.0372 1832 Npfs - ok
13:47:03.0603 1832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:47:03.0604 1832 nsiproxy - ok
13:47:03.0876 1832 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:47:03.0933 1832 Ntfs - ok
13:47:04.0160 1832 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:47:04.0160 1832 Null - ok
13:47:04.0444 1832 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:47:04.0447 1832 nvraid - ok
13:47:04.0618 1832 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:47:04.0622 1832 nvstor - ok
13:47:04.0847 1832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:47:04.0850 1832 nv_agp - ok
13:47:05.0025 1832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:47:05.0026 1832 ohci1394 - ok
13:47:05.0308 1832 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:47:05.0310 1832 Parport - ok
13:47:05.0560 1832 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:47:05.0562 1832 partmgr - ok
13:47:05.0808 1832 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:47:05.0812 1832 pci - ok
13:47:06.0027 1832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:47:06.0028 1832 pciide - ok
13:47:06.0252 1832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:47:06.0256 1832 pcmcia - ok
13:47:06.0554 1832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:47:06.0556 1832 pcw - ok
13:47:06.0804 1832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:47:06.0818 1832 PEAUTH - ok
13:47:07.0114 1832 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:47:07.0116 1832 PptpMiniport - ok
13:47:07.0373 1832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:47:07.0375 1832 Processor - ok
13:47:07.0649 1832 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:47:07.0652 1832 Psched - ok
13:47:07.0863 1832 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:47:07.0865 1832 PxHlpa64 - ok
13:47:08.0232 1832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:47:08.0279 1832 ql2300 - ok
13:47:08.0509 1832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:47:08.0511 1832 ql40xx - ok
13:47:08.0705 1832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:47:08.0707 1832 QWAVEdrv - ok
13:47:08.0904 1832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:47:08.0905 1832 RasAcd - ok
13:47:09.0194 1832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:47:09.0195 1832 RasAgileVpn - ok
13:47:09.0447 1832 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:47:09.0449 1832 Rasl2tp - ok
13:47:09.0681 1832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:47:09.0683 1832 RasPppoe - ok
13:47:09.0951 1832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:47:09.0953 1832 RasSstp - ok
13:47:10.0164 1832 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:47:10.0169 1832 rdbss - ok
13:47:10.0359 1832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:47:10.0360 1832 rdpbus - ok
13:47:10.0827 1832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:47:10.0828 1832 RDPCDD - ok
13:47:11.0107 1832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:47:11.0108 1832 RDPENCDD - ok
13:47:11.0329 1832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:47:11.0330 1832 RDPREFMP - ok
13:47:11.0533 1832 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:47:11.0537 1832 RDPWD - ok
13:47:11.0660 1832 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:47:11.0664 1832 rdyboost - ok
13:47:11.0835 1832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:47:11.0837 1832 rspndr - ok
13:47:11.0928 1832 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
13:47:11.0932 1832 RSUSBSTOR - ok
13:47:12.0096 1832 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:47:12.0098 1832 SASDIFSV - ok
13:47:12.0182 1832 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:47:12.0184 1832 SASKUTIL - ok
13:47:12.0357 1832 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:47:12.0359 1832 sbp2port - ok
13:47:12.0619 1832 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:47:12.0620 1832 scfilter - ok
13:47:12.0867 1832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:47:12.0867 1832 secdrv - ok
13:47:13.0136 1832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:47:13.0136 1832 Serenum - ok
13:47:13.0374 1832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:47:13.0376 1832 Serial - ok
13:47:13.0490 1832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:47:13.0491 1832 sermouse - ok
13:47:13.0545 1832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:47:13.0546 1832 sffdisk - ok
13:47:13.0589 1832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:47:13.0590 1832 sffp_mmc - ok
13:47:13.0630 1832 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:47:13.0631 1832 sffp_sd - ok
13:47:13.0850 1832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:47:13.0851 1832 sfloppy - ok
13:47:14.0011 1832 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:47:14.0022 1832 Sftfs - ok
13:47:14.0248 1832 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:47:14.0254 1832 Sftplay - ok
13:47:14.0447 1832 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:47:14.0450 1832 Sftredir - ok
13:47:14.0654 1832 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:47:14.0656 1832 Sftvol - ok
13:47:14.0740 1832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:47:14.0742 1832 SiSRaid2 - ok
13:47:14.0794 1832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:47:14.0796 1832 SiSRaid4 - ok
13:47:14.0858 1832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:47:14.0861 1832 Smb - ok
13:47:15.0022 1832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:47:15.0023 1832 spldr - ok
13:47:15.0267 1832 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:47:15.0275 1832 srv - ok
13:47:15.0395 1832 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:47:15.0403 1832 srv2 - ok
13:47:15.0670 1832 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:47:15.0678 1832 srvnet - ok
13:47:15.0798 1832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:47:15.0799 1832 stexstor - ok
13:47:15.0915 1832 STHDA (f3f6c17f70eba268cdbe4f9704e3eac5) C:\Windows\system32\DRIVERS\stwrt64.sys
13:47:15.0923 1832 STHDA - ok
13:47:15.0977 1832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:47:15.0978 1832 swenum - ok
13:47:16.0247 1832 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:47:16.0279 1832 Tcpip - ok
13:47:16.0670 1832 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:47:16.0688 1832 TCPIP6 - ok
13:47:16.0918 1832 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:47:16.0919 1832 tcpipreg - ok
13:47:17.0174 1832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:47:17.0175 1832 TDPIPE - ok
13:47:17.0463 1832 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:47:17.0463 1832 TDTCP - ok
13:47:17.0891 1832 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:47:17.0893 1832 tdx - ok
13:47:18.0258 1832 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:47:18.0260 1832 TermDD - ok
13:47:18.0656 1832 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:47:18.0657 1832 tssecsrv - ok
13:47:19.0007 1832 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:47:19.0009 1832 tunnel - ok
13:47:19.0303 1832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:47:19.0306 1832 uagp35 - ok
13:47:19.0606 1832 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
13:47:19.0853 1832 udfs - ok
13:47:20.0100 1832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:47:20.0102 1832 uliagpkx - ok
13:47:20.0340 1832 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:47:20.0342 1832 umbus - ok
13:47:20.0690 1832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:47:20.0691 1832 UmPass - ok
13:47:20.0894 1832 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
13:47:20.0896 1832 usbccgp - ok
13:47:21.0209 1832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:47:21.0212 1832 usbcir - ok
13:47:21.0502 1832 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
13:47:21.0503 1832 usbehci - ok
13:47:21.0786 1832 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
13:47:21.0797 1832 usbhub - ok
13:47:22.0056 1832 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
13:47:22.0057 1832 usbohci - ok
13:47:22.0716 1832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:47:22.0716 1832 usbprint - ok
13:47:22.0905 1832 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:47:22.0907 1832 usbscan - ok
13:47:22.0964 1832 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:47:22.0965 1832 USBSTOR - ok
13:47:23.0070 1832 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
13:47:23.0072 1832 usbuhci - ok
13:47:23.0374 1832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:47:23.0376 1832 vdrvroot - ok
13:47:23.0672 1832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:47:23.0674 1832 vga - ok
13:47:24.0214 1832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:47:24.0216 1832 VgaSave - ok
13:47:24.0698 1832 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:47:24.0701 1832 vhdmp - ok
13:47:24.0951 1832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:47:24.0951 1832 viaide - ok
13:47:25.0223 1832 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:47:25.0248 1832 volmgr - ok
13:47:25.0708 1832 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:47:25.0712 1832 volmgrx - ok
13:47:26.0115 1832 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:47:26.0121 1832 volsnap - ok
13:47:26.0379 1832 vpnva - ok
13:47:26.0589 1832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:47:26.0591 1832 vsmraid - ok
13:47:26.0816 1832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:47:26.0817 1832 vwifibus - ok
13:47:27.0144 1832 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:47:27.0145 1832 vwififlt - ok
13:47:27.0709 1832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:47:27.0710 1832 WacomPen - ok
13:47:28.0121 1832 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:47:28.0126 1832 WANARP - ok
13:47:28.0182 1832 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:47:28.0183 1832 Wanarpv6 - ok
13:47:28.0479 1832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:47:28.0480 1832 Wd - ok
13:47:28.0758 1832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:47:28.0780 1832 Wdf01000 - ok
13:47:29.0116 1832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:47:29.0117 1832 WfpLwf - ok
13:47:29.0644 1832 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:47:29.0646 1832 WimFltr - ok
13:47:29.0882 1832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:47:29.0884 1832 WIMMount - ok
13:47:30.0311 1832 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
13:47:30.0312 1832 WinUsb - ok
13:47:30.0560 1832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:47:30.0562 1832 WmiAcpi - ok
13:47:30.0955 1832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:47:30.0956 1832 ws2ifsl - ok
13:47:31.0441 1832 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
13:47:31.0443 1832 WudfPf - ok
13:47:31.0931 1832 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:47:31.0934 1832 WUDFRd - ok
13:47:32.0327 1832 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
13:47:32.0339 1832 yukonw7 - ok
13:47:32.0386 1832 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0
13:47:32.0811 1832 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
13:47:32.0811 1832 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
13:47:32.0831 1832 Boot (0x1200) (9f22d7d006b9d684c3f753afa6f7933a) \Device\Harddisk0\DR0\Partition0
13:47:32.0833 1832 \Device\Harddisk0\DR0\Partition0 - ok
13:47:32.0855 1832 Boot (0x1200) (f335325df766ec0845baf838112a6c84) \Device\Harddisk0\DR0\Partition1
13:47:32.0856 1832 \Device\Harddisk0\DR0\Partition1 - ok
13:47:32.0857 1832 ============================================================
13:47:32.0857 1832 Scan finished
13:47:32.0857 1832 ============================================================
13:47:32.0883 2084 Detected object count: 1
13:47:32.0883 2084 Actual detected object count: 1
13:47:40.0380 2084 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
13:47:40.0380 2084 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 13:36:38
-----------------------------
13:36:38.247 OS Version: Windows x64 6.1.7600
13:36:38.247 Number of processors: 2 586 0x170A
13:36:38.247 ComputerName: MITCH-PC UserName: Mitch
13:36:52.193 Initialize success
13:36:59.572 AVAST engine defs: 12022602
13:37:13.222 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:37:13.222 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
13:37:13.222 Device \Driver\iaStor -> MajorFunction fffffa800366e5c4
13:37:13.238 Disk 0 MBR read successfully
13:37:13.238 Disk 0 MBR scan
13:37:13.300 Disk 0 Windows VISTA default MBR code
13:37:13.347 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:37:13.378 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
13:37:13.440 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
13:37:13.784 Disk 0 scanning C:\Windows\system32\drivers
13:37:59.615 Service scanning
13:39:52.919 Modules scanning
13:39:52.935 Disk 0 trace - called modules:
13:39:53.450 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800366e5c4]<<
13:39:53.450 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024206f0]
13:39:53.465 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800228d050]
13:39:53.481 \Driver\iaStor[0xfffffa80017d61a0] -> IRP_MJ_CREATE -> 0xfffffa800366e5c4
13:39:55.181 AVAST engine scan C:\Windows
13:40:01.686 AVAST engine scan C:\Windows\system32
13:43:55.874 AVAST engine scan C:\Windows\system32\drivers
13:44:07.668 AVAST engine scan C:\Users\Mitch
13:44:35.373 Disk 0 MBR has been saved successfully to "C:\Users\Mitch\Desktop\MBR.dat"
13:44:35.389 The log file has been saved successfully to "C:\Users\Mitch\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:45 AM

Posted 26 February 2012 - 02:04 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cdrm25

cdrm25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 February 2012 - 03:42 PM

Hi, Gringo.

Well, things didn't go well. I'm posting from a different computer now. When I ran fixTDSS, it informed me that an "Infection was detected." It gave me the option to repair, so I clicked "Repair" (I realize now that I probably shouldn't have done that).

Anyway, long story short, the computer now will not start-up and crashes to a blue screen before windows can load. Start-up repair isn't fixing the problem.

Not sure how to proceed or if this is now beyond a malware issue.

Thanks for any help you or others can provide.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:45 AM

Posted 26 February 2012 - 04:19 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cdrm25

cdrm25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 February 2012 - 05:11 PM

Hello again, Gringo.

I had no issues following your instructions. Here is the requested log:

Scan result of Farbar Recovery Scan Tool Version: 23-02-2012 01
Ran by SYSTEM at 2012-02-26 08:06:39
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-02-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-02-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Mitch\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Mitch\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Mitch\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5487488 2012-01-20] (SUPERAntiSpyware.com)
HKU\Mitch\...\Policies\system: [disableregistrytools] 0
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [68896 2011-11-02] (Nalpeiron Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
3 AdobeActiveFileMonitor8.0; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [20520 2009-05-08] (GARMIN Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 vpnva; C:\Windows\System32\DRIVERS\vpnva64.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-26 12:53 - 2012-02-26 12:55 - 0076174 ____A C:\TDSSKiller.2.7.14.0_26.02.2012_13.53.42_log.txt
2012-02-26 12:46 - 2012-02-26 12:48 - 0076174 ____A C:\TDSSKiller.2.7.14.0_26.02.2012_13.46.23_log.txt
2012-02-26 12:44 - 2012-02-26 12:44 - 0001972 ____A C:\Users\Mitch\Desktop\aswMBR.txt
2012-02-26 12:44 - 2012-02-26 12:44 - 0000512 ____A C:\Users\Mitch\Desktop\MBR.dat
2012-02-26 11:55 - 2012-02-26 11:58 - 0076174 ____A C:\TDSSKiller.2.7.14.0_26.02.2012_12.55.57_log.txt
2012-02-26 09:29 - 2012-02-26 09:29 - 0015461 ____A C:\ComboFix.txt
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-26 08:06 - 2012-02-26 08:06 - 0000000 ____D C:\FRST
2012-02-26 00:31 - 2012-02-26 00:31 - 0000162 ___AH C:\Users\Mitch\Desktop\~$IT.odt
2012-02-25 20:24 - 2012-02-26 00:42 - 0010155 ____A C:\Users\Mitch\Desktop\IT.odt
2012-02-25 17:10 - 2012-02-25 17:10 - 0000594 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(5).rdp
2012-02-25 15:13 - 2012-02-25 15:13 - 0005451 ____A C:\Users\Mitch\Desktop\Ark.txt
2012-02-25 15:13 - 2012-02-25 15:13 - 0000022 ____A C:\Users\Mitch\Downloads\gmer.zip
2012-02-25 14:21 - 2012-02-25 14:21 - 0016122 ____A C:\Users\Mitch\Desktop\Attach.txt
2012-02-25 14:20 - 2012-02-25 14:20 - 0018104 ____A C:\Users\Mitch\Desktop\DDS.txt
2012-02-25 10:55 - 2012-02-25 14:17 - 0000472 ____A C:\Users\Mitch\Desktop\defogger_disable.log
2012-02-25 10:55 - 2012-02-25 10:55 - 0000000 ____A C:\Users\Mitch\defogger_reenable
2012-02-25 10:50 - 2012-02-25 10:50 - 0076174 ____A C:\TDSSKiller.2.7.14.0_25.02.2012_11.50.08_log.txt
2012-02-25 10:28 - 2012-02-25 10:29 - 0149508 ____A C:\TDSSKiller.2.7.14.0_25.02.2012_11.28.42_log.txt
2012-02-25 10:27 - 2012-02-25 10:28 - 0076174 ____A C:\TDSSKiller.2.7.14.0_25.02.2012_11.27.39_log.txt
2012-02-25 10:27 - 2012-02-25 10:27 - 0001283 ____A C:\Users\Mitch\Downloads\tdsskiller.zip
2012-02-23 21:32 - 2012-02-23 21:32 - 0000000 ____D C:\Users\Mitch\Application Data\SUPERAntiSpyware.com
2012-02-23 21:32 - 2012-02-23 21:32 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\SUPERAntiSpyware.com
2012-02-23 21:31 - 2012-02-23 21:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-23 21:31 - 2012-02-23 21:31 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-02-23 21:31 - 2012-02-23 21:31 - 0001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-02-23 21:31 - 2012-02-23 21:31 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-02-23 21:31 - 2012-02-23 21:31 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-02-23 21:31 - 2012-02-23 21:31 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-02-23 21:29 - 2012-02-23 21:30 - 14946192 ____A (SUPERAntiSpyware.com) C:\Users\Mitch\Downloads\SUPERAntiSpyware.exe
2012-02-23 15:19 - 2009-07-13 19:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-02-23 10:23 - 2012-02-23 10:23 - 0277088 ____A C:\Windows\Minidump\022312-40997-01.dmp
2012-02-23 10:08 - 2012-02-26 08:36 - 0000000 ___SD C:\ComboFix
2012-02-23 09:47 - 2012-02-23 09:47 - 0277080 ____A C:\Windows\Minidump\022312-80917-01.dmp
2012-02-23 09:35 - 2012-02-23 09:35 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-23 09:34 - 2012-02-23 09:44 - 0148182 ____A C:\TDSSKiller.2.7.13.0_23.02.2012_10.34.08_log.txt
2012-02-23 09:33 - 2012-02-23 09:33 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\Mitch\Downloads\tdsskiller.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-23 08:38 - 2012-02-23 08:38 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-23 08:38 - 2012-02-23 08:38 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-23 08:38 - 2012-02-23 08:38 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-23 08:38 - 2012-02-23 08:38 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-23 08:38 - 2012-02-23 08:38 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-23 08:38 - 2012-02-23 08:38 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-23 08:38 - 2012-02-23 08:38 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-23 08:38 - 2012-02-23 08:38 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-23 08:38 - 2012-02-23 08:38 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-23 08:38 - 2012-02-23 08:38 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-23 08:38 - 2012-02-23 08:38 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-23 08:38 - 2012-02-23 08:38 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-23 08:33 - 2012-02-24 02:25 - 0007759 ____A C:\Windows\IE9_main.log
2012-02-23 07:27 - 2012-02-23 07:27 - 0277080 ____A C:\Windows\Minidump\022312-72212-01.dmp
2012-02-22 19:42 - 2012-02-26 08:32 - 0000000 ____D C:\$RECYCLE.BIN
2012-02-22 19:14 - 2012-02-22 19:14 - 0277088 ____A C:\Windows\Minidump\022212-35412-01.dmp
2012-02-22 19:02 - 2012-02-22 19:02 - 0277080 ____A C:\Windows\Minidump\022212-25428-01.dmp
2012-02-22 18:49 - 2012-02-22 18:50 - 0277088 ____A C:\Windows\Minidump\022212-35521-01.dmp
2012-02-22 18:46 - 2012-02-26 08:33 - 0000000 ____D C:\Windows\ERDNT
2012-02-22 18:46 - 2011-06-26 00:45 - 0256000 ____A C:\Windows\PEV.exe
2012-02-22 18:46 - 2010-11-07 11:20 - 0208896 ____A C:\Windows\MBR.exe
2012-02-22 18:46 - 2009-04-19 22:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-02-22 18:46 - 2000-08-30 18:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-02-22 18:46 - 2000-08-30 18:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-02-22 18:46 - 2000-08-30 18:00 - 0098816 ____A C:\Windows\sed.exe
2012-02-22 18:46 - 2000-08-30 18:00 - 0080412 ____A C:\Windows\grep.exe
2012-02-22 18:46 - 2000-08-30 18:00 - 0068096 ____A C:\Windows\zip.exe
2012-02-22 18:45 - 2012-02-26 08:33 - 0000000 ____D C:\Qoobox
2012-02-22 18:44 - 2012-02-22 18:44 - 4417295 ___RA (Swearware) C:\Users\Mitch\Desktop\ComboFix.exe
2012-02-22 18:39 - 2012-02-22 18:39 - 0065536 __ASH C:\Windows\System32\config\components{89e26bf7-3b19-11e1-9c57-a4badbda037a}.TxR.blf
2012-02-22 16:12 - 2012-02-22 19:41 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-22 16:11 - 2012-02-22 16:11 - 0000000 ____D C:\Windows\Sun
2012-02-22 15:48 - 2012-02-22 15:48 - 0010652 ____A C:\Users\Mitch\Desktop\Receiptcar.htm
2012-02-22 15:47 - 2012-02-22 15:48 - 0000000 ____D C:\Users\Mitch\Desktop\Receiptcar_files
2012-02-22 15:05 - 2012-02-22 16:44 - 0000000 ____D C:\Users\Mitch\Application Data\Riasur
2012-02-22 15:05 - 2012-02-22 16:44 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Riasur
2012-02-22 15:05 - 2012-02-22 15:05 - 0000000 ____D C:\Users\Mitch\Application Data\Opxek
2012-02-22 15:05 - 2012-02-22 15:05 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Opxek
2012-02-22 12:47 - 2012-02-22 16:45 - 0000000 ____D C:\Users\Mitch\Local Settings\HandlerPadUsb
2012-02-22 12:47 - 2012-02-22 16:45 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\HandlerPadUsb
2012-02-22 12:47 - 2012-02-22 16:45 - 0000000 ____D C:\Users\Mitch\AppData\Local\HandlerPadUsb
2012-02-20 19:46 - 2012-02-20 19:46 - 0016114 ____A C:\Users\Mitch\Desktop\Farm2Receipt.htm
2012-02-20 19:46 - 2012-02-20 19:46 - 0000000 ____D C:\Users\Mitch\Desktop\Farm2Receipt_files
2012-02-20 19:34 - 2012-02-20 19:34 - 0016107 ____A C:\Users\Mitch\Desktop\Farm1Receipt.htm
2012-02-20 19:34 - 2012-02-20 19:34 - 0000000 ____D C:\Users\Mitch\Desktop\Farm1Receipt_files
2012-02-20 13:56 - 2012-02-20 13:56 - 3510487 ____A C:\Users\Mitch\Desktop\IcelandRoads.pdf
2012-02-15 17:18 - 2012-01-04 03:59 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-15 17:18 - 2012-01-04 03:58 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-15 17:18 - 2012-01-04 03:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-15 17:18 - 2012-01-04 03:03 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-15 17:17 - 2012-01-13 22:02 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-15 17:17 - 2012-01-03 00:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-15 17:17 - 2012-01-02 23:44 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-15 17:17 - 2011-12-27 21:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-15 17:17 - 2011-12-16 02:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-15 17:17 - 2011-12-16 01:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-14 10:36 - 2012-02-14 10:36 - 0042496 ____A C:\Users\Mitch\Downloads\MaidBehindtheBar.doc
2012-02-11 08:40 - 2012-02-11 08:40 - 0023552 ____A C:\Users\Mitch\Desktop\Drivel.doc
2012-02-09 15:11 - 2012-02-26 11:55 - 0000000 ____D C:\Users\Mitch\Desktop\Writing
2012-02-05 23:09 - 2012-02-05 23:09 - 0019893 ____A C:\Users\Mitch\Downloads\jtburr-RefList.odt
2012-02-04 20:27 - 2012-02-04 20:27 - 0000528 ____A C:\Users\Mitch\Downloads\tandf_utis2019_417.ris
2012-02-04 20:08 - 2012-02-04 20:08 - 0000477 ____A C:\Users\Mitch\Downloads\tandf_hrhr205_4.ris
2012-02-04 10:51 - 2012-02-04 10:51 - 0000630 ____A C:\Users\Mitch\Downloads\tandf_ccwf2012_455.ris
2012-02-02 19:21 - 2012-02-02 19:21 - 0000550 ____A C:\Users\Mitch\Downloads\tandf_rics2010_714.ris
2012-02-02 19:21 - 2012-02-02 19:21 - 0000550 ____A C:\Users\Mitch\Downloads\tandf_rics2010_714(1).ris
2012-02-02 19:07 - 2012-02-02 19:07 - 0000334 ____A C:\Users\Mitch\Downloads\citation.ris
2012-02-02 14:34 - 2012-02-02 19:46 - 0000000 ____D C:\Users\Mitch\Desktop\Letters
2012-02-02 11:49 - 2012-02-02 11:49 - 0000512 ____A C:\Users\Mitch\Downloads\tandf_cgde2015_477.ris
2012-02-02 10:50 - 2012-02-06 21:53 - 0000000 ____D C:\Users\Mitch\Desktop\DissComponents
2012-02-02 09:22 - 2012-02-02 09:22 - 0000162 ___AH C:\Users\Mitch\Desktop\~$ortStory.odt
2012-02-01 20:52 - 2012-02-01 20:52 - 0000594 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(4).rdp
2012-02-01 20:50 - 2012-02-25 22:23 - 0000000 ____D C:\Users\Mitch\Desktop\Teaching
2012-01-30 16:48 - 2012-01-30 16:48 - 0000594 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(3).rdp
2012-01-30 10:34 - 2012-01-30 10:34 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(22).rdp
2012-01-28 22:49 - 2012-01-28 22:49 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(21).rdp
2012-01-28 14:00 - 2012-01-28 14:00 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(20).rdp
2012-01-28 12:59 - 2012-01-28 12:59 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(19).rdp
2012-01-28 10:37 - 2012-01-28 10:37 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(18).rdp
2012-01-27 17:57 - 2012-01-27 17:57 - 0000593 ____A C:\Users\Mitch\Downloads\SPSS (v19)(17).rdp
2012-01-27 11:25 - 2012-01-27 11:25 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(16).rdp

============ 3 Months Modified Files and Folders =============

2012-02-26 13:09 - 2010-07-10 00:37 - 1579438080 __ASH C:\hiberfil.sys
2012-02-26 12:55 - 2012-02-26 12:53 - 0076174 ____A C:\TDSSKiller.2.7.14.0_26.02.2012_13.53.42_log.txt
2012-02-26 12:48 - 2012-02-26 12:46 - 0076174 ____A C:\TDSSKiller.2.7.14.0_26.02.2012_13.46.23_log.txt
2012-02-26 12:44 - 2012-02-26 12:44 - 0001972 ____A C:\Users\Mitch\Desktop\aswMBR.txt
2012-02-26 12:44 - 2012-02-26 12:44 - 0000512 ____A C:\Users\Mitch\Desktop\MBR.dat
2012-02-26 11:58 - 2012-02-26 11:55 - 0076174 ____A C:\TDSSKiller.2.7.14.0_26.02.2012_12.55.57_log.txt
2012-02-26 11:55 - 2012-02-09 15:11 - 0000000 ____D C:\Users\Mitch\Desktop\Writing
2012-02-26 09:29 - 2012-02-26 09:29 - 0015461 ____A C:\ComboFix.txt
2012-02-26 08:53 - 2009-07-13 20:34 - 55836672 ____A C:\Windows\System32\config\software.bak
2012-02-26 08:53 - 2009-07-13 20:34 - 16515072 ____A C:\Windows\System32\config\system.bak
2012-02-26 08:53 - 2009-07-13 20:34 - 1048576 ____A C:\Windows\System32\config\default.bak
2012-02-26 08:53 - 2009-07-13 20:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-02-26 08:53 - 2009-07-13 20:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-26 08:52 - 2012-02-26 08:52 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-26 08:36 - 2012-02-23 10:08 - 0000000 ___SD C:\ComboFix
2012-02-26 08:36 - 2011-12-04 16:01 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-26 08:36 - 2011-04-09 08:58 - 0000000 ____D C:\users\Mitch
2012-02-26 08:36 - 2009-07-14 01:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-26 08:36 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2012-02-26 08:35 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\registration
2012-02-26 08:33 - 2012-02-22 18:46 - 0000000 ____D C:\Windows\ERDNT
2012-02-26 08:33 - 2012-02-22 18:45 - 0000000 ____D C:\Qoobox
2012-02-26 08:33 - 2011-12-11 18:45 - 0000000 ____D C:\Users\Mitch\Application Data\Malwarebytes
2012-02-26 08:33 - 2011-12-11 18:45 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Malwarebytes
2012-02-26 08:33 - 2009-07-13 21:20 - 0000000 ___RD C:\users\Public
2012-02-26 08:32 - 2012-02-22 19:42 - 0000000 ____D C:\$RECYCLE.BIN
2012-02-26 08:18 - 2011-04-09 08:59 - 0069960 ____A C:\Users\Mitch\Local Settings\GDIPFONTCACHEV1.DAT
2012-02-26 08:18 - 2011-04-09 08:59 - 0069960 ____A C:\Users\Mitch\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-02-26 08:18 - 2011-04-09 08:59 - 0069960 ____A C:\Users\Mitch\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-26 08:06 - 2012-02-26 08:06 - 0000000 ____D C:\FRST
2012-02-26 00:42 - 2012-02-25 20:24 - 0010155 ____A C:\Users\Mitch\Desktop\IT.odt
2012-02-26 00:31 - 2012-02-26 00:31 - 0000162 ___AH C:\Users\Mitch\Desktop\~$IT.odt
2012-02-25 22:23 - 2012-02-01 20:50 - 0000000 ____D C:\Users\Mitch\Desktop\Teaching
2012-02-25 17:10 - 2012-02-25 17:10 - 0000594 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(5).rdp
2012-02-25 15:13 - 2012-02-25 15:13 - 0005451 ____A C:\Users\Mitch\Desktop\Ark.txt
2012-02-25 15:13 - 2012-02-25 15:13 - 0000022 ____A C:\Users\Mitch\Downloads\gmer.zip
2012-02-25 14:21 - 2012-02-25 14:21 - 0016122 ____A C:\Users\Mitch\Desktop\Attach.txt
2012-02-25 14:20 - 2012-02-25 14:20 - 0018104 ____A C:\Users\Mitch\Desktop\DDS.txt
2012-02-25 14:17 - 2012-02-25 10:55 - 0000472 ____A C:\Users\Mitch\Desktop\defogger_disable.log
2012-02-25 10:55 - 2012-02-25 10:55 - 0000000 ____A C:\Users\Mitch\defogger_reenable
2012-02-25 10:50 - 2012-02-25 10:50 - 0076174 ____A C:\TDSSKiller.2.7.14.0_25.02.2012_11.50.08_log.txt
2012-02-25 10:29 - 2012-02-25 10:28 - 0149508 ____A C:\TDSSKiller.2.7.14.0_25.02.2012_11.28.42_log.txt
2012-02-25 10:28 - 2012-02-25 10:27 - 0076174 ____A C:\TDSSKiller.2.7.14.0_25.02.2012_11.27.39_log.txt
2012-02-25 10:27 - 2012-02-25 10:27 - 0001283 ____A C:\Users\Mitch\Downloads\tdsskiller.zip
2012-02-24 02:52 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-24 02:52 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-24 02:49 - 2009-07-13 23:10 - 1258501 ____A C:\Windows\WindowsUpdate.log
2012-02-24 02:44 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-24 02:44 - 2009-07-13 22:51 - 0045206 ____A C:\Windows\setupact.log
2012-02-24 02:42 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-24 02:25 - 2012-02-23 08:33 - 0007759 ____A C:\Windows\IE9_main.log
2012-02-23 21:32 - 2012-02-23 21:32 - 0000000 ____D C:\Users\Mitch\Application Data\SUPERAntiSpyware.com
2012-02-23 21:32 - 2012-02-23 21:32 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\SUPERAntiSpyware.com
2012-02-23 21:32 - 2012-02-23 21:31 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-02-23 21:31 - 2012-02-23 21:31 - 0001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-02-23 21:31 - 2012-02-23 21:31 - 0001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-02-23 21:31 - 2012-02-23 21:31 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-02-23 21:31 - 2012-02-23 21:31 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-02-23 21:31 - 2012-02-23 21:31 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-02-23 21:30 - 2012-02-23 21:29 - 14946192 ____A (SUPERAntiSpyware.com) C:\Users\Mitch\Downloads\SUPERAntiSpyware.exe
2012-02-23 10:23 - 2012-02-23 10:23 - 0277088 ____A C:\Windows\Minidump\022312-40997-01.dmp
2012-02-23 10:23 - 2011-12-10 08:40 - 0000000 ____D C:\Windows\Minidump
2012-02-23 10:22 - 2011-12-10 08:40 - 343014283 ____A C:\Windows\MEMORY.DMP
2012-02-23 10:22 - 2010-07-10 00:37 - 0674260 ____A C:\Windows\PFRO.log
2012-02-23 09:47 - 2012-02-23 09:47 - 0277080 ____A C:\Windows\Minidump\022312-80917-01.dmp
2012-02-23 09:47 - 2012-01-20 18:32 - 0346542 ____A C:\Windows\ntbtlog.txt
2012-02-23 09:44 - 2012-02-23 09:34 - 0148182 ____A C:\TDSSKiller.2.7.13.0_23.02.2012_10.34.08_log.txt
2012-02-23 09:35 - 2012-02-23 09:35 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-23 09:33 - 2012-02-23 09:33 - 2060336 ____A (Kaspersky Lab ZAO) C:\Users\Mitch\Downloads\tdsskiller.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-23 08:38 - 2012-02-23 08:38 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-23 08:38 - 2012-02-23 08:38 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-23 08:38 - 2012-02-23 08:38 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-23 08:38 - 2012-02-23 08:38 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-23 08:38 - 2012-02-23 08:38 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-23 08:38 - 2012-02-23 08:38 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-23 08:38 - 2012-02-23 08:38 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-23 08:38 - 2012-02-23 08:38 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-23 08:38 - 2012-02-23 08:38 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-23 08:38 - 2012-02-23 08:38 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-23 08:38 - 2012-02-23 08:38 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-23 08:38 - 2012-02-23 08:38 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-23 08:38 - 2012-02-23 08:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-23 08:38 - 2012-02-23 08:38 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-23 08:37 - 2012-02-23 08:37 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-23 08:37 - 2010-07-09 22:46 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-23 07:27 - 2012-02-23 07:27 - 0277080 ____A C:\Windows\Minidump\022312-72212-01.dmp
2012-02-23 06:57 - 2011-12-11 18:45 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-23 06:57 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\AppCompat
2012-02-23 06:00 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-22 19:43 - 2009-07-13 20:34 - 0000215 ____A C:\Windows\system.ini
2012-02-22 19:41 - 2012-02-22 16:12 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-02-22 19:39 - 2011-04-09 08:58 - 0000000 ____D C:\Users\Mitch\Local Settings\SoftThinks
2012-02-22 19:39 - 2011-04-09 08:58 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\SoftThinks
2012-02-22 19:39 - 2011-04-09 08:58 - 0000000 ____D C:\Users\Mitch\AppData\Local\SoftThinks
2012-02-22 19:17 - 2010-07-09 22:56 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-02-22 19:15 - 2011-04-09 09:02 - 0000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-02-22 19:14 - 2012-02-22 19:14 - 0277088 ____A C:\Windows\Minidump\022212-35412-01.dmp
2012-02-22 19:02 - 2012-02-22 19:02 - 0277080 ____A C:\Windows\Minidump\022212-25428-01.dmp
2012-02-22 18:50 - 2012-02-22 18:49 - 0277088 ____A C:\Windows\Minidump\022212-35521-01.dmp
2012-02-22 18:44 - 2012-02-22 18:44 - 4417295 ___RA (Swearware) C:\Users\Mitch\Desktop\ComboFix.exe
2012-02-22 18:39 - 2012-02-22 18:39 - 0065536 __ASH C:\Windows\System32\config\components{89e26bf7-3b19-11e1-9c57-a4badbda037a}.TxR.blf
2012-02-22 16:52 - 2009-07-13 23:13 - 0727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-22 16:45 - 2012-02-22 12:47 - 0000000 ____D C:\Users\Mitch\Local Settings\HandlerPadUsb
2012-02-22 16:45 - 2012-02-22 12:47 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\HandlerPadUsb
2012-02-22 16:45 - 2012-02-22 12:47 - 0000000 ____D C:\Users\Mitch\AppData\Local\HandlerPadUsb
2012-02-22 16:44 - 2012-02-22 15:05 - 0000000 ____D C:\Users\Mitch\Application Data\Riasur
2012-02-22 16:44 - 2012-02-22 15:05 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Riasur
2012-02-22 16:44 - 2012-01-20 18:12 - 0000000 ____D C:\Users\Mitch\Application Data\Kuumucp
2012-02-22 16:44 - 2012-01-20 18:12 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Kuumucp
2012-02-22 16:25 - 2012-01-20 18:33 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-22 16:25 - 2012-01-20 18:33 - 0001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-22 16:11 - 2012-02-22 16:11 - 0000000 ____D C:\Windows\Sun
2012-02-22 15:48 - 2012-02-22 15:48 - 0010652 ____A C:\Users\Mitch\Desktop\Receiptcar.htm
2012-02-22 15:48 - 2012-02-22 15:47 - 0000000 ____D C:\Users\Mitch\Desktop\Receiptcar_files
2012-02-22 15:05 - 2012-02-22 15:05 - 0000000 ____D C:\Users\Mitch\Application Data\Opxek
2012-02-22 15:05 - 2012-02-22 15:05 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Opxek
2012-02-22 15:05 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-22 02:10 - 2012-01-23 10:28 - 0000000 ____D C:\Users\Mitch\Application Data\SoftGrid Client
2012-02-22 02:10 - 2012-01-23 10:28 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\SoftGrid Client
2012-02-20 19:46 - 2012-02-20 19:46 - 0016114 ____A C:\Users\Mitch\Desktop\Farm2Receipt.htm
2012-02-20 19:46 - 2012-02-20 19:46 - 0000000 ____D C:\Users\Mitch\Desktop\Farm2Receipt_files
2012-02-20 19:34 - 2012-02-20 19:34 - 0016107 ____A C:\Users\Mitch\Desktop\Farm1Receipt.htm
2012-02-20 19:34 - 2012-02-20 19:34 - 0000000 ____D C:\Users\Mitch\Desktop\Farm1Receipt_files
2012-02-20 13:56 - 2012-02-20 13:56 - 3510487 ____A C:\Users\Mitch\Desktop\IcelandRoads.pdf
2012-02-18 02:30 - 2011-04-09 09:02 - 0000402 __ASH C:\Users\Mitch\My Documents\desktop.ini
2012-02-18 02:30 - 2011-04-09 09:02 - 0000174 ___SH C:\Users\Mitch\Start Menu\Programs\Startup\desktop.ini
2012-02-18 02:30 - 2011-04-09 09:02 - 0000174 ___SH C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-18 02:29 - 2009-07-13 22:45 - 0310200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-18 02:04 - 2012-01-23 10:27 - 0743906 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-18 02:04 - 2012-01-23 10:26 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-14 10:36 - 2012-02-14 10:36 - 0042496 ____A C:\Users\Mitch\Downloads\MaidBehindtheBar.doc
2012-02-12 12:48 - 2012-01-21 13:47 - 0000000 ____D C:\Users\Mitch\Desktop\LIWC Files
2012-02-11 08:40 - 2012-02-11 08:40 - 0023552 ____A C:\Users\Mitch\Desktop\Drivel.doc
2012-02-09 15:11 - 2011-12-15 11:51 - 0000000 ____D C:\Users\Mitch\Desktop\Dissert
2012-02-08 22:34 - 2012-01-24 18:24 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-08 22:34 - 2012-01-24 18:24 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-02-08 22:34 - 2012-01-24 18:24 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-06 21:53 - 2012-02-02 10:50 - 0000000 ____D C:\Users\Mitch\Desktop\DissComponents
2012-02-05 23:09 - 2012-02-05 23:09 - 0019893 ____A C:\Users\Mitch\Downloads\jtburr-RefList.odt
2012-02-04 20:27 - 2012-02-04 20:27 - 0000528 ____A C:\Users\Mitch\Downloads\tandf_utis2019_417.ris
2012-02-04 20:08 - 2012-02-04 20:08 - 0000477 ____A C:\Users\Mitch\Downloads\tandf_hrhr205_4.ris
2012-02-04 10:51 - 2012-02-04 10:51 - 0000630 ____A C:\Users\Mitch\Downloads\tandf_ccwf2012_455.ris
2012-02-02 19:46 - 2012-02-02 14:34 - 0000000 ____D C:\Users\Mitch\Desktop\Letters
2012-02-02 19:21 - 2012-02-02 19:21 - 0000550 ____A C:\Users\Mitch\Downloads\tandf_rics2010_714.ris
2012-02-02 19:21 - 2012-02-02 19:21 - 0000550 ____A C:\Users\Mitch\Downloads\tandf_rics2010_714(1).ris
2012-02-02 19:07 - 2012-02-02 19:07 - 0000334 ____A C:\Users\Mitch\Downloads\citation.ris
2012-02-02 11:49 - 2012-02-02 11:49 - 0000512 ____A C:\Users\Mitch\Downloads\tandf_cgde2015_477.ris
2012-02-02 09:22 - 2012-02-02 09:22 - 0000162 ___AH C:\Users\Mitch\Desktop\~$ortStory.odt
2012-02-01 20:52 - 2012-02-01 20:52 - 0000594 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(4).rdp
2012-01-30 16:48 - 2012-01-30 16:48 - 0000594 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(3).rdp
2012-01-30 10:35 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-01-30 10:34 - 2012-01-30 10:34 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(22).rdp
2012-01-28 22:49 - 2012-01-28 22:49 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(21).rdp
2012-01-28 14:00 - 2012-01-28 14:00 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(20).rdp
2012-01-28 12:59 - 2012-01-28 12:59 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(19).rdp
2012-01-28 10:37 - 2012-01-28 10:37 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(18).rdp
2012-01-27 17:57 - 2012-01-27 17:57 - 0000593 ____A C:\Users\Mitch\Downloads\SPSS (v19)(17).rdp
2012-01-27 11:25 - 2012-01-27 11:25 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(16).rdp
2012-01-26 23:23 - 2012-01-26 23:23 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(15).rdp
2012-01-26 18:49 - 2012-01-26 18:49 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(14).rdp
2012-01-26 13:24 - 2012-01-26 13:24 - 0000593 ____A C:\Users\Mitch\Downloads\SPSS (v19)(13).rdp
2012-01-26 11:30 - 2012-01-26 11:30 - 0000593 ____A C:\Users\Mitch\Downloads\SPSS (v19)(12).rdp
2012-01-26 10:42 - 2012-01-26 10:42 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(11).rdp
2012-01-26 09:43 - 2010-07-09 23:00 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-01-26 02:05 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-01-26 00:58 - 2012-01-26 00:58 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(9).rdp
2012-01-26 00:58 - 2012-01-26 00:58 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(10).rdp
2012-01-25 23:13 - 2012-01-25 23:13 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(8).rdp
2012-01-25 20:37 - 2012-01-25 20:37 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(7).rdp
2012-01-25 20:24 - 2012-01-25 20:24 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(6).rdp
2012-01-25 18:54 - 2012-01-25 18:54 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(5).rdp
2012-01-25 16:28 - 2012-01-25 16:28 - 0000595 ____A C:\Users\Mitch\Downloads\SPSS (v19)(4).rdp
2012-01-25 09:57 - 2012-01-25 09:54 - 0000000 ____D C:\Users\Mitch\Application Data\Spotify
2012-01-25 09:57 - 2012-01-25 09:54 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Spotify
2012-01-25 09:54 - 2012-01-25 09:54 - 0085784 ____A (Spotify Ltd) C:\Users\Mitch\Downloads\SpotifySetup.exe
2012-01-25 09:54 - 2012-01-25 09:54 - 0000000 ____D C:\Users\Mitch\Local Settings\Spotify
2012-01-25 09:54 - 2012-01-25 09:54 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\Spotify
2012-01-25 09:54 - 2012-01-25 09:54 - 0000000 ____D C:\Users\Mitch\AppData\Local\Spotify
2012-01-24 18:24 - 2012-01-24 18:24 - 0000000 ____D C:\Users\Mitch\Local Settings\Microsoft Help
2012-01-24 18:24 - 2012-01-24 18:24 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\Microsoft Help
2012-01-24 18:24 - 2012-01-24 18:24 - 0000000 ____D C:\Users\Mitch\AppData\Local\Microsoft Help
2012-01-24 15:12 - 2012-01-24 15:12 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(3).rdp
2012-01-24 08:19 - 2012-01-24 08:19 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(2).rdp
2012-01-24 06:31 - 2012-01-24 06:31 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19)(1).rdp
2012-01-23 23:37 - 2012-01-23 23:37 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-01-23 23:37 - 2012-01-23 23:37 - 0000000 ____D C:\Users\All Users\Application Data\FLEXnet
2012-01-23 23:37 - 2012-01-23 23:37 - 0000000 ____D C:\ProgramData\FLEXnet
2012-01-23 23:37 - 2011-04-09 10:08 - 0000000 ____D C:\Users\Mitch\Application Data\Adobe
2012-01-23 23:37 - 2011-04-09 10:08 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Adobe
2012-01-23 23:33 - 2012-01-23 23:32 - 0000000 ____D C:\Users\Mitch\Local Settings\Google
2012-01-23 23:33 - 2012-01-23 23:32 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\Google
2012-01-23 23:33 - 2012-01-23 23:32 - 0000000 ____D C:\Users\Mitch\AppData\Local\Google
2012-01-23 23:32 - 2012-01-23 23:32 - 0000058 ____A C:\user.js
2012-01-23 23:32 - 2012-01-23 23:32 - 0000000 ____D C:\Program Files (x86)\Softonic
2012-01-23 23:32 - 2012-01-23 23:32 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-23 23:32 - 2011-04-09 08:58 - 0000000 ____D C:\Users\Mitch\AppData\LocalLow
2012-01-23 22:59 - 2012-01-23 22:59 - 11130665 ____A C:\Users\Mitch\Downloads\setupscreenhunter.exe
2012-01-23 22:59 - 2012-01-23 22:59 - 0000000 ____D C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Pro
2012-01-23 15:57 - 2012-01-23 12:38 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2012-01-23 15:57 - 2012-01-23 12:38 - 0000000 ____D C:\Users\All Users\Application Data\VirtualizedApplications
2012-01-23 15:57 - 2012-01-23 12:38 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2012-01-23 10:35 - 2012-01-23 10:35 - 0000000 ___RD C:\MSOCache
2012-01-23 10:28 - 2012-01-23 10:28 - 0000000 ____D C:\Users\Mitch\Local Settings\SoftGrid Client
2012-01-23 10:28 - 2012-01-23 10:28 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\SoftGrid Client
2012-01-23 10:28 - 2012-01-23 10:28 - 0000000 ____D C:\Users\Mitch\AppData\Local\SoftGrid Client
2012-01-23 10:28 - 2012-01-23 10:26 - 0000000 ____D C:\Users\Mitch\Application Data\TP
2012-01-23 10:28 - 2012-01-23 10:26 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\TP
2012-01-23 10:26 - 2012-01-23 10:26 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-23 10:26 - 2010-07-09 23:09 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-01-22 12:42 - 2012-01-22 12:42 - 0000000 ____D C:\Users\Mitch\Application Data\Unity
2012-01-22 12:42 - 2012-01-22 12:42 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Unity
2012-01-22 12:40 - 2012-01-22 12:40 - 0587376 ____A (Unity Technologies ApS) C:\Users\Mitch\Downloads\UnityWebPlayer(1).exe
2012-01-22 12:40 - 2012-01-22 12:40 - 0000000 ____D C:\Users\Mitch\Local Settings\Unity
2012-01-22 12:40 - 2012-01-22 12:40 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\Unity
2012-01-22 12:40 - 2012-01-22 12:40 - 0000000 ____D C:\Users\Mitch\AppData\Local\Unity
2012-01-21 23:46 - 2012-01-21 23:46 - 0000594 ____A C:\Users\Mitch\Downloads\SPSS (v19).rdp
2012-01-21 12:31 - 2012-01-21 12:31 - 0000905 ____A C:\Users\Public\Desktop\LIWC2007.lnk
2012-01-21 12:31 - 2012-01-21 12:31 - 0000905 ____A C:\Users\All Users\Desktop\LIWC2007.lnk
2012-01-21 12:31 - 2012-01-21 12:31 - 0000000 ____D C:\Users\All Users\eSellerate
2012-01-21 12:31 - 2012-01-21 12:31 - 0000000 ____D C:\Users\All Users\Application Data\eSellerate
2012-01-21 12:31 - 2012-01-21 12:31 - 0000000 ____D C:\ProgramData\eSellerate
2012-01-21 12:31 - 2012-01-21 12:31 - 0000000 ____D C:\Program Files (x86)\LIWC2007
2012-01-21 12:31 - 2011-04-09 09:02 - 0000000 ____D C:\Users\Mitch\Local Settings\VirtualStore
2012-01-21 12:31 - 2011-04-09 09:02 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\VirtualStore
2012-01-21 12:31 - 2011-04-09 09:02 - 0000000 ____D C:\Users\Mitch\AppData\Local\VirtualStore
2012-01-21 12:30 - 2012-01-21 12:30 - 1985095 ____A ( ) C:\Users\Mitch\Downloads\LIWC2007_Install.exe
2012-01-20 18:29 - 2012-01-20 18:29 - 0000000 ____D C:\Users\All Users\MFAData
2012-01-20 18:29 - 2012-01-20 18:29 - 0000000 ____D C:\Users\All Users\Application Data\MFAData
2012-01-20 18:29 - 2012-01-20 18:29 - 0000000 ____D C:\ProgramData\MFAData
2012-01-20 18:12 - 2012-01-20 18:12 - 0000000 ____D C:\Users\Mitch\Application Data\Ali
2012-01-20 18:12 - 2012-01-20 18:12 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Ali
2012-01-20 18:01 - 2011-04-10 12:15 - 0002182 ____A C:\Users\Mitch\Desktop\H&R Block Business 2010.LNK
2012-01-20 18:01 - 2011-04-09 18:16 - 0002088 ____A C:\Users\Mitch\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-01-20 18:01 - 2011-04-09 18:16 - 0002088 ____A C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-01-19 19:54 - 2010-07-09 22:47 - 0000000 ____D C:\Program Files (x86)\Cisco
2012-01-19 19:50 - 2012-01-19 19:50 - 0000000 ____D C:\Users\Mitch\Local Settings\Cisco
2012-01-19 19:50 - 2012-01-19 19:50 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\Cisco
2012-01-19 19:50 - 2012-01-19 19:50 - 0000000 ____D C:\Users\Mitch\AppData\Local\Cisco
2012-01-19 19:39 - 2012-01-19 19:39 - 0000000 ____D C:\Users\All Users\Cisco
2012-01-19 19:39 - 2012-01-19 19:39 - 0000000 ____D C:\Users\All Users\Application Data\Cisco
2012-01-19 19:39 - 2012-01-19 19:39 - 0000000 ____D C:\ProgramData\Cisco
2012-01-19 09:37 - 2012-01-19 09:37 - 0000593 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(2).rdp
2012-01-17 14:03 - 2012-01-17 14:03 - 0408926 ____A C:\Users\Mitch\Downloads\Russell Composition History review.rtf
2012-01-15 02:08 - 2009-07-13 23:08 - 0017648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-15 02:05 - 2012-01-15 02:05 - 0532480 ____A (Trend Micro Incorporated) C:\Users\Mitch\Downloads\cwshredder.exe
2012-01-13 22:02 - 2012-02-15 17:17 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-13 18:23 - 2010-07-09 23:11 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-01-13 18:21 - 2010-07-09 23:12 - 0000000 ____D C:\Users\All Users\McAfee
2012-01-13 18:21 - 2010-07-09 23:12 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-01-13 18:21 - 2010-07-09 23:12 - 0000000 ____D C:\ProgramData\McAfee
2012-01-13 08:20 - 2011-06-24 20:18 - 0000000 ____D C:\Users\Mitch\Tracing
2012-01-12 11:25 - 2012-01-12 11:25 - 0000593 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5(1).rdp
2012-01-12 10:38 - 2012-01-12 10:38 - 0013690 ____A C:\Users\Mitch\Downloads\Utkarsh-Resume.docx
2012-01-11 19:30 - 2012-01-11 19:30 - 0000594 ____A C:\Users\Mitch\Downloads\Adobe CS 5.5.rdp
2012-01-11 19:24 - 2012-01-11 19:24 - 0112949 ____A C:\Users\Mitch\Downloads\dylan.pdf
2012-01-09 19:22 - 2012-01-09 19:22 - 0001100 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-01-09 19:22 - 2012-01-09 19:22 - 0001100 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-01-06 23:06 - 2012-01-06 23:03 - 0000000 ____D C:\Users\Mitch\Desktop\Backup-12-23
2012-01-04 03:59 - 2012-02-15 17:18 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 03:58 - 2012-02-15 17:18 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 03:03 - 2012-02-15 17:18 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 03:03 - 2012-02-15 17:18 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-01-03 00:24 - 2012-02-15 17:17 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-01-02 23:44 - 2012-02-15 17:17 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-27 21:59 - 2012-02-15 17:17 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-22 10:11 - 2011-12-22 10:11 - 0000000 ____D C:\Program Files\Avago-HP
2011-12-22 10:11 - 2011-12-22 10:10 - 0023054 ____A C:\P1005.log
2011-12-22 10:10 - 2011-12-22 10:10 - 3715152 ____A C:\Users\Mitch\Downloads\ljP1000_P1500-HB-pnp-win64-en.exe
2011-12-22 10:10 - 2011-12-22 10:10 - 0000000 ____D C:\Program Files\HP
2011-12-21 14:06 - 2011-12-21 14:06 - 0000022 ____A C:\Users\Mitch\Downloads\files.zip
2011-12-21 08:40 - 2011-12-21 08:40 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{e34dc790-8be1-11df-bff4-a4badbda037a}.TxR.blf
2011-12-20 18:02 - 2011-12-20 18:02 - 4448256 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2011-12-17 13:11 - 2011-12-17 13:11 - 0000000 ____D C:\Users\Mitch\Application Data\Garmin
2011-12-17 13:11 - 2011-12-17 13:11 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Garmin
2011-12-16 02:42 - 2012-02-15 17:17 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 01:59 - 2012-02-15 17:17 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 18:54 - 2009-07-13 23:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2011-12-15 18:50 - 2010-07-09 22:50 - 0000000 ____D C:\Users\All Users\WildTangent
2011-12-15 18:50 - 2010-07-09 22:50 - 0000000 ____D C:\Users\All Users\Application Data\WildTangent
2011-12-15 18:50 - 2010-07-09 22:50 - 0000000 ____D C:\ProgramData\WildTangent
2011-12-15 18:45 - 2011-12-15 18:45 - 0000000 ____D C:\Users\Mitch\Application Data\StreamTorrent
2011-12-15 18:45 - 2011-12-15 18:45 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\StreamTorrent
2011-12-15 10:49 - 2011-12-15 10:49 - 0587376 ____A (Unity Technologies ApS) C:\Users\Mitch\Downloads\UnityWebPlayer.exe
2011-12-14 20:32 - 2011-12-14 20:32 - 0085666 ____A C:\Users\Mitch\Downloads\Department GPA and Grade Distribution Report - April 2011.docx.doc.docx
2011-12-11 18:53 - 2011-12-11 17:53 - 0009348 __ASH C:\Users\Mitch\Local Settings\Application Data\783383h8n008h676t544x5xqc2c4
2011-12-11 18:53 - 2011-12-11 17:53 - 0009348 __ASH C:\Users\Mitch\Local Settings\783383h8n008h676t544x5xqc2c4
2011-12-11 18:53 - 2011-12-11 17:53 - 0009348 __ASH C:\Users\Mitch\AppData\Local\783383h8n008h676t544x5xqc2c4
2011-12-11 18:53 - 2011-12-11 17:53 - 0009348 __ASH C:\Users\All Users\Application Data\783383h8n008h676t544x5xqc2c4
2011-12-11 18:53 - 2011-12-11 17:53 - 0009348 __ASH C:\Users\All Users\783383h8n008h676t544x5xqc2c4
2011-12-11 18:53 - 2011-12-11 17:53 - 0009348 __ASH C:\ProgramData\783383h8n008h676t544x5xqc2c4
2011-12-11 18:45 - 2011-12-11 18:45 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-11 18:45 - 2011-12-11 18:45 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2011-12-11 18:45 - 2011-12-11 18:45 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-10 19:24 - 2011-12-10 19:24 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-12-10 19:24 - 2011-12-10 19:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-12-10 19:24 - 2011-12-10 19:19 - 13072536 ____A (Microsoft Corporation) C:\Users\Mitch\Downloads\Silverlight_x64.exe
2011-12-10 14:24 - 2011-12-11 18:45 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 08:40 - 2011-12-10 08:40 - 0277040 ____A C:\Windows\Minidump\121011-31340-01.dmp
2011-12-08 09:50 - 2011-12-08 09:50 - 0049510 ____A C:\Users\Mitch\Downloads\Technological Phenomena.docx
2011-12-06 09:30 - 2011-12-06 09:30 - 0051367 ____A C:\Users\Mitch\Downloads\CW Paper 4-1.docx
2011-12-04 22:39 - 2011-12-04 22:38 - 0014091 ____A C:\Users\Mitch\Downloads\preparePaymentReceipt.do.htm
2011-12-04 22:39 - 2011-12-04 22:38 - 0000000 ____D C:\Users\Mitch\Downloads\preparePaymentReceipt.do_files
2011-12-04 16:09 - 2011-12-04 16:09 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-12-04 16:08 - 2011-12-04 16:08 - 0000000 ____D C:\Windows\System32\Macromed
2011-12-04 16:02 - 2011-12-04 16:02 - 0000000 ____D C:\Users\Mitch\Local Settings\Mozilla
2011-12-04 16:02 - 2011-12-04 16:02 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\Mozilla
2011-12-04 16:02 - 2011-12-04 16:02 - 0000000 ____D C:\Users\Mitch\AppData\Local\Mozilla
2011-12-04 16:02 - 2011-04-10 12:21 - 0000000 ____D C:\Users\Mitch\Application Data\Mozilla
2011-12-04 16:02 - 2011-04-10 12:21 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Mozilla
2011-12-03 14:57 - 2011-12-03 14:57 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2011-12-02 08:39 - 2011-12-02 08:39 - 0000000 ____D C:\Users\Mitch\Application Data\Nitro PDF
2011-12-02 08:39 - 2011-12-02 08:39 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Nitro PDF
2011-12-02 08:38 - 2011-12-02 08:38 - 0000000 ____D C:\Users\All Users\Nitro PDF
2011-12-02 08:38 - 2011-12-02 08:38 - 0000000 ____D C:\Users\All Users\Application Data\Nitro PDF
2011-12-02 08:38 - 2011-12-02 08:38 - 0000000 ____D C:\ProgramData\Nitro PDF
2011-12-02 08:36 - 2011-12-02 08:36 - 0000000 ____D C:\Users\Mitch\Application Data\Downloaded Installations
2011-12-02 08:36 - 2011-12-02 08:36 - 0000000 ____D C:\Users\Mitch\AppData\Roaming\Downloaded Installations
2011-12-02 08:09 - 2011-04-19 15:28 - 0000000 ____D C:\Users\Mitch\Local Settings\Application Data\Adobe
2011-12-02 08:09 - 2011-04-19 15:28 - 0000000 ____D C:\Users\Mitch\Local Settings\Adobe
2011-12-02 08:09 - 2011-04-19 15:28 - 0000000 ____D C:\Users\Mitch\AppData\Local\Adobe
2011-12-01 12:50 - 2011-12-01 12:26 - 0000000 ____D C:\Users\Mitch\Desktop\Assessment

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe
[2011-04-26 18:57] - [2011-02-25 23:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 2008.36 MB
Available physical RAM: 1535.21 MB
Total Pagefile: 2008.36 MB
Available Pagefile: 1522.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:182.71 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:3.74 GB) (Free:0.66 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3835 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 39 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 14 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 218 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F FAT32 Removable 3827 MB Healthy


==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-20 12:25

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:45 AM

Posted 26 February 2012 - 09:16 PM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022
SubSystems: [Windows] ==> ZeroAccess
CMD: bootrec /FixMbr 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cdrm25

cdrm25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 February 2012 - 09:48 PM

Hello again. Now I'm impressed! My laptop is starting up again, and I was able to run ComboFix. Looks like there are still signs of an infection. Here are the requested logs (ComboFix first, and then Fixlog.txt):

ComboFix 12-02-22.01 - Mitch 02/26/2012 11:34:51.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.996 [GMT -5:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 14:06 . 2012-02-26 14:07 -------- d-----w- C:\FRST
2012-02-24 03:31 . 2012-02-24 03:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-23 15:35 . 2012-02-23 15:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 14:39 . 2012-02-23 14:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-23 14:37 . 2012-02-23 14:37 -------- d-----w- c:\program files (x86)\Java
2012-02-22 22:11 . 2012-02-22 22:11 -------- d-----w- c:\windows\Sun
2012-02-15 23:18 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 23:18 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 23:17 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 23:17 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 23:17 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 23:17 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 23:17 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 23:17 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:37 . 2010-07-10 04:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-21 00:02 . 2011-12-21 00:02 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-12-10 20:24 . 2011-12-12 00:45 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:09 . 2011-12-04 22:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-11-02 68896]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\kpz384c8.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-26 11:44:51
ComboFix-quarantined-files.txt 2012-02-26 16:44
ComboFix2.txt 2012-02-26 15:29
.
Pre-Run: 196,124,033,024 bytes free
Post-Run: 195,818,254,336 bytes free
.
- - End Of File - - E90761EA8D0552F9A5745BCA0F80CC71

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 23-02-2012 01
Ran by SYSTEM at 2012-02-26 11:30:58 R:1
Running from F:\

==============================================


The operation completed successfully.
The operation completed successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:45 AM

Posted 26 February 2012 - 10:06 PM

Hello


Glad things are up and running - I want you to rerun aswMBR and send me the report please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cdrm25

cdrm25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 February 2012 - 10:34 PM

Hi, Gringo.

aswMBR ran successfully. Here are the results:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 12:21:24
-----------------------------
12:21:24.673 OS Version: Windows x64 6.1.7600
12:21:24.673 Number of processors: 2 586 0x170A
12:21:24.673 ComputerName: MITCH-PC UserName: Mitch
12:21:25.578 Initialize success
12:22:05.914 AVAST engine defs: 12022604
12:22:12.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:22:12.294 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
12:22:12.310 Disk 0 MBR read successfully
12:22:12.325 Disk 0 MBR scan
12:22:12.325 Disk 0 Windows 7 default MBR code
12:22:12.325 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:22:12.341 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:22:12.372 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
12:22:12.419 Disk 0 scanning C:\Windows\system32\drivers
12:22:23.760 Service scanning
12:22:49.797 Modules scanning
12:22:49.797 Disk 0 trace - called modules:
12:22:49.828 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:22:49.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024c0060]
12:22:49.859 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002247050]
12:22:50.998 AVAST engine scan C:\Windows
12:22:53.525 AVAST engine scan C:\Windows\system32
12:23:03.447 File: C:\Windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
12:25:59.977 AVAST engine scan C:\Windows\system32\drivers
12:26:11.396 AVAST engine scan C:\Users\Mitch
12:30:14.585 AVAST engine scan C:\ProgramData
12:31:22.148 File: C:\ProgramData\Microsoft\Windows\DRM\4BD8.tmp **INFECTED** Win32:Malware-gen
12:31:22.195 File: C:\ProgramData\Microsoft\Windows\DRM\4C18.tmp **INFECTED** Win32:Malware-gen
12:31:39.199 Scan finished successfully
12:31:54.717 Disk 0 MBR has been saved successfully to "C:\Users\Mitch\Desktop\MBR.dat"
12:31:54.748 The log file has been saved successfully to "C:\Users\Mitch\Desktop\aswMBR.txt"
12:33:21.611 Disk 0 MBR has been saved successfully to "C:\Users\Mitch\Desktop\MBR.dat"
12:33:21.627 The log file has been saved successfully to "C:\Users\Mitch\Desktop\aswMBR1.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:45 AM

Posted 27 February 2012 - 12:05 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Windows\system32\consrv.dll

Folder::
C:\ProgramData\Microsoft\Windows\DRM

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cdrm25

cdrm25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 27 February 2012 - 12:45 AM

Hi, Gringo.

Everything went well, and my computer seems to be running fine.

Here is the log for the latest ComboFix scan using the provided CFScript.txt:

ComboFix 12-02-22.01 - Mitch 02/27/2012 0:10.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.1129 [GMT -5:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
Command switches used :: c:\users\Mitch\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\4BD8.tmp
c:\programdata\Microsoft\Windows\DRM\4C18.tmp
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 05:20 . 2012-02-27 05:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 14:06 . 2012-02-26 14:07 -------- d-----w- C:\FRST
2012-02-24 03:32 . 2012-02-24 03:32 -------- d-----w- c:\users\Mitch\AppData\Roaming\SUPERAntiSpyware.com
2012-02-24 03:31 . 2012-02-24 03:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-24 03:31 . 2012-02-24 03:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-23 15:35 . 2012-02-23 15:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-23 14:39 . 2012-02-23 14:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-23 14:37 . 2012-02-23 14:37 -------- d-----w- c:\program files (x86)\Java
2012-02-22 22:11 . 2012-02-22 22:11 -------- d-----w- c:\windows\Sun
2012-02-22 21:05 . 2012-02-22 22:44 -------- d-----w- c:\users\Mitch\AppData\Roaming\Riasur
2012-02-22 21:05 . 2012-02-22 21:05 -------- d-----w- c:\users\Mitch\AppData\Roaming\Opxek
2012-02-22 18:47 . 2012-02-22 22:45 -------- d-----w- c:\users\Mitch\AppData\Local\HandlerPadUsb
2012-02-15 23:18 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 23:18 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 23:17 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 23:17 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 23:17 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 23:17 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 23:17 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 23:17 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:37 . 2010-07-10 04:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-21 00:02 . 2011-12-21 00:02 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-12-10 20:24 . 2011-12-12 00:45 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 22:09 . 2011-12-04 22:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-26_16.41.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-27 05:21 . 2012-02-27 05:21 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-02-24 08:43 . 2012-02-24 08:43 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-07-10 05:16 . 2012-02-27 05:23 38986 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-26 16:34 39886 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-27 05:23 39886 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-10 01:36 . 2012-02-27 05:23 12178 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-978464274-2795889797-727575609-1000_UserData.bin
- 2012-02-26 16:32 . 2012-02-26 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-27 05:21 . 2012-02-27 05:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-26 16:32 . 2012-02-26 16:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-27 05:21 . 2012-02-27 05:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-02-26 16:46 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-22 22:52 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-22 22:52 106950 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-26 16:46 106950 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-02-26 19:12 288496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-27 05:21 288496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-10 15:52 . 2012-02-26 19:12 289264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-978464274-2795889797-727575609-1000-8192.dat
+ 2011-12-10 15:52 . 2012-02-27 05:21 289264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-978464274-2795889797-727575609-1000-8192.dat
- 2009-07-14 02:34 . 2012-02-24 08:59 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-27 04:49 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [BU]
.
c:\users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\users\Mitch\AppData\Local\Temp\quickstart.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-11-02 68896]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-02-11 660800]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14 301568 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-06 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-21 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-21 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-21 365592]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\kpz384c8.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-27 00:42:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 05:42
ComboFix2.txt 2012-02-26 16:44
ComboFix3.txt 2012-02-26 15:29
.
Pre-Run: 195,694,870,528 bytes free
Post-Run: 195,508,555,776 bytes free
.
- - End Of File - - 8075CDCF7F77956B9D6E48A5281E4DAE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users