Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer very slow, even slower on battery


  • This topic is locked This topic is locked
16 replies to this topic

#1 lazarro

lazarro

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 18 March 2012 - 03:57 PM

Hello, I have a problem. I am having some issues with my laptop which is not 1 year old. The system is very slow. On battery, the computer is almost unusable. I really feel the computer is infected somehow with some kind of malware/spyware software. I want a professional to read my logs. I did all the scan required (GMER and DDS). I really hope to have an answer asap.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by HP at 17:17:16 on 2012-03-18
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.1910.1007 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Anti-keylogger\akl_svc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Anti-keylogger\Anti-keylogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Anti-keylogger] c:\program files\anti-keylogger\Anti-keylogger.exe /autorun
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}\2454C4C414C49414E445632323 : DhcpNameServer = 192.168.2.1 142.166.145.137
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}\2454C4C414C49414E445731373 : DhcpNameServer = 192.168.2.1 142.166.145.137
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}\57D636D6D26796379647565727 : DhcpNameServer = 139.103.8.130 139.103.8.133
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-4 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-4 337880]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 39640]
R1 krnl_akl;Anti-keylogger Kernel Service;c:\windows\system32\drivers\krnl_akl.sys [2012-2-11 367824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-2-25 81920]
R2 akl_svc;Anti-keylogger Service;c:\program files\anti-keylogger\akl_svc.exe [2012-2-11 66768]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-9-9 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-4 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-4 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-7 44768]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-2-25 95200]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-25 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-9-9 6380544]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-9-9 222208]
R3 clwvd;HP Webcam Splitter;c:\windows\system32\drivers\clwvd.sys [2010-7-14 29168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2010-7-19 9018368]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-2-25 13336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-2-25 279656]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2012-03-18 15:57:36 -------- d-----w- c:\users\hp\appdata\local\{77B8B5E2-8826-4755-83E6-5B90ECF43210}
2012-03-18 15:57:14 -------- d-----w- c:\users\hp\appdata\local\{5ECA3EA3-4BF5-440F-8F12-DCB3DA4DA769}
2012-03-18 03:56:48 -------- d-----w- c:\users\hp\appdata\local\{08A6F37D-4F39-4AB8-AD2C-5C0D0E619455}
2012-03-18 03:56:29 -------- d-----w- c:\users\hp\appdata\local\{AAFD40DE-528C-4182-B207-5B1C3D031265}
2012-03-17 22:49:42 -------- d-----w- c:\program files\Anti-keylogger
2012-03-17 15:45:26 -------- d-----w- c:\users\hp\appdata\local\{B6A3712A-E5D8-4395-8A25-8C36A5EF53A8}
2012-03-17 15:44:54 -------- d-----w- c:\users\hp\appdata\local\{97BB8B90-39B0-4BFE-B39E-A88236D3DB42}
2012-03-17 03:44:29 -------- d-----w- c:\users\hp\appdata\local\{824FD255-EAE1-466D-9F35-3228D1D56662}
2012-03-17 03:44:12 -------- d-----w- c:\users\hp\appdata\local\{A1AFD9BF-4CC2-4555-8008-CC86AF0787EF}
2012-03-16 21:55:08 -------- d-----w- c:\users\hp\appdata\roaming\Hard Disk Sentinel
2012-03-16 21:54:35 -------- d-----w- c:\program files\Hard Disk Sentinel
2012-03-16 16:19:59 -------- d-----w- c:\users\hp\appdata\roaming\hpqLog
2012-03-16 16:19:19 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-16 15:01:52 -------- d-----w- c:\users\hp\appdata\local\{9BBF8255-3A29-4373-A6E4-49389F58D96A}
2012-03-16 15:01:31 -------- d-----w- c:\users\hp\appdata\local\{166753E6-33BF-4211-91A4-30DBAAE08399}
2012-03-16 10:21:03 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0757f9a1-fd8c-44f3-8f13-096cb296d58a}\mpengine.dll
2012-03-16 03:01:04 -------- d-----w- c:\users\hp\appdata\local\{BB356A6F-77CB-45C7-83C3-20771800D512}
2012-03-16 03:00:55 -------- d-----w- c:\users\hp\appdata\local\{2961E63A-C184-4D50-9444-C2E0D0D6F9A2}
2012-03-15 20:15:01 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-15 20:04:51 -------- d-----w- c:\users\hp\appdata\local\temp
2012-03-15 15:00:30 -------- d-----w- c:\users\hp\appdata\local\{BE44F931-B076-42F4-9B55-83227F71966B}
2012-03-15 15:00:17 -------- d-----w- c:\users\hp\appdata\local\{3A9E7A46-E87B-4120-B388-4FE25EE3F620}
2012-03-15 01:34:13 -------- d-----w- c:\users\hp\appdata\local\{7FBEC8D6-E3D2-4C61-B79F-F104CCC71F49}
2012-03-15 01:33:45 -------- d-----w- c:\users\hp\appdata\local\{D598CDAC-AB79-4AD6-9EF9-E731044BFC1A}
2012-03-14 15:21:02 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 15:21:00 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:25:22 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:25:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:24:21 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:24:21 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:24:21 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:24:19 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:24:19 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 13:24:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:21:45 -------- d-----w- c:\users\hp\appdata\local\{112F2525-570C-4ED2-A241-815FFCEF4F2D}
2012-03-14 13:21:24 -------- d-----w- c:\users\hp\appdata\local\{2EE69B38-65A1-4B8E-9D21-EB361AAD1326}
2012-03-14 01:08:19 -------- d-----w- c:\users\hp\appdata\local\{339DFBCD-F740-4607-B8C9-EF98133FAB8C}
2012-03-14 01:07:59 -------- d-----w- c:\users\hp\appdata\local\{15C7B48A-538A-4721-AA73-37F30269D3A6}
2012-03-14 00:27:32 -------- d-----w- c:\users\hp\appdata\local\{F6676FCB-2B23-4B28-996F-3D5046474511}
2012-03-14 00:27:22 -------- d-----w- c:\users\hp\appdata\local\{E222B164-F8B9-4EEA-BA7D-3BF791E65C14}
2012-03-13 11:19:45 -------- d-----w- c:\users\hp\appdata\local\{1ACEBC02-8195-4727-B8FB-140F5ACB6B4C}
2012-03-13 11:19:18 -------- d-----w- c:\users\hp\appdata\local\{5D4B8373-88DF-43B5-A14F-63CE434E6EAD}
2012-03-12 23:18:54 -------- d-----w- c:\users\hp\appdata\local\{BE2FE5D9-6C15-478F-8376-453085B91977}
2012-03-12 23:18:34 -------- d-----w- c:\users\hp\appdata\local\{BC7B5FE2-A10A-43F9-9536-C05C976970ED}
2012-03-12 11:18:03 -------- d-----w- c:\users\hp\appdata\local\{4A2538A5-E029-4552-9D80-AD64199435FF}
2012-03-12 11:17:48 -------- d-----w- c:\users\hp\appdata\local\{9CE0CC8D-853E-41EE-AEB9-95A9F9B3F3D0}
2012-03-11 16:25:13 -------- d-----w- c:\users\hp\appdata\local\{10CBC133-27A0-4C2B-9312-3D01459A1C71}
2012-03-11 16:25:03 -------- d-----w- c:\users\hp\appdata\local\{2911E378-626A-42B9-A77E-DBF769567315}
2012-03-11 04:24:36 -------- d-----w- c:\users\hp\appdata\local\{7483DD95-FE5E-403E-9691-2D9570A67F9E}
2012-03-11 04:24:14 -------- d-----w- c:\users\hp\appdata\local\{A943B15B-DD33-48ED-B8A5-00194698A974}
2012-03-10 22:37:01 -------- d-----w- C:\VritualRoot
2012-03-10 21:42:32 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-10 13:40:13 -------- d-----w- c:\users\hp\appdata\local\{BCB8403E-E125-45DA-B70E-D0E5AB229616}
2012-03-10 13:39:54 -------- d-----w- c:\users\hp\appdata\local\{91ECDC8A-866F-4A6E-861D-904F83140EB6}
2012-03-09 14:11:26 -------- d-----w- c:\users\hp\appdata\local\{032B643E-5E4A-4EF8-B48E-7FC3AA07A57F}
2012-03-09 14:11:16 -------- d-----w- c:\users\hp\appdata\local\{3C3E82F8-0E05-4182-84A4-518963F8AA49}
2012-03-09 00:35:23 -------- d-----w- c:\users\hp\appdata\roaming\OpenCandy
2012-03-09 00:34:21 -------- d-----w- c:\users\hp\appdata\roaming\BitTorrent
2012-03-09 00:13:24 333176 ----a-w- c:\windows\system32\MMInstaller.dll
2012-03-09 00:13:20 -------- d-----w- c:\program files\common files\Tencent
2012-03-09 00:13:19 -------- d-----w- c:\program files\Tencent
2012-03-09 00:13:13 -------- d-----w- c:\programdata\Tencent
2012-03-09 00:13:12 -------- d-----w- c:\users\hp\appdata\roaming\Tencent
2012-03-08 23:35:32 -------- d-----w- C:\FavoriteVideo
2012-03-08 23:34:33 -------- d-----w- c:\programdata\PPLive
2012-03-08 14:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-03-08 14:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-03-08 14:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-03-08 14:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-08 14:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-08 14:37:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-08 14:37:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-03-08 14:36:07 -------- d-----w- c:\users\hp\appdata\local\Apple
2012-03-08 14:18:34 -------- d-----w- c:\users\hp\appdata\local\{370C60B9-D41D-4EED-B98E-793FB6DFEAC8}
2012-03-08 14:18:19 -------- d-----w- c:\users\hp\appdata\local\{2E1D123C-AA76-45A5-9BCC-E153EA03D85A}
2012-03-07 15:00:51 -------- d-----w- c:\users\hp\appdata\local\{A268B29C-E3B2-4A83-8BA2-8BB8B062B0E1}
2012-03-07 15:00:40 -------- d-----w- c:\users\hp\appdata\local\{5067C80A-C355-4E58-9048-57FEF05A0F43}
2012-03-06 14:01:33 -------- d-----w- c:\users\hp\appdata\local\{9441DC85-99ED-4B16-97A0-198363595598}
2012-03-06 14:01:23 -------- d-----w- c:\users\hp\appdata\local\{2A024703-4C8E-4628-9041-A06A34AE8468}
2012-03-05 20:16:41 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-03-05 13:57:07 -------- d-----w- c:\users\hp\appdata\local\{D3FFEBD7-8D84-41CA-B7CA-24AF3B8393A5}
2012-03-05 13:56:55 -------- d-----w- c:\users\hp\appdata\local\{3D1452C5-B33F-42AC-A1EC-FA077ED51D70}
2012-03-04 23:12:43 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-04 23:12:43 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-04 23:12:42 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-04 23:12:08 41184 ----a-w- c:\windows\avastSS.scr
2012-03-04 23:11:55 -------- d-----w- c:\programdata\AVAST Software
2012-03-04 23:11:55 -------- d-----w- c:\program files\AVAST Software
2012-03-04 15:11:06 -------- d-----w- c:\users\hp\appdata\local\{C8DA2A6C-A835-46B4-986B-C61EA78EA205}
2012-03-04 15:10:42 -------- d-----w- c:\users\hp\appdata\local\{EA47F593-E1D7-4500-9726-8F15E1B6070B}
2012-03-04 13:31:51 -------- d-----w- c:\users\hp\appdata\local\Amazon
2012-03-04 03:10:16 -------- d-----w- c:\users\hp\appdata\local\{8CCE098F-48DF-42DB-B217-833EE79A7F75}
2012-03-04 03:10:05 -------- d-----w- c:\users\hp\appdata\local\{5D185CD6-9541-4CC3-BFFA-37D1910A76E4}
2012-03-03 13:43:44 -------- d-----w- c:\users\hp\appdata\local\{5D69A275-566F-4560-B173-8D4A857DC88E}
2012-03-03 13:43:33 -------- d-----w- c:\users\hp\appdata\local\{EEDCA06E-2711-45CA-B9D1-45693BDF5C35}
2012-03-03 02:24:27 -------- d-----w- c:\users\hp\funshion
2012-03-03 02:24:27 -------- d-----w- c:\program files\Funshion Online
2012-03-03 01:43:07 -------- d-----w- c:\users\hp\appdata\local\{588E4883-8123-4CCC-A3DC-8C386A594BA0}
2012-03-03 01:42:55 -------- d-----w- c:\users\hp\appdata\local\{027A26C9-9BE5-4764-831D-A9817C67A1D7}
2012-03-02 18:57:36 -------- d-----w- c:\users\hp\appdata\local\{8AA9C0BF-3529-4516-B204-3696BF62C5E8}
2012-03-02 18:49:02 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes
2012-03-02 18:47:47 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 18:47:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 18:47:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 17:54:46 -------- d-----w- c:\users\hp\appdata\roaming\SUPERAntiSpyware.com
2012-03-02 17:54:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-02 17:54:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-02 17:51:47 -------- d-----w- c:\users\hp\appdata\local\{EE4D62AD-BDE8-4863-880C-800E290DE8B5}
2012-03-02 16:50:40 -------- d-----w- c:\users\hp\appdata\local\{D46F9ED6-8357-489A-963F-F2D829AAA67A}
2012-03-02 04:43:45 -------- d-----w- c:\users\hp\appdata\local\{6361BBC7-11FB-4160-92EA-89B00B80A4B4}
2012-03-02 04:43:34 -------- d-----w- c:\users\hp\appdata\local\{B890A72B-DCCE-4081-A7C6-7DDEB0FFEE08}
2012-03-01 18:21:01 -------- d-----w- c:\users\hp\appdata\local\{19E092B8-C665-430D-9810-7BDDAD3EDAAC}
2012-03-01 13:49:18 202112 ----a-w- c:\windows\system32\PPTVLauncher.exe
2012-03-01 06:20:34 -------- d-----w- c:\users\hp\appdata\local\{C8DA8466-3278-4CF8-99CE-AF416C59E087}
2012-03-01 06:20:22 -------- d-----w- c:\users\hp\appdata\local\{B91907E3-A57C-4256-9E00-728EB40CB926}
2012-02-29 17:02:00 -------- d-----w- c:\users\hp\appdata\local\{D4F67F1F-B291-4EE9-9A45-8441B7F02763}
2012-02-29 17:01:44 -------- d-----w- c:\users\hp\appdata\local\{5036582B-F019-4B9E-8627-AF796F70D582}
2012-02-29 05:01:18 -------- d-----w- c:\users\hp\appdata\local\{1A5CC70A-AFD5-4291-BAA4-CA65CEC64F79}
2012-02-29 05:01:07 -------- d-----w- c:\users\hp\appdata\local\{50954320-44C5-4DF9-9E01-F97EB20928F0}
2012-02-28 17:00:40 -------- d-----w- c:\users\hp\appdata\local\{AABDD0F3-287A-4C93-9A8C-B7528560DD0E}
2012-02-28 17:00:29 -------- d-----w- c:\users\hp\appdata\local\{197647EE-AF65-4642-85FD-444494733387}
2012-02-28 15:37:29 -------- d-----w- c:\users\hp\appdata\local\{3B02161A-2F0A-4BB3-9A20-C77557DA1A0C}
2012-02-28 03:25:13 -------- d-----w- c:\users\hp\appdata\local\{B88FAED5-F3E2-470D-8D26-E0A69B6CF493}
2012-02-28 03:25:02 -------- d-----w- c:\users\hp\appdata\local\{D7DC15C6-1CC9-4150-BAC3-ED772F2E8382}
2012-02-28 03:25:02 -------- d-----w- c:\users\hp\appdata\local\{5D56CA6C-520B-419E-B782-F1776B3F7486}
2012-02-27 15:24:36 -------- d-----w- c:\users\hp\appdata\local\{636EECE3-9CA0-47A0-BA58-D90A4796DF53}
2012-02-27 15:24:25 -------- d-----w- c:\users\hp\appdata\local\{AA44F6E6-20C2-4A60-8215-BEEBF14FE673}
2012-02-27 03:23:59 -------- d-----w- c:\users\hp\appdata\local\{DDE3B909-7114-40CF-9FE9-E77981621E32}
2012-02-27 03:23:48 -------- d-----w- c:\users\hp\appdata\local\{FD526730-85B9-47AA-9250-27B43CF1DA81}
2012-02-26 23:38:13 -------- d-----w- c:\users\hp\appdata\local\Comodo
2012-02-26 23:35:06 -------- d-----w- c:\users\hp\appdata\local\Research In Motion
2012-02-26 23:34:37 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-26 23:34:20 -------- d-----w- c:\programdata\Research In Motion
2012-02-26 23:33:38 -------- d-----w- c:\program files\Research In Motion
2012-02-26 22:07:39 413696 ----a-r- c:\users\hp\appdata\roaming\microsoft\installer\{f3ee237a-7f47-4639-962f-7208536a7837}\BlackBerry.exe
2012-02-26 22:07:14 -------- d-----w- c:\program files\common files\Research In Motion
2012-02-26 21:30:43 -------- d-----w- c:\users\hp\appdata\roaming\Research In Motion
2012-02-26 20:47:58 -------- d-----w- c:\programdata\Comodo
2012-02-26 20:47:46 -------- d-----w- c:\program files\Comodo
2012-02-26 20:22:57 -------- d-----w- c:\programdata\VirtualizedApplications
2012-02-26 18:39:46 -------- d-----w- c:\users\hp\appdata\local\Microsoft Games
2012-02-26 17:20:06 -------- d-----w- c:\users\hp\appdata\local\Diagnostics
2012-02-26 15:37:04 -------- d-----w- c:\users\hp\appdata\roaming\SoftGrid Client
2012-02-26 15:37:04 -------- d-----w- c:\users\hp\appdata\local\SoftGrid Client
2012-02-26 15:35:49 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-02-26 15:35:31 -------- d-----w- c:\users\hp\appdata\roaming\TP
2012-02-26 15:23:22 -------- d-----w- c:\users\hp\appdata\local\{72DAAF8A-E744-4AB7-9D7E-79D50CF093FC}
2012-02-26 15:23:10 -------- d-----w- c:\users\hp\appdata\local\{45A3381C-7D92-4D78-9091-36E0A6071AC4}
2012-02-26 12:12:07 -------- d-----w- c:\users\hp\appdata\local\{D9563FA2-A2FA-4C29-93DD-F9BD9E7FDAB9}
2012-02-26 12:00:34 -------- d-----w- c:\users\hp\appdata\local\{6AEE963E-FDD3-40F4-8A74-04C6492B6C5C}
2012-02-26 01:47:24 -------- d-----w- c:\programdata\CPA_VA
2012-02-26 01:42:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-26 01:42:43 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-02-26 00:29:37 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-02-26 00:14:42 -------- d-----w- c:\program files\ATI Technologies
2012-02-26 00:14:38 -------- d-----w- c:\program files\ATI
2012-02-26 00:07:07 -------- d-----w- c:\users\hp\appdata\local\Hewlett-Packard
2012-02-26 00:03:00 -------- d-----r- c:\program files\Skype
2012-02-25 23:59:55 -------- d-----w- c:\users\hp\appdata\local\{DF06865C-5733-4C3B-8048-FB7DA5596870}
2012-02-25 23:59:45 -------- d-----w- c:\users\hp\appdata\local\{277DEACA-D437-4E6A-95FD-613373BBDBDD}
2012-02-25 23:59:32 -------- d-----w- c:\users\hp\Tracing
2012-02-25 23:55:25 -------- d-----w- c:\windows\PCHEALTH
2012-02-25 23:54:16 -------- d-----w- c:\users\hp\appdata\local\Windows Live
2012-02-25 23:54:15 -------- d-----w- c:\program files\common files\Windows Live
2012-02-25 23:51:17 -------- d-----w- c:\program files\Yahoo!
2012-02-25 20:10:35 -------- d-----w- c:\windows\Panther
2012-02-25 19:48:12 -------- d-----w- c:\users\hp\appdata\roaming\Auslogics
2012-02-25 19:43:50 -------- d-----w- c:\program files\common files\McAfee
2012-02-25 19:43:47 -------- d-----w- c:\program files\McAfee
2012-02-25 19:14:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 19:14:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-25 19:12:50 -------- d-----w- c:\windows\ShellNew
2012-02-25 19:10:32 -------- d-----w- c:\program files\LibreOffice 3.5
2012-02-25 19:08:35 -------- d-----w- c:\program files\Auslogics
2012-02-25 19:08:13 -------- d-----w- c:\program files\InfraRecorder
2012-02-25 19:07:48 -------- d-----w- c:\windows\system32\Adobe
2012-02-25 19:07:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-25 19:07:22 -------- d-----w- c:\users\hp\appdata\local\Adobe
2012-02-25 19:06:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 18:12:15 -------- d-----w- c:\program files\VideoLAN
2012-02-25 17:40:59 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-25 17:38:05 86016 ----a-w- c:\windows\system32\AESTCom.dll
2012-02-25 17:38:05 61440 ----a-w- c:\windows\system32\aestaren.dll
2012-02-25 17:38:05 536668 ----a-w- c:\windows\sttray.exe
2012-02-25 17:38:05 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-02-25 17:38:05 4644864 ----a-w- c:\windows\system32\stlang.dll
2012-02-25 17:38:05 380928 ----a-w- c:\windows\system32\aestecap.dll
2012-02-25 17:38:05 139776 ----a-w- c:\windows\system32\aestacap.dll
2012-02-25 17:38:05 12734556 ----a-w- c:\windows\system32\idtcpl.cpl
2012-02-25 17:38:04 -------- d-----w- c:\windows\system32\SRSLabs
2012-02-25 17:38:02 179712 ----a-w- c:\windows\system32\staco.dll
2012-02-25 17:37:25 949760 ----a-w- c:\windows\system32\stapo.dll
2012-02-25 17:37:25 532480 ------w- c:\windows\system32\stapi32.dll
2012-02-25 17:37:25 435200 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-02-25 17:37:25 405504 ----a-w- c:\windows\system32\stcplx.dll
2012-02-25 17:37:18 -------- d-----w- c:\program files\IDT
2012-02-25 17:36:20 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-02-25 17:36:20 279656 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-02-25 17:36:20 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-02-25 17:36:17 -------- d-----w- c:\program files\Realtek
2012-02-25 17:35:12 -------- d-----w- c:\users\hp\appdata\roaming\Intel Corporation
2012-02-25 17:33:46 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-25 17:33:45 -------- d-----w- C:\SP50859
2012-02-25 17:32:12 -------- d-----w- c:\programdata\AmUStor
2012-02-25 17:32:12 -------- d-----w- c:\program files\AmIcoSingLun
2012-02-25 17:29:55 -------- d-----w- c:\program files\Synaptics
2012-02-25 17:29:07 61440 ----a-w- c:\windows\system32\athihvui.dll
2012-02-25 17:29:07 397312 ----a-w- c:\windows\system32\athihvs.dll
2012-02-25 17:29:07 1882624 ----a-w- c:\windows\system32\drivers\athr.sys
2012-02-25 17:29:07 -------- d-----w- c:\windows\system32\nn-NO
2012-02-25 17:29:07 -------- d-----w- c:\windows\Options
2012-02-25 17:29:00 -------- d-----w- c:\program files\Cisco
2012-02-25 17:29:00 -------- d-----w- c:\program files\Atheros
2012-02-25 17:28:41 -------- d-----w- c:\programdata\Atheros
2012-02-25 17:25:41 -------- d-sh--w- c:\windows\Installer
2012-02-25 17:25:39 -------- d-----w- C:\System.sav
2012-02-25 17:24:04 -------- d-----w- c:\program files\common files\Intel
2012-02-25 17:16:20 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-02-25 17:16:20 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-02-25 17:13:27 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-25 17:13:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-25 17:13:11 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-25 17:13:11 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-25 17:13:11 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-02-25 17:13:10 2616320 ----a-w- c:\windows\explorer.exe
2012-02-25 17:11:43 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-25 17:06:26 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-02-25 17:06:16 -------- d-----w- C:\SwSetup
2012-02-25 16:38:27 -------- d-----w- c:\users\hp\appdata\local\Google
2012-02-25 16:38:15 -------- d-----w- c:\users\hp\appdata\local\Deployment
2012-02-25 16:38:15 -------- d-----w- c:\users\hp\appdata\local\Apps
2012-02-25 16:32:46 -------- d-----w- C:\Intel
2012-02-25 16:03:41 -------- d-----w- C:\Boot
.
==================== Find3M ====================
.
2012-03-11 21:13:36 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13:35 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13:34 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13:19 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-11 18:05:32 367824 ----a-w- c:\windows\system32\drivers\krnl_akl.sys
2012-01-04 23:01:54 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 17:18:01.85 ===============

Edited by Budapest, 18 March 2012 - 06:41 PM.
Duplicate


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 AM

Posted 19 March 2012 - 10:34 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

From the discription you have given us it sounds like this may or may not be a malware problem, I will check very hard to make sure it is not malware and if none is found you may need to go to another part of the forum to find the answers to the problems you are having.




Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lazarro

lazarro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 20 March 2012 - 02:56 PM

Hello, thanks for helping me. I did the Combofix scan I will paste it below. The computer is acting weird. The desktop icons are changing places. I don't know why. The computer is slow and even slower on battery. When I am on battery is almost like I can't use it and I have to plug it if I want things done.


ComboFix 12-03-20.01 - HP 03/20/2012 16:39:54.3.4 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.1910.983 [GMT -3:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 19:46 . 2012-03-20 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 11:54 . 2012-02-20 05:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04D4D828-2A41-42BE-B76A-29B43692D448}\mpengine.dll
2012-03-20 11:41 . 2012-03-20 11:41 -------- d-----w- C:\CCE_Quarantine
2012-03-18 16:52 . 2012-03-18 17:39 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-16 21:54 . 2012-03-16 22:02 -------- d-----w- c:\program files\Hard Disk Sentinel
2012-03-16 16:20 . 2012-03-16 16:22 -------- d-----w- c:\programdata\Hewlett-Packard
2012-03-16 16:19 . 2012-03-16 16:19 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-14 15:21 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 15:21 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:25 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:25 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:24 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:24 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:24 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:24 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:24 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:24 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 22:29 . 2012-03-12 22:29 -------- d-----r- C:\MSOCache
2012-03-10 22:37 . 2012-03-10 22:37 -------- d-----w- C:\VritualRoot
2012-03-10 21:42 . 2012-03-10 21:42 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-09 00:13 . 2012-02-29 07:21 333176 ----a-w- c:\windows\system32\MMInstaller.dll
2012-03-09 00:13 . 2012-03-09 00:13 -------- d-----w- c:\program files\Common Files\Tencent
2012-03-09 00:13 . 2012-03-09 00:18 -------- d-----w- c:\program files\Tencent
2012-03-09 00:13 . 2012-03-09 00:13 -------- d-----w- c:\programdata\Tencent
2012-03-08 23:35 . 2012-03-15 20:02 -------- d-----w- C:\FavoriteVideo
2012-03-08 23:34 . 2012-03-08 23:37 -------- d-----w- c:\programdata\PPLive
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-03-08 14:37 . 2012-03-08 14:37 -------- d-----w- c:\program files\QuickTime
2012-03-08 14:37 . 2012-03-08 14:37 -------- d-----w- c:\programdata\Apple Computer
2012-03-08 14:36 . 2012-03-08 14:36 -------- d-----w- c:\program files\Common Files\Apple
2012-03-08 14:36 . 2012-03-08 14:36 -------- d-----w- c:\program files\Apple Software Update
2012-03-08 14:36 . 2012-03-08 14:36 -------- d-----w- c:\programdata\Apple
2012-03-07 23:12 . 2012-03-07 23:12 -------- d-----w- c:\windows\Sun
2012-03-04 23:12 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-04 23:12 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-04 23:12 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-04 23:12 . 2012-03-07 00:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-04 23:12 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-04 23:12 . 2012-03-07 00:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-04 23:12 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-04 23:12 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-04 23:11 . 2012-03-04 23:11 -------- d-----w- c:\programdata\AVAST Software
2012-03-04 23:11 . 2012-03-04 23:11 -------- d-----w- c:\program files\AVAST Software
2012-03-03 02:24 . 2012-03-03 02:24 -------- d-----w- c:\program files\Funshion Online
2012-03-02 18:47 . 2012-03-02 18:47 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 18:47 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 18:47 . 2012-03-02 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 17:54 . 2012-03-02 17:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-02 17:54 . 2012-03-02 17:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-01 13:49 . 2012-03-01 13:49 202112 ----a-w- c:\windows\system32\PPTVLauncher.exe
2012-02-26 23:34 . 2011-07-20 19:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-26 23:34 . 2012-02-26 23:34 -------- d-----w- c:\programdata\Research In Motion
2012-02-26 23:33 . 2012-02-26 23:33 -------- d-----w- c:\program files\Research In Motion
2012-02-26 22:07 . 2012-02-26 23:33 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-02-26 20:47 . 2012-02-26 22:12 -------- d-----w- c:\programdata\Comodo
2012-02-26 20:47 . 2012-03-20 06:41 -------- d-----w- c:\program files\Comodo
2012-02-26 20:22 . 2012-02-26 20:22 -------- d-----w- c:\programdata\VirtualizedApplications
2012-02-26 15:35 . 2012-02-26 18:10 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-02-26 01:47 . 2012-03-20 11:46 -------- d-----w- c:\programdata\CPA_VA
2012-02-26 01:42 . 2012-02-26 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-26 01:42 . 2012-02-26 01:42 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-02-26 00:14 . 2012-02-26 00:14 -------- d-----w- c:\program files\ATI Technologies
2012-02-26 00:14 . 2012-02-26 00:14 -------- d-----w- c:\program files\ATI
2012-02-26 00:07 . 2012-02-26 00:07 -------- d-----w- c:\programdata\CyberLink
2012-02-26 00:03 . 2012-02-26 00:03 -------- d-----w- c:\program files\Common Files\Skype
2012-02-26 00:03 . 2012-03-08 17:36 -------- d-----r- c:\program files\Skype
2012-02-26 00:02 . 2012-02-26 00:02 -------- d-----w- c:\programdata\Skype
2012-02-25 23:55 . 2012-02-25 23:55 -------- d-----w- c:\windows\PCHEALTH
2012-02-25 23:55 . 2012-02-25 23:56 -------- d-----w- c:\program files\Windows Live
2012-02-25 23:54 . 2012-02-25 23:54 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-25 23:52 . 2012-03-18 16:52 -------- d-----w- c:\programdata\Yahoo!
2012-02-25 23:51 . 2012-03-18 16:52 -------- d-----w- c:\program files\Yahoo!
2012-02-25 20:30 . 2012-03-19 22:39 -------- d-----w- c:\users\HP
2012-02-25 20:30 . 2012-02-25 20:30 -------- d-----w- C:\Recovery
2012-02-25 20:10 . 2012-02-25 20:30 -------- d-----w- c:\windows\Panther
2012-02-25 19:43 . 2012-02-25 19:43 -------- d-----w- c:\program files\Common Files\McAfee
2012-02-25 19:43 . 2012-02-25 19:52 -------- d-----w- c:\program files\McAfee
2012-02-25 19:43 . 2012-02-25 19:43 -------- d-----w- c:\programdata\McAfee
2012-02-25 19:14 . 2012-02-25 19:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 19:14 . 2012-02-25 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-25 19:12 . 2012-02-25 19:12 -------- d-----w- c:\windows\ShellNew
2012-02-25 19:10 . 2012-02-25 19:12 -------- d-----w- c:\program files\LibreOffice 3.5
2012-02-25 19:07 . 2012-02-25 19:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-25 19:06 . 2012-02-25 19:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 19:06 . 2012-02-25 19:06 -------- d-----w- c:\windows\system32\Macromed
2012-02-25 18:30 . 2012-02-25 18:33 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-25 18:12 . 2012-02-25 18:12 -------- d-----w- c:\program files\VideoLAN
2012-02-25 18:05 . 2012-02-25 18:05 -------- d-----w- c:\program files\Microsoft.NET
2012-02-25 17:40 . 2012-02-25 17:40 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-25 17:38 . 2011-02-08 17:27 4644864 ----a-w- c:\windows\system32\stlang.dll
2012-02-25 17:38 . 2011-01-25 05:57 536668 ----a-w- c:\windows\sttray.exe
2012-02-25 17:36 . 2010-08-25 01:19 279656 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-02-25 17:36 . 2010-06-09 03:33 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-02-25 17:36 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-02-25 17:36 . 2012-02-25 17:36 -------- d-----w- c:\program files\Realtek
2012-02-25 17:33 . 2010-04-27 20:47 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-25 17:33 . 2012-02-25 17:33 -------- d-----w- C:\SP50859
2012-02-25 17:32 . 2012-02-25 17:32 -------- d-----w- c:\programdata\AmUStor
2012-02-25 17:32 . 2012-02-25 17:32 -------- d-----w- c:\program files\AmIcoSingLun
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\program files\Synaptics
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\windows\system32\nn-NO
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\windows\Options
2012-02-25 17:29 . 2010-09-27 00:13 1882624 ----a-w- c:\windows\system32\drivers\athr.sys
2012-02-25 17:29 . 2010-09-11 14:51 61440 ----a-w- c:\windows\system32\athihvui.dll
2012-02-25 17:29 . 2010-09-11 14:51 397312 ----a-w- c:\windows\system32\athihvs.dll
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\program files\Atheros
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\program files\Cisco
2012-02-25 17:28 . 2012-02-25 17:29 -------- d-----w- c:\programdata\Atheros
2012-02-25 17:27 . 2012-03-16 16:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-02-25 17:27 . 2012-03-16 16:22 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-25 17:25 . 2012-03-20 19:37 -------- d-sh--w- c:\windows\Installer
2012-02-25 17:25 . 2012-02-25 17:25 -------- d-----w- C:\System.sav
2012-02-25 17:24 . 2012-02-25 17:24 -------- d-----w- c:\program files\Common Files\Intel
2012-02-25 17:16 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-02-25 17:16 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-02-25 17:13 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-25 17:13 . 2012-02-23 13:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-25 17:13 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-25 17:13 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-12-19 21:59 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2012-01-18 00:00 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-19 21:59 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-19 21:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-19 21:58 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-25 23:54 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-04 23:01 . 2012-01-04 23:01 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-13 1873192]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-09-07 237568]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-27 284696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-20 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-20 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-20 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 95200]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-08-25 279656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 26168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-27 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 6380544]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 222208]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 29168]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-07-20 9018368]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - krnl_akl
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2468066099-2050458068-376550370-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:38]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2468066099-2050458068-376550370-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:38]
.
2012-03-18 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 01:15]
.
.
------- Supplementary Scan -------
.
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2468066099-2050458068-376550370-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2468066099-2050458068-376550370-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\System32\guard32.dll
.
- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(6116)
c:\windows\system32\guard32.dll
.
Completion time: 2012-03-20 16:49:37
ComboFix-quarantined-files.txt 2012-03-20 19:49
.
Pre-Run: 278,913,515,520 bytes free
Post-Run: 279,028,977,664 bytes free
.
- - End Of File - - D03434E289073A23E2B3DE58774AB430

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 AM

Posted 20 March 2012 - 03:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lazarro

lazarro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 20 March 2012 - 08:06 PM

The tdsskiller logs and the aswMBR log:

17:19:49.0955 5732 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:19:49.0971 5732 ============================================================
17:19:49.0971 5732 Current date / time: 2012/03/20 17:19:49.0971
17:19:49.0971 5732 SystemInfo:
17:19:49.0971 5732
17:19:49.0971 5732 OS Version: 6.1.7601 ServicePack: 1.0
17:19:49.0971 5732 Product type: Workstation
17:19:49.0971 5732 ComputerName: HP-PC
17:19:49.0971 5732 UserName: HP
17:19:49.0971 5732 Windows directory: C:\Windows
17:19:49.0971 5732 System windows directory: C:\Windows
17:19:49.0971 5732 Processor architecture: Intel x86
17:19:49.0971 5732 Number of processors: 4
17:19:49.0971 5732 Page size: 0x1000
17:19:49.0971 5732 Boot type: Normal boot
17:19:49.0971 5732 ============================================================
17:19:50.0439 5732 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:19:50.0439 5732 \Device\Harddisk0\DR0:
17:19:50.0439 5732 MBR used
17:19:50.0439 5732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
17:19:50.0439 5732 Initialize success
17:19:50.0439 5732 ============================================================
17:19:56.0616 6100 ============================================================
17:19:56.0616 6100 Scan started
17:19:56.0616 6100 Mode: Manual; SigCheck; TDLFS;
17:19:56.0616 6100 ============================================================
17:19:57.0849 6100 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:19:58.0005 6100 1394ohci - ok
17:19:58.0036 6100 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
17:19:58.0067 6100 Accelerometer - ok
17:19:58.0098 6100 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:19:58.0129 6100 ACPI - ok
17:19:58.0207 6100 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:19:58.0285 6100 AcpiPmi - ok
17:19:58.0332 6100 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
17:19:58.0379 6100 adp94xx - ok
17:19:58.0457 6100 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
17:19:58.0488 6100 adpahci - ok
17:19:58.0504 6100 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
17:19:58.0535 6100 adpu320 - ok
17:19:58.0582 6100 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:19:58.0660 6100 AFD - ok
17:19:58.0707 6100 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:19:58.0738 6100 agp440 - ok
17:19:58.0800 6100 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
17:19:58.0831 6100 aic78xx - ok
17:19:58.0863 6100 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:19:58.0878 6100 aliide - ok
17:19:58.0909 6100 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:19:58.0925 6100 amdagp - ok
17:19:58.0941 6100 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:19:58.0972 6100 amdide - ok
17:19:58.0987 6100 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
17:19:59.0034 6100 AmdK8 - ok
17:19:59.0190 6100 amdkmdag (280578aa4f589bfda3a76375a47a26b5) C:\Windows\system32\DRIVERS\atikmdag.sys
17:19:59.0424 6100 amdkmdag - ok
17:19:59.0518 6100 amdkmdap (ba43ee7d325877677bad4d0b3ccde02a) C:\Windows\system32\DRIVERS\atikmpag.sys
17:19:59.0580 6100 amdkmdap - ok
17:19:59.0643 6100 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
17:19:59.0705 6100 AmdPPM - ok
17:19:59.0752 6100 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:19:59.0783 6100 amdsata - ok
17:19:59.0861 6100 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
17:19:59.0892 6100 amdsbs - ok
17:19:59.0908 6100 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:19:59.0939 6100 amdxata - ok
17:19:59.0955 6100 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:20:00.0079 6100 AppID - ok
17:20:00.0157 6100 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
17:20:00.0189 6100 arc - ok
17:20:00.0204 6100 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
17:20:00.0235 6100 arcsas - ok
17:20:00.0267 6100 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
17:20:00.0329 6100 aswFsBlk - ok
17:20:00.0360 6100 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
17:20:00.0391 6100 aswMonFlt - ok
17:20:00.0407 6100 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
17:20:00.0423 6100 aswRdr - ok
17:20:00.0469 6100 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
17:20:00.0516 6100 aswSnx - ok
17:20:00.0594 6100 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
17:20:00.0625 6100 aswSP - ok
17:20:00.0657 6100 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
17:20:00.0672 6100 aswTdi - ok
17:20:00.0703 6100 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:00.0844 6100 AsyncMac - ok
17:20:00.0922 6100 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:20:00.0953 6100 atapi - ok
17:20:01.0015 6100 athr (c8bb2e935a5d195692140e795ea9ac14) C:\Windows\system32\DRIVERS\athr.sys
17:20:01.0125 6100 athr - ok
17:20:01.0249 6100 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
17:20:01.0312 6100 b06bdrv - ok
17:20:01.0374 6100 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:20:01.0421 6100 b57nd60x - ok
17:20:01.0499 6100 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:20:01.0561 6100 Beep - ok
17:20:01.0593 6100 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:20:01.0624 6100 blbdrive - ok
17:20:01.0671 6100 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:20:01.0702 6100 bowser - ok
17:20:01.0749 6100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
17:20:01.0795 6100 BrFiltLo - ok
17:20:01.0827 6100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
17:20:01.0889 6100 BrFiltUp - ok
17:20:01.0905 6100 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:20:01.0983 6100 BridgeMP - ok
17:20:02.0014 6100 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:20:02.0076 6100 Brserid - ok
17:20:02.0123 6100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:20:02.0170 6100 BrSerWdm - ok
17:20:02.0217 6100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:20:02.0263 6100 BrUsbMdm - ok
17:20:02.0295 6100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:20:02.0341 6100 BrUsbSer - ok
17:20:02.0357 6100 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
17:20:02.0404 6100 BTHMODEM - ok
17:20:02.0529 6100 catchme - ok
17:20:02.0607 6100 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:20:02.0685 6100 cdfs - ok
17:20:02.0731 6100 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:20:02.0778 6100 cdrom - ok
17:20:02.0809 6100 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
17:20:02.0856 6100 circlass - ok
17:20:02.0887 6100 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:20:02.0919 6100 CLFS - ok
17:20:03.0043 6100 clwvd (fa930a2f1425f6407e1fa9a3eab43d0d) C:\Windows\system32\DRIVERS\clwvd.sys
17:20:03.0075 6100 clwvd - ok
17:20:03.0106 6100 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:20:03.0153 6100 CmBatt - ok
17:20:03.0199 6100 cmdGuard (ed042da80d9d6a087e83df395ceefd65) C:\Windows\system32\DRIVERS\cmdguard.sys
17:20:03.0246 6100 cmdGuard - ok
17:20:03.0309 6100 cmdHlp (ed6b6a222cb9adf6751e02ad478a89fb) C:\Windows\system32\DRIVERS\cmdhlp.sys
17:20:03.0324 6100 cmdHlp - ok
17:20:03.0355 6100 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:20:03.0371 6100 cmdide - ok
17:20:03.0418 6100 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:20:03.0465 6100 CNG - ok
17:20:03.0496 6100 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:20:03.0511 6100 Compbatt - ok
17:20:03.0543 6100 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:20:03.0574 6100 CompositeBus - ok
17:20:03.0652 6100 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
17:20:03.0683 6100 crcdisk - ok
17:20:03.0730 6100 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:20:03.0808 6100 DfsC - ok
17:20:03.0823 6100 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:20:03.0870 6100 discache - ok
17:20:03.0901 6100 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
17:20:03.0917 6100 Disk - ok
17:20:04.0011 6100 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:20:04.0042 6100 drmkaud - ok
17:20:04.0089 6100 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:20:04.0135 6100 DXGKrnl - ok
17:20:04.0229 6100 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
17:20:04.0338 6100 ebdrv - ok
17:20:04.0416 6100 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
17:20:04.0463 6100 elxstor - ok
17:20:04.0494 6100 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:20:04.0541 6100 ErrDev - ok
17:20:04.0572 6100 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:20:04.0635 6100 exfat - ok
17:20:04.0650 6100 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:20:04.0728 6100 fastfat - ok
17:20:04.0806 6100 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
17:20:04.0853 6100 fdc - ok
17:20:04.0884 6100 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:20:04.0900 6100 FileInfo - ok
17:20:04.0931 6100 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:20:05.0009 6100 Filetrace - ok
17:20:05.0040 6100 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
17:20:05.0071 6100 flpydisk - ok
17:20:05.0103 6100 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:20:05.0118 6100 FltMgr - ok
17:20:05.0149 6100 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:20:05.0165 6100 FsDepends - ok
17:20:05.0196 6100 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:20:05.0227 6100 Fs_Rec - ok
17:20:05.0290 6100 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:20:05.0321 6100 fvevol - ok
17:20:05.0352 6100 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
17:20:05.0383 6100 gagp30kx - ok
17:20:05.0399 6100 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:20:05.0446 6100 hcw85cir - ok
17:20:05.0493 6100 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:20:05.0555 6100 HdAudAddService - ok
17:20:05.0649 6100 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:20:05.0695 6100 HDAudBus - ok
17:20:05.0727 6100 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
17:20:05.0789 6100 HECI - ok
17:20:05.0805 6100 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
17:20:05.0836 6100 HidBatt - ok
17:20:05.0851 6100 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
17:20:05.0914 6100 HidBth - ok
17:20:05.0992 6100 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
17:20:06.0039 6100 HidIr - ok
17:20:06.0085 6100 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:20:06.0117 6100 HidUsb - ok
17:20:06.0273 6100 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
17:20:06.0288 6100 hpdskflt - ok
17:20:06.0319 6100 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:20:06.0351 6100 HpSAMD - ok
17:20:06.0382 6100 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:20:06.0460 6100 HTTP - ok
17:20:06.0538 6100 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:20:06.0553 6100 hwpolicy - ok
17:20:06.0585 6100 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:20:06.0616 6100 i8042prt - ok
17:20:06.0663 6100 iaStor (eb3a2c773e202ced30595bbfad24febf) C:\Windows\system32\DRIVERS\iaStor.sys
17:20:06.0709 6100 iaStor - ok
17:20:06.0803 6100 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:20:06.0834 6100 iaStorV - ok
17:20:07.0037 6100 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:20:07.0318 6100 igfx - ok
17:20:07.0411 6100 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
17:20:07.0443 6100 iirsp - ok
17:20:07.0505 6100 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
17:20:07.0552 6100 Impcd - ok
17:20:07.0599 6100 inspect (2ee3db2c1760171c6f72f2f1792a47b5) C:\Windows\system32\DRIVERS\inspect.sys
17:20:07.0614 6100 inspect - ok
17:20:07.0630 6100 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:20:07.0661 6100 intelide - ok
17:20:07.0848 6100 intelkmd (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdpmd32.sys
17:20:08.0113 6100 intelkmd - ok
17:20:08.0254 6100 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:20:08.0316 6100 intelppm - ok
17:20:08.0347 6100 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:08.0425 6100 IpFilterDriver - ok
17:20:08.0441 6100 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:20:08.0472 6100 IPMIDRV - ok
17:20:08.0488 6100 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:20:08.0535 6100 IPNAT - ok
17:20:08.0566 6100 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:20:08.0644 6100 IRENUM - ok
17:20:08.0722 6100 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:20:08.0753 6100 isapnp - ok
17:20:08.0769 6100 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:20:08.0800 6100 iScsiPrt - ok
17:20:08.0847 6100 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:20:08.0862 6100 kbdclass - ok
17:20:08.0893 6100 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:20:08.0925 6100 kbdhid - ok
17:20:08.0956 6100 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:20:08.0971 6100 KSecDD - ok
17:20:08.0987 6100 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:20:09.0003 6100 KSecPkg - ok
17:20:09.0112 6100 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:20:09.0190 6100 lltdio - ok
17:20:09.0237 6100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
17:20:09.0268 6100 LSI_FC - ok
17:20:09.0299 6100 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
17:20:09.0315 6100 LSI_SAS - ok
17:20:09.0330 6100 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
17:20:09.0346 6100 LSI_SAS2 - ok
17:20:09.0377 6100 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
17:20:09.0393 6100 LSI_SCSI - ok
17:20:09.0408 6100 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:20:09.0471 6100 luafv - ok
17:20:09.0549 6100 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
17:20:09.0564 6100 megasas - ok
17:20:09.0595 6100 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
17:20:09.0627 6100 MegaSR - ok
17:20:09.0658 6100 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:20:09.0720 6100 Modem - ok
17:20:09.0751 6100 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:20:09.0798 6100 monitor - ok
17:20:09.0829 6100 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:20:09.0861 6100 mouclass - ok
17:20:09.0939 6100 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:20:09.0985 6100 mouhid - ok
17:20:10.0001 6100 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:20:10.0032 6100 mountmgr - ok
17:20:10.0048 6100 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:20:10.0079 6100 mpio - ok
17:20:10.0095 6100 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:20:10.0157 6100 mpsdrv - ok
17:20:10.0188 6100 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:20:10.0235 6100 MRxDAV - ok
17:20:10.0282 6100 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:10.0344 6100 mrxsmb - ok
17:20:10.0407 6100 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:10.0453 6100 mrxsmb10 - ok
17:20:10.0469 6100 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:10.0516 6100 mrxsmb20 - ok
17:20:10.0547 6100 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:20:10.0563 6100 msahci - ok
17:20:10.0594 6100 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:20:10.0609 6100 msdsm - ok
17:20:10.0641 6100 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:20:10.0703 6100 Msfs - ok
17:20:10.0719 6100 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:20:10.0765 6100 mshidkmdf - ok
17:20:10.0843 6100 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:20:10.0859 6100 msisadrv - ok
17:20:10.0906 6100 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:20:10.0968 6100 MSKSSRV - ok
17:20:10.0999 6100 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:11.0046 6100 MSPCLOCK - ok
17:20:11.0062 6100 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:20:11.0109 6100 MSPQM - ok
17:20:11.0140 6100 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:20:11.0155 6100 MsRPC - ok
17:20:11.0171 6100 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
17:20:11.0187 6100 mssmbios - ok
17:20:11.0202 6100 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:20:11.0249 6100 MSTEE - ok
17:20:11.0327 6100 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
17:20:11.0374 6100 MTConfig - ok
17:20:11.0389 6100 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:20:11.0421 6100 Mup - ok
17:20:11.0452 6100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:20:11.0499 6100 NativeWifiP - ok
17:20:11.0530 6100 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:20:11.0577 6100 NDIS - ok
17:20:11.0639 6100 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:20:11.0717 6100 NdisCap - ok
17:20:11.0748 6100 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:11.0811 6100 NdisTapi - ok
17:20:11.0842 6100 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:11.0904 6100 Ndisuio - ok
17:20:11.0920 6100 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:11.0998 6100 NdisWan - ok
17:20:12.0076 6100 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:20:12.0154 6100 NDProxy - ok
17:20:12.0169 6100 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:20:12.0232 6100 NetBIOS - ok
17:20:12.0247 6100 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:20:12.0294 6100 NetBT - ok
17:20:12.0325 6100 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
17:20:12.0341 6100 nfrd960 - ok
17:20:12.0357 6100 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:20:12.0403 6100 Npfs - ok
17:20:12.0435 6100 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:20:12.0481 6100 nsiproxy - ok
17:20:12.0575 6100 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:20:12.0637 6100 Ntfs - ok
17:20:12.0669 6100 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:20:12.0747 6100 Null - ok
17:20:12.0778 6100 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:20:12.0793 6100 nvraid - ok
17:20:12.0871 6100 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:20:12.0903 6100 nvstor - ok
17:20:12.0965 6100 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:20:12.0996 6100 nv_agp - ok
17:20:13.0012 6100 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:20:13.0059 6100 ohci1394 - ok
17:20:13.0090 6100 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
17:20:13.0121 6100 Parport - ok
17:20:13.0152 6100 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
17:20:13.0183 6100 partmgr - ok
17:20:13.0199 6100 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
17:20:13.0230 6100 Parvdm - ok
17:20:13.0308 6100 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:20:13.0339 6100 pci - ok
17:20:13.0355 6100 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:20:13.0386 6100 pciide - ok
17:20:13.0417 6100 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
17:20:13.0449 6100 pcmcia - ok
17:20:13.0464 6100 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:20:13.0480 6100 pcw - ok
17:20:13.0527 6100 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:20:13.0605 6100 PEAUTH - ok
17:20:13.0714 6100 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:20:13.0792 6100 PptpMiniport - ok
17:20:13.0807 6100 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
17:20:13.0854 6100 Processor - ok
17:20:13.0885 6100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:20:13.0948 6100 Psched - ok
17:20:13.0995 6100 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
17:20:14.0041 6100 ql2300 - ok
17:20:14.0119 6100 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
17:20:14.0151 6100 ql40xx - ok
17:20:14.0166 6100 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:20:14.0213 6100 QWAVEdrv - ok
17:20:14.0229 6100 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:20:14.0291 6100 RasAcd - ok
17:20:14.0322 6100 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:20:14.0400 6100 RasAgileVpn - ok
17:20:14.0431 6100 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:20:14.0509 6100 Rasl2tp - ok
17:20:14.0587 6100 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:20:14.0681 6100 RasPppoe - ok
17:20:14.0697 6100 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:20:14.0759 6100 RasSstp - ok
17:20:14.0790 6100 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:20:14.0853 6100 rdbss - ok
17:20:14.0884 6100 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
17:20:14.0931 6100 rdpbus - ok
17:20:14.0946 6100 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:20:15.0024 6100 RDPCDD - ok
17:20:15.0102 6100 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:20:15.0149 6100 RDPENCDD - ok
17:20:15.0180 6100 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:20:15.0227 6100 RDPREFMP - ok
17:20:15.0258 6100 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
17:20:15.0321 6100 RDPWD - ok
17:20:15.0336 6100 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:20:15.0367 6100 rdyboost - ok
17:20:15.0461 6100 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\Windows\system32\Drivers\RimUsb.sys
17:20:15.0508 6100 RimUsb - ok
17:20:15.0539 6100 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys
17:20:15.0586 6100 RimVSerPort - ok
17:20:15.0617 6100 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
17:20:15.0695 6100 ROOTMODEM - ok
17:20:15.0773 6100 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:20:15.0851 6100 rspndr - ok
17:20:15.0898 6100 RTL8167 (3f7dacfbc83fe01debe33d28f93d8d86) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:20:15.0945 6100 RTL8167 - ok
17:20:16.0007 6100 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:20:16.0023 6100 SASDIFSV - ok
17:20:16.0054 6100 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:20:16.0069 6100 SASKUTIL - ok
17:20:16.0163 6100 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:20:16.0194 6100 sbp2port - ok
17:20:16.0210 6100 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:20:16.0288 6100 scfilter - ok
17:20:16.0319 6100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:20:16.0366 6100 secdrv - ok
17:20:16.0397 6100 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
17:20:16.0444 6100 Serenum - ok
17:20:16.0459 6100 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
17:20:16.0491 6100 Serial - ok
17:20:16.0569 6100 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
17:20:16.0600 6100 sermouse - ok
17:20:16.0631 6100 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:20:16.0678 6100 sffdisk - ok
17:20:16.0709 6100 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:20:16.0756 6100 sffp_mmc - ok
17:20:16.0771 6100 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:20:16.0818 6100 sffp_sd - ok
17:20:16.0834 6100 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
17:20:16.0865 6100 sfloppy - ok
17:20:16.0912 6100 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:20:16.0943 6100 Sftfs - ok
17:20:17.0005 6100 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:20:17.0037 6100 Sftplay - ok
17:20:17.0052 6100 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:20:17.0083 6100 Sftredir - ok
17:20:17.0099 6100 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:20:17.0115 6100 Sftvol - ok
17:20:17.0177 6100 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:20:17.0193 6100 sisagp - ok
17:20:17.0224 6100 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
17:20:17.0255 6100 SiSRaid2 - ok
17:20:17.0271 6100 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
17:20:17.0286 6100 SiSRaid4 - ok
17:20:17.0317 6100 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:20:17.0380 6100 Smb - ok
17:20:17.0395 6100 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:20:17.0427 6100 spldr - ok
17:20:17.0520 6100 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:20:17.0583 6100 srv - ok
17:20:17.0614 6100 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:20:17.0645 6100 srv2 - ok
17:20:17.0676 6100 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:20:17.0707 6100 srvnet - ok
17:20:17.0754 6100 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
17:20:17.0770 6100 stexstor - ok
17:20:17.0863 6100 STHDA (d5d73b49d53fcc47e2828d6805dfa0f6) C:\Windows\system32\DRIVERS\stwrt.sys
17:20:17.0941 6100 STHDA - ok
17:20:17.0988 6100 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
17:20:18.0004 6100 swenum - ok
17:20:18.0113 6100 SynTP (67c4590262c28bbaecb5b4e8aaf101fd) C:\Windows\system32\DRIVERS\SynTP.sys
17:20:18.0207 6100 SynTP - ok
17:20:18.0269 6100 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
17:20:18.0285 6100 taphss - ok
17:20:18.0409 6100 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
17:20:18.0472 6100 Tcpip - ok
17:20:18.0550 6100 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
17:20:18.0612 6100 TCPIP6 - ok
17:20:18.0643 6100 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:20:18.0690 6100 tcpipreg - ok
17:20:18.0721 6100 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:20:18.0753 6100 TDPIPE - ok
17:20:18.0784 6100 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:20:18.0815 6100 TDTCP - ok
17:20:18.0831 6100 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:20:18.0893 6100 tdx - ok
17:20:18.0909 6100 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
17:20:18.0924 6100 TermDD - ok
17:20:19.0018 6100 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:20:19.0080 6100 tssecsrv - ok
17:20:19.0096 6100 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:20:19.0158 6100 TsUsbFlt - ok
17:20:19.0174 6100 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
17:20:19.0221 6100 TsUsbGD - ok
17:20:19.0267 6100 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:20:19.0345 6100 tunnel - ok
17:20:19.0361 6100 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
17:20:19.0377 6100 uagp35 - ok
17:20:19.0392 6100 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:20:19.0455 6100 udfs - ok
17:20:19.0548 6100 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:20:19.0579 6100 uliagpkx - ok
17:20:19.0611 6100 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
17:20:19.0642 6100 umbus - ok
17:20:19.0657 6100 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
17:20:19.0704 6100 UmPass - ok
17:20:19.0735 6100 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:20:19.0767 6100 usbccgp - ok
17:20:19.0782 6100 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:20:19.0813 6100 usbcir - ok
17:20:19.0876 6100 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
17:20:19.0923 6100 usbehci - ok
17:20:19.0969 6100 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:20:20.0001 6100 usbhub - ok
17:20:20.0032 6100 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:20:20.0063 6100 usbohci - ok
17:20:20.0094 6100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
17:20:20.0125 6100 usbprint - ok
17:20:20.0172 6100 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:20:20.0219 6100 USBSTOR - ok
17:20:20.0266 6100 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:20:20.0313 6100 usbuhci - ok
17:20:20.0344 6100 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
17:20:20.0391 6100 usbvideo - ok
17:20:20.0437 6100 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:20:20.0453 6100 vdrvroot - ok
17:20:20.0469 6100 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:20:20.0515 6100 vga - ok
17:20:20.0531 6100 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:20:20.0593 6100 VgaSave - ok
17:20:20.0656 6100 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:20:20.0687 6100 vhdmp - ok
17:20:20.0703 6100 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:20:20.0734 6100 viaagp - ok
17:20:20.0749 6100 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
17:20:20.0796 6100 ViaC7 - ok
17:20:20.0827 6100 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:20:20.0843 6100 viaide - ok
17:20:20.0859 6100 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:20:20.0890 6100 volmgr - ok
17:20:20.0905 6100 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:20:20.0937 6100 volmgrx - ok
17:20:20.0952 6100 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:20:20.0983 6100 volsnap - ok
17:20:21.0061 6100 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
17:20:21.0093 6100 vsmraid - ok
17:20:21.0124 6100 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:20:21.0171 6100 vwifibus - ok
17:20:21.0217 6100 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:20:21.0249 6100 vwififlt - ok
17:20:21.0264 6100 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
17:20:21.0311 6100 WacomPen - ok
17:20:21.0342 6100 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:21.0389 6100 WANARP - ok
17:20:21.0389 6100 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:21.0436 6100 Wanarpv6 - ok
17:20:21.0529 6100 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
17:20:21.0561 6100 Wd - ok
17:20:21.0592 6100 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:20:21.0639 6100 Wdf01000 - ok
17:20:21.0670 6100 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:20:21.0717 6100 WfpLwf - ok
17:20:21.0732 6100 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:20:21.0748 6100 WIMMount - ok
17:20:21.0826 6100 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:20:21.0857 6100 WmiAcpi - ok
17:20:21.0935 6100 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:20:22.0013 6100 ws2ifsl - ok
17:20:22.0044 6100 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:20:22.0107 6100 WudfPf - ok
17:20:22.0138 6100 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:20:22.0200 6100 WUDFRd - ok
17:20:22.0231 6100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:20:22.0309 6100 \Device\Harddisk0\DR0 - ok
17:20:22.0325 6100 Boot (0x1200) (671705c1c1bd8068a43c26ff71394fd6) \Device\Harddisk0\DR0\Partition0
17:20:22.0325 6100 \Device\Harddisk0\DR0\Partition0 - ok
17:20:22.0325 6100 ============================================================
17:20:22.0325 6100 Scan finished
17:20:22.0325 6100 ============================================================
17:20:22.0341 1528 Detected object count: 0
17:20:22.0341 1528 Actual detected object count: 0
17:20:25.0461 5796 Deinitialize success



aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-20 19:16:28
-----------------------------
19:16:28.541 OS Version: Windows 6.1.7601 Service Pack 1
19:16:28.541 Number of processors: 4 586 0x2502
19:16:28.544 ComputerName: HP-PC UserName: HP
19:16:34.854 Initialize success
19:16:35.409 AVAST engine defs: 12032000
19:16:47.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:16:47.644 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
19:16:47.657 Disk 0 MBR read successfully
19:16:47.663 Disk 0 MBR scan
19:16:47.670 Disk 0 Windows 7 default MBR code
19:16:47.677 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
19:16:47.689 Disk 0 scanning sectors +625121280
19:16:47.748 Disk 0 scanning C:\Windows\system32\drivers
19:17:01.263 Service scanning
19:17:18.895 Modules scanning
19:17:29.285 Disk 0 trace - called modules:
19:17:29.316 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll iaStor.sys
19:17:29.316 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8761c3d8]
19:17:29.846 3 CLASSPNP.SYS[88d8559e] -> nt!IofCallDriver -> [0x8761cb20]
19:17:29.846 5 hpdskflt.sys[88d36f92] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85ad4028]
19:17:32.233 AVAST engine scan C:\
20:08:43.622 Scan finished successfully
20:18:05.033 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
20:18:05.096 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 AM

Posted 20 March 2012 - 08:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lazarro

lazarro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 20 March 2012 - 09:28 PM

Combofix with CFScript log:

ComboFix 12-03-20.01 - HP 03/20/2012 22:42:38.4.4 - x86
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.1910.1004 [GMT -3:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
Command switches used :: c:\users\HP\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 01:51 . 2012-03-21 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 11:54 . 2012-02-20 05:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04D4D828-2A41-42BE-B76A-29B43692D448}\mpengine.dll
2012-03-20 11:41 . 2012-03-20 11:41 -------- d-----w- C:\CCE_Quarantine
2012-03-18 16:52 . 2012-03-18 17:39 -------- d-----w- c:\programdata\Yahoo! Companion
2012-03-16 21:54 . 2012-03-16 22:02 -------- d-----w- c:\program files\Hard Disk Sentinel
2012-03-16 16:20 . 2012-03-16 16:22 -------- d-----w- c:\programdata\Hewlett-Packard
2012-03-16 16:19 . 2012-03-16 16:19 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-03-14 15:21 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 15:21 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 13:25 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:25 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:24 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:24 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:24 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:24 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:24 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:24 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 22:29 . 2012-03-12 22:29 -------- d-----r- C:\MSOCache
2012-03-10 22:37 . 2012-03-10 22:37 -------- d-----w- C:\VritualRoot
2012-03-10 21:42 . 2012-03-10 21:42 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-03-09 00:13 . 2012-02-29 07:21 333176 ----a-w- c:\windows\system32\MMInstaller.dll
2012-03-09 00:13 . 2012-03-09 00:13 -------- d-----w- c:\program files\Common Files\Tencent
2012-03-09 00:13 . 2012-03-09 00:18 -------- d-----w- c:\program files\Tencent
2012-03-09 00:13 . 2012-03-09 00:13 -------- d-----w- c:\programdata\Tencent
2012-03-08 23:35 . 2012-03-15 20:02 -------- d-----w- C:\FavoriteVideo
2012-03-08 23:34 . 2012-03-08 23:37 -------- d-----w- c:\programdata\PPLive
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-03-08 14:37 . 2012-03-08 14:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-03-08 14:37 . 2012-03-08 14:37 -------- d-----w- c:\program files\QuickTime
2012-03-08 14:37 . 2012-03-08 14:37 -------- d-----w- c:\programdata\Apple Computer
2012-03-08 14:36 . 2012-03-08 14:36 -------- d-----w- c:\program files\Common Files\Apple
2012-03-08 14:36 . 2012-03-08 14:36 -------- d-----w- c:\program files\Apple Software Update
2012-03-08 14:36 . 2012-03-08 14:36 -------- d-----w- c:\programdata\Apple
2012-03-07 23:12 . 2012-03-07 23:12 -------- d-----w- c:\windows\Sun
2012-03-04 23:12 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-04 23:12 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-04 23:12 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-04 23:12 . 2012-03-07 00:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-04 23:12 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-04 23:12 . 2012-03-07 00:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-04 23:12 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-04 23:12 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-04 23:11 . 2012-03-04 23:11 -------- d-----w- c:\programdata\AVAST Software
2012-03-04 23:11 . 2012-03-04 23:11 -------- d-----w- c:\program files\AVAST Software
2012-03-03 02:24 . 2012-03-03 02:24 -------- d-----w- c:\program files\Funshion Online
2012-03-02 18:47 . 2012-03-02 18:47 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 18:47 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 18:47 . 2012-03-02 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 17:54 . 2012-03-02 17:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-02 17:54 . 2012-03-02 17:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-01 13:49 . 2012-03-01 13:49 202112 ----a-w- c:\windows\system32\PPTVLauncher.exe
2012-02-26 23:34 . 2011-07-20 19:13 35328 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2012-02-26 23:34 . 2012-02-26 23:34 -------- d-----w- c:\programdata\Research In Motion
2012-02-26 23:33 . 2012-02-26 23:33 -------- d-----w- c:\program files\Research In Motion
2012-02-26 22:07 . 2012-02-26 23:33 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-02-26 20:47 . 2012-02-26 22:12 -------- d-----w- c:\programdata\Comodo
2012-02-26 20:47 . 2012-03-20 06:41 -------- d-----w- c:\program files\Comodo
2012-02-26 20:22 . 2012-02-26 20:22 -------- d-----w- c:\programdata\VirtualizedApplications
2012-02-26 15:35 . 2012-02-26 18:10 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-02-26 01:47 . 2012-03-20 11:46 -------- d-----w- c:\programdata\CPA_VA
2012-02-26 01:42 . 2012-02-26 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-26 01:42 . 2012-02-26 01:42 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-02-26 00:14 . 2012-02-26 00:14 -------- d-----w- c:\program files\ATI Technologies
2012-02-26 00:14 . 2012-02-26 00:14 -------- d-----w- c:\program files\ATI
2012-02-26 00:07 . 2012-02-26 00:07 -------- d-----w- c:\programdata\CyberLink
2012-02-26 00:03 . 2012-02-26 00:03 -------- d-----w- c:\program files\Common Files\Skype
2012-02-26 00:03 . 2012-03-08 17:36 -------- d-----r- c:\program files\Skype
2012-02-26 00:02 . 2012-02-26 00:02 -------- d-----w- c:\programdata\Skype
2012-02-25 23:55 . 2012-02-25 23:55 -------- d-----w- c:\windows\PCHEALTH
2012-02-25 23:55 . 2012-02-25 23:56 -------- d-----w- c:\program files\Windows Live
2012-02-25 23:54 . 2012-02-25 23:54 -------- d-----w- c:\program files\Common Files\Windows Live
2012-02-25 23:52 . 2012-03-18 16:52 -------- d-----w- c:\programdata\Yahoo!
2012-02-25 23:51 . 2012-03-18 16:52 -------- d-----w- c:\program files\Yahoo!
2012-02-25 20:30 . 2012-03-19 22:39 -------- d-----w- c:\users\HP
2012-02-25 20:30 . 2012-02-25 20:30 -------- d-----w- C:\Recovery
2012-02-25 20:10 . 2012-02-25 20:30 -------- d-----w- c:\windows\Panther
2012-02-25 19:43 . 2012-02-25 19:43 -------- d-----w- c:\program files\Common Files\McAfee
2012-02-25 19:43 . 2012-02-25 19:52 -------- d-----w- c:\program files\McAfee
2012-02-25 19:43 . 2012-02-25 19:43 -------- d-----w- c:\programdata\McAfee
2012-02-25 19:14 . 2012-02-25 19:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 19:14 . 2012-02-25 19:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-25 19:12 . 2012-02-25 19:12 -------- d-----w- c:\windows\ShellNew
2012-02-25 19:10 . 2012-02-25 19:12 -------- d-----w- c:\program files\LibreOffice 3.5
2012-02-25 19:07 . 2012-02-25 19:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-25 19:06 . 2012-02-25 19:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 19:06 . 2012-02-25 19:06 -------- d-----w- c:\windows\system32\Macromed
2012-02-25 18:30 . 2012-02-25 18:33 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-25 18:12 . 2012-02-25 18:12 -------- d-----w- c:\program files\VideoLAN
2012-02-25 18:05 . 2012-02-25 18:05 -------- d-----w- c:\program files\Microsoft.NET
2012-02-25 17:40 . 2012-02-25 17:40 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-25 17:38 . 2011-02-08 17:27 4644864 ----a-w- c:\windows\system32\stlang.dll
2012-02-25 17:38 . 2011-01-25 05:57 536668 ----a-w- c:\windows\sttray.exe
2012-02-25 17:36 . 2010-08-25 01:19 279656 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-02-25 17:36 . 2010-06-09 03:33 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-02-25 17:36 . 2009-12-03 21:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-02-25 17:36 . 2012-02-25 17:36 -------- d-----w- c:\program files\Realtek
2012-02-25 17:33 . 2010-04-27 20:47 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-02-25 17:33 . 2012-02-25 17:33 -------- d-----w- C:\SP50859
2012-02-25 17:32 . 2012-02-25 17:32 -------- d-----w- c:\programdata\AmUStor
2012-02-25 17:32 . 2012-02-25 17:32 -------- d-----w- c:\program files\AmIcoSingLun
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\program files\Synaptics
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\windows\system32\nn-NO
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\windows\Options
2012-02-25 17:29 . 2010-09-27 00:13 1882624 ----a-w- c:\windows\system32\drivers\athr.sys
2012-02-25 17:29 . 2010-09-11 14:51 61440 ----a-w- c:\windows\system32\athihvui.dll
2012-02-25 17:29 . 2010-09-11 14:51 397312 ----a-w- c:\windows\system32\athihvs.dll
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\program files\Atheros
2012-02-25 17:29 . 2012-02-25 17:29 -------- d-----w- c:\program files\Cisco
2012-02-25 17:28 . 2012-02-25 17:29 -------- d-----w- c:\programdata\Atheros
2012-02-25 17:27 . 2012-03-16 16:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-02-25 17:27 . 2012-03-16 16:22 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-25 17:25 . 2012-03-20 19:37 -------- d-sh--w- c:\windows\Installer
2012-02-25 17:25 . 2012-02-25 17:25 -------- d-----w- C:\System.sav
2012-02-25 17:24 . 2012-02-25 17:24 -------- d-----w- c:\program files\Common Files\Intel
2012-02-25 17:16 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-02-25 17:16 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-02-25 17:13 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-25 17:13 . 2012-02-23 13:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-25 17:13 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-25 17:13 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-12-19 21:59 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2012-01-18 00:00 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-19 21:59 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-19 21:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-19 21:58 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-25 23:54 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-04 23:01 . 2012-01-04 23:01 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-13 1873192]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-09-07 237568]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-27 284696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-20 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-20 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-20 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 95200]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-08-25 279656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 26168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-27 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 6380544]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 222208]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 29168]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-07-20 9018368]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2468066099-2050458068-376550370-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:38]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2468066099-2050458068-376550370-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 16:38]
.
2012-03-18 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 01:15]
.
.
------- Supplementary Scan -------
.
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}: NameServer = 8.26.56.26,156.154.70.22
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2468066099-2050458068-376550370-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2468066099-2050458068-376550370-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(4304)
c:\windows\system32\guard32.dll
c:\windows\system32\prnfldr.dll
.
Completion time: 2012-03-20 23:01:44
ComboFix-quarantined-files.txt 2012-03-21 02:01
ComboFix2.txt 2012-03-20 19:49
.
Pre-Run: 278,799,560,704 bytes free
Post-Run: 278,794,100,736 bytes free
.
- - End Of File - - 2AF5B02F096644484CE2F1B264317A35


I don't know why the computer is unusable on battery. I suspect a malware/spyware. I don't have that many programs installed and I have lots of free space. Can you help me turn off all the process that are not necessary for the computer to work correctly and the computer's security? Did you find some spyware/malware with the logs I sent you? Thanks


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 AM

Posted 20 March 2012 - 09:59 PM

Hello


I am not seeing any malware on the computer so far - check the power settings and see if they need to be changed - http://www.online-tech-tips.com/computer-tips/how-to-configure-the-power-options-for-your-laptop/


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lazarro

lazarro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 21 March 2012 - 04:16 AM

Hello, the link you sent me about the power settings is for windows XP and I have windows 7. Here's the combofix extra log:

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Alcor Micro USB Card Reader
Amazon Kindle
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
Auslogics Disk Defrag
avast! Free Antivirus
BlackBerry Desktop Software 6.1
BlackBerry Device Software v6.0.0 for the BlackBerry 9300 smartphone
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comodo Dragon
COMODO GeekBuddy
COMODO Internet Security
D3DX10
Funshion
Google Chrome
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP MediaSmart Webcam
IDT Audio
InfraRecorder
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LibreOffice 3.5
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SiteAdvisor
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
QuickTime
Realtek Ethernet Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.8
Spybot - Search & Destroy
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

Did you check the bios also? I have heard that there can be bios rootkit, I am a little clueless what it means but we must check all possibilities.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 AM

Posted 21 March 2012 - 12:43 PM

Hello

In the wild there are no BIOS rootkits - there are MBR rootkits and yes we have checked them

win 7 power management - http://www.howtogeek.com/howto/9090/learning-windows-7-manage-power-settings/

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Funshion [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lazarro

lazarro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 21 March 2012 - 08:10 PM

Hello. I deleted Funshion, but is it a dangerous software? I use it to watch movies. I did all the scans and the logs are below. One other thing: it seems like my Comodo firewall have lost its privilege. Before, a program that wasn't allowed and that wanted to connect to the internet was blocked. Now even if the popup appears and ask if I want to allow or block, the program still connect to the internet even before pressing allow. Why is that??? Thanks

HighJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:57 PM, on 3/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{84E7E99E-58FE-4F38-95A6-B488465ED8D3}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8542 bytes



Malwarebyte log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
HP :: HP-PC [administrator]

3/21/2012 9:55:09 PM
mbam-log-2012-03-21 (21-55-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 187385
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 19
C:\Program Files\Funshion Online (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\icon (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\Baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\Baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\Cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashStamp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\screensave (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\serv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.

Files Detected: 203
C:\Users\HP\AppData\Local\temp\~nsu.tmp\Au_.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\Downloads\FunshionInstall2.6.1.23 (1).exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\Downloads\FunshionInstall2.6.1.23.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunShion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionService.diagnose (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\Cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\Cacheflash\donghuanew_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flash\980EF71B_C41B_511C_2591_1C44D72C2CEC.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\020E4CB8_A853_A73C_ED72_11EF9DEB9AF1.date1331438371.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\024A09BE_5877_EE97_8614_94A4C37E5353.date1331551177.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\05E206EF_1479_B3E0_BC94_9F3253E68853.date1331332398.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\082D5EBB_C3C3_1385_4EF1_2034CADA7FA9.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\096F7A60_3434_4250_0C0F_052C734E5BAE.date1331995064.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\0DA1C7E0_28E9_CE7E_BF93_AF99DCE54963.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\10238FA9_D811_EF38_A0BA_92A511B38828.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\9AC938C8_9EE3_E691_8C32_718B98CCFD85.date1331551177.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\A6385FCB_A22E_E2DF_7C12_F0B28516743E.date1331902471.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\ABF7910B_7C47_9B3F_288A_F0CDFC28DE32.date1332374840.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\AC07BD7A_765F_C581_F508_EF71F52B0343.date1331649501.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\B5C68E12_1992_E89E_4FEA_55C7A55D89B6.date1331140920.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\BFBE7108_8F13_0C60_D0EC_34D5066CD30F.date1331332398.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\C2D3B20C_69AB_F4B2_39D6_77BCA3D8CE6A.date1331224325.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\3AE32716_9926_DA46_DAB7_4DD9E773024D.date1332296989.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\4211F87F_3C31_6F87_9DEF_DC1AA10184B6.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\433E6414_B040_AFAD_9241_C36E1E8AC5B1.date1332196715.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\4558234C_830D_BEFE_76C8_BAA28289E2C5.date1331488336.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\4C05280E_DA06_3623_2433_F7507175AB74.date1331420358.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\4EF54027_881B_A03D_20B6_B433A10796FA.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\59EDF712_61FF_09CE_AD62_38C450D135B6.date1331649501.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\5F886353_F4B6_FB52_05C7_A28A2A831444.date1332196715.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\6539C18F_9D89_C25F_EF96_632247D405BC.date1331420357.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\66D204D2_3A0D_88FD_6B97_40C7E586B226.date1331569740.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\C73E5452_77B4_8649_003B_84BB0A131139.date1331569740.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\CBD4DE4D_E9BD_3C47_B328_FA8A35CFBDB6.date1332296989.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\CBEC5017_CCFC_4112_BA7B_EEE0E8985936.date1331768341.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\CEA45BFA_D8E9_3E0B_C43F_B3A370733A42.date1332341667.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\D2ECED87_6BF9_C886_EE62_BDF14D36CF35.date1331551177.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\D71F6E3C_0CAC_45B9_20A0_CD5F6E04182F.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\D8567568_C428_CBFE_2F2C_D88F2E90E1E3.date1330897063.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\DD47A7C0_6DD8_A885_655A_4C47D9AD05ED.date1331140920.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\DFFFA9DF_551A_4C40_D0F9_88B7280F651E.date1331140920.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\EFA34CCD_D0E9_C0AE_5D36_A2F7C63EFE8A.date1331902470.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\F28F0A98_5CA4_6B6D_C2DA_94504E49428C.date1331140920.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\F8BEED23_988E_4A45_A2C7_735578CB78C2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\FB29697D_F5D5_B2A6_B04B_2FC9FD7F4C5F.date1331995064.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\6ECE1638_AEEA_6EFA_EFE6_7D82BEB0C4EF.date1331140920.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\70D482F2_CA5E_B830_0EF3_B6BC6D51121F.date1331140920.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\72B5C3C4_EFFF_C940_06C4_1BC6CB6B1D53.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\7788AFE4_5465_79CF_E7D1_4E68A98B6B98.date1332261218.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\7CC0B252_C80D_8F97_1AFF_A2D3893E23DF.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\83A6F2D7_826B_2293_4364_BE4DDCC7B202.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\8A8FB6FF_26B2_19D9_EE62_7402A212696C.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\8AB83F62_F063_CF32_FBDB_165BE89DEEF9.date1332250466.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\8AD5FC77_3686_D8CC_DA83_954E47D5703A.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\9A79E7EE_914E_F3E5_0AE8_C332AF34A8D4.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\11464FA0_FAF1_5726_C269_01F6AF27007C.date1331551177.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\2331F0C3_A003_4740_8775_8B6307227885.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\2B93547D_1CE7_0F4B_BF65_23634988ACA4.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\2FE7C3EE_6542_6CA8_69CF_6DA35DA0F7A1.date1331831637.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\345EA342_918D_B1E8_8C2D_1633979B57C0.date1331332398.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\flashNew\36999540_E739_EE00_8F91_641F7C1C0F93.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\14743A56_CAD4_69A5_FE1E_A1EB3BBE9C14.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\1A14CD19_5BF5_5F1B_DBBA_12D2DC396014.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\1F1479D1_3BFE_18C6_647B_9FE2EC029905.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\261D6A37_6EF3_57B6_671E_FB5BC4631115.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\5DE73FF0_D78E_256B_9603_77F48D70C064.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\5F36E731_E4ED_377F_5E93_1F0B628C66FB.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\73690769_6584_39DA_11B5_B72F161E425B.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\91CA4724_56BF_B1AC_D82A_C8253BC98752.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\91DE34B5_A8E0_DD77_306D_131377B0F3EF.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\A21EE661_FCB4_DA4E_7C59_E5D3275C10D2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\C7C50D91_FFB3_5D28_4072_FD48EDA1AE28.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\D88A6452_952D_549A_8176_94EFBB91A5F4.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\cache\popwind\F2061921_4526_2152_FC38_1D2F0B176011.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661291_1331661290_11805532_18524595_1277797072_358.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661291_1331661290_11805532_18524595_1277797072_358.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661303_1331661298_11813194_18524595_1277797072_845.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661303_1331661298_11813194_18524595_1277797072_845.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661310_1331661308_11824078_18524595_1277797073_375.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661310_1331661308_11824078_18524595_1277797073_375.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661319_1331661318_11833242_18524595_1277797076_2.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661319_1331661318_11833242_18524595_1277797076_2.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661329_1331661327_11843187_18524595_1277797076_935.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661259_1331661257_11772833_06a16c08a1c35566424e08262e13ec23fdbc1a42.json (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661259_1331661257_11772833_06a16c08a1c35566424e08262e13ec23fdbc1a42.json_backup (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661259_1331661257_11773146_18524595_1277797070_849.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661259_1331661257_11773146_18524595_1277797070_849.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661269_1331661267_11783162_18524595_1277797071_783.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661269_1331661267_11783162_18524595_1277797071_783.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661276_1331661275_11790224_18524595_1277797071_384.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661276_1331661275_11790224_18524595_1277797071_384.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661283_1331661282_11797386_18524595_1277797072_166.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661338_1331661337_11852489_18524595_1277797080_846.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661338_1331661337_11852489_18524595_1277797080_846.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661283_1331661282_11797386_18524595_1277797072_166.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331661329_1331661327_11843187_18524595_1277797076_935.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331473031_1331473028_240118_f13a8307b29204504c5a1beaa2412e00c24e029b.json (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331473031_1331473028_240118_f13a8307b29204504c5a1beaa2412e00c24e029b.json_backup (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331473031_1331473030_241618_31459691_1331172320_571.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\control\1331473031_1331473030_241618_31459691_1331172320_571.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\谎言游戏第一季-第20集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-001.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-002.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-003.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-004.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-005.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-006.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-007.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-008.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-009.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\都铎王朝第一季-010.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第5集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第6集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第7集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第8集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第9集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第10集(111220).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第11集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第12集(120117).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第13集(120207).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第14集(120213).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第15集(120222).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第16集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第1集(110927).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第2集(111009).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第3集(111013).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第4集(111020).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第10集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第4集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第5集(111026).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯竞技场之神-第6集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第11集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第12集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第13集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第14集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第15集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第16集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第17集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第18集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第19集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第1集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第20集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第21集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第22集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第2集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第一季-第3集(110819).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\丁丁历险记-MP4.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第10集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第11集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第12集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第13集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第14集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第15集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第16集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第17集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第18集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第19集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第1集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第20集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第21集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第22集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第2集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第3集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第4集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第5集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第6集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第7集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第8集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\发展受阻第一季-第9集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第6集(111102).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第7集(111109).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第8集(111115).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\尼基塔第二季-第9集(111129).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯复仇第二季-第1集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯复仇第二季-第2集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯复仇第二季-第3集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯复仇第二季-第4集(120220).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯复仇第二季-第5集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯复仇第二季-第6集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯复仇第二季-第8集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯竞技场之神-第1集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯竞技场之神-第2集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯竞技场之神-第3集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯竞技场之神-第4集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\historyTorrent\斯巴达克斯竞技场之神-第5集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\ad_define.fai.bak (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\flashParam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\flashParam.txt.bak (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\Pop Game.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\popwind.json (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\Shopping Sites.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\StampPolicy.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Users\HP\funshion\update\updatexmlfile.txt (Adware.Funshion) -> Quarantined and deleted successfully.

(end)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 AM

Posted 21 March 2012 - 08:34 PM

Greetings

reinstall commodo and see if it starts to work


:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
      O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lazarro

lazarro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 22 March 2012 - 06:42 AM

Hello, here's the ESET online scanner result:

C:\Users\HP\Downloads\Aero Enabler 1.0.0.2 - Setup.zip Win32/OpenCandy application
C:\Users\HP\Downloads\Aero Enabler 1.0.0.2 - Setup\Aero Enabler 1.0.0.2 - Setup.exe Win32/OpenCandy application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 AM

Posted 22 March 2012 - 02:59 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\HP\Downloads\Aero Enabler 1.0.0.2 - Setup.zip"
    del /f /s /q "C:\Users\HP\Downloads\Aero Enabler 1.0.0.2 - Setup\Aero Enabler 1.0.0.2 - Setup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo

Edited by gringo_pr, 22 March 2012 - 03:00 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lazarro

lazarro
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 23 March 2012 - 09:35 AM

I did everything... THANK YOU very much man! I appreciate it. I really thought there was something on my laptop. :thumbsup: Now I can rest assured that my pc is clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users