Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect


  • This topic is locked This topic is locked
24 replies to this topic

#1 Havvix

Havvix

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 18 March 2012 - 08:11 PM

I have a form of the google redirect.I have tried Malwarebyte, Microsoft Security Essentials to remove it. Security Essential found win32/advantage but was unable to delete it.

My link <--the original post

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Ray at 21:03:44 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4115 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Megakey] C:\Users\Ray\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray
uRun: [MegakeyUpdater] C:\Users\Ray\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4C68A40C-98AE-450A-A9A9-E4429E1F19FB} : DhcpNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\8cyvubzf.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ray\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-5-24 6746280]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-31 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-28 2255464]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-18 21:25:20 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E1A8D56-941E-4C73-86FC-83341C2599F6}\offreg.dll
2012-03-18 21:23:31 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E1A8D56-941E-4C73-86FC-83341C2599F6}\mpengine.dll
2012-03-18 15:51:12 -------- d-----w- C:\Users\Ray\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 15:50:56 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-18 15:50:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-18 07:08:09 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-18 07:08:07 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-18 07:08:06 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-18 05:13:55 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 05:13:55 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 04:28:31 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-18 04:28:24 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-18 04:28:24 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-18 04:28:03 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-18 04:28:03 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-18 04:28:03 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-18 04:27:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-18 04:27:33 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-18 04:27:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-18 04:27:33 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-18 03:40:30 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-18 03:26:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-18 03:25:29 -------- d-----w- C:\ProgramData\PC Tools
2012-03-18 02:46:22 -------- d-----w- C:\Program Files\HitmanPro
2012-03-18 02:46:18 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-18 01:31:48 116016 ----a-w- C:\Windows\System32\drivers\90762311.sys
2012-03-17 16:13:22 -------- d-----w- C:\Users\Ray\AppData\Local\Apple Computer
2012-03-17 16:12:02 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-17 16:12:02 -------- d-----w- C:\Program Files\iPod
2012-03-17 16:12:02 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-17 16:11:29 -------- d-----w- C:\Users\Ray\AppData\Local\Apple
2012-03-16 22:58:41 -------- d-----w- C:\Users\Ray\AppData\Local\SWTOR
2012-03-16 22:53:42 -------- d-----w- C:\ProgramData\Battle.net
2012-03-16 11:18:55 -------- d-----w- C:\Users\Ray\Diablo-III-8370-enUS-Installer
2012-03-11 00:33:24 -------- d-----w- C:\Users\Ray\AppData\Roaming\Cobra Mobile
2012-03-11 00:33:15 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-03-11 00:33:15 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-03-11 00:33:15 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-03-11 00:33:15 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-03-11 00:33:15 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-02-26 21:08:14 -------- d-----w- C:\Users\Ray\AppData\Roaming\SaintXi
2012-02-19 03:50:51 -------- d-----w- C:\Users\Ray\AppData\Roaming\Ubisoft
2012-02-19 03:48:59 540688 ----a-w- C:\Windows\System32\d3dx10_38.dll
.
==================== Find3M ====================
.
2012-03-18 05:50:32 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-06 22:25:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 21:04:28.93 ===============

Attached Files


Edited by Havvix, 18 March 2012 - 08:12 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 19 March 2012 - 10:43 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 12:46 AM

ComboFix 12-03-18.04 - Ray 03/20/2012 1:25.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4646 [GMT -4:00]
Running from: c:\users\Ray\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ray\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray
c:\users\Ray\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 05:21 . 2012-03-20 05:21 -------- d-----w- c:\users\Ray\AppData\Roaming\Macrovision
2012-03-19 23:17 . 2012-03-20 00:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-19 23:17 . 2012-03-20 00:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-19 21:36 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE2DBE98-1391-4A3C-A62F-072AF0DE7764}\mpengine.dll
2012-03-19 01:37 . 2012-03-19 01:37 116016 ----a-w- c:\windows\system32\drivers\77942541.sys
2012-03-18 15:51 . 2012-03-18 15:51 -------- d-----w- c:\users\Ray\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 15:50 . 2012-03-18 15:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-18 15:50 . 2012-03-18 15:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-18 07:08 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 07:08 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 07:08 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 05:13 . 2012-03-18 05:13 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 05:13 . 2012-03-18 05:13 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 04:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 04:28 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-18 04:28 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-18 04:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 04:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 04:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 04:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 04:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 04:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 04:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-18 03:40 . 2012-03-18 03:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-18 03:26 . 2012-03-18 04:19 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-18 03:25 . 2012-03-18 04:03 -------- d-----w- c:\programdata\PC Tools
2012-03-18 02:46 . 2012-03-18 02:46 -------- d-----w- c:\program files\HitmanPro
2012-03-18 02:46 . 2012-03-18 04:19 -------- d-----w- c:\programdata\HitmanPro
2012-03-18 01:31 . 2012-03-18 01:31 116016 ----a-w- c:\windows\system32\drivers\90762311.sys
2012-03-17 16:13 . 2012-03-17 16:13 -------- d-----w- c:\users\Ray\AppData\Local\Apple Computer
2012-03-17 16:13 . 2012-03-17 16:13 -------- d-----w- c:\users\Ray\AppData\Roaming\Apple Computer
2012-03-17 16:12 . 2012-03-18 04:20 -------- d-----w- c:\program files\iPod
2012-03-17 16:12 . 2012-03-18 04:19 -------- d-----w- c:\program files (x86)\iTunes
2012-03-17 16:12 . 2012-03-17 16:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-17 16:12 . 2012-03-18 04:19 -------- d-----w- c:\programdata\Apple Computer
2012-03-17 16:11 . 2012-03-17 16:11 -------- d-----w- c:\users\Ray\AppData\Local\Apple
2012-03-17 16:11 . 2012-03-18 04:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-17 16:10 . 2012-03-18 04:19 -------- d-----w- c:\programdata\Apple
2012-03-17 16:10 . 2012-03-17 16:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-16 22:58 . 2012-03-18 04:19 -------- d-----w- c:\users\Ray\AppData\Local\SWTOR
2012-03-16 22:53 . 2012-03-16 22:53 -------- d-----w- c:\programdata\Battle.net
2012-03-16 11:18 . 2012-03-18 04:19 -------- d-----w- c:\users\Ray\Diablo-III-8370-enUS-Installer
2012-03-15 11:17 . 2012-03-15 11:17 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-03-11 00:33 . 2012-03-11 00:33 -------- d-----w- c:\users\Ray\AppData\Roaming\Cobra Mobile
2012-03-11 00:33 . 2012-03-11 20:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-11 00:33 . 2012-03-11 20:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-11 00:33 . 2012-03-11 20:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-11 00:33 . 2012-03-11 20:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-11 00:33 . 2012-03-11 00:33 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-26 21:08 . 2012-02-26 21:08 -------- d-----w- c:\users\Ray\AppData\Roaming\SaintXi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 05:50 . 2011-04-21 23:03 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-06 22:25 . 2011-05-22 21:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 22:43 . 2012-02-10 22:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CB8C22F-63A8-4254-9C8B-658CE9D9A156}\gapaengine.dll
2012-02-08 07:13 . 2011-05-26 23:31 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-05-24 05:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 02:59 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 02:59 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 02:59 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 02:59 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 02:58 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-01 1242448]
"Megakey"="c:\users\Ray\AppData\Local\Megamedia\Megakey\Megakey.exe" [BU]
"MegakeyUpdater"="c:\users\Ray\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-05-25 6746280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2012-03-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\8cyvubzf.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
c:\program files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
.
**************************************************************************
.
Completion time: 2012-03-20 01:42:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 05:42
ComboFix2.txt 2012-03-18 02:30
.
Pre-Run: 559,200,694,272 bytes free
Post-Run: 558,708,461,568 bytes free
.
- - End Of File - - 223B06BC8F30BE36B06E9E63956AB72B


Problems: When I tried to run it, it said i still had Macfee Antivirus and Spyware still installed, even though i have deleted it months ago. I tried using the uninstaller from the website, But it still has me saying i have the program.

Its still redirecting just went to happili.com

Edited by Havvix, 20 March 2012 - 12:48 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 20 March 2012 - 12:52 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 05:35 PM

18:34:24.0314 2592 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:34:24.0563 2592 ============================================================
18:34:24.0563 2592 Current date / time: 2012/03/20 18:34:24.0563
18:34:24.0563 2592 SystemInfo:
18:34:24.0563 2592
18:34:24.0563 2592 OS Version: 6.1.7601 ServicePack: 1.0
18:34:24.0563 2592 Product type: Workstation
18:34:24.0563 2592 ComputerName: RAY-PC
18:34:24.0563 2592 UserName: Ray
18:34:24.0563 2592 Windows directory: C:\Windows
18:34:24.0563 2592 System windows directory: C:\Windows
18:34:24.0563 2592 Running under WOW64
18:34:24.0563 2592 Processor architecture: Intel x64
18:34:24.0563 2592 Number of processors: 6
18:34:24.0563 2592 Page size: 0x1000
18:34:24.0563 2592 Boot type: Normal boot
18:34:24.0563 2592 ============================================================
18:34:26.0264 2592 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:34:26.0310 2592 \Device\Harddisk0\DR0:
18:34:26.0310 2592 MBR used
18:34:26.0310 2592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
18:34:26.0310 2592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E73000
18:34:26.0326 2592 Initialize success
18:34:26.0326 2592 ============================================================
18:34:35.0610 4780 ============================================================
18:34:35.0610 4780 Scan started
18:34:35.0610 4780 Mode: Manual;
18:34:35.0610 4780 ============================================================
18:34:39.0390 4780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:34:39.0421 4780 1394ohci - ok
18:34:39.0546 4780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:34:39.0561 4780 ACPI - ok
18:34:39.0702 4780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:34:39.0717 4780 AcpiPmi - ok
18:34:40.0014 4780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:34:40.0045 4780 adp94xx - ok
18:34:40.0092 4780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:34:40.0123 4780 adpahci - ok
18:34:40.0154 4780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:34:40.0154 4780 adpu320 - ok
18:34:40.0263 4780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:34:40.0279 4780 AFD - ok
18:34:40.0326 4780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:34:40.0326 4780 agp440 - ok
18:34:40.0372 4780 ahcix64s (37fa0f874ba8ecd5851d44a7f1c9700e) C:\Windows\system32\DRIVERS\ahcix64s.sys
18:34:40.0372 4780 ahcix64s - ok
18:34:40.0404 4780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:34:40.0404 4780 aliide - ok
18:34:40.0450 4780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:34:40.0450 4780 amdide - ok
18:34:40.0497 4780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:34:40.0497 4780 AmdK8 - ok
18:34:40.0653 4780 amdkmdag (375ac85e1130eaa1eaeb62ddd22b0efb) C:\Windows\system32\DRIVERS\atikmdag.sys
18:34:40.0731 4780 amdkmdag - ok
18:34:40.0778 4780 amdkmdap (daeb3f2bb2095b95b98be6cec99d02e7) C:\Windows\system32\DRIVERS\atikmpag.sys
18:34:40.0778 4780 amdkmdap - ok
18:34:40.0809 4780 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
18:34:40.0809 4780 AmdLLD64 - ok
18:34:40.0825 4780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:34:40.0825 4780 AmdPPM - ok
18:34:40.0840 4780 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
18:34:40.0840 4780 amdsata - ok
18:34:40.0856 4780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:34:40.0856 4780 amdsbs - ok
18:34:40.0872 4780 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
18:34:40.0872 4780 amdxata - ok
18:34:40.0934 4780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:34:40.0934 4780 AppID - ok
18:34:41.0012 4780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:34:41.0012 4780 arc - ok
18:34:41.0028 4780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:34:41.0028 4780 arcsas - ok
18:34:41.0043 4780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:34:41.0043 4780 AsyncMac - ok
18:34:41.0090 4780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:34:41.0090 4780 atapi - ok
18:34:41.0137 4780 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
18:34:41.0137 4780 AtiHDAudioService - ok
18:34:41.0199 4780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:34:41.0215 4780 b06bdrv - ok
18:34:41.0246 4780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:34:41.0246 4780 b57nd60a - ok
18:34:41.0308 4780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:34:41.0308 4780 Beep - ok
18:34:41.0371 4780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:34:41.0371 4780 blbdrive - ok
18:34:41.0418 4780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:34:41.0418 4780 bowser - ok
18:34:41.0433 4780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:34:41.0433 4780 BrFiltLo - ok
18:34:41.0449 4780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:34:41.0449 4780 BrFiltUp - ok
18:34:41.0511 4780 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:34:41.0511 4780 BridgeMP - ok
18:34:41.0558 4780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:34:41.0558 4780 Brserid - ok
18:34:41.0574 4780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:34:41.0574 4780 BrSerWdm - ok
18:34:41.0589 4780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:34:41.0589 4780 BrUsbMdm - ok
18:34:41.0605 4780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:34:41.0605 4780 BrUsbSer - ok
18:34:41.0620 4780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:34:41.0620 4780 BTHMODEM - ok
18:34:41.0636 4780 catchme - ok
18:34:41.0652 4780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:34:41.0652 4780 cdfs - ok
18:34:41.0698 4780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:34:41.0698 4780 cdrom - ok
18:34:41.0714 4780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:34:41.0714 4780 circlass - ok
18:34:41.0745 4780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:34:41.0761 4780 CLFS - ok
18:34:41.0839 4780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:34:41.0839 4780 CmBatt - ok
18:34:41.0870 4780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:34:41.0870 4780 cmdide - ok
18:34:41.0917 4780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:34:41.0917 4780 CNG - ok
18:34:41.0948 4780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:34:41.0948 4780 Compbatt - ok
18:34:41.0995 4780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:34:41.0995 4780 CompositeBus - ok
18:34:42.0010 4780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:34:42.0010 4780 crcdisk - ok
18:34:42.0088 4780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:34:42.0088 4780 DfsC - ok
18:34:42.0120 4780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:34:42.0120 4780 discache - ok
18:34:42.0151 4780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:34:42.0166 4780 Disk - ok
18:34:42.0198 4780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:34:42.0198 4780 drmkaud - ok
18:34:42.0244 4780 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:34:42.0244 4780 dtsoftbus01 - ok
18:34:42.0307 4780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:34:42.0307 4780 DXGKrnl - ok
18:34:42.0400 4780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:34:42.0432 4780 ebdrv - ok
18:34:42.0447 4780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:34:42.0463 4780 elxstor - ok
18:34:42.0478 4780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:34:42.0478 4780 ErrDev - ok
18:34:42.0494 4780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:34:42.0494 4780 exfat - ok
18:34:42.0525 4780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:34:42.0525 4780 fastfat - ok
18:34:42.0572 4780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:34:42.0572 4780 fdc - ok
18:34:42.0588 4780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:34:42.0603 4780 FileInfo - ok
18:34:42.0619 4780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:34:42.0619 4780 Filetrace - ok
18:34:42.0650 4780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:34:42.0650 4780 flpydisk - ok
18:34:42.0697 4780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:34:42.0712 4780 FltMgr - ok
18:34:42.0744 4780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:34:42.0744 4780 FsDepends - ok
18:34:42.0759 4780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:34:42.0759 4780 Fs_Rec - ok
18:34:42.0806 4780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:34:42.0806 4780 fvevol - ok
18:34:42.0837 4780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:34:42.0837 4780 gagp30kx - ok
18:34:42.0884 4780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:34:42.0884 4780 hcw85cir - ok
18:34:42.0915 4780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:34:42.0931 4780 HDAudBus - ok
18:34:42.0946 4780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:34:42.0946 4780 HidBatt - ok
18:34:42.0962 4780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:34:42.0962 4780 HidBth - ok
18:34:42.0978 4780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:34:42.0978 4780 HidIr - ok
18:34:43.0024 4780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:34:43.0024 4780 HidUsb - ok
18:34:43.0071 4780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:34:43.0087 4780 HpSAMD - ok
18:34:43.0165 4780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:34:43.0180 4780 HTTP - ok
18:34:43.0212 4780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:34:43.0212 4780 hwpolicy - ok
18:34:43.0258 4780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:34:43.0258 4780 i8042prt - ok
18:34:43.0352 4780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:34:43.0352 4780 iaStorV - ok
18:34:43.0399 4780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:34:43.0399 4780 iirsp - ok
18:34:43.0508 4780 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
18:34:43.0508 4780 IntcAzAudAddService - ok
18:34:43.0524 4780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:34:43.0524 4780 intelide - ok
18:34:43.0555 4780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:34:43.0555 4780 intelppm - ok
18:34:43.0570 4780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:43.0570 4780 IpFilterDriver - ok
18:34:43.0586 4780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:34:43.0586 4780 IPMIDRV - ok
18:34:43.0617 4780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:34:43.0633 4780 IPNAT - ok
18:34:43.0648 4780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:34:43.0648 4780 IRENUM - ok
18:34:43.0664 4780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:34:43.0664 4780 isapnp - ok
18:34:43.0680 4780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:34:43.0680 4780 iScsiPrt - ok
18:34:43.0726 4780 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:34:43.0726 4780 k57nd60a - ok
18:34:43.0773 4780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:34:43.0773 4780 kbdclass - ok
18:34:43.0789 4780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:34:43.0789 4780 kbdhid - ok
18:34:43.0851 4780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:34:43.0851 4780 KSecDD - ok
18:34:43.0882 4780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:34:43.0898 4780 KSecPkg - ok
18:34:43.0914 4780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:34:43.0914 4780 ksthunk - ok
18:34:43.0976 4780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:34:43.0976 4780 lltdio - ok
18:34:43.0992 4780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:34:43.0992 4780 LSI_FC - ok
18:34:44.0007 4780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:34:44.0007 4780 LSI_SAS - ok
18:34:44.0038 4780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:34:44.0038 4780 LSI_SAS2 - ok
18:34:44.0070 4780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:34:44.0070 4780 LSI_SCSI - ok
18:34:44.0085 4780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:34:44.0085 4780 luafv - ok
18:34:44.0148 4780 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:34:44.0163 4780 MBAMProtector - ok
18:34:44.0179 4780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:34:44.0179 4780 megasas - ok
18:34:44.0194 4780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:34:44.0194 4780 MegaSR - ok
18:34:44.0210 4780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:34:44.0210 4780 Modem - ok
18:34:44.0272 4780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:34:44.0272 4780 monitor - ok
18:34:44.0304 4780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:34:44.0304 4780 mouclass - ok
18:34:44.0319 4780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:34:44.0335 4780 mouhid - ok
18:34:44.0366 4780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:34:44.0366 4780 mountmgr - ok
18:34:44.0413 4780 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:34:44.0413 4780 MpFilter - ok
18:34:44.0444 4780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:34:44.0444 4780 mpio - ok
18:34:44.0460 4780 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:34:44.0460 4780 MpNWMon - ok
18:34:44.0491 4780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:34:44.0491 4780 mpsdrv - ok
18:34:44.0522 4780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:34:44.0538 4780 MRxDAV - ok
18:34:44.0569 4780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:34:44.0584 4780 mrxsmb - ok
18:34:44.0631 4780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:34:44.0631 4780 mrxsmb10 - ok
18:34:44.0662 4780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:34:44.0662 4780 mrxsmb20 - ok
18:34:44.0694 4780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:34:44.0694 4780 msahci - ok
18:34:44.0709 4780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:34:44.0709 4780 msdsm - ok
18:34:44.0756 4780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:34:44.0756 4780 Msfs - ok
18:34:44.0772 4780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:34:44.0772 4780 mshidkmdf - ok
18:34:44.0803 4780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:34:44.0803 4780 msisadrv - ok
18:34:44.0834 4780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:34:44.0834 4780 MSKSSRV - ok
18:34:44.0881 4780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:34:44.0881 4780 MSPCLOCK - ok
18:34:44.0896 4780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:34:44.0896 4780 MSPQM - ok
18:34:44.0943 4780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:34:44.0943 4780 MsRPC - ok
18:34:44.0974 4780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:34:44.0974 4780 mssmbios - ok
18:34:44.0990 4780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:34:44.0990 4780 MSTEE - ok
18:34:45.0006 4780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:34:45.0006 4780 MTConfig - ok
18:34:45.0037 4780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:34:45.0037 4780 Mup - ok
18:34:45.0052 4780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:34:45.0052 4780 NativeWifiP - ok
18:34:45.0130 4780 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:34:45.0146 4780 NDIS - ok
18:34:45.0162 4780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:34:45.0162 4780 NdisCap - ok
18:34:45.0193 4780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:34:45.0193 4780 NdisTapi - ok
18:34:45.0255 4780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:34:45.0255 4780 Ndisuio - ok
18:34:45.0318 4780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:34:45.0318 4780 NdisWan - ok
18:34:45.0380 4780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:34:45.0380 4780 NDProxy - ok
18:34:45.0411 4780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:34:45.0411 4780 NetBIOS - ok
18:34:45.0474 4780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:34:45.0474 4780 NetBT - ok
18:34:45.0536 4780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:34:45.0536 4780 nfrd960 - ok
18:34:45.0552 4780 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:34:45.0552 4780 NisDrv - ok
18:34:45.0583 4780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:34:45.0583 4780 Npfs - ok
18:34:45.0598 4780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:34:45.0598 4780 nsiproxy - ok
18:34:45.0661 4780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:34:45.0676 4780 Ntfs - ok
18:34:45.0692 4780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:34:45.0692 4780 Null - ok
18:34:45.0910 4780 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:34:45.0957 4780 nvlddmkm - ok
18:34:46.0004 4780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:34:46.0020 4780 nvraid - ok
18:34:46.0051 4780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:34:46.0051 4780 nvstor - ok
18:34:46.0098 4780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:34:46.0098 4780 nv_agp - ok
18:34:46.0113 4780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:34:46.0113 4780 ohci1394 - ok
18:34:46.0207 4780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:34:46.0207 4780 Parport - ok
18:34:46.0238 4780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:34:46.0238 4780 partmgr - ok
18:34:46.0363 4780 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
18:34:46.0363 4780 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
18:34:46.0394 4780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:34:46.0394 4780 pci - ok
18:34:46.0425 4780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:34:46.0425 4780 pciide - ok
18:34:46.0456 4780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:34:46.0456 4780 pcmcia - ok
18:34:46.0488 4780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:34:46.0488 4780 pcw - ok
18:34:46.0503 4780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:34:46.0519 4780 PEAUTH - ok
18:34:46.0612 4780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:34:46.0612 4780 PptpMiniport - ok
18:34:46.0644 4780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:34:46.0644 4780 Processor - ok
18:34:46.0706 4780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:34:46.0722 4780 Psched - ok
18:34:46.0753 4780 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
18:34:46.0753 4780 PSI - ok
18:34:46.0800 4780 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:34:46.0800 4780 PxHlpa64 - ok
18:34:46.0831 4780 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys
18:34:46.0831 4780 pxkbf - ok
18:34:46.0862 4780 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys
18:34:46.0862 4780 pxrts - ok
18:34:46.0878 4780 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys
18:34:46.0878 4780 pxscan - ok
18:34:46.0940 4780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:34:46.0956 4780 ql2300 - ok
18:34:46.0971 4780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:34:46.0971 4780 ql40xx - ok
18:34:47.0002 4780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:34:47.0002 4780 QWAVEdrv - ok
18:34:47.0018 4780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:34:47.0018 4780 RasAcd - ok
18:34:47.0049 4780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:34:47.0049 4780 RasAgileVpn - ok
18:34:47.0096 4780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:34:47.0096 4780 Rasl2tp - ok
18:34:47.0127 4780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:34:47.0127 4780 RasPppoe - ok
18:34:47.0143 4780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:34:47.0143 4780 RasSstp - ok
18:34:47.0190 4780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:34:47.0205 4780 rdbss - ok
18:34:47.0252 4780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:34:47.0252 4780 rdpbus - ok
18:34:47.0283 4780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:34:47.0283 4780 RDPCDD - ok
18:34:47.0314 4780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:34:47.0314 4780 RDPENCDD - ok
18:34:47.0346 4780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:34:47.0346 4780 RDPREFMP - ok
18:34:47.0392 4780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:34:47.0392 4780 RDPWD - ok
18:34:47.0455 4780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:34:47.0455 4780 rdyboost - ok
18:34:47.0517 4780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:34:47.0517 4780 rspndr - ok
18:34:47.0626 4780 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:34:47.0626 4780 SASDIFSV - ok
18:34:47.0658 4780 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:34:47.0658 4780 SASKUTIL - ok
18:34:47.0704 4780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:34:47.0720 4780 sbp2port - ok
18:34:47.0767 4780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:34:47.0767 4780 scfilter - ok
18:34:47.0798 4780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:34:47.0798 4780 secdrv - ok
18:34:47.0829 4780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:34:47.0829 4780 Serenum - ok
18:34:47.0829 4780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:34:47.0829 4780 Serial - ok
18:34:47.0860 4780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:34:47.0860 4780 sermouse - ok
18:34:47.0892 4780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:34:47.0907 4780 sffdisk - ok
18:34:47.0907 4780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:34:47.0923 4780 sffp_mmc - ok
18:34:47.0938 4780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:34:47.0938 4780 sffp_sd - ok
18:34:47.0954 4780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:34:47.0954 4780 sfloppy - ok
18:34:48.0016 4780 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:34:48.0032 4780 Sftfs - ok
18:34:48.0063 4780 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:34:48.0063 4780 Sftplay - ok
18:34:48.0079 4780 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:34:48.0094 4780 Sftredir - ok
18:34:48.0110 4780 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:34:48.0110 4780 Sftvol - ok
18:34:48.0157 4780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:34:48.0157 4780 SiSRaid2 - ok
18:34:48.0157 4780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:34:48.0157 4780 SiSRaid4 - ok
18:34:48.0188 4780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:34:48.0188 4780 Smb - ok
18:34:48.0235 4780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:34:48.0235 4780 spldr - ok
18:34:48.0266 4780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:34:48.0282 4780 srv - ok
18:34:48.0313 4780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:34:48.0313 4780 srv2 - ok
18:34:48.0344 4780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:34:48.0344 4780 srvnet - ok
18:34:48.0406 4780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:34:48.0422 4780 stexstor - ok
18:34:48.0469 4780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:34:48.0469 4780 swenum - ok
18:34:48.0562 4780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:34:48.0578 4780 Tcpip - ok
18:34:48.0609 4780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:34:48.0625 4780 TCPIP6 - ok
18:34:48.0656 4780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:34:48.0656 4780 tcpipreg - ok
18:34:48.0687 4780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:34:48.0687 4780 TDPIPE - ok
18:34:48.0718 4780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:34:48.0718 4780 TDTCP - ok
18:34:48.0765 4780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:34:48.0781 4780 tdx - ok
18:34:48.0812 4780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:34:48.0812 4780 TermDD - ok
18:34:48.0874 4780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:34:48.0890 4780 tssecsrv - ok
18:34:48.0937 4780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:34:48.0937 4780 TsUsbFlt - ok
18:34:48.0999 4780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:34:48.0999 4780 tunnel - ok
18:34:49.0155 4780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:34:49.0155 4780 uagp35 - ok
18:34:49.0202 4780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:34:49.0202 4780 udfs - ok
18:34:49.0233 4780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:34:49.0233 4780 uliagpkx - ok
18:34:49.0280 4780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:34:49.0296 4780 umbus - ok
18:34:49.0327 4780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:34:49.0327 4780 UmPass - ok
18:34:49.0358 4780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:34:49.0358 4780 usbccgp - ok
18:34:49.0420 4780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:34:49.0420 4780 usbcir - ok
18:34:49.0452 4780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:34:49.0452 4780 usbehci - ok
18:34:49.0498 4780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:34:49.0498 4780 usbhub - ok
18:34:49.0530 4780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:34:49.0530 4780 usbohci - ok
18:34:49.0561 4780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:34:49.0561 4780 usbprint - ok
18:34:49.0608 4780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:34:49.0608 4780 USBSTOR - ok
18:34:49.0639 4780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:34:49.0639 4780 usbuhci - ok
18:34:49.0717 4780 VBoxDrv (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
18:34:49.0717 4780 VBoxDrv - ok
18:34:49.0732 4780 VBoxNetAdp (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
18:34:49.0732 4780 VBoxNetAdp - ok
18:34:49.0779 4780 VBoxNetFlt (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
18:34:49.0779 4780 VBoxNetFlt - ok
18:34:49.0826 4780 VBoxUSBMon (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
18:34:49.0826 4780 VBoxUSBMon - ok
18:34:49.0857 4780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:34:49.0857 4780 vdrvroot - ok
18:34:49.0904 4780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:34:49.0904 4780 vga - ok
18:34:49.0935 4780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:34:49.0935 4780 VgaSave - ok
18:34:49.0951 4780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:34:49.0951 4780 vhdmp - ok
18:34:49.0966 4780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:34:49.0966 4780 viaide - ok
18:34:49.0998 4780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:34:49.0998 4780 volmgr - ok
18:34:50.0060 4780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:34:50.0060 4780 volmgrx - ok
18:34:50.0091 4780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:34:50.0107 4780 volsnap - ok
18:34:50.0122 4780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:34:50.0122 4780 vsmraid - ok
18:34:50.0154 4780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:34:50.0154 4780 vwifibus - ok
18:34:50.0169 4780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:34:50.0169 4780 WacomPen - ok
18:34:50.0216 4780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:50.0216 4780 WANARP - ok
18:34:50.0216 4780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:34:50.0216 4780 Wanarpv6 - ok
18:34:50.0247 4780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:34:50.0247 4780 Wd - ok
18:34:50.0278 4780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:34:50.0278 4780 Wdf01000 - ok
18:34:50.0310 4780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:34:50.0310 4780 WfpLwf - ok
18:34:50.0341 4780 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:34:50.0341 4780 WimFltr - ok
18:34:50.0372 4780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:34:50.0372 4780 WIMMount - ok
18:34:50.0419 4780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:34:50.0434 4780 WmiAcpi - ok
18:34:50.0481 4780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:50.0481 4780 ws2ifsl - ok
18:34:50.0512 4780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:34:50.0512 4780 WudfPf - ok
18:34:50.0559 4780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:50.0575 4780 WUDFRd - ok
18:34:50.0637 4780 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:34:50.0700 4780 \Device\Harddisk0\DR0 - ok
18:34:50.0700 4780 Boot (0x1200) (e379f28f012e178e035fcbe545dd51f9) \Device\Harddisk0\DR0\Partition0
18:34:50.0700 4780 \Device\Harddisk0\DR0\Partition0 - ok
18:34:50.0715 4780 Boot (0x1200) (e736312d1a739fa2165098b6f3426ade) \Device\Harddisk0\DR0\Partition1
18:34:50.0715 4780 \Device\Harddisk0\DR0\Partition1 - ok
18:34:50.0715 4780 ============================================================
18:34:50.0731 4780 Scan finished
18:34:50.0731 4780 ============================================================
18:34:50.0746 5020 Detected object count: 0
18:34:50.0746 5020 Actual detected object count: 0

Will post aswmbr once its done

Edited by Havvix, 20 March 2012 - 05:36 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 20 March 2012 - 08:08 PM

Hello

Will post aswmbr once its done

I will be here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 08:27 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-18 10:45:55
-----------------------------
10:45:55.001 OS Version: Windows x64 6.1.7601 Service Pack 1
10:45:55.001 Number of processors: 6 586 0xA00
10:45:55.001 ComputerName: RAY-PC UserName: Ray
10:45:56.608 Initialize success
10:48:27.789 AVAST engine defs: 12031700
10:48:36.853 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
10:48:36.868 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 11
10:48:36.884 Disk 0 MBR read successfully
10:48:36.884 Disk 0 MBR scan
10:48:36.900 Disk 0 Windows VISTA default MBR code
10:48:36.900 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
10:48:36.915 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
10:48:36.946 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941286 MB offset 25767936
10:48:37.009 Disk 0 scanning C:\Windows\system32\drivers
10:48:51.080 Service scanning
10:49:18.286 Modules scanning
10:49:18.302 Disk 0 trace - called modules:
10:49:18.318 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
10:49:18.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005a2f060]
10:49:18.349 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> [0xfffffa8005306450]
10:49:18.349 5 amdxata.sys[fffff8800109d7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80055f1670]
10:49:19.347 AVAST engine scan C:\Windows
10:49:22.545 AVAST engine scan C:\Windows\system32
10:52:55.532 AVAST engine scan C:\Windows\system32\drivers
10:53:09.167 AVAST engine scan C:\Users\Ray
11:11:46.846 AVAST engine scan C:\ProgramData
11:15:19.038 Scan finished successfully
11:42:06.942 Disk 0 MBR has been saved successfully to "C:\Users\Ray\Desktop\MBR.dat"
11:42:06.958 The log file has been saved successfully to "C:\Users\Ray\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-20 21:03:13
-----------------------------
21:03:13.954 OS Version: Windows x64 6.1.7601 Service Pack 1
21:03:13.954 Number of processors: 6 586 0xA00
21:03:13.954 ComputerName: RAY-PC UserName: Ray
21:03:15.857 Initialze error C000010E - driver not loaded
21:03:24.063 AVAST engine defs: 12032000
21:03:31.582 Service scanning
21:04:03.843 Modules scanning
21:04:03.843 Disk 0 trace - called modules:
21:04:03.843
21:04:05.387 AVAST engine scan C:\Windows
21:04:09.880 AVAST engine scan C:\Windows\system32
21:07:48.296 AVAST engine scan C:\Windows\system32\drivers
21:08:02.991 AVAST engine scan C:\Users\Ray
21:22:59.494 AVAST engine scan C:\ProgramData
21:25:53.621 Scan finished successfully
21:26:36.116 The log file has been saved successfully to "C:\Users\Ray\Desktop\aswMBR.txt"

#8 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 08:29 PM

I have noticed that my computer freezes when it wakes up from sleep mode sometimes since it caught this virus/malware

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 20 March 2012 - 08:43 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 09:10 PM

ComboFix 12-03-18.04 - Ray 03/20/2012 21:50:53.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3053 [GMT -4:00]
Running from: c:\users\Ray\Desktop\ComboFix.exe
Command switches used :: c:\users\Ray\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ray\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray
c:\users\Ray\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 01:56 . 2012-03-21 01:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-21 01:56 . 2012-03-21 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-21 01:56 . 2012-03-21 01:56 -------- d-----w- c:\users\Aunt\AppData\Local\temp
2012-03-20 23:03 . 2012-03-20 23:03 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD893269-3312-403B-B2BF-B1FE332D61AF}\offreg.dll
2012-03-20 22:39 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD893269-3312-403B-B2BF-B1FE332D61AF}\mpengine.dll
2012-03-20 22:34 . 2012-03-20 22:34 116016 ----a-w- c:\windows\system32\drivers\84067583.sys
2012-03-20 05:21 . 2012-03-20 05:21 -------- d-----w- c:\users\Ray\AppData\Roaming\Macrovision
2012-03-19 23:17 . 2012-03-20 00:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-19 23:17 . 2012-03-20 00:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-19 01:37 . 2012-03-19 01:37 116016 ----a-w- c:\windows\system32\drivers\77942541.sys
2012-03-18 15:51 . 2012-03-18 15:51 -------- d-----w- c:\users\Ray\AppData\Roaming\SUPERAntiSpyware.com
2012-03-18 15:50 . 2012-03-18 15:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-18 15:50 . 2012-03-18 15:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-18 07:08 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 07:08 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 07:08 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 05:13 . 2012-03-18 05:13 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 05:13 . 2012-03-18 05:13 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 04:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 04:28 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-18 04:28 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-18 04:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 04:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 04:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 04:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 04:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 04:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 04:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-18 03:40 . 2012-03-18 03:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-18 03:26 . 2012-03-18 04:19 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-18 03:25 . 2012-03-18 04:03 -------- d-----w- c:\programdata\PC Tools
2012-03-18 02:46 . 2012-03-18 02:46 -------- d-----w- c:\program files\HitmanPro
2012-03-18 02:46 . 2012-03-18 04:19 -------- d-----w- c:\programdata\HitmanPro
2012-03-18 01:31 . 2012-03-18 01:31 116016 ----a-w- c:\windows\system32\drivers\90762311.sys
2012-03-17 16:13 . 2012-03-17 16:13 -------- d-----w- c:\users\Ray\AppData\Local\Apple Computer
2012-03-17 16:13 . 2012-03-17 16:13 -------- d-----w- c:\users\Ray\AppData\Roaming\Apple Computer
2012-03-17 16:12 . 2012-03-18 04:20 -------- d-----w- c:\program files\iPod
2012-03-17 16:12 . 2012-03-18 04:19 -------- d-----w- c:\program files (x86)\iTunes
2012-03-17 16:12 . 2012-03-17 16:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-17 16:12 . 2012-03-18 04:19 -------- d-----w- c:\programdata\Apple Computer
2012-03-17 16:11 . 2012-03-17 16:11 -------- d-----w- c:\users\Ray\AppData\Local\Apple
2012-03-17 16:11 . 2012-03-18 04:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-17 16:10 . 2012-03-18 04:19 -------- d-----w- c:\programdata\Apple
2012-03-17 16:10 . 2012-03-17 16:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-16 22:58 . 2012-03-18 04:19 -------- d-----w- c:\users\Ray\AppData\Local\SWTOR
2012-03-16 22:53 . 2012-03-16 22:53 -------- d-----w- c:\programdata\Battle.net
2012-03-16 11:18 . 2012-03-18 04:19 -------- d-----w- c:\users\Ray\Diablo-III-8370-enUS-Installer
2012-03-15 11:17 . 2012-03-15 11:17 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-03-11 00:33 . 2012-03-11 00:33 -------- d-----w- c:\users\Ray\AppData\Roaming\Cobra Mobile
2012-03-11 00:33 . 2012-03-11 20:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-11 00:33 . 2012-03-11 20:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-11 00:33 . 2012-03-11 20:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-11 00:33 . 2012-03-11 00:33 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-26 21:08 . 2012-02-26 21:08 -------- d-----w- c:\users\Ray\AppData\Roaming\SaintXi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 05:50 . 2011-04-21 23:03 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-11 20:21 . 2012-03-11 00:33 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-06 22:25 . 2011-05-22 21:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 22:43 . 2012-02-10 22:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CB8C22F-63A8-4254-9C8B-658CE9D9A156}\gapaengine.dll
2012-02-08 07:13 . 2011-05-26 23:31 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-05-24 05:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-15 02:59 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 02:59 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 02:59 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 02:59 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 02:58 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-20_05.37.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-20 05:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-21 01:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-21 01:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 05:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 05:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-21 01:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-03-21 02:00 30082 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-21 02:00 30082 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-22 19:18 . 2012-03-20 22:32 9594 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1757513833-1277385126-849648881-1000_UserData.bin
+ 2011-05-22 19:18 . 2012-03-20 22:32 9594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1757513833-1277385126-849648881-1000_UserData.bin
+ 2012-03-20 05:35 . 2012-03-21 01:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 05:35 . 2012-03-20 05:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 05:35 . 2012-03-21 01:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-20 05:35 . 2012-03-20 05:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-19 21:31 626714 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-20 22:33 626714 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-19 21:31 107732 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-20 22:33 107732 c:\windows\system64\perfc009.dat
+ 2012-03-20 22:34 . 2012-03-20 22:34 116016 c:\windows\system64\drivers\84067583.sys
- 2009-07-14 02:36 . 2012-03-19 21:31 626714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-20 22:33 626714 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-19 21:31 107732 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-20 22:33 107732 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-01 1242448]
"Megakey"="c:\users\Ray\AppData\Local\Megamedia\Megakey\Megakey.exe" [BU]
"MegakeyUpdater"="c:\users\Ray\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-05-25 6746280]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2012-03-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\8cyvubzf.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
.
**************************************************************************
.
Completion time: 2012-03-20 22:04:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-21 02:04
ComboFix2.txt 2012-03-20 05:42
ComboFix3.txt 2012-03-18 02:30
.
Pre-Run: 558,392,430,592 bytes free
Post-Run: 558,425,718,784 bytes free
.
- - End Of File - - 29314A25936F761CDF4E0953C9B95055

It still redirecting

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 20 March 2012 - 09:34 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 09:47 PM

OTL logfile created on: 3/20/2012 10:41:05 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Ray\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.21 Gb Available Physical Memory | 70.19% Memory free
12.00 Gb Paging File | 10.15 Gb Available in Paging File | 84.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 520.14 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
Drive D: | 7.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ray\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AMDFusionSVC) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys (Prevx)
DRV:64bit: - (pxscan) -- C:\Windows\SysNative\drivers\pxscan.sys (Prevx)
DRV:64bit: - (pxkbf) -- C:\Windows\SysNative\drivers\pxkbf.sys (Prevx)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1757513833-1277385126-849648881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1757513833-1277385126-849648881-1000\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-1757513833-1277385126-849648881-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1757513833-1277385126-849648881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ray\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 01:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/22 15:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\Mozilla\Extensions
[2012/03/05 23:28:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\8cyvubzf.default\extensions
[2011/11/09 13:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\RAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CYVUBZF.DEFAULT\EXTENSIONS\MCTWIFGVCM@MCTWIFGVCM.ORG.XPI
() (No name found) -- C:\USERS\RAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CYVUBZF.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012/03/18 01:13:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13:29:52 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/20 21:58:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1757513833-1277385126-849648881-1000..\Run: [Megakey] C:\Users\Ray\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray File not found
O4 - HKU\S-1-5-21-1757513833-1277385126-849648881-1000..\Run: [MegakeyUpdater] C:\Users\Ray\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe File not found
O4 - HKU\S-1-5-21-1757513833-1277385126-849648881-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1757513833-1277385126-849648881-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1757513833-1277385126-849648881-1005..\Run: [Update] rundll32.exe "C:\Users\Ray\AppData\Roaming\Macrovision\Macrovision\xiuzb.dll",DllRegisterServer File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" File not found
O4 - HKU\S-1-5-21-1757513833-1277385126-849648881-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757513833-1277385126-849648881-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757513833-1277385126-849648881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757513833-1277385126-849648881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1757513833-1277385126-849648881-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C68A40C-98AE-450A-A9A9-E4429E1F19FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1757513833-1277385126-849648881-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 22:39:52 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
[2012/03/20 21:59:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/20 18:34:24 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\84067583.sys
[2012/03/20 18:33:38 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ray\Desktop\tdsskiller.exe
[2012/03/20 01:23:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/20 01:23:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/20 01:23:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/20 01:21:55 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Roaming\Macrovision
[2012/03/20 01:16:11 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Users\Ray\Desktop\MCPR.exe
[2012/03/20 01:07:16 | 004,439,541 | R--- | C] (Swearware) -- C:\Users\Ray\Desktop\ComboFix.exe
[2012/03/19 19:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/19 19:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/03/19 19:15:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Ray\Desktop\14634.exe
[2012/03/18 21:37:38 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\77942541.sys
[2012/03/18 21:05:16 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\to be sent
[2012/03/18 20:39:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ray\Desktop\dds.scr
[2012/03/18 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/18 11:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/18 11:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/18 11:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/18 11:46:23 | 015,400,968 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Ray\Desktop\SUPERAntiSpyware.exe
[2012/03/18 03:08:09 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/18 03:08:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/18 03:08:06 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/18 01:50:42 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/18 01:50:42 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/18 01:50:42 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/18 01:46:28 | 017,255,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Ray\Desktop\jre-6u31-windows-x64.exe
[2012/03/18 01:20:04 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ray\Desktop\aswMBR.exe
[2012/03/18 00:57:14 | 072,442,560 | ---- | C] (Microsoft Corporation) -- C:\Users\Ray\Desktop\msert.exe
[2012/03/18 00:54:51 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ray\Desktop\bob.exe
[2012/03/18 00:28:24 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/18 00:28:03 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/18 00:28:03 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/18 00:28:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/18 00:27:34 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/18 00:27:33 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/17 23:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/03/17 23:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/03/17 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/17 22:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/17 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/17 21:53:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/17 21:53:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/17 21:31:48 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\90762311.sys
[2012/03/17 12:13:22 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\Apple Computer
[2012/03/17 12:13:21 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Roaming\Apple Computer
[2012/03/17 12:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/17 12:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/17 12:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/17 12:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/03/17 12:11:29 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\Apple
[2012/03/17 12:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/03/17 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/03/17 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/03/16 18:58:41 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\SWTOR
[2012/03/16 18:58:41 | 000,000,000 | ---D | C] -- C:\Users\Ray\Documents\HeroBlade Logs
[2012/03/16 18:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/03/16 07:18:55 | 000,000,000 | ---D | C] -- C:\Users\Ray\Diablo-III-8370-enUS-Installer
[2012/03/15 07:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/03/12 18:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ray\Documents\Nitro Games
[2012/03/10 20:33:24 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Roaming\Cobra Mobile
[2012/03/10 20:33:15 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/03/10 20:33:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/03/10 20:33:15 | 000,122,904 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/03/10 20:33:15 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/03/10 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/02/26 17:08:14 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Roaming\SaintXi
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ray\Desktop\*.tmp files -> C:\Users\Ray\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/20 22:39:57 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
[2012/03/20 22:07:07 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 22:07:07 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 21:58:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/20 21:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 21:57:05 | 536,317,951 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 18:42:10 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/20 18:34:24 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\84067583.sys
[2012/03/20 18:33:58 | 000,730,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/20 18:33:58 | 000,626,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/20 18:33:58 | 000,107,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/20 18:33:48 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ray\Desktop\tdsskiller.exe
[2012/03/20 01:16:13 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Users\Ray\Desktop\MCPR.exe
[2012/03/20 01:13:05 | 000,292,984 | ---- | M] () -- C:\Users\Ray\Desktop\MPFCleanupTool.exe
[2012/03/20 01:07:25 | 004,439,541 | R--- | M] (Swearware) -- C:\Users\Ray\Desktop\ComboFix.exe
[2012/03/19 22:03:51 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/03/19 19:16:31 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Ray\Desktop\14634.exe
[2012/03/18 22:33:31 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 21:37:38 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\77942541.sys
[2012/03/18 21:03:25 | 000,000,168 | ---- | M] () -- C:\Users\Ray\defogger_reenable
[2012/03/18 20:39:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ray\Desktop\dds.scr
[2012/03/18 20:38:55 | 000,050,477 | ---- | M] () -- C:\Users\Ray\Desktop\Defogger.exe
[2012/03/18 12:57:02 | 000,302,592 | ---- | M] () -- C:\Users\Ray\Desktop\t48jc2s4.exe
[2012/03/18 11:47:06 | 015,400,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Ray\Desktop\SUPERAntiSpyware.exe
[2012/03/18 11:42:06 | 000,000,512 | ---- | M] () -- C:\Users\Ray\Desktop\MBR.dat
[2012/03/18 03:27:58 | 000,328,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/18 01:50:33 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/18 01:50:32 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/18 01:50:32 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/18 01:50:32 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/18 01:47:14 | 017,255,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Ray\Desktop\jre-6u31-windows-x64.exe
[2012/03/18 01:20:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ray\Desktop\aswMBR.exe
[2012/03/18 01:19:31 | 000,396,041 | ---- | M] () -- C:\Users\Ray\Desktop\MiniToolBox.exe
[2012/03/18 01:19:22 | 000,337,137 | ---- | M] () -- C:\Users\Ray\Desktop\FSS.exe
[2012/03/18 01:19:11 | 000,869,194 | ---- | M] () -- C:\Users\Ray\Desktop\SecurityCheck.exe
[2012/03/18 01:07:13 | 072,442,560 | ---- | M] (Microsoft Corporation) -- C:\Users\Ray\Desktop\msert.exe
[2012/03/18 01:05:43 | 000,980,480 | ---- | M] () -- C:\Users\Ray\Desktop\MicrosoftFixit50267.msi
[2012/03/18 00:54:47 | 002,044,822 | ---- | M] () -- C:\Users\Ray\Desktop\bob.zip
[2012/03/17 21:31:48 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\90762311.sys
[2012/03/11 16:21:32 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/03/11 16:21:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/03/11 16:21:32 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/03/11 16:21:32 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ray\Desktop\bob.exe
[2012/03/06 18:25:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/06 18:22:44 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ray\Desktop\*.tmp files -> C:\Users\Ray\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/20 01:23:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/20 01:23:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/20 01:23:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/20 01:23:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/20 01:23:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/20 01:13:04 | 000,292,984 | ---- | C] () -- C:\Users\Ray\Desktop\MPFCleanupTool.exe
[2012/03/18 21:03:25 | 000,000,168 | ---- | C] () -- C:\Users\Ray\defogger_reenable
[2012/03/18 20:38:50 | 000,050,477 | ---- | C] () -- C:\Users\Ray\Desktop\Defogger.exe
[2012/03/18 12:56:56 | 000,302,592 | ---- | C] () -- C:\Users\Ray\Desktop\t48jc2s4.exe
[2012/03/18 11:50:59 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/18 11:42:06 | 000,000,512 | ---- | C] () -- C:\Users\Ray\Desktop\MBR.dat
[2012/03/18 01:19:28 | 000,396,041 | ---- | C] () -- C:\Users\Ray\Desktop\MiniToolBox.exe
[2012/03/18 01:19:18 | 000,337,137 | ---- | C] () -- C:\Users\Ray\Desktop\FSS.exe
[2012/03/18 01:19:05 | 000,869,194 | ---- | C] () -- C:\Users\Ray\Desktop\SecurityCheck.exe
[2012/03/18 01:05:36 | 000,980,480 | ---- | C] () -- C:\Users\Ray\Desktop\MicrosoftFixit50267.msi
[2012/03/18 00:54:36 | 002,044,822 | ---- | C] () -- C:\Users\Ray\Desktop\bob.zip
[2012/01/08 20:41:14 | 000,000,274 | ---- | C] () -- C:\Windows\ka.ini
[2011/12/07 16:30:20 | 000,010,546 | -HS- | C] () -- C:\Users\Ray\AppData\Local\h2ua25o4lg2xgb
[2011/12/07 16:30:20 | 000,010,546 | -HS- | C] () -- C:\ProgramData\h2ua25o4lg2xgb
[2011/10/23 23:30:22 | 000,000,320 | ---- | C] () -- C:\Windows\Sfc3ng.ini
[2011/09/02 23:36:22 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/11 20:28:13 | 000,138,584 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/10 18:25:57 | 000,001,032 | ---- | C] () -- C:\Windows\STA2.ini
[2011/05/29 17:32:27 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/05/24 20:55:37 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/24 20:36:28 | 000,001,550 | -HS- | C] () -- C:\Users\Ray\AppData\Local\833k1j6332xvwk47jj41y33hx1s63itemar
[2011/05/24 20:36:28 | 000,001,550 | -HS- | C] () -- C:\ProgramData\833k1j6332xvwk47jj41y33hx1s63itemar
[2011/05/24 01:06:22 | 000,010,360 | -HS- | C] () -- C:\Users\Ray\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/24 01:06:22 | 000,010,360 | -HS- | C] () -- C:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006
[2011/05/22 23:34:32 | 000,746,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/22 15:58:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/21 21:27:18 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/21 20:55:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/21 19:12:23 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/04/21 19:12:23 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/04/21 19:12:23 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/04/21 19:12:22 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/04/21 19:12:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

I hope ull be able to find it

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 20 March 2012 - 10:10 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    [2011/12/07 16:30:20 | 000,010,546 | -HS- | C] () -- C:\Users\Ray\AppData\Local\h2ua25o4lg2xgb
    [2011/12/07 16:30:20 | 000,010,546 | -HS- | C] () -- C:\ProgramData\h2ua25o4lg2xgb
    [2011/05/24 20:36:28 | 000,001,550 | -HS- | C] () -- C:\Users\Ray\AppData\Local\833k1j6332xvwk47jj41y33hx1s63itemar
    [2011/05/24 20:36:28 | 000,001,550 | -HS- | C] () -- C:\ProgramData\833k1j6332xvwk47jj41y33hx1s63itemar
    [2011/05/24 01:06:22 | 000,010,360 | -HS- | C] () -- C:\Users\Ray\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006
    [2011/05/24 01:06:22 | 000,010,360 | -HS- | C] () -- C:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006
    () (No name found) -- C:\USERS\RAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CYVUBZF.DEFAULT\EXTENSIONS\MCTWIFGVCM@MCTWIFGVCM.ORG.XPI
    () (No name found) -- C:\USERS\RAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CYVUBZF.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 10:14 PM

========== OTL ==========
C:\Users\Ray\AppData\Local\h2ua25o4lg2xgb moved successfully.
C:\ProgramData\h2ua25o4lg2xgb moved successfully.
C:\Users\Ray\AppData\Local\833k1j6332xvwk47jj41y33hx1s63itemar moved successfully.
C:\ProgramData\833k1j6332xvwk47jj41y33hx1s63itemar moved successfully.
C:\Users\Ray\AppData\Local\s3y6i48l744h4x280ce123866cp324d301uytp1006 moved successfully.
C:\ProgramData\s3y6i48l744h4x280ce123866cp324d301uytp1006 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ray\Desktop\cmd.bat deleted successfully.
C:\Users\Ray\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Aunt

User: Default

User: Default User

User: Public

User: Ray
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Aunt
->Flash cache emptied: 2681 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Ray
->Flash cache emptied: 61434 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.1 log created on 03202012_231259

Still be redirected

Edited by Havvix, 20 March 2012 - 10:14 PM.


#15 Havvix

Havvix
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 March 2012 - 10:17 PM

That might have fixed it actually

EDIT i was wrong it just redirected me to gimmieanswers.com

Edited by Havvix, 20 March 2012 - 10:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users