Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zeroaccess rootkit may in my PC !


  • This topic is locked This topic is locked
45 replies to this topic

#1 zkteh

zkteh

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 04 March 2012 - 12:39 AM

Hi,
My problem is ....
Google keeps redirecting ,
MSE message in Action center ~ told me to turn on Windows Security Service(Important)

For futher information, you can go to http://www.bleepingcomputer.com/forums/topic444045.html

here is the content of DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by HP at 12:44:31 on 2012-03-04
Microsoft Windows 7 Starter   6.1.7601.1.1252.60.1033.18.2036.1288 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\TENCENT\SOSOUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QvodExtend: {a8502600-b272-4f68-a67b-a0305d46d297} - c:\program files\qvodplayer\QvodExtend.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\motorola\bluetooth\btmshell.dll",TrayApp
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: samsungsetup.com\www
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC}\465736B6B696E676027457563747 : DhcpNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC}\64F6274757E616F52323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC}\75C414E4D23547166666 : DhcpNameServer = 10.12.160.17 10.251.3.2 10.253.0.13 202.188.1.5 208.67.222.222 208.67.220.220 208.67.220.222 208.67.222.220 202.188.0.133 202.75.34.1 202.75.57.89
TCP: Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC}\94054524A7F6E656F5A4B484 : DhcpNameServer = 192.168.3.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2011-8-30 81920]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\motorola\bluetooth\obexsrv.exe [2011-12-3 500488]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-6 103992]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-4-10 26168]
R2 SOSOUpSvc;Tencent SOSO Update Service;c:\program files\tencent\SOSOUpdate.exe [2012-2-25 111992]
R3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\motorola\bluetooth\devmgrsrv.exe [2011-12-3 3531016]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\motorola\bluetooth\audiosrv.exe [2011-12-3 784136]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\drivers\btmusb.sys [2011-12-3 4110848]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2011-8-30 793440]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-8-30 228896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-8-30 233472]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-28 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\drivers\btmcom.sys [2011-12-3 41344]
S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-28 136176]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2009-5-25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2009-5-25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2009-5-25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2009-5-25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2009-5-25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2009-5-25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2009-5-25 116904]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-12-6 155344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-30 52224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
.
=============== Created Last 30 ================
.
2012-02-25 11:42:21	--------	d-----w-	c:\users\hp\appdata\roaming\IrfanView
2012-02-25 11:42:21	--------	d-----w-	c:\program files\IrfanView
2012-02-25 02:15:03	67072	----a-w-	c:\windows\system32\packager.dll
2012-02-25 02:15:01	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-25 02:14:59	38912	----a-w-	c:\windows\system32\csrsrv.dll
2012-02-25 00:30:17	--------	d-----w-	c:\users\hp\appdata\roaming\Tencent
2012-02-25 00:26:30	770384	----a-w-	c:\windows\system32\msvcr100.dll
2012-02-25 00:26:30	421200	----a-w-	c:\windows\system32\msvcp100.dll
2012-02-25 00:26:30	--------	d-----w-	c:\program files\TENCENT
2012-02-24 15:44:52	--------	d-----w-	c:\users\hp\appdata\local\{1A5F29EE-6500-4B15-ABBA-E222156C7FCA}
2012-02-24 15:44:38	--------	d-----w-	c:\users\hp\appdata\local\{7F1199B7-AAE2-4871-8C77-37B9992B956C}
2012-02-24 13:55:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-24 13:55:01	141112	----a-w-	c:\program files\internet explorer\sqmapi.dll
2012-02-24 13:55:00	194048	----a-w-	c:\program files\internet explorer\IEShims.dll
2012-02-24 13:55:00	1798656	----a-w-	c:\windows\system32\jscript9.dll
2012-02-24 13:54:58	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-24 13:54:57	678912	----a-w-	c:\program files\internet explorer\iedvtool.dll
2012-02-24 13:54:53	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-24 10:32:53	--------	d-----w-	c:\users\hp\appdata\local\Opera
2012-02-24 10:02:03	--------	d-----w-	c:\program files\ESET
2012-02-24 08:50:37	--------	d-----w-	c:\users\hp\appdata\roaming\Malwarebytes
2012-02-24 08:49:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-24 08:48:59	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-24 08:48:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-24 08:25:32	2048	----a-w-	c:\windows\system32\tzres.dll
2012-02-24 08:25:05	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-20 09:28:36	--------	d-----w-	c:\program files\Free YouTube Downloader
2012-02-20 09:24:23	--------	d-----w-	c:\users\hp\appdata\local\TempDIR
2012-02-17 11:29:46	--------	d-----w-	c:\users\hp\appdata\local\{DF3D8C6D-7FE2-4C31-81E3-72B2FD56EE42}
2012-02-17 11:29:33	--------	d-----w-	c:\users\hp\appdata\local\{0689B929-E213-4E7B-AB93-F48F350CF640}
2012-02-16 15:08:11	--------	d-----w-	c:\program files\Verity
2012-02-16 15:07:49	0	----a-w-	c:\windows\VDMB3B9.tmp
2012-02-16 15:07:07	0	----a-w-	c:\windows\VDMF11.tmp
2012-02-15 14:39:36	299520	----a-w-	c:\windows\uninst.exe
2012-02-15 14:38:47	0	----a-w-	c:\windows\VDMC67D.tmp
2012-02-15 13:33:34	--------	d-----w-	c:\users\hp\appdata\roaming\OpenOffice.org
2012-02-15 13:25:19	--------	d-----w-	c:\program files\OpenOffice.org 3
2012-02-15 13:24:02	--------	d-----w-	c:\program files\OpenOffice.org 3.3 (en-GB) Installation Files
2012-02-14 10:09:50	--------	d-----w-	c:\programdata\FileCure
2012-02-06 07:22:24	--------	d-----w-	c:\users\hp\appdata\roaming\Edraw Max
2012-02-04 05:00:01	--------	d--h--w-	c:\programdata\CanonIJScan
2012-02-04 04:58:37	--------	d-----w-	c:\program files\Canon
.
==================== Find3M  ====================
.
2012-02-20 20:59:50	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-28 07:45:52	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-27 15:33:08	163840	--sha-r-	c:\windows\system32\jscript93.dll
2012-01-04 09:26:22	236576	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:46:33.94 ===============


here is attach.txt
[attachment=120008:Attach.txt]

here is ark.txt
[attachment=120009:ark.txt]

Thank You !

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 04 March 2012 - 02:52 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 March 2012 - 01:39 AM

i have problem with my MSE, i can't figure out how to stop it ! (completely remove it)
Actually, i had uninstall it, but Combo Fix pop out a message -->

CF has detected the following scanner.. to be active
antivirus --> MSE
antispyware --> MSE
Pls disable these scanner before clicking OK ...

Just to re-inform you that i also receive... turning on windows security service message from Action Center ....

Thank You !

Edited by zkteh, 06 March 2012 - 01:43 AM.


#4 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 March 2012 - 05:20 AM

Okay, i found some people also having the same problem with me and their helpers told them to ignore the message from CF. And i click 'OK', the CF went well. In the next post will be the Combo Fix report log

I still having that message(action center),
can't start MSE, tried with starting [Security Center] and [Microsoft Antimalware Service] from [Services],
and "they two" will become disable again after i turning them to automatic !

Others MSE will work well, after running ComboFix , but mine doesn't not ! Why ?
--> i am not correctly follow the sequence ?

And also, the google still redirects ! (but now it's became "calm")i mean not very often :thumbup2:

Thank You ! I hope i am not irritating you (my case is a bit "tough"

Edited by zkteh, 06 March 2012 - 05:28 AM.


#5 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 March 2012 - 05:21 AM

This is my ComboFix report log ....

ComboFix 12-03-04.02 - Administrator 06/03/2012 17:40:16.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.60.1033.18.2036.1398 [GMT 8:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Local\TempDIR
c:\windows\Tasks\Vzlplvx.job
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 09:52 . 2012-03-06 09:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 09:52 . 2012-03-06 09:52 -------- d-----w- c:\users\HP\AppData\Local\temp
2012-02-25 11:42 . 2012-02-25 11:42 -------- d-----w- c:\users\HP\AppData\Roaming\IrfanView
2012-02-25 11:42 . 2012-02-25 11:42 -------- d-----w- c:\program files\IrfanView
2012-02-25 02:15 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-25 02:15 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-25 02:14 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-25 00:30 . 2012-02-25 00:30 -------- d-----w- c:\users\HP\AppData\Roaming\Tencent
2012-02-25 00:26 . 2012-03-01 11:08 -------- d-----w- c:\program files\TENCENT
2012-02-25 00:26 . 2012-01-13 06:17 770384 ----a-w- c:\windows\system32\msvcr100.dll
2012-02-25 00:26 . 2012-01-13 06:17 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-02-24 13:55 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 13:55 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-24 13:55 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-24 13:55 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-24 13:54 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-24 13:54 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-24 13:54 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-24 10:32 . 2012-02-24 10:32 -------- d-----w- c:\users\HP\AppData\Local\Opera
2012-02-24 10:32 . 2012-02-24 10:32 -------- d-----w- c:\program files\Opera
2012-02-24 10:02 . 2012-02-24 10:02 -------- d-----w- c:\program files\ESET
2012-02-24 08:50 . 2012-02-24 08:50 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2012-02-24 08:49 . 2012-02-24 08:49 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 08:48 . 2012-02-24 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 08:48 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 08:25 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-24 08:25 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-20 09:28 . 2012-02-20 09:28 -------- d-----w- c:\program files\Free YouTube Downloader
2012-02-16 15:08 . 2012-02-16 15:08 -------- d-----w- c:\program files\Verity
2012-02-16 15:07 . 2012-02-16 15:07 0 ----a-w- c:\windows\VDMB3B9.tmp
2012-02-16 15:07 . 2012-02-16 15:07 0 ----a-w- c:\windows\VDMF11.tmp
2012-02-15 14:39 . 1997-04-08 12:08 299520 ----a-w- c:\windows\uninst.exe
2012-02-15 14:38 . 2012-02-15 14:38 0 ----a-w- c:\windows\VDMC67D.tmp
2012-02-15 13:33 . 2012-02-15 13:33 -------- d-----w- c:\users\HP\AppData\Roaming\OpenOffice.org
2012-02-15 13:25 . 2012-02-16 14:42 -------- d-----w- c:\program files\OpenOffice.org 3
2012-02-14 10:09 . 2012-02-14 10:11 -------- d-----w- c:\programdata\FileCure
2012-02-06 07:22 . 2012-02-06 07:22 -------- d-----w- c:\users\HP\AppData\Roaming\Edraw Max
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 20:59 . 2011-11-28 08:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-28 07:45 . 2012-01-28 07:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-04 09:26 . 2011-08-29 14:17 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opuss___.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opuspc__.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opustext.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opusp___.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opusc___.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opus____.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Ink2text.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Ink2spec.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Ink2scri.FOT
2011-12-29 06:01 . 2011-12-29 06:01 1409 ----a-w- c:\windows\Fonts\Ink2chor.FOT
2011-12-29 05:44 . 2011-12-29 05:44 1409 ----a-w- c:\windows\Fonts\Inkpen2_.FOT
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}]
2012-01-12 03:30 165776 ----a-w- c:\program files\QvodPlayer\QvodExtend.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-31 19645704]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]
2010-03-31 09:32 19645704 ----a-w- c:\program files\Motorola\Bluetooth\btmshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-28 08:19 136176 ----atw- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-24 20:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2010-04-05 18:11 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-10-13 17:25 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-24 20:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-24 20:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 05:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-11-28 08:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 14:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-24 06:53 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R1 MpKsl2700f4d9;MpKsl2700f4d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F005F4B9-3256-4712-A387-1D8F0284DD3F}\MpKsl2700f4d9.sys [x]
R1 MpKsl5225e9f7;MpKsl5225e9f7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F94E23A1-DE53-49A6-B4F4-E8692533C614}\MpKsl5225e9f7.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-03-01 41344]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-03-10 500488]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
S2 SOSOUpSvc;Tencent SOSO Update Service;c:\program files\TENCENT\SOSOUpdate.exe [2012-02-29 111992]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-03-05 3531016]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-03-05 784136]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-03-05 4110848]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-05-17 793440]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-04-20 228896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 08:19]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 08:19]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 08:19]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 08:19]
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-06 17:58:30
ComboFix-quarantined-files.txt 2012-03-06 09:58
.
Pre-Run: 194,937,188,352 bytes free
Post-Run: 195,202,195,456 bytes free
.
- - End Of File - - 325E57CDCDE849CF4FF1204671E8588A

#6 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 March 2012 - 05:47 AM

I found this tool amazing ! Can we use it ?
hxxp://fixredirectvirus.org/

Will it possible that zeroaccess prevent my MSE from running ?

Edited by gringo_pr, 06 March 2012 - 09:57 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 06 March 2012 - 09:57 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 08 March 2012 - 02:41 AM

here is the TDSKiller utility report log...

15:37:17.0110 0920 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
15:37:17.0921 0920 ============================================================
15:37:17.0921 0920 Current date / time: 2012/03/08 15:37:17.0921
15:37:17.0921 0920 SystemInfo:
15:37:17.0921 0920
15:37:17.0921 0920 OS Version: 6.1.7601 ServicePack: 1.0
15:37:17.0921 0920 Product type: Workstation
15:37:17.0921 0920 ComputerName: HP-PC
15:37:17.0921 0920 UserName: HP
15:37:17.0921 0920 Windows directory: C:\Windows
15:37:17.0921 0920 System windows directory: C:\Windows
15:37:17.0921 0920 Processor architecture: Intel x86
15:37:17.0921 0920 Number of processors: 2
15:37:17.0921 0920 Page size: 0x1000
15:37:17.0921 0920 Boot type: Normal boot
15:37:17.0921 0920 ============================================================
15:37:19.0668 0920 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:37:19.0684 0920 \Device\Harddisk0\DR0:
15:37:19.0684 0920 MBR used
15:37:19.0684 0920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:37:19.0684 0920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B736800
15:37:19.0684 0920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B79A800, BlocksNum 0x19F7000
15:37:19.0684 0920 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
15:37:19.0949 0920 Initialize success
15:37:19.0949 0920 ============================================================
15:37:21.0446 2964 ============================================================
15:37:21.0446 2964 Scan started
15:37:21.0446 2964 Mode: Manual;
15:37:21.0446 2964 ============================================================
15:37:22.0726 2964 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:37:22.0757 2964 1394ohci - ok
15:37:23.0209 2964 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:37:23.0225 2964 ACPI - ok
15:37:23.0240 2964 Scan interrupted by user!
15:37:23.0240 2964 Scan interrupted by user!
15:37:23.0240 2964 Scan interrupted by user!
15:37:23.0240 2964 ============================================================
15:37:23.0240 2964 Scan finished
15:37:23.0240 2964 ============================================================
15:37:23.0272 2956 Detected object count: 0
15:37:23.0272 2956 Actual detected object count: 0
15:37:43.0973 3496 ============================================================
15:37:43.0973 3496 Scan started
15:37:43.0973 3496 Mode: Manual;
15:37:43.0973 3496 ============================================================
15:37:46.0017 3496 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:37:46.0017 3496 1394ohci - ok
15:37:46.0297 3496 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:37:46.0297 3496 ACPI - ok
15:37:46.0703 3496 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:37:46.0703 3496 AcpiPmi - ok
15:37:46.0843 3496 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:37:46.0859 3496 adp94xx - ok
15:37:47.0233 3496 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:37:47.0249 3496 adpahci - ok
15:37:47.0561 3496 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:37:47.0561 3496 adpu320 - ok
15:37:47.0811 3496 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:37:47.0826 3496 AFD - ok
15:37:48.0045 3496 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:37:48.0045 3496 agp440 - ok
15:37:48.0247 3496 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:37:48.0263 3496 aic78xx - ok
15:37:48.0450 3496 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:37:48.0450 3496 aliide - ok
15:37:48.0715 3496 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:37:48.0715 3496 amdagp - ok
15:37:49.0027 3496 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:37:49.0027 3496 amdide - ok
15:37:49.0183 3496 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:37:49.0183 3496 AmdK8 - ok
15:37:49.0402 3496 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:37:49.0402 3496 AmdPPM - ok
15:37:49.0636 3496 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:37:49.0636 3496 amdsata - ok
15:37:49.0963 3496 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:37:49.0963 3496 amdsbs - ok
15:37:50.0244 3496 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:37:50.0244 3496 amdxata - ok
15:37:50.0447 3496 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:37:50.0447 3496 AppID - ok
15:37:50.0681 3496 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:37:50.0681 3496 arc - ok
15:37:50.0853 3496 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:37:50.0853 3496 arcsas - ok
15:37:51.0009 3496 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:51.0009 3496 AsyncMac - ok
15:37:51.0243 3496 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:37:51.0243 3496 atapi - ok
15:37:51.0679 3496 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:37:51.0679 3496 b06bdrv - ok
15:37:51.0913 3496 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:37:51.0929 3496 b57nd60x - ok
15:37:52.0101 3496 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:37:52.0101 3496 Beep - ok
15:37:52.0303 3496 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:37:52.0303 3496 blbdrive - ok
15:37:52.0475 3496 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:37:52.0475 3496 bowser - ok
15:37:52.0631 3496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:37:52.0631 3496 BrFiltLo - ok
15:37:52.0896 3496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:37:52.0896 3496 BrFiltUp - ok
15:37:53.0052 3496 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:37:53.0052 3496 BridgeMP - ok
15:37:53.0427 3496 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:37:53.0442 3496 Brserid - ok
15:37:53.0707 3496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:37:53.0707 3496 BrSerWdm - ok
15:37:53.0973 3496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:37:53.0988 3496 BrUsbMdm - ok
15:37:54.0285 3496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:37:54.0300 3496 BrUsbSer - ok
15:37:54.0612 3496 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
15:37:54.0612 3496 BthEnum - ok
15:37:54.0924 3496 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:37:54.0924 3496 BTHMODEM - ok
15:37:55.0111 3496 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
15:37:55.0127 3496 BthPan - ok
15:37:55.0408 3496 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
15:37:55.0423 3496 BTHPORT - ok
15:37:55.0611 3496 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
15:37:55.0611 3496 BTHUSB - ok
15:37:55.0735 3496 BTMCOM (768671bbb54e07695114203a78094025) C:\Windows\system32\Drivers\btmcom.sys
15:37:55.0735 3496 BTMCOM - ok
15:37:55.0891 3496 btmhsf (d517ba16793d76210c963dab2a88b74f) C:\Windows\system32\DRIVERS\btmhsf.sys
15:37:55.0891 3496 btmhsf - ok
15:37:56.0125 3496 BTMUSB (86dee61c41a2dfae15f11079181b4ab5) C:\Windows\system32\Drivers\btmusb.sys
15:37:56.0484 3496 BTMUSB - ok
15:37:56.0625 3496 catchme - ok
15:37:56.0765 3496 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:37:56.0781 3496 cdfs - ok
15:37:56.0937 3496 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:37:56.0937 3496 cdrom - ok
15:37:57.0108 3496 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:37:57.0108 3496 circlass - ok
15:37:57.0233 3496 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:37:57.0249 3496 CLFS - ok
15:37:57.0405 3496 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:37:57.0405 3496 CmBatt - ok
15:37:57.0561 3496 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:37:57.0561 3496 cmdide - ok
15:37:57.0732 3496 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:37:57.0748 3496 CNG - ok
15:37:57.0904 3496 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:37:57.0904 3496 Compbatt - ok
15:37:58.0075 3496 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:37:58.0075 3496 CompositeBus - ok
15:37:58.0247 3496 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:37:58.0247 3496 crcdisk - ok
15:37:58.0465 3496 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:37:58.0465 3496 DfsC - ok
15:37:58.0653 3496 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:37:58.0653 3496 discache - ok
15:37:58.0793 3496 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:37:58.0793 3496 Disk - ok
15:37:58.0871 3496 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:37:58.0871 3496 drmkaud - ok
15:37:58.0965 3496 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:37:58.0980 3496 DXGKrnl - ok
15:37:59.0152 3496 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:37:59.0261 3496 ebdrv - ok
15:37:59.0433 3496 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:37:59.0448 3496 elxstor - ok
15:37:59.0526 3496 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:37:59.0526 3496 ErrDev - ok
15:37:59.0604 3496 ewusbnet - ok
15:37:59.0635 3496 ew_hwusbdev - ok
15:37:59.0682 3496 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:37:59.0698 3496 exfat - ok
15:37:59.0729 3496 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:37:59.0745 3496 fastfat - ok
15:37:59.0791 3496 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:37:59.0807 3496 fdc - ok
15:37:59.0854 3496 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:37:59.0854 3496 FileInfo - ok
15:37:59.0885 3496 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:37:59.0885 3496 Filetrace - ok
15:37:59.0916 3496 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:37:59.0932 3496 flpydisk - ok
15:37:59.0963 3496 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:37:59.0963 3496 FltMgr - ok
15:38:00.0010 3496 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:38:00.0010 3496 FsDepends - ok
15:38:00.0041 3496 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:38:00.0057 3496 Fs_Rec - ok
15:38:00.0103 3496 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:38:00.0119 3496 fvevol - ok
15:38:00.0166 3496 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:38:00.0166 3496 gagp30kx - ok
15:38:00.0337 3496 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:38:00.0337 3496 hcw85cir - ok
15:38:00.0400 3496 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:38:00.0415 3496 HdAudAddService - ok
15:38:00.0447 3496 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:38:00.0447 3496 HDAudBus - ok
15:38:00.0493 3496 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:38:00.0493 3496 HidBatt - ok
15:38:00.0540 3496 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:38:00.0540 3496 HidBth - ok
15:38:00.0587 3496 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:38:00.0587 3496 HidIr - ok
15:38:00.0649 3496 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:38:00.0649 3496 HidUsb - ok
15:38:00.0727 3496 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:38:00.0727 3496 HpSAMD - ok
15:38:00.0805 3496 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:38:00.0821 3496 HTTP - ok
15:38:00.0852 3496 huawei_enumerator - ok
15:38:00.0883 3496 hwdatacard - ok
15:38:00.0930 3496 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:38:00.0930 3496 hwpolicy - ok
15:38:01.0024 3496 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:38:01.0024 3496 i8042prt - ok
15:38:01.0102 3496 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys
15:38:01.0102 3496 iaStor - ok
15:38:01.0164 3496 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:38:01.0180 3496 iaStorV - ok
15:38:01.0227 3496 iBtFltCoex (61401ba4183bc171ba114fce4981bb33) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
15:38:01.0227 3496 iBtFltCoex - ok
15:38:01.0398 3496 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:38:01.0539 3496 igfx - ok
15:38:01.0663 3496 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:38:01.0663 3496 iirsp - ok
15:38:01.0757 3496 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:38:01.0757 3496 intelide - ok
15:38:01.0804 3496 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:38:01.0804 3496 intelppm - ok
15:38:01.0851 3496 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:38:01.0866 3496 IpFilterDriver - ok
15:38:01.0929 3496 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:38:01.0929 3496 IPMIDRV - ok
15:38:01.0991 3496 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:38:02.0007 3496 IPNAT - ok
15:38:02.0131 3496 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:38:02.0131 3496 IRENUM - ok
15:38:02.0209 3496 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:38:02.0209 3496 isapnp - ok
15:38:02.0319 3496 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:38:02.0350 3496 iScsiPrt - ok
15:38:02.0459 3496 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
15:38:02.0459 3496 kbdclass - ok
15:38:02.0521 3496 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
15:38:02.0521 3496 kbdhid - ok
15:38:02.0584 3496 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:38:02.0599 3496 KSecDD - ok
15:38:02.0631 3496 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:38:02.0631 3496 KSecPkg - ok
15:38:02.0709 3496 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:38:02.0709 3496 lltdio - ok
15:38:02.0771 3496 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:38:02.0771 3496 LSI_FC - ok
15:38:02.0818 3496 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:38:02.0818 3496 LSI_SAS - ok
15:38:02.0865 3496 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:38:02.0865 3496 LSI_SAS2 - ok
15:38:02.0896 3496 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:38:02.0911 3496 LSI_SCSI - ok
15:38:02.0943 3496 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:38:02.0943 3496 luafv - ok
15:38:02.0989 3496 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:38:02.0989 3496 megasas - ok
15:38:03.0036 3496 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:38:03.0036 3496 MegaSR - ok
15:38:03.0099 3496 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:38:03.0099 3496 Modem - ok
15:38:03.0130 3496 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:38:03.0130 3496 monitor - ok
15:38:03.0192 3496 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:38:03.0192 3496 mouclass - ok
15:38:03.0255 3496 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:38:03.0255 3496 mouhid - ok
15:38:03.0317 3496 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:38:03.0317 3496 mountmgr - ok
15:38:03.0442 3496 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
15:38:03.0442 3496 MpFilter - ok
15:38:03.0489 3496 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:38:03.0504 3496 mpio - ok
15:38:03.0582 3496 MpKsl2700f4d9 - ok
15:38:03.0629 3496 MpKsl5225e9f7 - ok
15:38:03.0754 3496 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:38:03.0754 3496 MpNWMon - ok
15:38:03.0879 3496 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:38:03.0879 3496 mpsdrv - ok
15:38:03.0972 3496 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:38:03.0988 3496 MRxDAV - ok
15:38:04.0081 3496 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:38:04.0097 3496 mrxsmb - ok
15:38:04.0144 3496 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:38:04.0159 3496 mrxsmb10 - ok
15:38:04.0206 3496 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:38:04.0222 3496 mrxsmb20 - ok
15:38:04.0269 3496 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:38:04.0269 3496 msahci - ok
15:38:04.0331 3496 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:38:04.0331 3496 msdsm - ok
15:38:04.0409 3496 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:38:04.0425 3496 Msfs - ok
15:38:04.0471 3496 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:38:04.0471 3496 mshidkmdf - ok
15:38:04.0518 3496 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:38:04.0518 3496 msisadrv - ok
15:38:04.0596 3496 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:38:04.0612 3496 MSKSSRV - ok
15:38:04.0674 3496 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:38:04.0690 3496 MSPCLOCK - ok
15:38:04.0721 3496 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:38:04.0721 3496 MSPQM - ok
15:38:04.0768 3496 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:38:04.0783 3496 MsRPC - ok
15:38:04.0861 3496 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:38:04.0861 3496 mssmbios - ok
15:38:04.0908 3496 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:38:04.0908 3496 MSTEE - ok
15:38:04.0971 3496 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:38:04.0971 3496 MTConfig - ok
15:38:05.0017 3496 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:38:05.0017 3496 Mup - ok
15:38:05.0080 3496 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:38:05.0080 3496 NativeWifiP - ok
15:38:05.0158 3496 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:38:05.0189 3496 NDIS - ok
15:38:05.0314 3496 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:38:05.0314 3496 NdisCap - ok
15:38:05.0376 3496 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:38:05.0376 3496 NdisTapi - ok
15:38:05.0439 3496 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:38:05.0439 3496 Ndisuio - ok
15:38:05.0501 3496 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:38:05.0501 3496 NdisWan - ok
15:38:05.0532 3496 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:38:05.0548 3496 NDProxy - ok
15:38:05.0610 3496 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:38:05.0610 3496 NetBIOS - ok
15:38:05.0673 3496 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:38:05.0688 3496 NetBT - ok
15:38:05.0797 3496 netr28 (4eedf7ebefe01460df63ae661e439188) C:\Windows\system32\DRIVERS\netr28.sys
15:38:05.0813 3496 netr28 - ok
15:38:06.0000 3496 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
15:38:06.0172 3496 netw5v32 - ok
15:38:06.0312 3496 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:38:06.0312 3496 nfrd960 - ok
15:38:06.0390 3496 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:38:06.0390 3496 NisDrv - ok
15:38:06.0484 3496 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:38:06.0484 3496 Npfs - ok
15:38:06.0531 3496 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:38:06.0546 3496 nsiproxy - ok
15:38:06.0655 3496 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:38:06.0718 3496 Ntfs - ok
15:38:06.0843 3496 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:38:06.0858 3496 Null - ok
15:38:06.0921 3496 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:38:06.0936 3496 nvraid - ok
15:38:06.0983 3496 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:38:06.0999 3496 nvstor - ok
15:38:07.0077 3496 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:38:07.0077 3496 nv_agp - ok
15:38:07.0170 3496 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:38:07.0170 3496 ohci1394 - ok
15:38:07.0279 3496 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:38:07.0279 3496 Parport - ok
15:38:07.0342 3496 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:38:07.0342 3496 partmgr - ok
15:38:07.0404 3496 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:38:07.0404 3496 Parvdm - ok
15:38:07.0482 3496 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:38:07.0482 3496 pci - ok
15:38:07.0545 3496 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:38:07.0545 3496 pciide - ok
15:38:07.0623 3496 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:38:07.0638 3496 pcmcia - ok
15:38:07.0685 3496 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:38:07.0685 3496 pcw - ok
15:38:07.0747 3496 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:38:07.0779 3496 PEAUTH - ok
15:38:07.0966 3496 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:38:07.0966 3496 PptpMiniport - ok
15:38:08.0028 3496 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:38:08.0028 3496 Processor - ok
15:38:08.0106 3496 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:38:08.0122 3496 Psched - ok
15:38:08.0200 3496 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:38:08.0247 3496 ql2300 - ok
15:38:08.0371 3496 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:38:08.0387 3496 ql40xx - ok
15:38:08.0434 3496 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:38:08.0449 3496 QWAVEdrv - ok
15:38:08.0496 3496 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:38:08.0496 3496 RasAcd - ok
15:38:08.0559 3496 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:38:08.0574 3496 RasAgileVpn - ok
15:38:08.0621 3496 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:38:08.0637 3496 Rasl2tp - ok
15:38:08.0699 3496 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:38:08.0699 3496 RasPppoe - ok
15:38:08.0746 3496 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:38:08.0746 3496 RasSstp - ok
15:38:08.0824 3496 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:38:08.0824 3496 rdbss - ok
15:38:08.0871 3496 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:38:08.0871 3496 rdpbus - ok
15:38:08.0933 3496 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:38:08.0933 3496 RDPCDD - ok
15:38:09.0011 3496 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:38:09.0011 3496 RDPENCDD - ok
15:38:09.0073 3496 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:38:09.0073 3496 RDPREFMP - ok
15:38:09.0136 3496 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:38:09.0151 3496 RDPWD - ok
15:38:09.0198 3496 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:38:09.0214 3496 rdyboost - ok
15:38:09.0292 3496 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
15:38:09.0307 3496 RFCOMM - ok
15:38:09.0401 3496 RSPCIESTOR (c51ecfc6778829dce1971ebffc8c1de2) C:\Windows\system32\DRIVERS\RtsPStor.sys
15:38:09.0401 3496 RSPCIESTOR - ok
15:38:09.0463 3496 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:38:09.0479 3496 rspndr - ok
15:38:09.0541 3496 RTL8167 (d4762797e31d3005a8956ee666a9613a) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:38:09.0541 3496 RTL8167 - ok
15:38:09.0604 3496 s1029bus (69013a123a00b3042c260b0056df0152) C:\Windows\system32\DRIVERS\s1029bus.sys
15:38:09.0604 3496 s1029bus - ok
15:38:09.0666 3496 s1029mdfl (1565fc31f872963fe8af471123d8424c) C:\Windows\system32\DRIVERS\s1029mdfl.sys
15:38:09.0666 3496 s1029mdfl - ok
15:38:09.0729 3496 s1029mdm (d67a8042ecf6c983ac0e308b36603677) C:\Windows\system32\DRIVERS\s1029mdm.sys
15:38:09.0744 3496 s1029mdm - ok
15:38:09.0791 3496 s1029mgmt (9ac56f06c1e13a963c82ebd067fdf274) C:\Windows\system32\DRIVERS\s1029mgmt.sys
15:38:09.0791 3496 s1029mgmt - ok
15:38:09.0838 3496 s1029nd5 (00c66c6baafb2747f15f94f15888c94a) C:\Windows\system32\DRIVERS\s1029nd5.sys
15:38:09.0853 3496 s1029nd5 - ok
15:38:09.0885 3496 s1029obex (6fc093aba554e45755dc2f3896b6c8d7) C:\Windows\system32\DRIVERS\s1029obex.sys
15:38:09.0900 3496 s1029obex - ok
15:38:09.0947 3496 s1029unic (9979b0e68815394665b2109b03d15fa1) C:\Windows\system32\DRIVERS\s1029unic.sys
15:38:09.0947 3496 s1029unic - ok
15:38:10.0009 3496 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:38:10.0025 3496 sbp2port - ok
15:38:10.0103 3496 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:38:10.0103 3496 scfilter - ok
15:38:10.0181 3496 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
15:38:10.0197 3496 sdbus - ok
15:38:10.0275 3496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:38:10.0275 3496 secdrv - ok
15:38:10.0337 3496 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:38:10.0337 3496 Serenum - ok
15:38:10.0384 3496 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:38:10.0399 3496 Serial - ok
15:38:10.0462 3496 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:38:10.0462 3496 sermouse - ok
15:38:10.0555 3496 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:38:10.0555 3496 sffdisk - ok
15:38:10.0602 3496 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:38:10.0602 3496 sffp_mmc - ok
15:38:10.0649 3496 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:38:10.0649 3496 sffp_sd - ok
15:38:10.0696 3496 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:38:10.0711 3496 sfloppy - ok
15:38:10.0883 3496 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:38:10.0883 3496 sisagp - ok
15:38:10.0961 3496 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:38:10.0977 3496 SiSRaid2 - ok
15:38:11.0023 3496 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:38:11.0039 3496 SiSRaid4 - ok
15:38:11.0070 3496 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:38:11.0086 3496 Smb - ok
15:38:11.0320 3496 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:38:11.0320 3496 spldr - ok
15:38:11.0429 3496 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:38:11.0445 3496 srv - ok
15:38:11.0491 3496 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:38:11.0491 3496 srv2 - ok
15:38:11.0569 3496 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:38:11.0569 3496 SrvHsfHDA - ok
15:38:11.0647 3496 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:38:11.0694 3496 SrvHsfV92 - ok
15:38:11.0866 3496 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:38:11.0897 3496 SrvHsfWinac - ok
15:38:12.0022 3496 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:38:12.0022 3496 srvnet - ok
15:38:12.0131 3496 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:38:12.0131 3496 stexstor - ok
15:38:12.0240 3496 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
15:38:12.0256 3496 STHDA - ok
15:38:12.0396 3496 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:38:12.0396 3496 swenum - ok
15:38:12.0490 3496 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
15:38:12.0490 3496 SynTP - ok
15:38:12.0630 3496 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:38:12.0693 3496 Tcpip - ok
15:38:12.0880 3496 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:38:12.0911 3496 TCPIP6 - ok
15:38:12.0989 3496 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:38:12.0989 3496 tcpipreg - ok
15:38:13.0098 3496 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:38:13.0114 3496 TDPIPE - ok
15:38:13.0161 3496 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:38:13.0176 3496 TDTCP - ok
15:38:13.0223 3496 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:38:13.0239 3496 tdx - ok
15:38:13.0285 3496 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:38:13.0285 3496 TermDD - ok
15:38:13.0410 3496 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:38:13.0426 3496 tssecsrv - ok
15:38:13.0488 3496 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:38:13.0488 3496 TsUsbFlt - ok
15:38:13.0551 3496 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:38:13.0566 3496 tunnel - ok
15:38:13.0613 3496 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:38:13.0613 3496 uagp35 - ok
15:38:13.0691 3496 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:38:13.0707 3496 udfs - ok
15:38:13.0800 3496 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:38:13.0800 3496 uliagpkx - ok
15:38:13.0863 3496 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:38:13.0878 3496 umbus - ok
15:38:13.0925 3496 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:38:13.0925 3496 UmPass - ok
15:38:14.0019 3496 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:38:14.0019 3496 usbccgp - ok
15:38:14.0081 3496 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:38:14.0081 3496 usbcir - ok
15:38:14.0128 3496 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
15:38:14.0128 3496 usbehci - ok
15:38:14.0190 3496 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:38:14.0190 3496 usbhub - ok
15:38:14.0284 3496 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:38:14.0284 3496 usbohci - ok
15:38:14.0346 3496 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:38:14.0346 3496 usbprint - ok
15:38:14.0487 3496 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:38:14.0487 3496 usbscan - ok
15:38:14.0565 3496 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:38:14.0580 3496 USBSTOR - ok
15:38:14.0627 3496 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:38:14.0627 3496 usbuhci - ok
15:38:14.0705 3496 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
15:38:14.0705 3496 usbvideo - ok
15:38:14.0799 3496 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:38:14.0799 3496 vdrvroot - ok
15:38:14.0877 3496 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:38:14.0877 3496 vga - ok
15:38:14.0923 3496 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:38:14.0923 3496 VgaSave - ok
15:38:14.0986 3496 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:38:15.0001 3496 vhdmp - ok
15:38:15.0048 3496 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:38:15.0048 3496 viaagp - ok
15:38:15.0111 3496 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:38:15.0126 3496 ViaC7 - ok
15:38:15.0189 3496 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:38:15.0189 3496 viaide - ok
15:38:15.0251 3496 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:38:15.0267 3496 volmgr - ok
15:38:15.0313 3496 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:38:15.0329 3496 volmgrx - ok
15:38:15.0407 3496 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:38:15.0407 3496 volsnap - ok
15:38:15.0469 3496 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:38:15.0469 3496 vsmraid - ok
15:38:15.0532 3496 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:38:15.0547 3496 vwifibus - ok
15:38:15.0579 3496 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:38:15.0579 3496 vwififlt - ok
15:38:15.0625 3496 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:38:15.0625 3496 vwifimp - ok
15:38:15.0703 3496 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:38:15.0703 3496 WacomPen - ok
15:38:15.0766 3496 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:38:15.0781 3496 WANARP - ok
15:38:15.0797 3496 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:38:15.0797 3496 Wanarpv6 - ok
15:38:15.0906 3496 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:38:15.0922 3496 Wd - ok
15:38:15.0984 3496 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:38:15.0984 3496 Wdf01000 - ok
15:38:16.0109 3496 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:38:16.0125 3496 WfpLwf - ok
15:38:16.0171 3496 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:38:16.0171 3496 WIMMount - ok
15:38:16.0437 3496 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:38:16.0437 3496 WinUsb - ok
15:38:16.0639 3496 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:38:16.0639 3496 WmiAcpi - ok
15:38:16.0811 3496 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:38:16.0827 3496 ws2ifsl - ok
15:38:16.0936 3496 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:38:16.0936 3496 WudfPf - ok
15:38:16.0983 3496 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:38:16.0998 3496 WUDFRd - ok
15:38:17.0107 3496 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
15:38:17.0107 3496 yukonw7 - ok
15:38:17.0217 3496 MBR (0x1B8) (90194e30f20e291ca5a197c5884222b8) \Device\Harddisk0\DR0
15:38:17.0248 3496 \Device\Harddisk0\DR0 - ok
15:38:17.0295 3496 Boot (0x1200) (148fb6cf334058501ec5deb8fdd1ac77) \Device\Harddisk0\DR0\Partition0
15:38:17.0295 3496 \Device\Harddisk0\DR0\Partition0 - ok
15:38:17.0326 3496 Boot (0x1200) (526141a1dc9445527093bc8c7bd46034) \Device\Harddisk0\DR0\Partition1
15:38:17.0326 3496 \Device\Harddisk0\DR0\Partition1 - ok
15:38:17.0373 3496 Boot (0x1200) (1f3bffe7769267c1e95cda0948070b69) \Device\Harddisk0\DR0\Partition2
15:38:17.0373 3496 \Device\Harddisk0\DR0\Partition2 - ok
15:38:17.0404 3496 Boot (0x1200) (e8e558960805fe5158c4a5ee1cc80c58) \Device\Harddisk0\DR0\Partition3
15:38:17.0404 3496 \Device\Harddisk0\DR0\Partition3 - ok
15:38:17.0419 3496 ============================================================
15:38:17.0419 3496 Scan finished
15:38:17.0419 3496 ============================================================
15:38:17.0451 3304 Detected object count: 0
15:38:17.0451 3304 Actual detected object count: 0

Edited by zkteh, 08 March 2012 - 02:41 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 08 March 2012 - 02:57 AM

hello

ok let me have the aswMBR report next


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 08 March 2012 - 03:30 AM

here is the aswBMR report log

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 15:42:39
-----------------------------
15:42:39.971 OS Version: Windows 6.1.7601 Service Pack 1
15:42:39.971 Number of processors: 2 586 0x1C0A
15:42:39.971 ComputerName: HP-PC UserName: HP
15:42:44.292 Initialize success
15:50:33.719 AVAST engine defs: 12030701
15:57:51.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:57:51.268 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
15:57:51.313 Disk 0 MBR read successfully
15:57:51.330 Disk 0 MBR scan
15:57:51.418 Disk 0 unknown MBR code
15:57:51.455 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:57:51.485 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 224877 MB offset 409600
15:57:51.543 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13294 MB offset 460957696
15:57:51.595 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
15:57:51.628 Disk 0 scanning sectors +488395120
15:57:51.713 Disk 0 scanning C:\Windows\system32\drivers
15:58:14.395 Service scanning
15:59:03.395 Modules scanning
15:59:18.542 Disk 0 trace - called modules:
15:59:18.605 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
15:59:18.620 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8557aac8]
15:59:18.652 3 CLASSPNP.SYS[8878359e] -> nt!IofCallDriver -> [0x84b66700]
15:59:18.683 5 ACPI.sys[8804f3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b30028]
15:59:22.552 AVAST engine scan C:\Windows
15:59:30.866 AVAST engine scan C:\Windows\system32
16:00:54.607 File: C:\Windows\system32\jscript93.dll **INFECTED** Win32:Diller-U [Trj]
16:05:13.256 AVAST engine scan C:\Windows\system32\drivers
16:05:42.443 AVAST engine scan C:\Users\HP
16:12:28.150 AVAST engine scan C:\ProgramData
16:13:19.069 Scan finished successfully
16:28:15.867 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
16:28:15.899 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR - latest 8-3-12.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 08 March 2012 - 03:42 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Windows\system32\jscript93.dll 
c:\windows\uninst.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 08 March 2012 - 05:05 AM

ComboFix 12-03-04.02 - HP 08/03/2012 17:00:07.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.60.1033.18.2036.1226 [GMT 8:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
Command switches used :: c:\users\HP\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\jscript93.dll"
"c:\windows\uninst.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-06 08:17 . 2012-03-06 08:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-06 08:14 . 2012-03-06 08:14 -------- d-----w- c:\users\Administrator
2012-03-06 07:22 . 2012-03-06 07:37 -------- d-----w- c:\users\HP\AppData\Roaming\QuickScan
2012-02-25 11:42 . 2012-02-25 11:42 -------- d-----w- c:\users\HP\AppData\Roaming\IrfanView
2012-02-25 11:42 . 2012-02-25 11:42 -------- d-----w- c:\program files\IrfanView
2012-02-25 02:15 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-25 02:15 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-25 02:14 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-25 00:30 . 2012-02-25 00:30 -------- d-----w- c:\users\HP\AppData\Roaming\Tencent
2012-02-25 00:26 . 2012-03-01 11:08 -------- d-----w- c:\program files\TENCENT
2012-02-25 00:26 . 2012-01-13 06:17 770384 ----a-w- c:\windows\system32\msvcr100.dll
2012-02-25 00:26 . 2012-01-13 06:17 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-02-24 13:55 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 13:55 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-24 13:55 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-24 13:55 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-24 13:54 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-24 13:54 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-24 13:54 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-24 10:32 . 2012-02-24 10:32 -------- d-----w- c:\users\HP\AppData\Local\Opera
2012-02-24 10:32 . 2012-02-24 10:32 -------- d-----w- c:\program files\Opera
2012-02-24 10:02 . 2012-02-24 10:02 -------- d-----w- c:\program files\ESET
2012-02-24 08:50 . 2012-02-24 08:50 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2012-02-24 08:49 . 2012-02-24 08:49 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 08:48 . 2012-02-24 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 08:48 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 08:25 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-24 08:25 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-20 09:28 . 2012-02-20 09:28 -------- d-----w- c:\program files\Free YouTube Downloader
2012-02-16 15:08 . 2012-02-16 15:08 -------- d-----w- c:\program files\Verity
2012-02-16 15:07 . 2012-02-16 15:07 0 ----a-w- c:\windows\VDMB3B9.tmp
2012-02-16 15:07 . 2012-02-16 15:07 0 ----a-w- c:\windows\VDMF11.tmp
2012-02-15 14:39 . 1997-04-08 12:08 299520 ----a-w- c:\windows\uninst.exe
2012-02-15 14:38 . 2012-02-15 14:38 0 ----a-w- c:\windows\VDMC67D.tmp
2012-02-15 13:33 . 2012-02-15 13:33 -------- d-----w- c:\users\HP\AppData\Roaming\OpenOffice.org
2012-02-15 13:25 . 2012-02-16 14:42 -------- d-----w- c:\program files\OpenOffice.org 3
2012-02-14 10:09 . 2012-02-14 10:11 -------- d-----w- c:\programdata\FileCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 20:59 . 2011-11-28 08:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-28 07:45 . 2012-01-28 07:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-04 09:26 . 2011-08-29 14:17 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opuss___.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opuspc__.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opustext.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opusp___.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opusc___.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Opus____.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Ink2text.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Ink2spec.FOT
2011-12-29 07:03 . 2011-12-29 07:03 1409 ----a-w- c:\windows\Fonts\Ink2scri.FOT
2011-12-29 06:01 . 2011-12-29 06:01 1409 ----a-w- c:\windows\Fonts\Ink2chor.FOT
2011-12-29 05:44 . 2011-12-29 05:44 1409 ----a-w- c:\windows\Fonts\Inkpen2_.FOT
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}]
2012-01-12 03:30 165776 ----a-w- c:\program files\QvodPlayer\QvodExtend.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-31 19645704]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]
2010-03-31 09:32 19645704 ----a-w- c:\program files\Motorola\Bluetooth\btmshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-28 08:19 136176 ----atw- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 03:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-24 20:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2010-04-05 18:11 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-10-13 17:25 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-24 20:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-24 20:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 05:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-11-28 08:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 14:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-03-24 06:53 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R1 MpKsl2700f4d9;MpKsl2700f4d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F005F4B9-3256-4712-A387-1D8F0284DD3F}\MpKsl2700f4d9.sys [x]
R1 MpKsl5225e9f7;MpKsl5225e9f7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F94E23A1-DE53-49A6-B4F4-E8692533C614}\MpKsl5225e9f7.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-03-05 784136]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-03-01 41344]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 136176]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-03-10 500488]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
S2 SOSOUpSvc;Tencent SOSO Update Service;c:\program files\TENCENT\SOSOUpdate.exe [2012-02-29 111992]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-03-05 3531016]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-03-05 4110848]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2010-05-17 793440]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-04-20 228896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 08:19]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 08:19]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 08:19]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 08:19]
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-03-08 17:28:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 09:28
ComboFix2.txt 2012-03-06 09:58
.
Pre-Run: 195,308,761,088 bytes free
Post-Run: 195,311,505,408 bytes free
.
- - End Of File - - 681C0A6BEC25FF2B072DAD61BDE90932

#13 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 08 March 2012 - 05:07 AM

Pls be informed that i still having problem with the MSE !

The CF still pop out the warning of tunning of AV and AS .... even MSE had been uninstall !
And also the message from Action Center !

I know you are currently helping me to resolve the google redirecting .... (i just re inform you)

Edited by zkteh, 08 March 2012 - 05:14 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 08 March 2012 - 07:37 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 09 March 2012 - 04:01 AM

OTL logfile created on: 3/9/2012 4:51:05 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\HP\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.37% Memory free
1.99 Gb Paging File | 1.25 Gb Available in Paging File | 62.67% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.61 Gb Total Space | 181.99 Gb Free Space | 82.87% Space Free | Partition Type: NTFS
Drive D: | 12.98 Gb Total Space | 1.86 Gb Free Space | 14.29% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.88 Mb Free Space | 93.64% Space Free | Partition Type: FAT32

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TENCENT\SOSOUpdate.exe (Tencent)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll ()
MOD - C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\avutil-51.dll ()
MOD - C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\avformat-53.dll ()
MOD - C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\avcodec-53.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Program Files\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SOSOUpSvc) -- C:\Program Files\TENCENT\SOSOUpdate.exe (Tencent)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl5225e9f7) -- File not found
DRV - (MpKsl2700f4d9) -- File not found
DRV - (hwdatacard) -- File not found
DRV - (huawei_enumerator) -- File not found
DRV - (ewusbnet) -- File not found
DRV - (ew_hwusbdev) -- File not found
DRV - (catchme) -- File not found
DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)
DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.)
DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-my
IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 E6 40 F2 0A AD CC 01 [binary data]
IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=K0e78hSI6AmTyE3geAbOY6060wc60000&lr=&ie={inputEncoding}&unc=y400372_2
IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GBMY460
IE - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\HP\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: QvodInsert (Enabled) = C:\Program Files\QvodPlayer\npQvodInsert.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation®Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.66_0\
CHR - Extension: YouTube = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/08 17:22:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-3106317538-888741922-2632213672-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66C19F57-D27C-4D70-BDED-A0B2058D0BEC}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 16:37:35 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2012/03/08 17:29:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/08 17:26:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/08 16:57:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/08 15:27:49 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HP\Desktop\tdsskiller.exe
[2012/03/06 17:58:34 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\temp
[2012/03/06 17:37:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 17:37:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 17:37:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 16:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/06 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\QuickScan
[2012/03/06 14:00:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 13:58:45 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe
[2012/02/25 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/02/25 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\IrfanView
[2012/02/25 19:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012/02/25 10:17:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/02/25 10:17:20 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/02/25 10:17:19 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/02/25 10:17:17 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/02/25 10:17:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/02/25 10:17:04 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/25 10:17:03 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/02/25 10:15:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/02/25 10:14:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/02/25 08:30:17 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Tencent
[2012/02/25 08:26:30 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2012/02/25 08:26:30 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2012/02/25 08:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\TENCENT
[2012/02/25 00:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QVOD
[2012/02/24 23:44:52 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{1A5F29EE-6500-4B15-ABBA-E222156C7FCA}
[2012/02/24 23:44:38 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{7F1199B7-AAE2-4871-8C77-37B9992B956C}
[2012/02/24 21:55:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/24 21:55:00 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/24 21:55:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/24 21:54:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/24 21:54:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/24 21:54:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/24 18:32:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Opera
[2012/02/24 18:32:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Opera
[2012/02/24 18:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/02/24 18:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/24 16:50:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2012/02/24 16:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 16:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 16:48:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 16:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/24 16:25:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/02/24 16:25:05 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/20 17:29:41 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Downloads
[2012/02/20 17:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2012/02/20 17:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader
[2012/02/17 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{DF3D8C6D-7FE2-4C31-81E3-72B2FD56EE42}
[2012/02/17 19:29:33 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{0689B929-E213-4E7B-AB93-F48F350CF640}
[2012/02/16 23:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyView for Lotus
[2012/02/16 23:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Verity
[2012/02/15 22:39:36 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2012/02/15 21:52:24 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\KVLOTUS
[2012/02/15 21:33:34 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\OpenOffice.org
[2012/02/15 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012/02/15 21:24:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/15 21:24:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/15 21:24:56 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/15 21:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3.3 (en-GB) Installation Files
[2012/02/14 18:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 16:57:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000UA.job
[2012/03/09 16:57:27 | 000,002,509 | ---- | M] () -- C:\Users\HP\Desktop\Google Chrome.lnk
[2012/03/09 16:38:46 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 16:38:46 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 16:37:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2012/03/09 16:35:45 | 000,630,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/09 16:35:45 | 000,111,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/09 16:31:43 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 16:31:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/09 16:31:13 | 1601,093,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 18:29:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 17:22:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/08 16:28:15 | 000,000,512 | ---- | M] () -- C:\Users\HP\Desktop\MBR.dat
[2012/03/08 15:28:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HP\Desktop\tdsskiller.exe
[2012/03/06 16:17:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/06 16:00:09 | 000,221,713 | ---- | M] () -- C:\Users\HP\AppData\Local\census.cache
[2012/03/06 15:59:39 | 000,102,475 | ---- | M] () -- C:\Users\HP\AppData\Local\ars.cache
[2012/03/06 15:38:44 | 000,000,036 | ---- | M] () -- C:\Users\HP\AppData\Local\housecall.guid.cache
[2012/03/06 13:59:32 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe
[2012/03/04 12:54:02 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3106317538-888741922-2632213672-1000Core.job
[2012/03/04 12:49:55 | 000,302,592 | ---- | M] () -- C:\Users\HP\Desktop\h59lrczr.exe
[2012/02/29 15:26:09 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job
[2012/02/26 00:18:07 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2012/02/25 00:13:43 | 000,001,869 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\QvodPlayer.lnk
[2012/02/25 00:13:43 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QvodPlayer.lnk
[2012/02/24 22:59:48 | 000,434,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/24 18:32:47 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/02/24 16:49:03 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 04:59:50 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/16 22:34:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/16 22:34:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 17:37:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 17:37:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 17:37:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 17:37:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 17:37:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/06 16:17:10 | 000,001,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/06 16:00:09 | 000,221,713 | ---- | C] () -- C:\Users\HP\AppData\Local\census.cache
[2012/03/06 15:59:39 | 000,102,475 | ---- | C] () -- C:\Users\HP\AppData\Local\ars.cache
[2012/03/06 15:38:44 | 000,000,036 | ---- | C] () -- C:\Users\HP\AppData\Local\housecall.guid.cache
[2012/03/04 12:49:55 | 000,302,592 | ---- | C] () -- C:\Users\HP\Desktop\h59lrczr.exe
[2012/03/03 19:00:53 | 000,000,512 | ---- | C] () -- C:\Users\HP\Desktop\MBR.dat
[2012/02/24 18:32:47 | 000,001,747 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/02/24 18:32:47 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/02/24 16:49:03 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 22:34:26 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/02/16 22:34:26 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/01/27 23:33:08 | 000,163,840 | RHS- | C] () -- C:\Windows\System32\jscript93.dll
[2011/09/11 14:16:34 | 000,000,017 | ---- | C] () -- C:\Users\HP\AppData\Local\resmon.resmoncfg
[2011/08/30 10:34:13 | 000,000,188 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2011/08/30 10:28:11 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/08/30 10:25:45 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/08/30 10:20:51 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2011/08/30 10:20:51 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2011/06/22 07:41:54 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll

========== Files - Unicode (All) ==========
[2011/12/27 21:14:19 | 000,182,945 | ---- | M] ()(C:\Users\HP\Documents\??.docx) -- C:\Users\HP\Documents\贾家.docx
[2011/12/27 21:13:16 | 000,182,945 | ---- | C] ()(C:\Users\HP\Documents\??.docx) -- C:\Users\HP\Documents\贾家.docx

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users