Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection


  • This topic is locked This topic is locked
29 replies to this topic

#1 buff985

buff985

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 26 February 2012 - 03:51 PM

Hello all,

At the request of user Broni I was told to run DDS and post my logs that it gave to me. To identify the problem Broni and I have already completed the following steps

Security Check
FSS
MiniToolBox
Malwarebytes
aswMBR

The logs for these previous steps are listed in this thread

http://www.bleepingcomputer.com/forums/topic444136.html

The logs created using DDS are attached. Thanks for any and all help! :thumbup2:

Also to add I am running Windows 7 64 bit, so that is why a GMER log is not provided.

Attached Files


Edited by boopme, 26 February 2012 - 08:11 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 27 February 2012 - 03:06 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 buff985

buff985
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 27 February 2012 - 05:56 AM

Gringo,

Before I do this I will let you know that when this first happened (having viewed potential solutions online before) I ran combofix and it ended up putting my computer into a constant reset mode (windows would not load and just kept resetting my computer) luckily I had just created a restore point and had my windows CD with me. If you'd still like me to continue I will. Thanks again!

Edited by buff985, 27 February 2012 - 05:57 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 27 February 2012 - 07:21 AM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 buff985

buff985
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 27 February 2012 - 01:02 PM

So I should still run combofix and then follow your steps if/when my computer goes into that constant state of reset as it did before? Sorry if I'm confused I just want to check before I do anything. Thanks!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 27 February 2012 - 03:03 PM

Hello


No I want you to run this first and then I will decide what direction I want us to go


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 buff985

buff985
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 27 February 2012 - 06:03 PM

Gracias Gringo! Every time I try to make a long post on here (a log copy) I get an error message in both firefox and IE that the connection was reset... and when I tried to send it as an attachment I'm not seeing it pop up... I'm going to attach the report in the next post as I will send it to another computer and post the log from there... thanks!

Edited by buff985, 27 February 2012 - 06:05 PM.


#8 buff985

buff985
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 27 February 2012 - 06:08 PM

Scan result of Farbar Recovery Scan Tool Version: 27-02-2012 01
Ran by SYSTEM at 27-02-2012 17:51:52
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163568 2009-09-04] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-09-13] (CANON INC.)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CMCService] "C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe" [172032 2007-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2006-11-17] (AMD)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [1306 2011-03-22] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Andrew\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [3634024 2009-10-01] (AOL LLC)
HKU\Andrew\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\Andrew\...\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-23] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 CLCapSvc; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe" [262239 2007-08-02] ()
2 CLSched; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe" [110685 2007-08-02] ()
2 CyberLink Media Library Service; "C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe" [1073152 2007-08-02] (Cyberlink)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 mpservice; C:\Windows\System32\WmaCVideo32.dll [6656 2009-07-13] (Oak Technology Inc.)
2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [7636720 2009-09-04] (Microsoft Corporation)
3 ZuneWlanCfgSvc; C:\Windows\system32\ZuneWlanCfgSvc.exe [470256 2009-09-04] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3492128 2009-03-10] (Realtek Semiconductor Corp.)
3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1557376 2009-11-04] (ATI Technologies Inc.)
3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdm64.sys [543744 2009-06-10] (Agere Systems)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561V64.SYS [582680 2007-10-11] (Logitech Inc.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-01] (Duplex Secure Ltd.)
3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
0x01000000 papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [x]
0x01000000 papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: mpservice

============ One Month Created Files and Folders ==============

2012-02-27 14:24 - 2012-02-27 14:24 - 1382485 ____A C:\Users\Andrew\Downloads\FRST64.exe
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At83.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At81.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At79.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At77.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At75.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At73.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At71.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At69.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At67.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At82.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At80.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At78.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At76.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At74.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At72.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At70.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At68.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At66.job
2012-02-26 13:15 - 2012-02-27 04:53 - 0000352 ____A C:\Windows\Tasks\At65.job
2012-02-26 13:15 - 2012-02-27 04:53 - 0000350 ____A C:\Windows\Tasks\At64.job
2012-02-26 13:15 - 2012-02-27 03:53 - 0000352 ____A C:\Windows\Tasks\At63.job
2012-02-26 13:15 - 2012-02-27 03:53 - 0000350 ____A C:\Windows\Tasks\At62.job
2012-02-26 13:15 - 2012-02-27 02:53 - 0000352 ____A C:\Windows\Tasks\At61.job
2012-02-26 13:15 - 2012-02-27 02:53 - 0000350 ____A C:\Windows\Tasks\At60.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At97.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At95.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At59.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At57.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At55.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At53.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At51.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At96.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At94.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At58.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At56.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At54.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At52.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At50.job
2012-02-26 13:15 - 2012-02-26 18:53 - 0000352 ____A C:\Windows\Tasks\At93.job
2012-02-26 13:15 - 2012-02-26 18:53 - 0000350 ____A C:\Windows\Tasks\At92.job
2012-02-26 13:15 - 2012-02-26 17:53 - 0000352 ____A C:\Windows\Tasks\At91.job
2012-02-26 13:15 - 2012-02-26 17:53 - 0000350 ____A C:\Windows\Tasks\At90.job
2012-02-26 13:15 - 2012-02-26 16:53 - 0000352 ____A C:\Windows\Tasks\At89.job
2012-02-26 13:15 - 2012-02-26 16:53 - 0000350 ____A C:\Windows\Tasks\At88.job
2012-02-26 13:15 - 2012-02-26 15:53 - 0000352 ____A C:\Windows\Tasks\At87.job
2012-02-26 13:15 - 2012-02-26 15:53 - 0000350 ____A C:\Windows\Tasks\At86.job
2012-02-26 13:15 - 2012-02-26 14:53 - 0000352 ____A C:\Windows\Tasks\At85.job
2012-02-26 13:15 - 2012-02-26 14:53 - 0000350 ____A C:\Windows\Tasks\At84.job
2012-02-26 12:43 - 2012-02-26 12:43 - 0013636 ____A C:\Users\Andrew\Desktop\DDS.txt
2012-02-26 12:43 - 2012-02-26 12:43 - 0006192 ____A C:\Users\Andrew\Desktop\Attach.txt
2012-02-26 12:40 - 2012-02-26 12:40 - 0607260 ____R (Swearware) C:\Users\Andrew\Desktop\dds.scr
2012-02-26 12:34 - 2012-02-26 12:34 - 0050477 ____A C:\Users\Andrew\Downloads\Defogger.exe
2012-02-26 12:34 - 2012-02-26 12:34 - 0000188 ____A C:\Users\Andrew\defogger_reenable
2012-02-26 07:15 - 2012-02-26 07:15 - 0000000 ____D C:\Users\Andrew\Desktop\sound backup
2012-02-26 07:09 - 2012-02-26 07:09 - 0000000 ____D C:\Users\Andrew\Desktop\sound
2012-02-26 07:09 - 2007-08-09 14:02 - 0000951 ____A C:\Users\Andrew\Desktop\Readme for 1990 Sound Swapper.txt
2012-02-26 07:09 - 2007-08-09 10:01 - 0000880 ____A C:\Users\Andrew\Desktop\Cup90v1.0_Sound_Swapper.lnk
2012-02-26 07:09 - 2007-08-07 16:06 - 0000442 ____A C:\Users\Andrew\Desktop\Cup90v1.0_Sound_Swapper.bat
2012-02-26 07:02 - 2012-02-26 07:02 - 9356271 ____A C:\Users\Andrew\Downloads\cup90_dash_update.rar
2012-02-26 07:02 - 2012-02-26 07:02 - 45919507 ____A C:\Users\Andrew\Downloads\1990_Sound_Swapper_V1.zip
2012-02-26 07:02 - 2012-02-26 07:02 - 36778077 ____A C:\Users\Andrew\Downloads\Cup90_cup.rar
2012-02-26 06:31 - 2012-02-26 07:23 - 0000000 ____D C:\Papyrus
2012-02-26 06:31 - 2012-02-26 06:31 - 0001719 ____A C:\Users\Public\Desktop\NASCAR Racing 2003 Season.lnk
2012-02-26 06:31 - 2003-01-17 00:59 - 0001984 ____A C:\Windows\SysWOW64\Drivers\papycpu2.sys
2012-02-26 06:31 - 2003-01-17 00:59 - 0001856 ____A C:\Windows\SysWOW64\Drivers\papyjoy.sys
2012-02-26 06:03 - 2012-02-26 06:05 - 74920720 ____A C:\Users\Andrew\Downloads\avast_free_antivirus_setup.exe
2012-02-26 05:42 - 2012-02-26 05:42 - 0031969 ____A C:\Users\Andrew\Desktop\Scans.txt
2012-02-26 05:31 - 2012-02-26 05:31 - 0002833 ____A C:\Users\Andrew\Desktop\aswMBR.txt
2012-02-26 05:31 - 2012-02-26 05:31 - 0000512 ____A C:\Users\Andrew\Desktop\MBR.dat
2012-02-26 05:08 - 2012-02-26 05:08 - 0001906 ____A C:\Users\Andrew\Desktop\mbam-log-2012-02-26 (08-01-26).txt
2012-02-26 04:59 - 2012-02-26 05:00 - 0024711 ____A C:\Users\Andrew\Desktop\Result.txt
2012-02-26 04:58 - 2012-02-26 04:58 - 0002450 ____A C:\Users\Andrew\Desktop\FSS.txt
2012-02-26 04:58 - 2012-02-26 04:58 - 0000826 ____A C:\Users\Andrew\Desktop\checkup.txt
2012-02-26 04:55 - 2012-02-26 04:56 - 4730880 ____A (AVAST Software) C:\Users\Andrew\Desktop\aswMBR.exe
2012-02-26 04:55 - 2012-02-26 04:55 - 0396041 ____A C:\Users\Andrew\Desktop\MiniToolBox.exe
2012-02-26 04:55 - 2012-02-26 04:55 - 0337133 ____A C:\Users\Andrew\Desktop\FSS.exe
2012-02-26 04:54 - 2012-02-26 04:54 - 0869194 ____A C:\Users\Andrew\Desktop\SecurityCheck.exe
2012-02-24 03:02 - 2012-02-24 03:02 - 0272880 ____A C:\Windows\Minidump\022412-28390-01.dmp
2012-02-14 17:08 - 2012-01-13 20:06 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-14 17:08 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-02-14 17:08 - 2011-12-16 00:47 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-14 17:08 - 2011-12-16 00:47 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-14 17:08 - 2011-12-16 00:47 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-14 17:08 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-14 17:08 - 2011-12-16 00:45 - 9019904 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-14 17:08 - 2011-12-16 00:45 - 2454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-14 17:08 - 2011-12-16 00:45 - 12263936 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-14 17:08 - 2011-12-16 00:45 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-14 17:08 - 2011-12-16 00:45 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-14 17:08 - 2011-12-16 00:45 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-14 17:08 - 2011-12-16 00:45 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-14 17:08 - 2011-12-15 23:54 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-14 17:08 - 2011-12-15 23:54 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-14 17:08 - 2011-12-15 23:54 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 5997568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 10992128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-14 17:08 - 2011-12-15 23:52 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-14 17:07 - 2011-12-15 22:44 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-14 17:07 - 2011-12-15 22:09 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-07 13:12 - 2012-02-24 03:02 - 484764280 ____A C:\Windows\MEMORY.DMP
2012-02-07 13:12 - 2012-02-07 13:12 - 0272880 ____A C:\Windows\Minidump\020712-23812-01.dmp
2012-02-06 14:58 - 2012-02-06 14:58 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-06 14:57 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-02-06 14:57 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-02-06 14:57 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-02-06 14:57 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-02-06 14:57 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-02-06 14:57 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-02-06 14:57 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-02-06 14:57 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-02-06 14:57 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-02-06 14:57 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-02-06 14:57 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-02-06 14:57 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-02-06 14:57 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-02-06 14:57 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-02-06 14:50 - 2012-02-27 14:47 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-06 14:49 - 2012-02-06 14:49 - 0000000 ____D C:\Windows\system64
2012-02-06 13:56 - 2012-02-06 13:56 - 0017044 ____A C:\ComboFix.txt
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-06 13:39 - 2012-02-06 17:47 - 0000000 ____D C:\Windows\ERDNT
2012-02-06 13:39 - 2012-02-06 13:57 - 0000000 ___AD C:\Qoobox


============ 3 Months Modified Files and Folders =============

2012-02-27 17:52 - 2012-02-27 17:51 - 0000000 ____D C:\FRST
2012-02-27 14:47 - 2012-02-06 14:50 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-27 14:47 - 2010-05-02 17:44 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-27 14:47 - 2010-01-03 18:26 - 0000000 ____D C:\Program Files (x86)\Steam
2012-02-27 14:46 - 2009-11-08 18:17 - 3220873216 __ASH C:\hiberfil.sys
2012-02-27 14:46 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-27 14:46 - 2009-07-13 20:51 - 0041084 ____A C:\Windows\setupact.log
2012-02-27 14:29 - 2009-11-08 15:32 - 1905519 ____A C:\Windows\WindowsUpdate.log
2012-02-27 14:28 - 2011-10-23 16:51 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157535385-3746563878-1818484676-1000UA.job
2012-02-27 14:26 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-27 14:24 - 2012-02-27 14:24 - 1382485 ____A C:\Users\Andrew\Downloads\FRST64.exe
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At83.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At81.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At79.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At77.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At75.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At73.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At71.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At69.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At67.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At82.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At80.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At78.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At76.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At74.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At72.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At70.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At68.job
2012-02-27 14:23 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At66.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At35.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At33.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At31.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At29.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At27.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At25.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At23.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At21.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At19.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At34.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At32.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At30.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At28.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At26.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At24.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At22.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At20.job
2012-02-27 14:23 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At18.job
2012-02-27 14:23 - 2010-05-02 17:44 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-27 04:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At65.job
2012-02-27 04:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At64.job
2012-02-27 04:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At17.job
2012-02-27 04:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At16.job
2012-02-27 03:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At63.job
2012-02-27 03:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At62.job
2012-02-27 03:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At15.job
2012-02-27 03:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At14.job
2012-02-27 03:00 - 2011-10-23 16:51 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157535385-3746563878-1818484676-1000Core.job
2012-02-27 02:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At61.job
2012-02-27 02:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At60.job
2012-02-27 02:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At13.job
2012-02-27 02:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At12.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At97.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At95.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At59.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At57.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At55.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At53.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At51.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At96.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At94.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At58.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At56.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At54.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At52.job
2012-02-27 02:52 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At50.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At9.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At7.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At5.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At49.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At47.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At11.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At8.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At6.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At48.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At46.job
2012-02-27 02:52 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At10.job
2012-02-27 02:52 - 2011-11-23 07:43 - 0000352 ____A C:\Windows\Tasks\At3.job
2012-02-27 02:52 - 2011-11-23 07:43 - 0000350 ____A C:\Windows\Tasks\At4.job
2012-02-27 02:52 - 2011-11-23 07:43 - 0000350 ____A C:\Windows\Tasks\At2.job
2012-02-26 18:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At93.job
2012-02-26 18:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At92.job
2012-02-26 18:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At45.job
2012-02-26 18:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At44.job
2012-02-26 17:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At91.job
2012-02-26 17:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At90.job
2012-02-26 17:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At43.job
2012-02-26 17:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At42.job
2012-02-26 16:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At89.job
2012-02-26 16:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At88.job
2012-02-26 16:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At41.job
2012-02-26 16:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At40.job
2012-02-26 15:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At87.job
2012-02-26 15:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At86.job
2012-02-26 15:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At39.job
2012-02-26 15:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At38.job
2012-02-26 14:53 - 2012-02-26 13:15 - 0000352 ____A C:\Windows\Tasks\At85.job
2012-02-26 14:53 - 2012-02-26 13:15 - 0000350 ____A C:\Windows\Tasks\At84.job
2012-02-26 14:53 - 2011-11-23 07:44 - 0000352 ____A C:\Windows\Tasks\At37.job
2012-02-26 14:53 - 2011-11-23 07:44 - 0000350 ____A C:\Windows\Tasks\At36.job
2012-02-26 13:19 - 2011-11-23 07:44 - 0000112 ____A C:\Users\All Users\g7aS5WOG.dat
2012-02-26 13:19 - 2011-11-23 07:44 - 0000112 ____A C:\ProgramData\g7aS5WOG.dat
2012-02-26 13:16 - 2011-11-23 07:43 - 0083968 ____A C:\Windows\SysWOW64\LR5HuuN4.com_
2012-02-26 13:15 - 2011-11-23 07:47 - 0000001 ____A C:\Windows\SysWOW64\LR5HuuN4.com.b
2012-02-26 12:43 - 2012-02-26 12:43 - 0013636 ____A C:\Users\Andrew\Desktop\DDS.txt
2012-02-26 12:43 - 2012-02-26 12:43 - 0006192 ____A C:\Users\Andrew\Desktop\Attach.txt
2012-02-26 12:42 - 2009-07-13 20:45 - 0013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-26 12:42 - 2009-07-13 20:45 - 0013456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-26 12:40 - 2012-02-26 12:40 - 0607260 ____R (Swearware) C:\Users\Andrew\Desktop\dds.scr
2012-02-26 12:34 - 2012-02-26 12:34 - 0050477 ____A C:\Users\Andrew\Downloads\Defogger.exe
2012-02-26 12:34 - 2012-02-26 12:34 - 0000188 ____A C:\Users\Andrew\defogger_reenable
2012-02-26 12:34 - 2009-11-14 09:11 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-26 12:34 - 2009-11-08 15:32 - 0000000 ____D C:\users\Andrew
2012-02-26 07:23 - 2012-02-26 06:31 - 0000000 ____D C:\Papyrus
2012-02-26 07:15 - 2012-02-26 07:15 - 0000000 ____D C:\Users\Andrew\Desktop\sound backup
2012-02-26 07:09 - 2012-02-26 07:09 - 0000000 ____D C:\Users\Andrew\Desktop\sound
2012-02-26 07:02 - 2012-02-26 07:02 - 9356271 ____A C:\Users\Andrew\Downloads\cup90_dash_update.rar
2012-02-26 07:02 - 2012-02-26 07:02 - 45919507 ____A C:\Users\Andrew\Downloads\1990_Sound_Swapper_V1.zip
2012-02-26 07:02 - 2012-02-26 07:02 - 36778077 ____A C:\Users\Andrew\Downloads\Cup90_cup.rar
2012-02-26 06:53 - 2011-01-17 04:10 - 0000000 ____D C:\Program Files\PeerBlock
2012-02-26 06:32 - 2009-11-08 15:52 - 0000000 ____D C:\Users\Andrew\AppData\Local\Google
2012-02-26 06:31 - 2012-02-26 06:31 - 0001719 ____A C:\Users\Public\Desktop\NASCAR Racing 2003 Season.lnk
2012-02-26 06:31 - 2010-12-21 06:47 - 0000529 ____A C:\Windows\SIERRA.INI
2012-02-26 06:31 - 2009-11-08 15:47 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-26 06:27 - 2009-11-19 16:53 - 0000000 ____D C:\Users\Andrew\AppData\Roaming\Azureus
2012-02-26 06:05 - 2012-02-26 06:03 - 74920720 ____A C:\Users\Andrew\Downloads\avast_free_antivirus_setup.exe
2012-02-26 06:01 - 2009-11-19 16:53 - 0000000 ____D C:\Users\Andrew\Documents\Azureus Downloads
2012-02-26 05:42 - 2012-02-26 05:42 - 0031969 ____A C:\Users\Andrew\Desktop\Scans.txt
2012-02-26 05:31 - 2012-02-26 05:31 - 0002833 ____A C:\Users\Andrew\Desktop\aswMBR.txt
2012-02-26 05:31 - 2012-02-26 05:31 - 0000512 ____A C:\Users\Andrew\Desktop\MBR.dat
2012-02-26 05:08 - 2012-02-26 05:08 - 0001906 ____A C:\Users\Andrew\Desktop\mbam-log-2012-02-26 (08-01-26).txt
2012-02-26 05:00 - 2012-02-26 04:59 - 0024711 ____A C:\Users\Andrew\Desktop\Result.txt
2012-02-26 04:58 - 2012-02-26 04:58 - 0002450 ____A C:\Users\Andrew\Desktop\FSS.txt
2012-02-26 04:58 - 2012-02-26 04:58 - 0000826 ____A C:\Users\Andrew\Desktop\checkup.txt
2012-02-26 04:56 - 2012-02-26 04:55 - 4730880 ____A (AVAST Software) C:\Users\Andrew\Desktop\aswMBR.exe
2012-02-26 04:55 - 2012-02-26 04:55 - 0396041 ____A C:\Users\Andrew\Desktop\MiniToolBox.exe
2012-02-26 04:55 - 2012-02-26 04:55 - 0337133 ____A C:\Users\Andrew\Desktop\FSS.exe
2012-02-26 04:54 - 2012-02-26 04:54 - 0869194 ____A C:\Users\Andrew\Desktop\SecurityCheck.exe
2012-02-24 03:02 - 2012-02-24 03:02 - 0272880 ____A C:\Windows\Minidump\022412-28390-01.dmp
2012-02-24 03:02 - 2012-02-07 13:12 - 484764280 ____A C:\Windows\MEMORY.DMP
2012-02-24 03:02 - 2010-11-23 16:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-24 03:02 - 2010-02-23 13:42 - 0000000 ____D C:\Windows\Minidump
2012-02-22 17:45 - 2011-10-23 16:52 - 0002407 ____A C:\Users\Andrew\Desktop\Google Chrome.lnk
2012-02-22 17:43 - 2011-07-21 11:21 - 0000000 ____D C:\VueScan
2012-02-15 00:06 - 2009-07-13 20:45 - 0287456 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-15 00:01 - 2009-11-14 09:20 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-07 13:12 - 2012-02-07 13:12 - 0272880 ____A C:\Windows\Minidump\020712-23812-01.dmp
2012-02-06 18:38 - 2009-11-08 15:54 - 0014490 ____A C:\Windows\PFRO.log
2012-02-06 18:37 - 2011-04-25 04:17 - 0000000 __RAD C:\Users\Andrew\Desktop\My Old Documents
2012-02-06 17:47 - 2012-02-06 13:39 - 0000000 ____D C:\Windows\ERDNT
2012-02-06 17:47 - 2011-12-10 18:00 - 0000000 ____D C:\Program Files (x86)\Codemasters
2012-02-06 17:47 - 2011-12-03 07:13 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-02-06 17:47 - 2010-10-15 11:28 - 0000000 ____D C:\Users\All Users\McAfee Security Scan
2012-02-06 17:47 - 2010-10-15 11:28 - 0000000 ____D C:\ProgramData\McAfee Security Scan
2012-02-06 17:47 - 2010-01-02 14:49 - 0000000 ____D C:\Users\Andrew\AppData\Local\CatalystMC
2012-02-06 17:47 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-06 17:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-02-06 17:45 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-02-06 17:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-02-06 17:43 - 2009-07-13 19:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-06 14:59 - 2011-11-23 07:44 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-06 14:58 - 2012-02-06 14:58 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-06 14:49 - 2012-02-06 14:49 - 0000000 ____D C:\Windows\system64
2012-02-06 14:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-02-06 13:57 - 2012-02-06 13:39 - 0000000 ___AD C:\Qoobox
2012-02-06 13:56 - 2012-02-06 13:56 - 0017044 ____A C:\ComboFix.txt
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-02-06 13:46 - 2012-02-06 13:46 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-02-06 13:46 - 2009-07-13 18:34 - 56885248 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-02-06 13:46 - 2009-07-13 18:34 - 13893632 ____A C:\Windows\System32\config\SYSTEM.bak
2012-02-06 13:46 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-02-06 13:46 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-02-06 13:46 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-01-21 21:12 - 2012-01-21 21:12 - 0274616 ____A C:\Windows\Minidump\012212-23312-01.dmp
2012-01-13 20:06 - 2012-02-14 17:08 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-12 09:41 - 2012-01-12 09:41 - 0274616 ____A C:\Windows\Minidump\011212-33984-01.dmp
2011-12-30 12:03 - 2011-12-28 14:52 - 0000000 ____D C:\Users\Andrew\Documents\Hunting Unlimited 2010
2011-12-28 14:51 - 2011-12-28 14:51 - 0001999 ____A C:\Users\Public\Desktop\Hunting Unlimited 2010.lnk
2011-12-28 14:51 - 2011-12-28 14:50 - 0000000 ____D C:\Program Files (x86)\Hunting Unlimited 2010
2011-12-28 14:40 - 2011-12-28 14:39 - 0000000 ____D C:\Users\Andrew\Documents\Drive Green
2011-12-28 14:39 - 2011-12-28 14:39 - 0002036 ____A C:\Users\Public\Desktop\John Deere Drive Green.lnk
2011-12-28 14:38 - 2011-12-28 14:38 - 0000000 ____D C:\Program Files (x86)\John Deere Drive Green
2011-12-28 13:55 - 2011-12-28 13:54 - 0000000 ____D C:\Users\Andrew\Documents\18 WoS American Long Haul
2011-12-28 13:54 - 2011-12-28 13:54 - 0002001 ____A C:\Users\Public\Desktop\18 WoS American Long Haul.lnk
2011-12-28 13:53 - 2011-12-28 13:53 - 0000000 ____D C:\Program Files (x86)\18 WoS American Long Haul
2011-12-27 19:59 - 2012-02-14 17:08 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-18 14:50 - 2011-12-18 14:50 - 0274616 ____A C:\Windows\Minidump\121811-31546-01.dmp
2011-12-18 09:43 - 2011-12-18 09:43 - 0274616 ____A C:\Windows\Minidump\121811-27031-01.dmp
2011-12-18 00:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-16 00:47 - 2012-02-14 17:08 - 1494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 00:47 - 2012-02-14 17:08 - 1188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 00:47 - 2012-02-14 17:08 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-16 00:46 - 2012-02-14 17:08 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2011-12-16 00:45 - 2012-02-14 17:08 - 9019904 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-16 00:45 - 2012-02-14 17:08 - 2454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-16 00:45 - 2012-02-14 17:08 - 12263936 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-16 00:45 - 2012-02-14 17:08 - 0702464 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-16 00:45 - 2012-02-14 17:08 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-16 00:45 - 2012-02-14 17:08 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-16 00:45 - 2012-02-14 17:08 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 23:54 - 2012-02-14 17:08 - 1231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-15 23:54 - 2012-02-14 17:08 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-15 23:54 - 2012-02-14 17:08 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 5997568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 2073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 10992128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 23:52 - 2012-02-14 17:08 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 22:44 - 2012-02-14 17:07 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 22:09 - 2012-02-14 17:07 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-11 12:22 - 2011-12-11 12:22 - 0274616 ____A C:\Windows\Minidump\121111-20406-01.dmp
2011-12-11 09:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-12-11 07:36 - 2011-12-11 07:36 - 0000000 ____D C:\Users\Andrew\Desktop\Attache Backup
2011-12-11 05:45 - 2011-12-03 06:03 - 0000000 ____D C:\Users\Andrew\AppData\Roaming\Spotify
2011-12-10 18:31 - 2011-12-10 18:31 - 0000000 ____D C:\Program Files\Logitech
2011-12-10 18:31 - 2011-12-10 18:31 - 0000000 ____D C:\Program Files\Common Files\Logitech
2011-12-10 18:31 - 2011-12-10 18:30 - 16159392 ____A (Logitech ) C:\Users\Andrew\Downloads\[wikidrivers.com] lgs508_x64.exe
2011-12-10 18:15 - 2011-12-10 18:15 - 0000000 __SHD C:\Users\All Users\DSS
2011-12-10 18:15 - 2011-12-10 18:15 - 0000000 __SHD C:\ProgramData\DSS
2011-12-10 18:15 - 2011-12-10 18:15 - 0000000 ____D C:\Users\All Users\Codemasters
2011-12-10 18:15 - 2011-12-10 18:15 - 0000000 ____D C:\ProgramData\Codemasters
2011-12-10 18:15 - 2011-09-25 14:03 - 0000000 ____D C:\Users\Andrew\Documents\My Games
2011-12-10 18:12 - 2010-11-21 06:39 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-12-10 18:10 - 2011-12-10 18:10 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2011-12-10 18:10 - 2011-12-10 18:10 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2011-12-10 18:10 - 2011-12-10 18:10 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2011-12-10 18:10 - 2011-12-10 18:10 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2011-12-10 18:10 - 2011-12-10 18:10 - 0000000 ____D C:\Program Files (x86)\OpenAL
2011-12-10 18:10 - 2011-12-10 18:10 - 0000000 ____D C:\Program Files (x86)\BRS
2011-12-10 18:09 - 2011-12-10 18:09 - 0001988 ____A C:\Users\Public\Desktop\DiRT 3.lnk
2011-12-10 12:24 - 2011-11-23 07:44 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 06:40 - 2011-12-03 06:03 - 0000000 ____D C:\Users\Andrew\AppData\Local\Spotify
2011-12-03 07:13 - 2011-12-03 07:12 - 0074750 ____A C:\TDSSKiller.2.6.21.0_03.12.2011_10.12.49_log.txt
2011-12-03 06:03 - 2011-12-03 06:03 - 0086296 ____A (Spotify Ltd) C:\Users\Andrew\Downloads\SpotifySetup.exe
2011-12-03 06:03 - 2011-12-03 06:03 - 0000919 ____A C:\Users\Andrew\Desktop\Spotify.lnk
2011-11-30 15:55 - 2011-11-30 15:54 - 0000000 ____D C:\Users\Andrew\Desktop\Backup

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4095.55 MB
Available physical RAM: 3495.02 MB
Total Pagefile: 4093.7 MB
Available Pagefile: 3479.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:127.99 GB) (Free:33.34 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (New Volume) (Fixed) (Total:570.65 GB) (Free:411.72 GB) NTFS
4 Drive f: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
6 Drive h: () (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 949 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 127 GB 31 KB
Partition 2 Primary 570 GB 127 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 127 GB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D New Volume NTFS Partition 570 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 949 MB 4096 B

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 949 MB Healthy



==========================================================

Last Boot: 2012-02-22 18:36

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 27 February 2012 - 09:35 PM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 mpservice; C:\Windows\System32\WmaCVideo32.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\WmaCVideo32.dll 
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At83.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At81.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At79.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At77.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At75.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At73.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At71.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At69.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000352 ____A C:\Windows\Tasks\At67.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At82.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At80.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At78.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At76.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At74.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At72.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At70.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At68.job
2012-02-26 13:15 - 2012-02-27 14:23 - 0000350 ____A C:\Windows\Tasks\At66.job
2012-02-26 13:15 - 2012-02-27 04:53 - 0000352 ____A C:\Windows\Tasks\At65.job
2012-02-26 13:15 - 2012-02-27 04:53 - 0000350 ____A C:\Windows\Tasks\At64.job
2012-02-26 13:15 - 2012-02-27 03:53 - 0000352 ____A C:\Windows\Tasks\At63.job
2012-02-26 13:15 - 2012-02-27 03:53 - 0000350 ____A C:\Windows\Tasks\At62.job
2012-02-26 13:15 - 2012-02-27 02:53 - 0000352 ____A C:\Windows\Tasks\At61.job
2012-02-26 13:15 - 2012-02-27 02:53 - 0000350 ____A C:\Windows\Tasks\At60.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At97.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At95.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At59.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At57.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At55.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At53.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000352 ____A C:\Windows\Tasks\At51.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At96.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At94.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At58.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At56.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At54.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At52.job
2012-02-26 13:15 - 2012-02-27 02:52 - 0000350 ____A C:\Windows\Tasks\At50.job
2012-02-26 13:15 - 2012-02-26 18:53 - 0000352 ____A C:\Windows\Tasks\At93.job
2012-02-26 13:15 - 2012-02-26 18:53 - 0000350 ____A C:\Windows\Tasks\At92.job
2012-02-26 13:15 - 2012-02-26 17:53 - 0000352 ____A C:\Windows\Tasks\At91.job
2012-02-26 13:15 - 2012-02-26 17:53 - 0000350 ____A C:\Windows\Tasks\At90.job
2012-02-26 13:15 - 2012-02-26 16:53 - 0000352 ____A C:\Windows\Tasks\At89.job
2012-02-26 13:15 - 2012-02-26 16:53 - 0000350 ____A C:\Windows\Tasks\At88.job
2012-02-26 13:15 - 2012-02-26 15:53 - 0000352 ____A C:\Windows\Tasks\At87.job
2012-02-26 13:15 - 2012-02-26 15:53 - 0000350 ____A C:\Windows\Tasks\At86.job
2012-02-26 13:15 - 2012-02-26 14:53 - 0000352 ____A C:\Windows\Tasks\At85.job
2012-02-26 13:15 - 2012-02-26 14:53 - 0000350 ____A C:\Windows\Tasks\At84.job
2012-02-06 14:50 - 2012-02-27 14:47 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-26 13:16 - 2011-11-23 07:43 - 0083968 ____A C:\Windows\SysWOW64\LR5HuuN4.com_
2012-02-26 13:15 - 2011-11-23 07:47 - 0000001 ____A C:\Windows\SysWOW64\LR5HuuN4.com.b 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 buff985

buff985
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 28 February 2012 - 04:47 PM

Gringo,

Here is the log you requested. Thanks again for all the hard work.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-02-2012 01
Ran by SYSTEM at 2012-02-28 16:45:13 R:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
mpservice service deleted successfully.
C:\Windows\System32\WmaCVideo32.dll moved successfully.
C:\Windows\Tasks\At83.job moved successfully.
C:\Windows\Tasks\At81.job moved successfully.
C:\Windows\Tasks\At79.job moved successfully.
C:\Windows\Tasks\At77.job moved successfully.
C:\Windows\Tasks\At75.job moved successfully.
C:\Windows\Tasks\At73.job moved successfully.
C:\Windows\Tasks\At71.job moved successfully.
C:\Windows\Tasks\At69.job moved successfully.
C:\Windows\Tasks\At67.job moved successfully.
C:\Windows\Tasks\At82.job moved successfully.
C:\Windows\Tasks\At80.job moved successfully.
C:\Windows\Tasks\At78.job moved successfully.
C:\Windows\Tasks\At76.job moved successfully.
C:\Windows\Tasks\At74.job moved successfully.
C:\Windows\Tasks\At72.job moved successfully.
C:\Windows\Tasks\At70.job moved successfully.
C:\Windows\Tasks\At68.job moved successfully.
C:\Windows\Tasks\At66.job moved successfully.
C:\Windows\Tasks\At65.job moved successfully.
C:\Windows\Tasks\At64.job moved successfully.
C:\Windows\Tasks\At63.job moved successfully.
C:\Windows\Tasks\At62.job moved successfully.
C:\Windows\Tasks\At61.job moved successfully.
C:\Windows\Tasks\At60.job moved successfully.
C:\Windows\Tasks\At97.job moved successfully.
C:\Windows\Tasks\At95.job moved successfully.
C:\Windows\Tasks\At59.job moved successfully.
C:\Windows\Tasks\At57.job moved successfully.
C:\Windows\Tasks\At55.job moved successfully.
C:\Windows\Tasks\At53.job moved successfully.
C:\Windows\Tasks\At51.job moved successfully.
C:\Windows\Tasks\At96.job moved successfully.
C:\Windows\Tasks\At94.job moved successfully.
C:\Windows\Tasks\At58.job moved successfully.
C:\Windows\Tasks\At56.job moved successfully.
C:\Windows\Tasks\At54.job moved successfully.
C:\Windows\Tasks\At52.job moved successfully.
C:\Windows\Tasks\At50.job moved successfully.
C:\Windows\Tasks\At93.job moved successfully.
C:\Windows\Tasks\At92.job moved successfully.
C:\Windows\Tasks\At91.job moved successfully.
C:\Windows\Tasks\At90.job moved successfully.
C:\Windows\Tasks\At89.job moved successfully.
C:\Windows\Tasks\At88.job moved successfully.
C:\Windows\Tasks\At87.job moved successfully.
C:\Windows\Tasks\At86.job moved successfully.
C:\Windows\Tasks\At85.job moved successfully.
C:\Windows\Tasks\At84.job moved successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\Windows\SysWOW64\LR5HuuN4.com_ moved successfully.
C:\Windows\SysWOW64\LR5HuuN4.com.b moved successfully.

==== End of Fixlog ====

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 29 February 2012 - 08:28 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 buff985

buff985
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 01 March 2012 - 03:57 PM

Gringo,

No problems posting this time. Firefox asked if it wanted to be the default browser (which is different as it always was before). Haven't surfed around the net to see any changes.

Below is the log. The first time I ran it I looked at it very early in the morning and closed it accidentally and saw that it didn't save automatically. This is the 2nd time I ran combofix and I copied the log and saved it. I hope this wasn't a problem. Thanks!

ComboFix 12-02-29.01 - Andrew 03/01/2012 6:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4096.2464 [GMT -5:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-03-01 11:03 . 2012-03-01 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 01:51 . 2012-02-28 01:52 -------- d-----w- C:\FRST
2012-02-26 14:31 . 2003-01-17 08:59 1984 ----a-w- c:\windows\SysWow64\drivers\papycpu2.sys
2012-02-26 14:31 . 2003-01-17 08:59 1856 ----a-w- c:\windows\SysWow64\drivers\papyjoy.sys
2012-02-26 14:31 . 2012-02-26 15:23 -------- d-----w- C:\Papyrus
2012-02-15 01:07 . 2011-12-16 06:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 01:07 . 2011-12-16 06:09 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-06 22:49 . 2012-02-06 22:49 -------- d-----we c:\windows\system64
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 14:13 . 2010-07-08 23:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-17 14:12 . 2010-09-03 02:39 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-17 14:12 . 2010-09-03 02:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-17 14:12 . 2010-07-08 23:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-11 02:10 . 2011-12-11 02:10 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-11 02:10 . 2011-12-11 02:10 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-11 02:10 . 2011-12-11 02:10 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-11 02:10 . 2011-12-11 02:10 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-10 20:24 . 2011-11-23 15:44 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 17:53 . 2010-09-03 02:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-01_00.03.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-11-08 23:44 . 2012-02-29 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-08 23:44 . 2012-03-01 10:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-08 23:44 . 2012-02-29 23:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-08 23:44 . 2012-03-01 10:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-01 10:57 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-28 21:46 786432 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-09 07:00 . 2012-03-01 10:56 453572 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-11-09 07:00 . 2012-03-01 10:56 453572 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:54 . 2012-02-28 21:46 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-01 10:57 6504448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-28 21:46 6258688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-01 10:57 6258688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 20:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-11-29 20:26 3908192 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2009-10-01 3634024]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"CMCService"="c:\program files (x86)\ATI\Catalyst Media Center\CMCService.exe" [2007-08-02 172032]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-22 1306]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew]
2011-11-29 22:44 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-03 01:43]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-03 01:43]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157535385-3746563878-1818484676-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 00:51]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157535385-3746563878-1818484676-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24 00:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-03-10 604704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 163568]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mpservice
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\u6dwr4nd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.csnphilly.com/pages/main
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
"ImagePath"="\"c:\program files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe\"\00\00p\07\00\00\00\00\10\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\002\11”pÐ+
[u0\14\00Ð\07\00\01\00p\00\00\00\00\00€\03\00\18\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\08æ"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3157535385-3746563878-1818484676-1000\Software\SecuROM\License information*]
"datasecu"=hex:36,a1,eb,90,1f,24,de,06,dd,cc,f6,9d,26,d0,08,e5,51,ed,bd,9f,6c,
64,22,c3,e7,cd,93,81,65,c4,b7,04,f9,7d,f7,1a,e6,16,d4,24,64,8b,da,75,e2,33,\
"rkeysecu"=hex:82,3f,8c,06,a6,09,c9,c2,5f,60,83,94,1f,b9,eb,41
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-01 06:05:23
ComboFix-quarantined-files.txt 2012-03-01 11:05
ComboFix2.txt 2012-03-01 00:05
ComboFix3.txt 2012-02-06 21:56
ComboFix4.txt 2008-01-18 02:25
.
Pre-Run: 36,231,630,848 bytes free
Post-Run: 36,181,532,672 bytes free
.
- - End Of File - - 96E409FCB98A344F2EE936AAE0B341B8

Edited by buff985, 01 March 2012 - 03:59 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 01 March 2012 - 08:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 buff985

buff985
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 03 March 2012 - 12:22 PM

Hola Gringo!

Here's the TDSSKiller report, no infections found...

12:21:15.0912 0928 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
12:21:16.0177 0928 ============================================================
12:21:16.0177 0928 Current date / time: 2012/03/03 12:21:16.0177
12:21:16.0177 0928 SystemInfo:
12:21:16.0177 0928
12:21:16.0177 0928 OS Version: 6.1.7601 ServicePack: 1.0
12:21:16.0177 0928 Product type: Workstation
12:21:16.0177 0928 ComputerName: ANDREW-PC
12:21:16.0177 0928 UserName: Andrew
12:21:16.0177 0928 Windows directory: C:\Windows
12:21:16.0177 0928 System windows directory: C:\Windows
12:21:16.0177 0928 Running under WOW64
12:21:16.0177 0928 Processor architecture: Intel x64
12:21:16.0177 0928 Number of processors: 2
12:21:16.0177 0928 Page size: 0x1000
12:21:16.0177 0928 Boot type: Normal boot
12:21:16.0177 0928 ============================================================
12:21:17.0083 0928 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:21:17.0083 0928 \Device\Harddisk0\DR0:
12:21:17.0083 0928 MBR used
12:21:17.0083 0928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
12:21:17.0083 0928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFB000, BlocksNum 0x4754A800
12:21:17.0146 0928 Initialize success
12:21:17.0146 0928 ============================================================
12:21:22.0115 3364 ============================================================
12:21:22.0115 3364 Scan started
12:21:22.0115 3364 Mode: Manual;
12:21:22.0115 3364 ============================================================
12:21:23.0333 3364 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:21:23.0349 3364 1394ohci - ok
12:21:23.0380 3364 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:21:23.0380 3364 ACPI - ok
12:21:23.0412 3364 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:21:23.0412 3364 AcpiPmi - ok
12:21:23.0458 3364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:21:23.0474 3364 adp94xx - ok
12:21:23.0490 3364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:21:23.0490 3364 adpahci - ok
12:21:23.0521 3364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:21:23.0521 3364 adpu320 - ok
12:21:23.0583 3364 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:21:23.0599 3364 AFD - ok
12:21:23.0630 3364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:21:23.0630 3364 agp440 - ok
12:21:23.0724 3364 ALCXWDM (27dc3ffffd5fd0bf96ca86c9fb784056) C:\Windows\system32\drivers\RTKVAC64.SYS
12:21:23.0740 3364 ALCXWDM - ok
12:21:23.0771 3364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:21:23.0771 3364 aliide - ok
12:21:23.0802 3364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:21:23.0802 3364 amdide - ok
12:21:23.0833 3364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:21:23.0833 3364 AmdK8 - ok
12:21:24.0005 3364 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:21:24.0052 3364 amdkmdag - ok
12:21:24.0099 3364 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
12:21:24.0099 3364 amdkmdap - ok
12:21:24.0115 3364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:21:24.0115 3364 AmdPPM - ok
12:21:24.0146 3364 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
12:21:24.0146 3364 amdsata - ok
12:21:24.0162 3364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:21:24.0162 3364 amdsbs - ok
12:21:24.0193 3364 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
12:21:24.0193 3364 amdxata - ok
12:21:24.0224 3364 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:21:24.0224 3364 AppID - ok
12:21:24.0255 3364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:21:24.0255 3364 arc - ok
12:21:24.0287 3364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:21:24.0287 3364 arcsas - ok
12:21:24.0302 3364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:21:24.0302 3364 AsyncMac - ok
12:21:24.0333 3364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:21:24.0333 3364 atapi - ok
12:21:24.0427 3364 ATIAVPCI (2fdf783e6285c3765de5520296df1cab) C:\Windows\system32\DRIVERS\atinavrr.sys
12:21:24.0443 3364 ATIAVPCI - ok
12:21:24.0724 3364 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:21:24.0771 3364 atikmdag - ok
12:21:24.0833 3364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:21:24.0833 3364 b06bdrv - ok
12:21:24.0849 3364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:21:24.0849 3364 b57nd60a - ok
12:21:24.0880 3364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:21:24.0880 3364 Beep - ok
12:21:24.0912 3364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:21:24.0912 3364 blbdrive - ok
12:21:24.0943 3364 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:21:24.0943 3364 bowser - ok
12:21:24.0958 3364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:21:24.0958 3364 BrFiltLo - ok
12:21:24.0990 3364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:21:24.0990 3364 BrFiltUp - ok
12:21:25.0021 3364 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:21:25.0021 3364 BridgeMP - ok
12:21:25.0037 3364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:21:25.0037 3364 Brserid - ok
12:21:25.0052 3364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:21:25.0052 3364 BrSerWdm - ok
12:21:25.0068 3364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:21:25.0068 3364 BrUsbMdm - ok
12:21:25.0099 3364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:21:25.0099 3364 BrUsbSer - ok
12:21:25.0130 3364 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
12:21:25.0130 3364 BthEnum - ok
12:21:25.0162 3364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:21:25.0162 3364 BTHMODEM - ok
12:21:25.0193 3364 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:21:25.0193 3364 BthPan - ok
12:21:25.0224 3364 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
12:21:25.0224 3364 BTHPORT - ok
12:21:25.0255 3364 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
12:21:25.0255 3364 BTHUSB - ok
12:21:25.0255 3364 catchme - ok
12:21:25.0287 3364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:21:25.0287 3364 cdfs - ok
12:21:25.0318 3364 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:21:25.0318 3364 cdrom - ok
12:21:25.0333 3364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:21:25.0333 3364 circlass - ok
12:21:25.0380 3364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:21:25.0380 3364 CLFS - ok
12:21:25.0412 3364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:21:25.0412 3364 CmBatt - ok
12:21:25.0443 3364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:21:25.0443 3364 cmdide - ok
12:21:25.0490 3364 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:21:25.0505 3364 CNG - ok
12:21:25.0521 3364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:21:25.0521 3364 Compbatt - ok
12:21:25.0568 3364 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:21:25.0568 3364 CompositeBus - ok
12:21:25.0599 3364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:21:25.0599 3364 crcdisk - ok
12:21:25.0662 3364 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:21:25.0662 3364 DfsC - ok
12:21:25.0693 3364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:21:25.0693 3364 discache - ok
12:21:25.0708 3364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:21:25.0708 3364 Disk - ok
12:21:25.0755 3364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:21:25.0755 3364 drmkaud - ok
12:21:25.0802 3364 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:21:25.0818 3364 DXGKrnl - ok
12:21:25.0896 3364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:21:25.0912 3364 ebdrv - ok
12:21:25.0943 3364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:21:25.0958 3364 elxstor - ok
12:21:25.0974 3364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:21:25.0974 3364 ErrDev - ok
12:21:26.0005 3364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:21:26.0005 3364 exfat - ok
12:21:26.0021 3364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:21:26.0037 3364 fastfat - ok
12:21:26.0052 3364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:21:26.0052 3364 fdc - ok
12:21:26.0068 3364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:21:26.0068 3364 FileInfo - ok
12:21:26.0083 3364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:21:26.0083 3364 Filetrace - ok
12:21:26.0099 3364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:21:26.0099 3364 flpydisk - ok
12:21:26.0146 3364 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:21:26.0146 3364 FltMgr - ok
12:21:26.0162 3364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:21:26.0162 3364 FsDepends - ok
12:21:26.0193 3364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:21:26.0193 3364 Fs_Rec - ok
12:21:26.0224 3364 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:21:26.0224 3364 fvevol - ok
12:21:26.0240 3364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:21:26.0240 3364 gagp30kx - ok
12:21:26.0287 3364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:21:26.0287 3364 hcw85cir - ok
12:21:26.0318 3364 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:21:26.0318 3364 HdAudAddService - ok
12:21:26.0349 3364 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:21:26.0349 3364 HDAudBus - ok
12:21:26.0380 3364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:21:26.0380 3364 HidBatt - ok
12:21:26.0412 3364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:21:26.0412 3364 HidBth - ok
12:21:26.0427 3364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:21:26.0427 3364 HidIr - ok
12:21:26.0458 3364 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:21:26.0474 3364 HidUsb - ok
12:21:26.0505 3364 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:21:26.0505 3364 HpSAMD - ok
12:21:26.0537 3364 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:21:26.0552 3364 HTTP - ok
12:21:26.0583 3364 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:21:26.0599 3364 hwpolicy - ok
12:21:26.0630 3364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:21:26.0630 3364 i8042prt - ok
12:21:26.0662 3364 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
12:21:26.0662 3364 iaStorV - ok
12:21:26.0693 3364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:21:26.0693 3364 iirsp - ok
12:21:26.0708 3364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:21:26.0708 3364 intelide - ok
12:21:26.0740 3364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:21:26.0740 3364 intelppm - ok
12:21:26.0771 3364 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:21:26.0771 3364 IpFilterDriver - ok
12:21:26.0802 3364 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:21:26.0802 3364 IPMIDRV - ok
12:21:26.0818 3364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:21:26.0818 3364 IPNAT - ok
12:21:26.0865 3364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:21:26.0865 3364 IRENUM - ok
12:21:26.0880 3364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:21:26.0880 3364 isapnp - ok
12:21:26.0912 3364 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:21:26.0912 3364 iScsiPrt - ok
12:21:26.0927 3364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:21:26.0927 3364 kbdclass - ok
12:21:26.0958 3364 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:21:26.0958 3364 kbdhid - ok
12:21:26.0990 3364 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:21:26.0990 3364 KSecDD - ok
12:21:27.0021 3364 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:21:27.0021 3364 KSecPkg - ok
12:21:27.0037 3364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:21:27.0037 3364 ksthunk - ok
12:21:27.0083 3364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:21:27.0083 3364 lltdio - ok
12:21:27.0115 3364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:21:27.0115 3364 LSI_FC - ok
12:21:27.0130 3364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:21:27.0130 3364 LSI_SAS - ok
12:21:27.0162 3364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:21:27.0162 3364 LSI_SAS2 - ok
12:21:27.0177 3364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:21:27.0177 3364 LSI_SCSI - ok
12:21:27.0208 3364 ltmodem5 (cc5cf4bdaa6671e4f72b1b37e0a2db4a) C:\Windows\system32\DRIVERS\ltmdm64.sys
12:21:27.0208 3364 ltmodem5 - ok
12:21:27.0240 3364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:21:27.0240 3364 luafv - ok
12:21:27.0287 3364 LVUSBS64 (6562fcee704f14c05f5338b147d67a16) C:\Windows\system32\DRIVERS\LVUSBS64.sys
12:21:27.0287 3364 LVUSBS64 - ok
12:21:27.0318 3364 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:21:27.0318 3364 MBAMProtector - ok
12:21:27.0365 3364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:21:27.0365 3364 megasas - ok
12:21:27.0396 3364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:21:27.0396 3364 MegaSR - ok
12:21:27.0427 3364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:21:27.0443 3364 Modem - ok
12:21:27.0443 3364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:21:27.0443 3364 monitor - ok
12:21:27.0490 3364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:21:27.0490 3364 mouclass - ok
12:21:27.0521 3364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:21:27.0521 3364 mouhid - ok
12:21:27.0552 3364 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:21:27.0552 3364 mountmgr - ok
12:21:27.0583 3364 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:21:27.0583 3364 mpio - ok
12:21:27.0599 3364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:21:27.0615 3364 mpsdrv - ok
12:21:27.0662 3364 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:21:27.0662 3364 MRxDAV - ok
12:21:27.0693 3364 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:21:27.0693 3364 mrxsmb - ok
12:21:27.0724 3364 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:21:27.0740 3364 mrxsmb10 - ok
12:21:27.0771 3364 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:21:27.0771 3364 mrxsmb20 - ok
12:21:27.0802 3364 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:21:27.0802 3364 msahci - ok
12:21:27.0833 3364 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:21:27.0833 3364 msdsm - ok
12:21:27.0865 3364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:21:27.0865 3364 Msfs - ok
12:21:27.0880 3364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:21:27.0880 3364 mshidkmdf - ok
12:21:27.0912 3364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:21:27.0912 3364 msisadrv - ok
12:21:27.0943 3364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:21:27.0943 3364 MSKSSRV - ok
12:21:27.0958 3364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:21:27.0974 3364 MSPCLOCK - ok
12:21:27.0990 3364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:21:27.0990 3364 MSPQM - ok
12:21:28.0021 3364 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:21:28.0037 3364 MsRPC - ok
12:21:28.0052 3364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:21:28.0052 3364 mssmbios - ok
12:21:28.0068 3364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:21:28.0068 3364 MSTEE - ok
12:21:28.0083 3364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:21:28.0083 3364 MTConfig - ok
12:21:28.0115 3364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:21:28.0115 3364 Mup - ok
12:21:28.0146 3364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:21:28.0162 3364 NativeWifiP - ok
12:21:28.0208 3364 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:21:28.0208 3364 NDIS - ok
12:21:28.0240 3364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:21:28.0240 3364 NdisCap - ok
12:21:28.0271 3364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:21:28.0271 3364 NdisTapi - ok
12:21:28.0302 3364 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:21:28.0302 3364 Ndisuio - ok
12:21:28.0333 3364 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:21:28.0333 3364 NdisWan - ok
12:21:28.0365 3364 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:21:28.0365 3364 NDProxy - ok
12:21:28.0380 3364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:21:28.0380 3364 NetBIOS - ok
12:21:28.0412 3364 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:21:28.0412 3364 NetBT - ok
12:21:28.0443 3364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:21:28.0443 3364 nfrd960 - ok
12:21:28.0474 3364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:21:28.0474 3364 Npfs - ok
12:21:28.0505 3364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:21:28.0505 3364 nsiproxy - ok
12:21:28.0568 3364 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
12:21:28.0599 3364 Ntfs - ok
12:21:28.0615 3364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:21:28.0630 3364 Null - ok
12:21:28.0662 3364 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
12:21:28.0677 3364 NVENETFD - ok
12:21:28.0708 3364 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
12:21:28.0708 3364 nvraid - ok
12:21:28.0755 3364 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
12:21:28.0755 3364 nvstor - ok
12:21:28.0787 3364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:21:28.0787 3364 nv_agp - ok
12:21:28.0802 3364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:21:28.0818 3364 ohci1394 - ok
12:21:28.0849 3364 papycpu2 - ok
12:21:28.0865 3364 papyjoy - ok
12:21:28.0896 3364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:21:28.0896 3364 Parport - ok
12:21:28.0912 3364 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:21:28.0912 3364 partmgr - ok
12:21:28.0943 3364 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:21:28.0943 3364 pci - ok
12:21:28.0958 3364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:21:28.0958 3364 pciide - ok
12:21:28.0990 3364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:21:28.0990 3364 pcmcia - ok
12:21:29.0005 3364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:21:29.0005 3364 pcw - ok
12:21:29.0037 3364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:21:29.0052 3364 PEAUTH - ok
12:21:29.0115 3364 PID_0928 (db5c32a4130e6b36cd6ed7a5a6c7751e) C:\Windows\system32\DRIVERS\LV561V64.SYS
12:21:29.0115 3364 PID_0928 - ok
12:21:29.0162 3364 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:21:29.0177 3364 PptpMiniport - ok
12:21:29.0193 3364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:21:29.0193 3364 Processor - ok
12:21:29.0240 3364 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:21:29.0240 3364 Psched - ok
12:21:29.0302 3364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:21:29.0333 3364 ql2300 - ok
12:21:29.0349 3364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:21:29.0349 3364 ql40xx - ok
12:21:29.0365 3364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:21:29.0365 3364 QWAVEdrv - ok
12:21:29.0396 3364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:21:29.0396 3364 RasAcd - ok
12:21:29.0412 3364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:21:29.0412 3364 RasAgileVpn - ok
12:21:29.0458 3364 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:21:29.0458 3364 Rasl2tp - ok
12:21:29.0490 3364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:21:29.0490 3364 RasPppoe - ok
12:21:29.0505 3364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:21:29.0505 3364 RasSstp - ok
12:21:29.0537 3364 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:21:29.0537 3364 rdbss - ok
12:21:29.0568 3364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:21:29.0568 3364 rdpbus - ok
12:21:29.0583 3364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:21:29.0583 3364 RDPCDD - ok
12:21:29.0693 3364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:21:29.0693 3364 RDPENCDD - ok
12:21:29.0724 3364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:21:29.0724 3364 RDPREFMP - ok
12:21:29.0771 3364 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:21:29.0771 3364 RDPWD - ok
12:21:29.0818 3364 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:21:29.0818 3364 rdyboost - ok
12:21:29.0865 3364 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:21:29.0880 3364 RFCOMM - ok
12:21:29.0896 3364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:21:29.0912 3364 rspndr - ok
12:21:29.0943 3364 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:21:29.0943 3364 sbp2port - ok
12:21:29.0974 3364 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:21:29.0974 3364 scfilter - ok
12:21:30.0005 3364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:21:30.0005 3364 secdrv - ok
12:21:30.0037 3364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:21:30.0037 3364 Serenum - ok
12:21:30.0052 3364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:21:30.0068 3364 Serial - ok
12:21:30.0083 3364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:21:30.0083 3364 sermouse - ok
12:21:30.0115 3364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:21:30.0115 3364 sffdisk - ok
12:21:30.0146 3364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:21:30.0146 3364 sffp_mmc - ok
12:21:30.0162 3364 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:21:30.0162 3364 sffp_sd - ok
12:21:30.0177 3364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:21:30.0177 3364 sfloppy - ok
12:21:30.0208 3364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:21:30.0208 3364 SiSRaid2 - ok
12:21:30.0224 3364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:21:30.0224 3364 SiSRaid4 - ok
12:21:30.0240 3364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:21:30.0240 3364 Smb - ok
12:21:30.0271 3364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:21:30.0271 3364 spldr - ok
12:21:30.0333 3364 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
12:21:30.0349 3364 sptd - ok
12:21:30.0396 3364 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:21:30.0412 3364 srv - ok
12:21:30.0443 3364 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:21:30.0443 3364 srv2 - ok
12:21:30.0474 3364 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:21:30.0474 3364 srvnet - ok
12:21:30.0521 3364 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
12:21:30.0521 3364 StarOpen - ok
12:21:30.0552 3364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:21:30.0552 3364 stexstor - ok
12:21:30.0568 3364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:21:30.0568 3364 swenum - ok
12:21:30.0646 3364 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:21:30.0662 3364 Tcpip - ok
12:21:30.0708 3364 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:21:30.0708 3364 TCPIP6 - ok
12:21:30.0755 3364 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:21:30.0755 3364 tcpipreg - ok
12:21:30.0771 3364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:21:30.0771 3364 TDPIPE - ok
12:21:30.0802 3364 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:21:30.0802 3364 TDTCP - ok
12:21:30.0833 3364 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:21:30.0833 3364 tdx - ok
12:21:30.0849 3364 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:21:30.0849 3364 TermDD - ok
12:21:30.0896 3364 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:21:30.0896 3364 tssecsrv - ok
12:21:30.0943 3364 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:21:30.0943 3364 TsUsbFlt - ok
12:21:30.0990 3364 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:21:30.0990 3364 tunnel - ok
12:21:31.0021 3364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:21:31.0021 3364 uagp35 - ok
12:21:31.0052 3364 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:21:31.0068 3364 udfs - ok
12:21:31.0115 3364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:21:31.0115 3364 uliagpkx - ok
12:21:31.0130 3364 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:21:31.0146 3364 umbus - ok
12:21:31.0162 3364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:21:31.0162 3364 UmPass - ok
12:21:31.0177 3364 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
12:21:31.0177 3364 usbccgp - ok
12:21:31.0224 3364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:21:31.0224 3364 usbcir - ok
12:21:31.0240 3364 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
12:21:31.0240 3364 usbehci - ok
12:21:31.0271 3364 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
12:21:31.0271 3364 usbhub - ok
12:21:31.0302 3364 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
12:21:31.0302 3364 usbohci - ok
12:21:31.0318 3364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:21:31.0318 3364 usbprint - ok
12:21:31.0349 3364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:21:31.0349 3364 usbscan - ok
12:21:31.0365 3364 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:21:31.0380 3364 USBSTOR - ok
12:21:31.0396 3364 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
12:21:31.0396 3364 usbuhci - ok
12:21:31.0427 3364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:21:31.0427 3364 vdrvroot - ok
12:21:31.0458 3364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:21:31.0458 3364 vga - ok
12:21:31.0490 3364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:21:31.0490 3364 VgaSave - ok
12:21:31.0505 3364 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:21:31.0505 3364 vhdmp - ok
12:21:31.0521 3364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:21:31.0521 3364 viaide - ok
12:21:31.0552 3364 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:21:31.0552 3364 volmgr - ok
12:21:31.0599 3364 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:21:31.0599 3364 volmgrx - ok
12:21:31.0615 3364 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:21:31.0630 3364 volsnap - ok
12:21:31.0646 3364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:21:31.0646 3364 vsmraid - ok
12:21:31.0677 3364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:21:31.0677 3364 vwifibus - ok
12:21:31.0708 3364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:21:31.0708 3364 WacomPen - ok
12:21:31.0740 3364 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:21:31.0740 3364 WANARP - ok
12:21:31.0740 3364 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:21:31.0740 3364 Wanarpv6 - ok
12:21:31.0787 3364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:21:31.0787 3364 Wd - ok
12:21:31.0818 3364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:21:31.0818 3364 Wdf01000 - ok
12:21:31.0880 3364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:21:31.0880 3364 WfpLwf - ok
12:21:31.0912 3364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:21:31.0912 3364 WIMMount - ok
12:21:31.0990 3364 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:21:31.0990 3364 WinUSB - ok
12:21:32.0052 3364 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
12:21:32.0052 3364 WmBEnum - ok
12:21:32.0068 3364 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
12:21:32.0068 3364 WmFilter - ok
12:21:32.0099 3364 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys
12:21:32.0099 3364 WmHidLo - ok
12:21:32.0115 3364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:21:32.0130 3364 WmiAcpi - ok
12:21:32.0146 3364 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
12:21:32.0162 3364 WmVirHid - ok
12:21:32.0177 3364 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
12:21:32.0177 3364 WmXlCore - ok
12:21:32.0193 3364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:21:32.0193 3364 ws2ifsl - ok
12:21:32.0240 3364 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:21:32.0240 3364 WudfPf - ok
12:21:32.0271 3364 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:21:32.0271 3364 WUDFRd - ok
12:21:32.0333 3364 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:21:32.0349 3364 \Device\Harddisk0\DR0 - ok
12:21:32.0365 3364 Boot (0x1200) (33aab7824028663ae8aef943bf1564e6) \Device\Harddisk0\DR0\Partition0
12:21:32.0365 3364 \Device\Harddisk0\DR0\Partition0 - ok
12:21:32.0380 3364 Boot (0x1200) (8ea2892cb30cfd5020f9848717b3fe62) \Device\Harddisk0\DR0\Partition1
12:21:32.0380 3364 \Device\Harddisk0\DR0\Partition1 - ok
12:21:32.0380 3364 ============================================================
12:21:32.0380 3364 Scan finished
12:21:32.0380 3364 ============================================================
12:21:32.0396 2300 Detected object count: 0
12:21:32.0396 2300 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:02 AM

Posted 03 March 2012 - 12:45 PM

Hello


I asked for two reports but you only sent me one - can you please send me the ASWmbr report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users