Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 won't boot after running combofix


  • This topic is locked This topic is locked
43 replies to this topic

#1 ut-oh

ut-oh

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 27 April 2012 - 11:45 PM

Hello,

I have a Win 7 64 bit home premium PC that will not boot and can not complete an Automatic Startup Repair. Basically I was using combofix to remove a virus (backdoor.multi.zAccess.gen) and am now at this point.

from the Startup Repair screen, "view diagnostic and repair details" details link I'm able to find what looks like the cause. The report shows this error.

**********
Root cause found: Unspecified changes to system configuration might have cause the problem.

Repair Action: System files integrity check and repair.
Result: Failed, error code = ox490
Time Taken: 642708 ms
**********

The steps that got me to this point are.

1) I was trying to remove "backdoor.multi.zAccess.gen" from the PC.
2) I had run TDSSkiller serveral times. Each time it would detect the virus and claim to remove it but need a reboot to finish.
3) I'd let TDSSKiller reboot the PC but then if I ran it again it would find the virus again.
4) After a reboot, I ran combofix from the desktop, but kept getting the error "Windows cannot find NIRKMD, make sure you typed the name correctly.." as described here. http://www.bleepingcomputer.com/forums/topic401248.html for the same reason as described in the link. McAfee Internet security was partially running. Combofix did eventually complete and removed some files, then rebooted and displayed the log.
5) Next I google'd the error regarding "NIRKMD" and found the link noted above.
6) The link suggested uninstalling combofix which I did and which completed.
7) The link then suggested booting into safe mode without networking, which I did.
8) The boot into safe mode did not complete. The machine rebooted and displayed a choice to boot normally or run the Automatic startup repair. I chose normal boot.
9) Normal boot failed, with an auto reboot being the result.
10) On the next boot, I chose auto startup repair. It failed with the error shown above.

Can you offer any help or suggestion on how to get this PC to boot now?

cheers,
ut-oh

Edited by ut-oh, 28 April 2012 - 12:09 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 28 April 2012 - 12:22 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ut-oh

ut-oh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 28 April 2012 - 05:21 AM

Hello Gringo,

Thank you for your reply and help. I have completed the task as you asked. Below is the frst.txt file just generated.

cheers,
ut-oh


Scan result of Farbar Recovery Scan Tool Version: 27-04-2012
Ran by SYSTEM at 28-04-2012 06:11:50
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163568 2010-11-11] (Microsoft Corporation)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-17] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-02-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-06-28] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-01] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKU\abcwhse\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1093 2010-07-29] ()
HKU\abcwhse\...\Run: [caebffcfffcdct] "C:\ProgramData\caebffcfffcdct.exe" [90112 2012-04-27] ()
HKU\abcwhse\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 75.75.76.76 68.94.157.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ASInsHelp; C:\Windows\System32\wfxsvc.dll [6656 2009-07-13] (Oak Technology Inc.)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
4 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [103440 2012-01-13] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
4 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
4 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2011-04-14] (McAfee, Inc.)
4 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-08-25] (Nero AG)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208 2009-08-12] (NewTech Infosystems, Inc.)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306416 2010-11-11] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8251120 2010-11-11] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467696 2010-11-11] (Microsoft Corporation)
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-29] (NVIDIA Corporation)
3 nvsmu; C:\Windows\System32\Drivers\nvsmu.sys [28704 2009-04-24] (NVIDIA Corporation)
0 nvstor64; C:\Windows\System32\Drivers\nvstor64.sys [239136 2009-04-29] (NVIDIA Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: ASInsHelp

============ One Month Created Files and Folders ==============

2012-04-27 23:43 - 2012-04-27 23:43 - 0000000 ____A C:\Recovery.txt
2012-04-27 19:13 - 2009-07-13 17:39 - 0234790 ____A C:\Windows\ntbtlog.txt
2012-04-27 19:11 - - 4478092 ____A (Swearware) C:\Users\abcwhse\Desktop\ComboFix.exe
2012-04-27 19:10 - 2012-04-27 18:11 - 0125880 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_23.10.39_log.txt
2012-04-27 19:05 - 2010-02-16 21:30 - 0019920 ____A C:\ComboFix.txt
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-27 18:53 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-27 18:53 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-27 18:53 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-27 18:53 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-27 18:53 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-27 18:42 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\ERDNT
2012-04-27 18:39 - 2012-04-27 19:00 - 0000000 ____D C:\Qoobox
2012-04-27 18:09 - 2012-04-27 18:07 - 0124928 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_22.09.14_log.txt
2012-04-27 18:06 - 2012-04-27 18:06 - 0124890 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_22.06.24_log.txt
2012-04-27 18:06 - 2012-04-27 17:37 - 0003650 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_22.06.15_log.txt
2012-04-27 18:05 - 2012-04-27 18:59 - 0000000 ____A C:\Windows\setuperr.log
2012-04-27 18:05 - 2009-07-13 20:45 - 0000224 ____A C:\Windows\setupact.log
2012-04-27 18:04 - 2009-07-13 21:32 - 0011306 ____A C:\Windows\PFRO.log
2012-04-27 17:46 - 2012-04-27 22:03 - 0000000 ____D C:\Ken
2012-04-27 17:41 - 2011-03-02 20:31 - 0000000 ____D C:\Program Files\CCleaner
2012-04-27 17:41 - - 0000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-04-27 17:39 - 2009-10-27 21:47 - 0000361 ____A C:\rkill.log
2012-04-27 17:10 - 2012-04-27 16:41 - 0125066 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_21.10.46_log.txt
2012-04-27 16:40 - 2012-04-27 13:33 - 0127048 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_20.40.25_log.txt
2012-04-27 15:14 - - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-27 13:32 - 2012-04-27 13:09 - 0125524 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_17.32.52_log.txt
2012-04-27 13:17 - 2010-02-03 10:12 - 0000000 ____D C:\Users\abcwhse\AppData\Roaming\Malwarebytes
2012-04-27 13:16 - 2012-04-27 17:41 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-27 13:16 - 2010-04-08 23:29 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-27 13:16 - 2010-04-08 23:29 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-27 13:16 - 2010-02-17 00:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-27 13:16 - 2009-07-13 15:26 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-27 13:07 - 2012-04-27 13:04 - 0126914 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_17.07.11_log.txt
2012-04-27 13:00 - 2012-04-27 12:55 - 0126870 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_17.00.32_log.txt
2012-04-27 12:52 - 2012-04-27 12:48 - 0126846 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.52.01_log.txt
2012-04-27 12:47 - 2012-04-27 12:33 - 0126908 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.47.32_log.txt
2012-04-27 12:31 - 2012-04-27 12:15 - 0129264 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.31.29_log.txt
2012-04-27 12:31 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-27 12:15 - 2012-04-27 12:12 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-27 12:12 - 2012-04-27 12:11 - 0130282 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.12.08_log.txt
2012-04-27 12:10 - 2012-04-27 19:10 - 0000348 ____A C:\TDSSKiller.2.7.29.0_27.04.2012_16.10.59_log.txt
2012-04-27 11:54 - 2012-03-28 23:00 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-27 11:51 - 2009-07-13 17:39 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-24 14:45 - 2012-04-27 19:11 - 2074160 ____A (Kaspersky Lab ZAO) C:\TDSSKiller.exe
2012-04-19 10:43 - 2010-02-16 21:24 - 0090112 ____A C:\Users\All Users\caebffcfffcdct.exe
2012-04-19 10:43 - 2010-02-16 21:24 - 0090112 ____A C:\ProgramData\caebffcfffcdct.exe
2012-04-17 18:42 - 2012-04-19 10:10 - 0065536 __ASH C:\Windows\System32\config\components{1040f2e5-88cb-11e1-bc77-00262d1b80aa}.TxR.blf
2012-04-15 15:15 - 2012-04-16 13:44 - 0065536 __ASH C:\Windows\System32\config\components{f09c42e3-86e9-11e1-a372-00262d1b80aa}.TxR.blf
2012-04-15 03:04 - 2012-03-01 03:43 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-15 03:04 - 2012-03-01 03:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-15 03:04 - 2012-03-01 03:43 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-15 03:04 - 2012-03-01 03:43 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-15 03:04 - 2012-03-01 03:43 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-15 03:04 - 2012-03-01 03:43 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-15 03:04 - 2012-03-01 03:43 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-15 03:04 - 2012-03-01 03:43 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-15 03:04 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-15 03:04 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-15 03:04 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-15 03:04 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-15 03:04 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-15 03:04 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-15 03:04 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-15 03:04 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-15 03:04 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-15 03:04 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-15 03:04 - 2011-05-02 21:21 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-15 03:04 - 2011-05-02 20:50 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-15 03:04 - 2009-07-13 17:41 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-15 03:04 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-15 03:04 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-15 03:04 - 2009-07-13 17:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-15 03:04 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-15 03:04 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-13 16:10 - 2009-07-13 17:47 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-13 16:10 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-13 16:10 - 2009-07-13 17:38 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-13 16:10 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-13 16:10 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-13 16:10 - 2009-07-13 17:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-13 16:10 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-11 06:47 - 2012-04-27 11:31 - 0000000 ____D C:\Windows\Minidump
2012-04-11 00:37 - 2009-07-13 19:20 - 0014471 ____A C:\Windows\SysWOW64\hs_err_pid4128.log
2012-04-10 04:28 - - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-06 11:55 - 2011-09-22 02:40 - 0211000 ____A C:\Users\abcwhse\Downloads\GamingWonderland.exe
2012-04-05 12:20 - 2012-02-14 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-05 12:20 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-05 12:20 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-05 12:20 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-05 12:20 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-05 12:20 - 2009-07-13 17:41 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-05 12:20 - 2009-07-13 17:41 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-05 12:20 - 2009-07-13 17:40 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-05 12:20 - 2009-07-13 17:40 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-05 12:20 - 2009-07-13 17:39 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-05 12:20 - 2009-07-13 17:39 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-05 12:20 - 2009-07-13 17:16 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-05 12:20 - 2009-07-13 17:15 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-05 12:20 - 2009-07-13 17:15 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-05 12:20 - 2009-07-13 17:15 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-05 12:20 - 2009-07-13 16:16 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-05 12:20 - 2009-07-13 16:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys


============ 3 Months Modified Files and Folders =============

2012-04-28 06:12 - 2012-04-28 06:11 - 0000000 ____D C:\FRST
2012-04-28 02:01 - 2012-04-27 23:43 - 0000000 ____A C:\Recovery.txt
2012-04-27 23:43 - 2010-02-03 10:10 - 0000000 ____D C:\Recovery
2012-04-27 22:03 - 2006-10-10 06:13 - 2213449728 __ASH C:\hiberfil.sys
2012-04-27 19:38 - 2012-04-27 19:13 - 0234790 ____A C:\Windows\ntbtlog.txt
2012-04-27 19:12 - 2012-04-19 10:43 - 0090112 ____A C:\Users\All Users\caebffcfffcdct.exe
2012-04-27 19:12 - 2012-04-19 10:43 - 0090112 ____A C:\ProgramData\caebffcfffcdct.exe
2012-04-27 19:12 - 2006-10-10 06:18 - 1734670 ____A C:\Windows\WindowsUpdate.log
2012-04-27 19:11 - 2012-04-27 19:10 - 0125880 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_23.10.39_log.txt
2012-04-27 19:09 - 2012-04-27 18:42 - 0000000 ____D C:\Windows\ERDNT
2012-04-27 19:09 - 2012-04-27 18:39 - 0000000 ____D C:\Qoobox
2012-04-27 19:07 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-27 19:07 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-27 19:05 - 2012-04-27 19:05 - 0019920 ____A C:\ComboFix.txt
2012-04-27 19:05 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-27 19:05 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-27 19:00 - 2012-04-27 15:14 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-27 19:00 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-27 18:59 - 2012-04-27 18:05 - 0000224 ____A C:\Windows\setupact.log
2012-04-27 18:59 - 2012-04-27 18:04 - 0011306 ____A C:\Windows\PFRO.log
2012-04-27 18:59 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-27 18:53 - 2012-04-27 18:53 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-27 18:53 - 2009-07-13 18:34 - 58458112 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-27 18:53 - 2009-07-13 18:34 - 20971520 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-27 18:53 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-27 18:53 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-27 18:52 - 2010-09-15 19:12 - 0000000 ____D C:\Program Files (x86)\Shop to Win 2
2012-04-27 18:12 - 2010-02-05 15:37 - 0000000 ____D C:\Users\abcwhse\Tracing
2012-04-27 18:12 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-27 18:11 - 2012-04-27 18:09 - 0124928 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_22.09.14_log.txt
2012-04-27 18:11 - 2012-04-27 12:15 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-27 18:07 - 2012-04-27 18:06 - 0124890 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_22.06.24_log.txt
2012-04-27 18:06 - 2012-04-27 18:06 - 0003650 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_22.06.15_log.txt
2012-04-27 18:05 - 2012-04-27 18:05 - 0000000 ____A C:\Windows\setuperr.log
2012-04-27 17:47 - 2012-04-27 17:46 - 0000000 ____D C:\Ken
2012-04-27 17:45 - 2012-04-11 06:47 - 0000000 ____D C:\Windows\Minidump
2012-04-27 17:45 - 2010-02-17 00:42 - 0000000 ____D C:\Users\abcwhse\AppData\Roaming\FrostWire
2012-04-27 17:45 - 2007-07-11 17:49 - 0000000 ____D C:\Windows\Panther
2012-04-27 17:41 - 2012-04-27 17:41 - 0000826 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-04-27 17:41 - 2012-04-27 17:41 - 0000000 ____D C:\Program Files\CCleaner
2012-04-27 17:39 - 2012-04-27 17:39 - 0000361 ____A C:\rkill.log
2012-04-27 17:37 - 2012-04-27 17:10 - 0125066 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_21.10.46_log.txt
2012-04-27 17:35 - 2012-04-27 19:11 - 4478092 ____A (Swearware) C:\Users\abcwhse\Desktop\ComboFix.exe
2012-04-27 16:55 - 2010-02-03 10:10 - 0000000 ____D C:\Users\abcwhse\AppData\LocalLow
2012-04-27 16:53 - 2010-09-15 19:12 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-04-27 16:53 - 2010-09-15 19:12 - 0000000 ____D C:\ProgramData\Yahoo!
2012-04-27 16:52 - 2010-02-03 12:01 - 0000000 ____D C:\Users\abcwhse\AppData\Local\Google
2012-04-27 16:52 - 2009-10-27 22:10 - 0000000 ____D C:\Users\All Users\Google
2012-04-27 16:52 - 2009-10-27 22:10 - 0000000 ____D C:\ProgramData\Google
2012-04-27 16:41 - 2012-04-27 16:40 - 0127048 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_20.40.25_log.txt
2012-04-27 13:33 - 2012-04-27 13:32 - 0125524 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_17.32.52_log.txt
2012-04-27 13:17 - 2012-04-27 13:17 - 0000000 ____D C:\Users\abcwhse\AppData\Roaming\Malwarebytes
2012-04-27 13:17 - 2012-04-27 13:16 - 0001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-27 13:17 - 2012-04-27 13:16 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-27 13:16 - 2012-04-27 13:16 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-27 13:16 - 2012-04-27 13:16 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-27 13:10 - 2010-02-03 10:12 - 0000000 ____D C:\Users\abcwhse\AppData\Local\VirtualStore
2012-04-27 13:09 - 2012-04-27 13:07 - 0126914 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_17.07.11_log.txt
2012-04-27 13:04 - 2012-04-27 13:00 - 0126870 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_17.00.32_log.txt
2012-04-27 12:55 - 2012-04-27 12:52 - 0126846 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.52.01_log.txt
2012-04-27 12:48 - 2012-04-27 12:47 - 0126908 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.47.32_log.txt
2012-04-27 12:33 - 2012-04-27 12:31 - 0129264 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.31.29_log.txt
2012-04-27 12:31 - 2012-04-27 12:31 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-27 12:15 - 2012-04-27 12:12 - 0130282 ____A C:\TDSSKiller.2.7.33.0_27.04.2012_16.12.08_log.txt
2012-04-27 12:12 - 2012-04-24 14:45 - 2074160 ____A (Kaspersky Lab ZAO) C:\TDSSKiller.exe
2012-04-27 12:12 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-27 12:11 - 2012-04-27 12:10 - 0000348 ____A C:\TDSSKiller.2.7.29.0_27.04.2012_16.10.59_log.txt
2012-04-27 11:59 - 2010-09-15 19:13 - 0000000 ____D C:\Users\abcwhse\AppData\Local\WeatherBug
2012-04-27 11:54 - 2012-04-27 11:54 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-19 10:10 - 2012-04-17 18:42 - 0065536 __ASH C:\Windows\System32\config\components{1040f2e5-88cb-11e1-bc77-00262d1b80aa}.TxR.blf
2012-04-17 18:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-17 18:24 - 2010-02-03 10:10 - 0000000 ____D C:\users\abcwhse
2012-04-16 13:44 - 2012-04-15 15:15 - 0065536 __ASH C:\Windows\System32\config\components{f09c42e3-86e9-11e1-a372-00262d1b80aa}.TxR.blf
2012-04-15 03:05 - 2009-10-27 21:59 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-15 03:05 - 2009-10-27 21:59 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-15 03:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-14 08:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-12 06:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-04-12 05:05 - 2010-02-17 00:35 - 0000000 ____D C:\Users\abcwhse\AppData\Roaming\TuneUpMedia
2012-04-11 00:37 - 2012-04-11 00:37 - 0014471 ____A C:\Windows\SysWOW64\hs_err_pid4128.log
2012-04-10 04:28 - 2012-04-10 04:28 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-10 04:23 - 2009-07-13 21:08 - 0032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-10 00:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-08 04:34 - 2010-02-03 13:42 - 0000000 ____D C:\Users\abcwhse\AppData\Local\Microsoft Games
2012-04-06 11:55 - 2012-04-06 11:55 - 0211000 ____A C:\Users\abcwhse\Downloads\GamingWonderland.exe
2012-04-05 12:59 - 2009-07-13 20:45 - 0343552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-04 11:56 - 2012-04-27 13:16 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-28 23:00 - 2012-04-27 11:51 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-09 11:42 - 2009-10-27 22:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-08 14:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-01 15:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-01 03:43 - 2012-03-01 03:43 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-01 03:43 - 2012-03-01 03:43 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-01 03:43 - 2012-03-01 03:43 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-01 03:43 - 2012-03-01 03:43 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-01 03:43 - 2012-03-01 03:43 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-01 03:43 - 2012-03-01 03:43 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-01 03:43 - 2012-03-01 03:43 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-01 03:43 - 2012-03-01 03:43 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-01 03:43 - 2012-03-01 03:43 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-01 03:43 - 2012-03-01 03:43 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-01 03:43 - 2012-03-01 03:43 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-01 03:40 - 2012-03-01 03:40 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-03-01 03:40 - 2012-03-01 03:40 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-03-01 03:40 - 2012-03-01 03:40 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-03-01 03:40 - 2012-03-01 03:40 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-03-01 03:40 - 2012-03-01 03:40 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-03-01 03:40 - 2012-03-01 03:40 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-02-29 22:54 - 2012-04-13 16:10 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-13 16:10 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-13 16:10 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-13 16:10 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-13 16:10 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-13 16:10 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-13 16:10 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-15 03:04 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-15 03:04 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-15 03:04 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-15 03:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-15 03:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-15 03:04 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-15 03:04 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-15 03:04 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-15 03:04 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-15 03:04 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-15 03:04 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-15 03:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-15 03:04 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-15 03:04 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-15 03:04 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-15 03:04 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-15 03:04 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-15 03:04 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-15 03:04 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-15 03:04 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-15 03:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-15 03:04 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-15 03:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-15 03:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-15 03:04 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-15 03:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-20 11:50 - 2010-10-14 16:19 - 0000000 ____D C:\Users\abcwhse\AppData\Roaming\CoreInternetUtility
2012-02-19 07:54 - 2009-10-27 22:07 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 22:27 - 2012-04-05 12:20 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-04-05 12:20 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-04-05 12:20 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-04-05 12:20 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-11 08:56 - 2012-02-11 08:56 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{bb4c5c51-54d0-11e1-9ac9-00262d1b80aa}.TxR.blf
2012-02-09 22:18 - 2012-04-05 12:20 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-04-05 12:20 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-04-05 12:20 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-04-05 12:20 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 22:17 - 2012-03-23 02:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 21:41 - 2012-04-05 12:20 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-04-05 12:20 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-04-05 12:20 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-04-05 12:20 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-04-05 12:20 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-07 07:02 - 2012-02-07 07:02 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-02 20:16 - 2012-04-05 12:20 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 2814.55 MB
Available physical RAM: 2199.73 MB
Total Pagefile: 2812.7 MB
Available Pagefile: 2182.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:582.4 GB) (Free:535.07 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13.67 GB) (Free:4.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive i: (TOSHIBA) (Removable) (Total:14.53 GB) (Free:13.22 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 582 GB 13 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 582 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I TOSHIBA FAT32 Removable 14 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-27 17:28

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 28 April 2012 - 11:00 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 ASInsHelp; C:\Windows\System32\wfxsvc.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\wfxsvc.dll
NETSVC: ASInsHelp

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ut-oh

ut-oh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 28 April 2012 - 11:25 AM

Hello Gringo,

Thank you for the follow up. I followed your instructions. It seems this step was successful. :thumbup2: The contents of Fixlog.txt are below. The machine is still sitting at the command prompt of the repair console. I have not rebooted it since the first time I ran frst64.exe.

Regards,
ut-oh


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-04-2012
Ran by SYSTEM at 2012-04-28 12:19:29 R:1
Running from I:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
ASInsHelp service deleted successfully.
C:\Windows\System32\wfxsvc.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ASInsHelp Deleted successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 28 April 2012 - 12:03 PM

Hello


restart the computer and let me know if it starts up alright


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ut-oh

ut-oh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 28 April 2012 - 12:26 PM

Hello Gringo,

Thank you again for the follow up. I restarted (clicked restart on the repair console screen) the machine. As best as I can tell it booted up normally. :thumbup2:

I closed weatherbug desktop by right clicking on icon in system tray.

This may or may not matter for this effort. I wanted to review the state of the McAfee software. I started task manager and went to services tab, then clicked the services button to bring up the services console. McShield and McAfee Validatation Trust Protection Services are running. I had disabled all other parts of McAfee before I ran combofix as mentioned in the very start of this thread. I can't disable or stop these two services. Nor can I disable or stop McAfee from the McAfee UI. This is McAfee Internet Security and I believe it was a bundled version that came with the computer as it also has Acer's logo on the McAfee screen. This AV is expired and I'm happy to uninstall it all together if needed.

No other actions have been performed since bootup. Please let me know what you want done next.

cheers,
ut-on

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 28 April 2012 - 12:31 PM

Hello


If it is expired then do uninstall it as it creates a more danger being on here now



I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ut-oh

ut-oh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 28 April 2012 - 01:36 PM

Hello Gringo,

Thanks for your furhter instructions. I restored all the McAfee service settings to their normal state. Then started the McAfee items that would normally be running. Then I uninstalled McAfee completely via the add/remove program options in Windows. Followed by a reboot as requested by the uninstall.

Next I downloaded the latest version of combofix to a USB drive and used that to get it on the computer. Then ran it as instructed. The log clip is below. It found and deleted quite a few files. :thumbup2: Combofix did not ask me to reboot the computer. So it has not been rebooted since combofix has completed.

Overall, the computer seems to be running ok. I didn't notice any issues, nor any odd behavior. It is NOT hooked up the network right now and of course not connected to the internet either. I didn't do anything with the computer other than what is mentioned here.

Cheers,
ut-oh



ComboFix 12-04-28.01 - abcwhse 04/28/2012 14:03:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1753 [GMT -4:00]
Running from: c:\users\abcwhse\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\caebffcfffcdct.exe
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 18:11 . 2012-04-28 18:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-28 18:11 . 2012-04-28 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 14:11 . 2012-04-28 14:12 -------- d-----w- C:\FRST
2012-04-28 01:46 . 2012-04-28 01:47 -------- d-----w- C:\Ken
2012-04-28 01:41 . 2012-04-28 01:41 -------- d-----w- c:\program files\CCleaner
2012-04-27 21:17 . 2012-04-27 21:17 -------- d-----w- c:\users\abcwhse\AppData\Roaming\Malwarebytes
2012-04-27 21:16 . 2012-04-27 21:16 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 21:16 . 2012-04-27 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-27 21:16 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 20:31 . 2012-04-27 20:31 -------- d-----w- c:\windows\system32\Macromed
2012-04-27 20:15 . 2012-04-28 02:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 22:45 . 2012-04-27 20:12 2074160 ----a-w- C:\TDSSKiller.exe
2012-04-19 18:43 . 2012-04-28 18:13 90112 ----a-w- c:\programdata\caebffcfffcdct.exe
2012-04-14 00:10 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 00:10 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 00:10 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-14 00:10 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 00:10 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 00:10 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-14 00:10 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 12:28 . 2012-04-10 12:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:43 . 2012-03-01 11:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-01 11:43 . 2012-03-01 11:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-01 11:43 . 2012-03-01 11:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 11:43 . 2012-03-01 11:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-01 11:43 . 2012-03-01 11:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-01 11:43 . 2012-03-01 11:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-01 11:43 . 2012-03-01 11:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-01 11:43 . 2012-03-01 11:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-01 11:43 . 2012-03-01 11:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-01 11:43 . 2012-03-01 11:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-01 11:43 . 2012-03-01 11:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-01 11:43 . 2012-03-01 11:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-01 11:43 . 2012-03-01 11:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-01 11:43 . 2012-03-01 11:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-01 11:43 . 2012-03-01 11:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-01 11:43 . 2012-03-01 11:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-01 11:43 . 2012-03-01 11:43 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-01 11:43 . 2012-03-01 11:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-01 11:43 . 2012-03-01 11:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 11:43 . 2012-03-01 11:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-01 11:43 . 2012-03-01 11:43 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-01 11:43 . 2012-03-01 11:43 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-01 11:43 . 2012-03-01 11:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-01 11:43 . 2012-03-01 11:43 448512 ----a-w- c:\windows\system32\html.iec
2012-03-01 11:43 . 2012-03-01 11:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-01 11:43 . 2012-03-01 11:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-01 11:43 . 2012-03-01 11:43 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-01 11:43 . 2012-03-01 11:43 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 11:43 . 2012-03-01 11:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-01 11:43 . 2012-03-01 11:43 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-01 11:43 . 2012-03-01 11:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-01 11:43 . 2012-03-01 11:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:43 . 2012-03-01 11:43 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-01 11:43 . 2012-03-01 11:43 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 11:40 . 2012-03-01 11:40 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-01 11:40 . 2012-03-01 11:40 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-01 11:40 . 2012-03-01 11:40 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-01 11:40 . 2012-03-01 11:40 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-01 11:40 . 2012-03-01 11:40 4068864 ----a-w- c:\windows\system32\mf.dll
2012-03-01 11:40 . 2012-03-01 11:40 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-03-01 11:40 . 2012-03-01 11:40 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-01 11:40 . 2012-03-01 11:40 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-01 11:40 . 2012-03-01 11:40 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-01 11:40 . 2012-03-01 11:40 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-01 11:40 . 2012-03-01 11:40 206848 ----a-w- c:\windows\system32\mfps.dll
2012-03-01 11:40 . 2012-03-01 11:40 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-03-01 11:40 . 2012-03-01 11:40 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-03-01 11:40 . 2012-03-01 11:40 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-03-01 11:40 . 2012-03-01 11:40 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-03-01 11:40 . 2012-03-01 11:40 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-03-01 11:40 . 2012-03-01 11:40 144384 ----a-w- c:\windows\system32\cdd.dll
2012-03-01 11:40 . 2012-03-01 11:40 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-03-01 11:40 . 2012-03-01 11:40 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-10 06:17 . 2012-03-23 10:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{54d0da58-64e7-4408-be1f-72659f70fcbe}"= "c:\program files (x86)\24MusicBar\tb24Mu.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"caebffcfffcdct"="c:\programdata\caebffcfffcdct.exe" [2012-04-28 90112]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-17 149280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"caebffcfffcdct"="c:\programdata\caebffcfffcdct.exe" [2012-04-28 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.youcansearch.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 68.94.156.1 75.75.76.76 68.94.157.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{54D0DA58-64E7-4408-BE1F-72659F70FCBE} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-28 14:22:08
ComboFix-quarantined-files.txt 2012-04-28 18:22
ComboFix2.txt 2012-04-28 03:05
.
Pre-Run: 574,227,869,696 bytes free
Post-Run: 574,185,897,984 bytes free
.
- - End Of File - - 8109F668B34A03FA477FED1DA8E97E2C

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 28 April 2012 - 01:55 PM

Greetings

hook it up and start test running it - we need to know where we are.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ut-oh

ut-oh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 28 April 2012 - 02:31 PM

Hello Gringo,

Thank you again for instructions.

I removed the version of TDSSKiller I had at c:\.

Downloaded the latest TDSSkiller and ran from the desktop. No issues found. :thumbup2: Log clip below.

Downloaded and ran aswMBR from the desktop. I let it download extra definitions. Log clip below.

I'll begin browsing some web sites and see how it behaves.

What do you want done next?

Cheers,
ut-oh



15:02:54.0431 2448 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:02:54.0446 2448 ============================================================
15:02:54.0462 2448 Current date / time: 2012/04/28 15:02:54.0446
15:02:54.0462 2448 SystemInfo:
15:02:54.0462 2448
15:02:54.0462 2448 OS Version: 6.1.7600 ServicePack: 0.0
15:02:54.0462 2448 Product type: Workstation
15:02:54.0462 2448 ComputerName: XXXXXX
15:02:54.0462 2448 UserName: abcwhse
15:02:54.0462 2448 Windows directory: C:\Windows
15:02:54.0462 2448 System windows directory: C:\Windows
15:02:54.0462 2448 Running under WOW64
15:02:54.0462 2448 Processor architecture: Intel x64
15:02:54.0462 2448 Number of processors: 2
15:02:54.0462 2448 Page size: 0x1000
15:02:54.0462 2448 Boot type: Normal boot
15:02:54.0462 2448 ============================================================
15:02:55.0289 2448 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:55.0304 2448 Drive \Device\Harddisk3\DR5 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:02:55.0304 2448 ============================================================
15:02:55.0304 2448 \Device\Harddisk0\DR0:
15:02:55.0304 2448 MBR partitions:
15:02:55.0304 2448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
15:02:55.0304 2448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x48CCD2B0
15:02:55.0304 2448 \Device\Harddisk3\DR5:
15:02:55.0304 2448 MBR partitions:
15:02:55.0304 2448 \Device\Harddisk3\DR5\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D0FB80
15:02:55.0304 2448 ============================================================
15:02:55.0320 2448 C: <-> \Device\Harddisk0\DR0\Partition1
15:02:55.0320 2448 ============================================================
15:02:55.0320 2448 Initialize success
15:02:55.0320 2448 ============================================================
15:03:01.0014 2408 ============================================================
15:03:01.0014 2408 Scan started
15:03:01.0014 2408 Mode: Manual;
15:03:01.0014 2408 ============================================================
15:03:01.0685 2408 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:03:01.0685 2408 1394ohci - ok
15:03:01.0732 2408 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:03:01.0732 2408 ACPI - ok
15:03:01.0747 2408 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:03:01.0747 2408 AcpiPmi - ok
15:03:01.0794 2408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:03:01.0810 2408 adp94xx - ok
15:03:01.0841 2408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:03:01.0841 2408 adpahci - ok
15:03:01.0856 2408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:03:01.0856 2408 adpu320 - ok
15:03:01.0888 2408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:03:01.0888 2408 AeLookupSvc - ok
15:03:01.0934 2408 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:03:01.0934 2408 AFD - ok
15:03:01.0950 2408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:03:01.0950 2408 agp440 - ok
15:03:01.0966 2408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:03:01.0966 2408 ALG - ok
15:03:01.0981 2408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:03:01.0981 2408 aliide - ok
15:03:01.0981 2408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:03:01.0981 2408 amdide - ok
15:03:02.0012 2408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:03:02.0012 2408 AmdK8 - ok
15:03:02.0028 2408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:03:02.0028 2408 AmdPPM - ok
15:03:02.0059 2408 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
15:03:02.0059 2408 amdsata - ok
15:03:02.0075 2408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:03:02.0075 2408 amdsbs - ok
15:03:02.0106 2408 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
15:03:02.0106 2408 amdxata - ok
15:03:02.0122 2408 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:03:02.0122 2408 AppID - ok
15:03:02.0137 2408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:03:02.0137 2408 AppIDSvc - ok
15:03:02.0153 2408 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:03:02.0153 2408 Appinfo - ok
15:03:02.0231 2408 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:03:02.0231 2408 Apple Mobile Device - ok
15:03:02.0262 2408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:03:02.0278 2408 arc - ok
15:03:02.0293 2408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:03:02.0293 2408 arcsas - ok
15:03:02.0293 2408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:02.0293 2408 AsyncMac - ok
15:03:02.0309 2408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:03:02.0324 2408 atapi - ok
15:03:02.0371 2408 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:03:02.0371 2408 AudioEndpointBuilder - ok
15:03:02.0387 2408 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:03:02.0402 2408 AudioSrv - ok
15:03:02.0434 2408 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:03:02.0434 2408 AxInstSV - ok
15:03:02.0465 2408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:03:02.0465 2408 b06bdrv - ok
15:03:02.0496 2408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:02.0496 2408 b57nd60a - ok
15:03:02.0527 2408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:03:02.0527 2408 BDESVC - ok
15:03:02.0543 2408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:03:02.0543 2408 Beep - ok
15:03:02.0605 2408 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:03:02.0621 2408 BFE - ok
15:03:02.0714 2408 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
15:03:02.0730 2408 BITS - ok
15:03:02.0761 2408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:02.0761 2408 blbdrive - ok
15:03:02.0855 2408 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:03:02.0855 2408 Bonjour Service - ok
15:03:02.0886 2408 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:03:02.0886 2408 bowser - ok
15:03:02.0902 2408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:03:02.0902 2408 BrFiltLo - ok
15:03:02.0917 2408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:03:02.0917 2408 BrFiltUp - ok
15:03:02.0948 2408 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:03:02.0948 2408 BridgeMP - ok
15:03:02.0980 2408 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:03:02.0980 2408 Browser - ok
15:03:02.0995 2408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:03:03.0011 2408 Brserid - ok
15:03:03.0011 2408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:03.0011 2408 BrSerWdm - ok
15:03:03.0026 2408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:03.0026 2408 BrUsbMdm - ok
15:03:03.0042 2408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:03.0042 2408 BrUsbSer - ok
15:03:03.0042 2408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:03:03.0042 2408 BTHMODEM - ok
15:03:03.0073 2408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:03:03.0073 2408 bthserv - ok
15:03:03.0073 2408 catchme - ok
15:03:03.0104 2408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:03:03.0104 2408 cdfs - ok
15:03:03.0120 2408 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:03:03.0120 2408 cdrom - ok
15:03:03.0151 2408 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:03:03.0151 2408 CertPropSvc - ok
15:03:03.0167 2408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:03:03.0167 2408 circlass - ok
15:03:03.0198 2408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:03:03.0198 2408 CLFS - ok
15:03:03.0245 2408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:03.0245 2408 clr_optimization_v2.0.50727_32 - ok
15:03:03.0260 2408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:03.0260 2408 clr_optimization_v2.0.50727_64 - ok
15:03:03.0292 2408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:03:03.0292 2408 CmBatt - ok
15:03:03.0292 2408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:03:03.0292 2408 cmdide - ok
15:03:03.0338 2408 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:03:03.0338 2408 CNG - ok
15:03:03.0354 2408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:03:03.0354 2408 Compbatt - ok
15:03:03.0370 2408 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:03:03.0370 2408 CompositeBus - ok
15:03:03.0370 2408 COMSysApp - ok
15:03:03.0401 2408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:03:03.0401 2408 crcdisk - ok
15:03:03.0416 2408 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:03:03.0416 2408 CryptSvc - ok
15:03:03.0463 2408 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:03:03.0463 2408 DcomLaunch - ok
15:03:03.0510 2408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:03:03.0510 2408 defragsvc - ok
15:03:03.0526 2408 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:03:03.0526 2408 DfsC - ok
15:03:03.0557 2408 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:03:03.0557 2408 Dhcp - ok
15:03:03.0572 2408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:03:03.0572 2408 discache - ok
15:03:03.0604 2408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:03:03.0604 2408 Disk - ok
15:03:03.0635 2408 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:03:03.0635 2408 Dnscache - ok
15:03:03.0666 2408 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:03:03.0666 2408 dot3svc - ok
15:03:03.0682 2408 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:03:03.0682 2408 DPS - ok
15:03:03.0697 2408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:03:03.0697 2408 drmkaud - ok
15:03:03.0775 2408 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:03:03.0791 2408 DXGKrnl - ok
15:03:03.0806 2408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:03:03.0806 2408 EapHost - ok
15:03:04.0009 2408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:03:04.0056 2408 ebdrv - ok
15:03:04.0134 2408 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:03:04.0134 2408 EFS - ok
15:03:04.0212 2408 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
15:03:04.0228 2408 ehRecvr - ok
15:03:04.0243 2408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:03:04.0243 2408 ehSched - ok
15:03:04.0290 2408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:03:04.0306 2408 elxstor - ok
15:03:04.0321 2408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:03:04.0321 2408 ErrDev - ok
15:03:04.0352 2408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:03:04.0368 2408 EventSystem - ok
15:03:04.0384 2408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:03:04.0384 2408 exfat - ok
15:03:04.0415 2408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:03:04.0415 2408 fastfat - ok
15:03:04.0462 2408 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:03:04.0462 2408 Fax - ok
15:03:04.0477 2408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:03:04.0477 2408 fdc - ok
15:03:04.0493 2408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:03:04.0493 2408 fdPHost - ok
15:03:04.0508 2408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:03:04.0508 2408 FDResPub - ok
15:03:04.0508 2408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:03:04.0524 2408 FileInfo - ok
15:03:04.0524 2408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:03:04.0524 2408 Filetrace - ok
15:03:04.0540 2408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:03:04.0555 2408 flpydisk - ok
15:03:04.0555 2408 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:03:04.0571 2408 FltMgr - ok
15:03:04.0633 2408 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
15:03:04.0649 2408 FontCache - ok
15:03:04.0711 2408 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:04.0711 2408 FontCache3.0.0.0 - ok
15:03:04.0789 2408 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
15:03:04.0805 2408 ForceWare Intelligent Application Manager (IAM) - ok
15:03:04.0852 2408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:03:04.0852 2408 FsDepends - ok
15:03:04.0867 2408 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:03:04.0867 2408 Fs_Rec - ok
15:03:04.0883 2408 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
15:03:04.0883 2408 fvevol - ok
15:03:04.0898 2408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:03:04.0898 2408 gagp30kx - ok
15:03:04.0930 2408 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
15:03:04.0945 2408 GameConsoleService - ok
15:03:04.0976 2408 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:03:04.0976 2408 GEARAspiWDM - ok
15:03:05.0039 2408 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:03:05.0054 2408 gpsvc - ok
15:03:05.0132 2408 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
15:03:05.0148 2408 Greg_Service - ok
15:03:05.0242 2408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:03:05.0242 2408 hcw85cir - ok
15:03:05.0273 2408 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:03:05.0288 2408 HdAudAddService - ok
15:03:05.0320 2408 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:03:05.0320 2408 HDAudBus - ok
15:03:05.0335 2408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:03:05.0335 2408 HidBatt - ok
15:03:05.0351 2408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:03:05.0351 2408 HidBth - ok
15:03:05.0366 2408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:03:05.0366 2408 HidIr - ok
15:03:05.0382 2408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:03:05.0382 2408 hidserv - ok
15:03:05.0398 2408 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:03:05.0398 2408 HidUsb - ok
15:03:05.0413 2408 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:03:05.0413 2408 hkmsvc - ok
15:03:05.0429 2408 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:03:05.0444 2408 HomeGroupListener - ok
15:03:05.0460 2408 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:03:05.0460 2408 HomeGroupProvider - ok
15:03:05.0491 2408 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:03:05.0491 2408 HpSAMD - ok
15:03:05.0538 2408 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:03:05.0538 2408 HTTP - ok
15:03:05.0554 2408 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:03:05.0554 2408 hwpolicy - ok
15:03:05.0569 2408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:03:05.0585 2408 i8042prt - ok
15:03:05.0616 2408 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
15:03:05.0616 2408 iaStorV - ok
15:03:05.0725 2408 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:05.0725 2408 idsvc - ok
15:03:05.0741 2408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:03:05.0741 2408 iirsp - ok
15:03:05.0803 2408 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:03:05.0803 2408 IKEEXT - ok
15:03:05.0944 2408 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
15:03:05.0959 2408 IntcAzAudAddService - ok
15:03:06.0053 2408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:03:06.0053 2408 intelide - ok
15:03:06.0084 2408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:03:06.0084 2408 intelppm - ok
15:03:06.0100 2408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:03:06.0100 2408 IPBusEnum - ok
15:03:06.0131 2408 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:06.0131 2408 IpFilterDriver - ok
15:03:06.0380 2408 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:03:06.0380 2408 iphlpsvc - ok
15:03:06.0412 2408 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:03:06.0412 2408 IPMIDRV - ok
15:03:06.0427 2408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:03:06.0427 2408 IPNAT - ok
15:03:06.0568 2408 iPod Service (81826a13598a7feaa9e391190e9b539a) C:\Program Files\iPod\bin\iPodService.exe
15:03:06.0583 2408 iPod Service - ok
15:03:06.0614 2408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:03:06.0614 2408 IRENUM - ok
15:03:06.0630 2408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:03:06.0630 2408 isapnp - ok
15:03:06.0646 2408 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:03:06.0646 2408 iScsiPrt - ok
15:03:06.0677 2408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:03:06.0677 2408 kbdclass - ok
15:03:06.0677 2408 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:03:06.0677 2408 kbdhid - ok
15:03:06.0708 2408 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:03:06.0708 2408 KeyIso - ok
15:03:06.0724 2408 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:03:06.0724 2408 KSecDD - ok
15:03:06.0755 2408 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:03:06.0755 2408 KSecPkg - ok
15:03:06.0755 2408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:03:06.0755 2408 ksthunk - ok
15:03:06.0802 2408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:03:06.0802 2408 KtmRm - ok
15:03:06.0833 2408 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
15:03:06.0833 2408 LanmanServer - ok
15:03:06.0864 2408 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:03:06.0864 2408 LanmanWorkstation - ok
15:03:06.0895 2408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:03:06.0895 2408 lltdio - ok
15:03:06.0911 2408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:03:06.0911 2408 lltdsvc - ok
15:03:06.0926 2408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:03:06.0926 2408 lmhosts - ok
15:03:06.0958 2408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:03:06.0958 2408 LSI_FC - ok
15:03:06.0973 2408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:03:06.0973 2408 LSI_SAS - ok
15:03:06.0989 2408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:03:06.0989 2408 LSI_SAS2 - ok
15:03:07.0004 2408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:03:07.0004 2408 LSI_SCSI - ok
15:03:07.0020 2408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:03:07.0020 2408 luafv - ok
15:03:07.0051 2408 McMPFSvc - ok
15:03:07.0082 2408 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:03:07.0082 2408 Mcx2Svc - ok
15:03:07.0098 2408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:03:07.0098 2408 megasas - ok
15:03:07.0129 2408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:03:07.0129 2408 MegaSR - ok
15:03:07.0145 2408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:07.0160 2408 MMCSS - ok
15:03:07.0160 2408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:03:07.0160 2408 Modem - ok
15:03:07.0192 2408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:03:07.0192 2408 monitor - ok
15:03:07.0207 2408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:03:07.0207 2408 mouclass - ok
15:03:07.0223 2408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:03:07.0223 2408 mouhid - ok
15:03:07.0238 2408 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:03:07.0238 2408 mountmgr - ok
15:03:07.0254 2408 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:03:07.0254 2408 mpio - ok
15:03:07.0270 2408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:03:07.0270 2408 mpsdrv - ok
15:03:07.0348 2408 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:03:07.0379 2408 MpsSvc - ok
15:03:07.0394 2408 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:03:07.0394 2408 MRxDAV - ok
15:03:07.0426 2408 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:07.0426 2408 mrxsmb - ok
15:03:07.0472 2408 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:07.0472 2408 mrxsmb10 - ok
15:03:07.0504 2408 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:07.0519 2408 mrxsmb20 - ok
15:03:07.0519 2408 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:03:07.0519 2408 msahci - ok
15:03:07.0550 2408 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:03:07.0550 2408 msdsm - ok
15:03:07.0566 2408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:03:07.0582 2408 MSDTC - ok
15:03:07.0597 2408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:03:07.0597 2408 Msfs - ok
15:03:07.0613 2408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:03:07.0613 2408 mshidkmdf - ok
15:03:07.0613 2408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:03:07.0613 2408 msisadrv - ok
15:03:07.0644 2408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:03:07.0644 2408 MSiSCSI - ok
15:03:07.0644 2408 msiserver - ok
15:03:07.0675 2408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:03:07.0675 2408 MSKSSRV - ok
15:03:07.0691 2408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:07.0691 2408 MSPCLOCK - ok
15:03:07.0691 2408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:03:07.0691 2408 MSPQM - ok
15:03:07.0722 2408 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:03:07.0722 2408 MsRPC - ok
15:03:07.0738 2408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:03:07.0738 2408 mssmbios - ok
15:03:07.0738 2408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:03:07.0738 2408 MSTEE - ok
15:03:07.0738 2408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:03:07.0738 2408 MTConfig - ok
15:03:07.0753 2408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:03:07.0753 2408 Mup - ok
15:03:07.0784 2408 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:03:07.0784 2408 mwlPSDFilter - ok
15:03:07.0784 2408 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:03:07.0784 2408 mwlPSDNServ - ok
15:03:07.0800 2408 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:03:07.0800 2408 mwlPSDVDisk - ok
15:03:07.0878 2408 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
15:03:07.0878 2408 MWLService - ok
15:03:07.0925 2408 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:03:07.0925 2408 napagent - ok
15:03:07.0972 2408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:03:07.0972 2408 NativeWifiP - ok
15:03:08.0050 2408 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:03:08.0050 2408 NDIS - ok
15:03:08.0065 2408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:08.0065 2408 NdisCap - ok
15:03:08.0096 2408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:08.0096 2408 NdisTapi - ok
15:03:08.0096 2408 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:08.0096 2408 Ndisuio - ok
15:03:08.0128 2408 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:08.0128 2408 NdisWan - ok
15:03:08.0143 2408 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:03:08.0143 2408 NDProxy - ok
15:03:08.0252 2408 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:03:08.0268 2408 Nero BackItUp Scheduler 4.0 - ok
15:03:08.0284 2408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:03:08.0284 2408 NetBIOS - ok
15:03:08.0315 2408 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:03:08.0315 2408 NetBT - ok
15:03:08.0330 2408 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:03:08.0346 2408 Netlogon - ok
15:03:08.0377 2408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:03:08.0393 2408 Netman - ok
15:03:08.0424 2408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:03:08.0424 2408 netprofm - ok
15:03:08.0486 2408 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:03:08.0486 2408 NetTcpPortSharing - ok
15:03:08.0502 2408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:03:08.0502 2408 nfrd960 - ok
15:03:08.0533 2408 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:03:08.0533 2408 NlaSvc - ok
15:03:08.0549 2408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:03:08.0549 2408 Npfs - ok
15:03:08.0580 2408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:03:08.0580 2408 nsi - ok
15:03:08.0611 2408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:03:08.0611 2408 nsiproxy - ok
15:03:08.0658 2408 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
15:03:08.0658 2408 nSvcIp - ok
15:03:08.0783 2408 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
15:03:08.0798 2408 Ntfs - ok
15:03:08.0861 2408 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:03:08.0861 2408 NTI IScheduleSvc - ok
15:03:08.0939 2408 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
15:03:08.0954 2408 NTIDrvr - ok
15:03:08.0970 2408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:03:08.0970 2408 Null - ok
15:03:09.0001 2408 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:03:09.0001 2408 NVENETFD - ok
15:03:09.0032 2408 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
15:03:09.0032 2408 NVHDA - ok
15:03:09.0641 2408 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:03:09.0719 2408 nvlddmkm - ok
15:03:09.0828 2408 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
15:03:09.0828 2408 NVNET - ok
15:03:09.0859 2408 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
15:03:09.0875 2408 nvraid - ok
15:03:09.0906 2408 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
15:03:09.0906 2408 nvsmu - ok
15:03:09.0922 2408 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
15:03:09.0922 2408 nvstor - ok
15:03:09.0953 2408 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
15:03:09.0953 2408 nvstor64 - ok
15:03:10.0000 2408 nvsvc (59dd481e0063f8f7ea8b9f149fcacf32) C:\Windows\system32\nvvsvc.exe
15:03:10.0000 2408 nvsvc - ok
15:03:10.0015 2408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:03:10.0015 2408 nv_agp - ok
15:03:10.0093 2408 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:03:10.0109 2408 odserv - ok
15:03:10.0124 2408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:03:10.0124 2408 ohci1394 - ok
15:03:10.0156 2408 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:10.0156 2408 ose - ok
15:03:10.0187 2408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:10.0187 2408 p2pimsvc - ok
15:03:10.0218 2408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:03:10.0234 2408 p2psvc - ok
15:03:10.0249 2408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:03:10.0249 2408 Parport - ok
15:03:10.0265 2408 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:03:10.0265 2408 partmgr - ok
15:03:10.0296 2408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:03:10.0296 2408 PcaSvc - ok
15:03:10.0312 2408 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:03:10.0312 2408 pci - ok
15:03:10.0312 2408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:03:10.0312 2408 pciide - ok
15:03:10.0343 2408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:03:10.0343 2408 pcmcia - ok
15:03:10.0358 2408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:03:10.0358 2408 pcw - ok
15:03:10.0390 2408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:03:10.0405 2408 PEAUTH - ok
15:03:10.0468 2408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:03:10.0468 2408 PerfHost - ok
15:03:10.0577 2408 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:03:10.0608 2408 pla - ok
15:03:10.0670 2408 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:03:10.0670 2408 PlugPlay - ok
15:03:10.0702 2408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:03:10.0702 2408 PNRPAutoReg - ok
15:03:10.0733 2408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:03:10.0733 2408 PNRPsvc - ok
15:03:10.0780 2408 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:03:10.0780 2408 PolicyAgent - ok
15:03:10.0811 2408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:03:10.0811 2408 Power - ok
15:03:10.0858 2408 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:03:10.0858 2408 PptpMiniport - ok
15:03:10.0873 2408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:03:10.0873 2408 Processor - ok
15:03:10.0904 2408 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:03:10.0904 2408 ProfSvc - ok
15:03:10.0936 2408 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:03:10.0936 2408 ProtectedStorage - ok
15:03:10.0967 2408 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:03:10.0967 2408 Psched - ok
15:03:11.0060 2408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:03:11.0076 2408 ql2300 - ok
15:03:11.0154 2408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:03:11.0154 2408 ql40xx - ok
15:03:11.0185 2408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:03:11.0185 2408 QWAVE - ok
15:03:11.0201 2408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:03:11.0201 2408 QWAVEdrv - ok
15:03:11.0216 2408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:03:11.0216 2408 RasAcd - ok
15:03:11.0232 2408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:11.0232 2408 RasAgileVpn - ok
15:03:11.0248 2408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:03:11.0248 2408 RasAuto - ok
15:03:11.0263 2408 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:11.0263 2408 Rasl2tp - ok
15:03:11.0294 2408 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:03:11.0294 2408 RasMan - ok
15:03:11.0310 2408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:11.0310 2408 RasPppoe - ok
15:03:11.0326 2408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:03:11.0326 2408 RasSstp - ok
15:03:11.0388 2408 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:03:11.0404 2408 rdbss - ok
15:03:11.0419 2408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:11.0419 2408 rdpbus - ok
15:03:11.0435 2408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:11.0435 2408 RDPCDD - ok
15:03:11.0466 2408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:03:11.0466 2408 RDPENCDD - ok
15:03:11.0466 2408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:03:11.0466 2408 RDPREFMP - ok
15:03:11.0497 2408 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
15:03:11.0497 2408 RDPWD - ok
15:03:11.0513 2408 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:03:11.0528 2408 rdyboost - ok
15:03:11.0560 2408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:03:11.0560 2408 RemoteAccess - ok
15:03:11.0591 2408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:03:11.0591 2408 RemoteRegistry - ok
15:03:11.0606 2408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:03:11.0606 2408 RpcEptMapper - ok
15:03:11.0638 2408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:03:11.0638 2408 RpcLocator - ok
15:03:11.0653 2408 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:03:11.0653 2408 RpcSs - ok
15:03:11.0669 2408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:03:11.0669 2408 rspndr - ok
15:03:11.0700 2408 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:03:11.0700 2408 SamSs - ok
15:03:11.0716 2408 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:03:11.0716 2408 sbp2port - ok
15:03:11.0731 2408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:03:11.0731 2408 SCardSvr - ok
15:03:11.0747 2408 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:03:11.0747 2408 scfilter - ok
15:03:11.0840 2408 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:03:11.0856 2408 Schedule - ok
15:03:11.0872 2408 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:03:11.0872 2408 SCPolicySvc - ok
15:03:11.0903 2408 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:03:11.0903 2408 SDRSVC - ok
15:03:11.0950 2408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:03:11.0950 2408 secdrv - ok
15:03:11.0950 2408 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:03:11.0950 2408 seclogon - ok
15:03:11.0965 2408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:03:11.0965 2408 SENS - ok
15:03:11.0981 2408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:03:11.0981 2408 SensrSvc - ok
15:03:11.0996 2408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:03:11.0996 2408 Serenum - ok
15:03:12.0012 2408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:03:12.0012 2408 Serial - ok
15:03:12.0028 2408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:03:12.0028 2408 sermouse - ok
15:03:12.0059 2408 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:03:12.0059 2408 SessionEnv - ok
15:03:12.0074 2408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:03:12.0074 2408 sffdisk - ok
15:03:12.0090 2408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:03:12.0090 2408 sffp_mmc - ok
15:03:12.0090 2408 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:03:12.0090 2408 sffp_sd - ok
15:03:12.0090 2408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:03:12.0090 2408 sfloppy - ok
15:03:12.0121 2408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:03:12.0137 2408 SharedAccess - ok
15:03:12.0168 2408 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:03:12.0168 2408 ShellHWDetection - ok
15:03:12.0184 2408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:03:12.0184 2408 SiSRaid2 - ok
15:03:12.0199 2408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:03:12.0199 2408 SiSRaid4 - ok
15:03:12.0215 2408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:03:12.0215 2408 Smb - ok
15:03:12.0230 2408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:03:12.0230 2408 SNMPTRAP - ok
15:03:12.0246 2408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:03:12.0246 2408 spldr - ok
15:03:12.0293 2408 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:03:12.0293 2408 Spooler - ok
15:03:12.0496 2408 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:03:12.0511 2408 sppsvc - ok
15:03:12.0605 2408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:03:12.0605 2408 sppuinotify - ok
15:03:12.0667 2408 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:03:12.0683 2408 srv - ok
15:03:12.0730 2408 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:03:12.0730 2408 srv2 - ok
15:03:12.0761 2408 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:03:12.0761 2408 srvnet - ok
15:03:12.0792 2408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:03:12.0792 2408 SSDPSRV - ok
15:03:12.0808 2408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:03:12.0823 2408 SstpSvc - ok
15:03:12.0839 2408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:03:12.0854 2408 stexstor - ok
15:03:12.0886 2408 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:03:12.0886 2408 stisvc - ok
15:03:12.0901 2408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:03:12.0901 2408 swenum - ok
15:03:12.0948 2408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:03:12.0948 2408 swprv - ok
15:03:13.0073 2408 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:03:13.0088 2408 SysMain - ok
15:03:13.0166 2408 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:03:13.0166 2408 TabletInputService - ok
15:03:13.0198 2408 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:03:13.0198 2408 TapiSrv - ok
15:03:13.0213 2408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:03:13.0213 2408 TBS - ok
15:03:13.0369 2408 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:03:13.0385 2408 Tcpip - ok
15:03:13.0541 2408 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:03:13.0556 2408 TCPIP6 - ok
15:03:13.0603 2408 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:03:13.0603 2408 tcpipreg - ok
15:03:13.0619 2408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:03:13.0619 2408 TDPIPE - ok
15:03:13.0634 2408 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:03:13.0634 2408 TDTCP - ok
15:03:13.0650 2408 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:03:13.0650 2408 tdx - ok
15:03:13.0666 2408 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:03:13.0666 2408 TermDD - ok
15:03:13.0728 2408 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:03:13.0744 2408 TermService - ok
15:03:13.0759 2408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:03:13.0759 2408 Themes - ok
15:03:13.0775 2408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:03:13.0775 2408 THREADORDER - ok
15:03:13.0790 2408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:03:13.0790 2408 TrkWks - ok
15:03:13.0837 2408 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:03:13.0837 2408 TrustedInstaller - ok
15:03:13.0853 2408 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:13.0853 2408 tssecsrv - ok
15:03:13.0868 2408 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:03:13.0868 2408 tunnel - ok
15:03:13.0884 2408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:03:13.0884 2408 uagp35 - ok
15:03:13.0915 2408 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
15:03:13.0915 2408 UBHelper - ok
15:03:13.0931 2408 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:03:13.0946 2408 udfs - ok
15:03:13.0962 2408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:03:13.0962 2408 UI0Detect - ok
15:03:13.0978 2408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:03:13.0978 2408 uliagpkx - ok
15:03:13.0993 2408 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:03:13.0993 2408 umbus - ok
15:03:14.0009 2408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:03:14.0009 2408 UmPass - ok
15:03:14.0071 2408 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:03:14.0071 2408 Updater Service - ok
15:03:14.0102 2408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:03:14.0118 2408 upnphost - ok
15:03:14.0149 2408 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:03:14.0149 2408 USBAAPL64 - ok
15:03:14.0165 2408 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:14.0165 2408 usbccgp - ok
15:03:14.0180 2408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:03:14.0180 2408 usbcir - ok
15:03:14.0212 2408 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
15:03:14.0212 2408 usbehci - ok
15:03:14.0243 2408 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
15:03:14.0243 2408 usbhub - ok
15:03:14.0258 2408 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:03:14.0258 2408 usbohci - ok
15:03:14.0274 2408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:03:14.0274 2408 usbprint - ok
15:03:14.0290 2408 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:14.0290 2408 USBSTOR - ok
15:03:14.0290 2408 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:03:14.0290 2408 usbuhci - ok
15:03:14.0305 2408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:03:14.0305 2408 UxSms - ok
15:03:14.0321 2408 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:03:14.0336 2408 VaultSvc - ok
15:03:14.0352 2408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:03:14.0352 2408 vdrvroot - ok
15:03:14.0383 2408 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:03:14.0383 2408 vds - ok
15:03:14.0399 2408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:14.0399 2408 vga - ok
15:03:14.0414 2408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:03:14.0414 2408 VgaSave - ok
15:03:14.0430 2408 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:03:14.0430 2408 vhdmp - ok
15:03:14.0446 2408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:03:14.0446 2408 viaide - ok
15:03:14.0461 2408 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:03:14.0461 2408 volmgr - ok
15:03:14.0477 2408 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:03:14.0477 2408 volmgrx - ok
15:03:14.0492 2408 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:03:14.0508 2408 volsnap - ok
15:03:14.0508 2408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:03:14.0508 2408 vsmraid - ok
15:03:14.0617 2408 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:03:14.0648 2408 VSS - ok
15:03:14.0726 2408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:03:14.0726 2408 vwifibus - ok
15:03:14.0758 2408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:03:14.0758 2408 W32Time - ok
15:03:14.0773 2408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:03:14.0773 2408 WacomPen - ok
15:03:14.0804 2408 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:14.0804 2408 WANARP - ok
15:03:14.0804 2408 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:03:14.0804 2408 Wanarpv6 - ok
15:03:14.0929 2408 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:03:14.0960 2408 WatAdminSvc - ok
15:03:15.0054 2408 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:03:15.0070 2408 wbengine - ok
15:03:15.0132 2408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:03:15.0132 2408 WbioSrvc - ok
15:03:15.0179 2408 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
15:03:15.0179 2408 wcncsvc - ok
15:03:15.0194 2408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:03:15.0194 2408 WcsPlugInService - ok
15:03:15.0226 2408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:03:15.0226 2408 Wd - ok
15:03:15.0272 2408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:03:15.0272 2408 Wdf01000 - ok
15:03:15.0288 2408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:15.0288 2408 WdiServiceHost - ok
15:03:15.0304 2408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:03:15.0304 2408 WdiSystemHost - ok
15:03:15.0335 2408 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
15:03:15.0335 2408 WebClient - ok
15:03:15.0366 2408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:03:15.0366 2408 Wecsvc - ok
15:03:15.0382 2408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:03:15.0382 2408 wercplsupport - ok
15:03:15.0397 2408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:03:15.0397 2408 WerSvc - ok
15:03:15.0428 2408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:15.0428 2408 WfpLwf - ok
15:03:15.0444 2408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:03:15.0444 2408 WIMMount - ok
15:03:15.0506 2408 WinDefend - ok
15:03:15.0522 2408 WinHttpAutoProxySvc - ok
15:03:15.0569 2408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:03:15.0569 2408 Winmgmt - ok
15:03:15.0694 2408 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:03:15.0725 2408 WinRM - ok
15:03:15.0850 2408 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:03:15.0850 2408 WinUsb - ok
15:03:15.0928 2408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:03:15.0943 2408 Wlansvc - ok
15:03:16.0146 2408 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:16.0162 2408 wlidsvc - ok
15:03:16.0240 2408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:03:16.0240 2408 WmiAcpi - ok
15:03:16.0286 2408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:03:16.0302 2408 wmiApSrv - ok
15:03:16.0318 2408 WMPNetworkSvc - ok
15:03:16.0396 2408 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe
15:03:16.0396 2408 WMZuneComm - ok
15:03:16.0427 2408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:03:16.0427 2408 WPCSvc - ok
15:03:16.0442 2408 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:03:16.0458 2408 WPDBusEnum - ok
15:03:16.0474 2408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:03:16.0474 2408 ws2ifsl - ok
15:03:16.0489 2408 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:03:16.0505 2408 wscsvc - ok
15:03:16.0505 2408 WSearch - ok
15:03:16.0676 2408 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:03:16.0692 2408 wuauserv - ok
15:03:16.0786 2408 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:03:16.0786 2408 WudfPf - ok
15:03:16.0832 2408 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:16.0832 2408 WUDFRd - ok
15:03:16.0848 2408 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:03:16.0864 2408 wudfsvc - ok
15:03:16.0879 2408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:03:16.0895 2408 WwanSvc - ok
15:03:17.0300 2408 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe
15:03:17.0347 2408 ZuneNetworkSvc - ok
15:03:17.0410 2408 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:03:17.0425 2408 ZuneWlanCfgSvc - ok
15:03:17.0441 2408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:03:17.0503 2408 \Device\Harddisk0\DR0 - ok
15:03:17.0503 2408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR5
15:03:20.0062 2408 \Device\Harddisk3\DR5 - ok
15:03:20.0062 2408 Boot (0x1200) (022497c1b7bcad2d5ceea13edfa891a2) \Device\Harddisk0\DR0\Partition0
15:03:20.0062 2408 \Device\Harddisk0\DR0\Partition0 - ok
15:03:20.0077 2408 Boot (0x1200) (386dbfd8d620b6695be05c942ba0a169) \Device\Harddisk0\DR0\Partition1
15:03:20.0077 2408 \Device\Harddisk0\DR0\Partition1 - ok
15:03:20.0093 2408 Boot (0x1200) (16bbda88afff2d2aefd24d53e83c8a36) \Device\Harddisk3\DR5\Partition0
15:03:20.0093 2408 \Device\Harddisk3\DR5\Partition0 - ok
15:03:20.0093 2408 ============================================================
15:03:20.0093 2408 Scan finished
15:03:20.0093 2408 ============================================================
15:03:20.0108 0544 Detected object count: 0
15:03:20.0108 0544 Actual detected object count: 0
15:04:22.0586 3764 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 15:08:08
-----------------------------
15:08:08.186 OS Version: Windows x64 6.1.7600
15:08:08.186 Number of processors: 2 586 0x602
15:08:08.186 ComputerName: XXXXXXX UserName:
15:08:09.341 Initialize success
15:09:49.982 AVAST engine defs: 12042801
15:11:13.614 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
15:11:13.614 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
15:11:13.630 Disk 0 MBR read successfully
15:11:13.630 Disk 0 MBR scan
15:11:13.645 Disk 0 Windows 7 default MBR code
15:11:13.645 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
15:11:13.661 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
15:11:13.676 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 596378 MB offset 28878848
15:11:13.708 Disk 0 scanning C:\Windows\system32\drivers
15:11:19.776 Service scanning
15:11:35.594 Modules scanning
15:11:35.610 Disk 0 trace - called modules:
15:11:35.626 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
15:11:35.641 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002d72340]
15:11:35.641 3 CLASSPNP.SYS[fffff8800174b43f] -> nt!IofCallDriver -> [0xfffffa8002b6d9b0]
15:11:35.641 5 ACPI.sys[fffff88000f91781] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8002b949d0]
15:11:37.139 AVAST engine scan C:\Windows
15:11:39.978 AVAST engine scan C:\Windows\system32
15:13:54.497 AVAST engine scan C:\Windows\system32\drivers
15:14:02.936 AVAST engine scan C:\Users\abcwhse
15:17:07.921 AVAST engine scan C:\ProgramData
15:18:07.420 Scan finished successfully
15:22:39.733 Disk 0 MBR has been saved successfully to "G:\xxxxx Logs\MBR.dat"
15:22:39.764 The log file has been saved successfully to "G:\xxxxx Logs\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 28 April 2012 - 06:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
c:\programdata\caebffcfffcdct.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ut-oh

ut-oh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 28 April 2012 - 07:28 PM

Hello Gringo,

I created the script file as requested and dropped on combofix. It ran to completion, the log is below. Combofix appears to have run as expected, without issues. It seems to take a little while to create the log file after it reboots tho. The machine rebooted fine. I'm not noticing any obvious issues with the PC after dropping the script on ComboFix and running again.

Prior to running the script I had been using the computer to browse some web sites. It seemed to be working ok. I didn't have any trouble browsing sites.

I did notice that the IE shortcut is missing from the desktop. Do you know how to get the "special" IE icon back on the desktop? The one that allows you to open "Internet Options", or allows the user to select from the context menu "Start Without Add-ons"? This PC has Win 7 64 bit home premium. The installed version of IE is IE9 and resides in "Program Files (x86)" so I'm assuming it is the 32 bit version.

I also noticed some remnants when looking around a bit. Under "Control Panel > All Control Panel Icons > Notification Area Icons" I found three items that should not be there.

1) mcagent.exe
McAfee Internet Security Suite

2) gjSoArQFjTNTYMc.exe
System Error

3) aNFagV2doHVTMH.exe
SMART HDD

Item 1 was uninstalled. Item 2 & 3 are left over from clean operations I'm guessing. What are you thoughts on these items?

Regards,
ut-oh


ComboFix 12-04-28.01 - abcwhse 04/28/2012 19:46:17.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2815.1795 [GMT -4:00]
Running from: c:\users\abcwhse\Desktop\ComboFix.exe
Command switches used :: c:\users\abcwhse\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\caebffcfffcdct.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\caebffcfffcdct.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 23:53 . 2012-04-28 23:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-28 23:53 . 2012-04-28 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 14:11 . 2012-04-28 14:12 -------- d-----w- C:\FRST
2012-04-28 01:46 . 2012-04-28 01:47 -------- d-----w- C:\Ken
2012-04-28 01:41 . 2012-04-28 01:41 -------- d-----w- c:\program files\CCleaner
2012-04-27 21:17 . 2012-04-27 21:17 -------- d-----w- c:\users\abcwhse\AppData\Roaming\Malwarebytes
2012-04-27 21:16 . 2012-04-27 21:16 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 21:16 . 2012-04-27 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-27 21:16 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 20:31 . 2012-04-27 20:31 -------- d-----w- c:\windows\system32\Macromed
2012-04-27 20:15 . 2012-04-28 02:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-19 18:43 . 2012-04-28 23:57 90112 ----a-w- c:\programdata\caebffcfffcdct.exe
2012-04-14 00:10 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 00:10 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 00:10 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-14 00:10 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 00:10 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 00:10 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-14 00:10 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 12:28 . 2012-04-10 12:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:43 . 2012-03-01 11:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-01 11:43 . 2012-03-01 11:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-01 11:43 . 2012-03-01 11:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 11:43 . 2012-03-01 11:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-01 11:43 . 2012-03-01 11:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-01 11:43 . 2012-03-01 11:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-01 11:43 . 2012-03-01 11:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-01 11:43 . 2012-03-01 11:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-01 11:43 . 2012-03-01 11:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-01 11:43 . 2012-03-01 11:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-01 11:43 . 2012-03-01 11:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-01 11:43 . 2012-03-01 11:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-01 11:43 . 2012-03-01 11:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-01 11:43 . 2012-03-01 11:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-01 11:43 . 2012-03-01 11:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-01 11:43 . 2012-03-01 11:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-01 11:43 . 2012-03-01 11:43 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-01 11:43 . 2012-03-01 11:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-01 11:43 . 2012-03-01 11:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 11:43 . 2012-03-01 11:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-01 11:43 . 2012-03-01 11:43 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-01 11:43 . 2012-03-01 11:43 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-01 11:43 . 2012-03-01 11:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-01 11:43 . 2012-03-01 11:43 448512 ----a-w- c:\windows\system32\html.iec
2012-03-01 11:43 . 2012-03-01 11:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-01 11:43 . 2012-03-01 11:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-01 11:43 . 2012-03-01 11:43 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-01 11:43 . 2012-03-01 11:43 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 11:43 . 2012-03-01 11:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-01 11:43 . 2012-03-01 11:43 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-01 11:43 . 2012-03-01 11:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-01 11:43 . 2012-03-01 11:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:43 . 2012-03-01 11:43 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-01 11:43 . 2012-03-01 11:43 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 11:40 . 2012-03-01 11:40 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-01 11:40 . 2012-03-01 11:40 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-01 11:40 . 2012-03-01 11:40 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-01 11:40 . 2012-03-01 11:40 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-03-01 11:40 . 2012-03-01 11:40 4068864 ----a-w- c:\windows\system32\mf.dll
2012-03-01 11:40 . 2012-03-01 11:40 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-03-01 11:40 . 2012-03-01 11:40 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-01 11:40 . 2012-03-01 11:40 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-01 11:40 . 2012-03-01 11:40 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-01 11:40 . 2012-03-01 11:40 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-01 11:40 . 2012-03-01 11:40 206848 ----a-w- c:\windows\system32\mfps.dll
2012-03-01 11:40 . 2012-03-01 11:40 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-03-01 11:40 . 2012-03-01 11:40 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-03-01 11:40 . 2012-03-01 11:40 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-03-01 11:40 . 2012-03-01 11:40 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-03-01 11:40 . 2012-03-01 11:40 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-03-01 11:40 . 2012-03-01 11:40 144384 ----a-w- c:\windows\system32\cdd.dll
2012-03-01 11:40 . 2012-03-01 11:40 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-03-01 11:40 . 2012-03-01 11:40 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-10 06:17 . 2012-03-23 10:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-28_18.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-28 20:31 45330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-05 19:50 . 2012-04-28 20:31 17618 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4223666951-985947041-1069417598-1000_UserData.bin
- 2012-04-28 17:57 . 2012-04-28 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-28 23:54 . 2012-04-28 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-28 23:54 . 2012-04-28 23:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-28 17:57 . 2012-04-28 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-28 23:53 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-28 17:56 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-01 23:57 . 2012-04-28 23:53 2025100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4223666951-985947041-1069417598-1000-8192.dat
- 2009-07-14 02:34 . 2012-04-28 18:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-28 21:43 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{54d0da58-64e7-4408-be1f-72659f70fcbe}"= "c:\program files (x86)\24MusicBar\tb24Mu.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{54d0da58-64e7-4408-be1f-72659f70fcbe}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"caebffcfffcdct"="c:\programdata\caebffcfffcdct.exe" [2012-04-29 90112]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-02-17 149280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"caebffcfffcdct"="c:\programdata\caebffcfffcdct.exe" [2012-04-29 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.youcansearch.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 68.94.156.1 75.75.76.76 68.94.157.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{54D0DA58-64E7-4408-BE1F-72659F70FCBE} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-04-28 20:09:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 00:08
ComboFix2.txt 2012-04-28 18:22
ComboFix3.txt 2012-04-28 03:05
.
Pre-Run: 573,844,701,184 bytes free
Post-Run: 573,869,826,048 bytes free
.
- - End Of File - - 0C4076D8FC836FD25266946924CEFCB8

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 28 April 2012 - 08:01 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ut-oh

ut-oh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 28 April 2012 - 08:32 PM

Hello Gringo,

Thanks for your reply. The OTL tool ran to completion. No issues noted. The log clip is below.

cheers,
ut-oh


OTL logfile created on: 4/28/2012 9:17:02 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\abcwhse\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 58.03% Memory free
5.50 Gb Paging File | 4.39 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 534.52 Gb Free Space | 91.78% Space Free | Partition Type: NTFS

Computer Name: XXXXXX | User Name: abcwhse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\abcwhse\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x1301&r=17360210s307p0398v165w49k1t646
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youcansearch.com
IE - HKLM\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files (x86)\24MusicBar\tb24Mu.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{51976c6e-f6a9-48b4-a1e9-b675e0996a80}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2415802
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.youcansearch.com/?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files (x86)\24MusicBar\tb24Mu.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\{104D340C-EF5C-49CA-B14A-445C58202915}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20100938,6686,0,8,0
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=YYYYYYYYUS&apn_uid=018DB58C-7694-4CB0-8E3D-936F7ED9E36F&apn_sauid=4EF1F3CF-0D13-451A-96A6-1166DDD2B0C0
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\{51976c6e-f6a9-48b4-a1e9-b675e0996a80}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS367
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.youcansearch.com/?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2415802
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\SearchScopes\Comcast: "URL" = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2010/09/15 23:12:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/28 19:54:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\..\Toolbar\WebBrowser: (24MusicBar Toolbar) - {54D0DA58-64E7-4408-BE1F-72659F70FCBE} - C:\Program Files (x86)\24MusicBar\tb24Mu.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [caebffcfffcdct] C:\ProgramData\caebffcfffcdct.exe ()
O4 - HKU\S-1-5-18..\Run: [caebffcfffcdct] C:\ProgramData\caebffcfffcdct.exe ()
O4 - HKU\S-1-5-21-4223666951-985947041-1069417598-1000..\Run: [caebffcfffcdct] C:\ProgramData\caebffcfffcdct.exe ()
O4 - HKU\S-1-5-21-4223666951-985947041-1069417598-1000..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-4223666951-985947041-1069417598-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4223666951-985947041-1069417598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 75.75.76.76 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A129786C-64BA-4872-8723-6C9748E3EC98}: DhcpNameServer = 68.94.156.1 75.75.76.76 68.94.157.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 21:13:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\abcwhse\Desktop\OTL.exe
[2012/04/28 20:09:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/28 15:02:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\abcwhse\Desktop\aswMBR.exe
[2012/04/28 15:02:08 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\abcwhse\Desktop\tdsskiller.exe
[2012/04/28 14:00:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/28 14:00:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/28 14:00:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/28 10:11:10 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/27 23:11:58 | 004,478,552 | R--- | C] (Swearware) -- C:\Users\abcwhse\Desktop\ComboFix.exe
[2012/04/27 22:42:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/27 22:39:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/27 21:46:55 | 000,000,000 | ---D | C] -- C:\Ken
[2012/04/27 21:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/04/27 21:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/27 17:17:10 | 000,000,000 | ---D | C] -- C:\Users\abcwhse\AppData\Roaming\Malwarebytes
[2012/04/27 17:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/27 17:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/27 17:16:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/27 17:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/27 16:31:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/27 16:15:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/19 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\abcwhse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/15 07:04:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/15 07:04:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/15 07:04:28 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/15 07:04:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/15 07:04:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/15 07:04:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/15 07:04:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/15 07:04:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/15 07:04:25 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/15 07:04:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/15 07:04:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/13 20:10:55 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 20:10:55 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 20:10:54 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 10:47:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/10 08:28:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/04/05 16:20:31 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/05 16:20:30 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/04/05 16:20:30 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/04/05 16:20:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/05 16:20:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/04/05 16:20:28 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/04/05 16:20:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/04/05 16:20:24 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/04/05 16:20:24 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/28 21:18:54 | 000,090,112 | ---- | M] () -- C:\ProgramData\caebffcfffcdct.exe
[2012/04/28 21:11:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\abcwhse\Desktop\OTL.exe
[2012/04/28 20:01:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 20:01:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/28 19:54:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/28 19:54:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/28 19:54:12 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/28 16:04:21 | 000,001,447 | ---- | M] () -- C:\Users\abcwhse\Desktop\Internet Explorer.lnk
[2012/04/28 15:01:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\abcwhse\Desktop\aswMBR.exe
[2012/04/28 15:00:44 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\abcwhse\Desktop\tdsskiller.exe
[2012/04/28 13:52:00 | 004,478,552 | R--- | M] (Swearware) -- C:\Users\abcwhse\Desktop\ComboFix.exe
[2012/04/27 21:41:45 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/27 17:17:43 | 000,001,137 | ---- | M] () -- C:\Users\abcwhse\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/27 17:17:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/27 16:12:50 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/27 16:12:50 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/27 16:12:50 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/27 15:54:35 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/05 16:59:44 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/28 16:04:21 | 000,001,447 | ---- | C] () -- C:\Users\abcwhse\Desktop\Internet Explorer.lnk
[2012/04/28 14:00:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/28 14:00:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/28 14:00:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/28 14:00:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/28 14:00:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/27 21:41:45 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/27 17:16:49 | 000,001,137 | ---- | C] () -- C:\Users\abcwhse\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/27 17:16:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/27 15:54:35 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/19 14:43:58 | 000,090,112 | ---- | C] () -- C:\ProgramData\caebffcfffcdct.exe
[2011/10/13 17:48:48 | 000,000,000 | ---- | C] () -- C:\Users\abcwhse\AppData\Local\{AF352FF4-7DDE-4C88-A741-D3F5E7DA06A8}
[2011/05/23 21:16:08 | 000,000,000 | ---- | C] () -- C:\Users\abcwhse\AppData\Local\{4FB06C16-5124-47A3-A179-223DD213D8A8}
[2011/05/23 18:30:05 | 000,000,000 | ---- | C] () -- C:\Users\abcwhse\AppData\Local\{D8920288-DEF1-4CA4-9F44-07D209AE042C}

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users