Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Celas zeroaccess rootkit


  • This topic is locked This topic is locked
45 replies to this topic

#1 Aspall

Aspall

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 20 May 2012 - 07:09 AM

As many other users i've seen, have been infected with the "celas" zeroaccess rootkit problem.
Can restart/shut down va ctrl+alt+delete, but can't do anything else.

Read another thread and got as far as scanning with FRST 32-bit version as im using Windows 7, but not really sure what to do from there?

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:11 PM

Posted 20 May 2012 - 02:57 PM

Hi Aspall,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in quote or code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

You mentioned you ran FRST 32-bit version. Please post the log it created (FRST.txt). :thumbup2:

Edited by jntkwx, 20 May 2012 - 05:56 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 22 May 2012 - 06:12 AM

Hi Jason, thanks for responding!

attached the file. I've not tried anything since as instructed. The first bit i managed to gather from reading others with the same problem.

Aspall

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 19-05-2012
Ran by SYSTEM at 20-05-2012 12:22:09
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [17753352 2009-07-22] (Motorola, Inc.)
HKLM\...\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe [2068480 2009-07-24] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1318816 2012-03-21] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [VX3000] C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKU\Martin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Martin\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [15026056 2011-01-26] (Skype Technologies S.A.)
HKU\Martin\...\Run: [Facebook Update] "C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-09-28] (Facebook Inc.)
HKU\Martin\...\Run: [Update] C:\Users\Martin\AppData\Roaming\wpbt0.dll [132096 2012-05-19] ()
HKLM\...\Winlogon: [Shell] C:\Windows\Temp\rrydqi\setup.exe [x ] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 AdobeFlashPlayerUpdateSvc; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2012-05-06] (Adobe Systems Incorporated)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-07-29] (AMD)
3 Bluetooth Device Manager; "C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe" [3473672 2009-07-22] (Motorola, Inc.)
3 Bluetooth Media Service; "C:\Program Files\Motorola\Bluetooth\audiosrv.exe" [709384 2009-07-22] (Motorola, Inc.)
2 Bluetooth OBEX Service; "C:\Program Files\Motorola\Bluetooth\obexsrv.exe" [474888 2009-07-22] (Motorola, Inc.)
3 HRN; C:\Users\Martin\AppData\Local\Temp\HRN.exe [469888 2012-04-13] (Sysinternals - www.sysinternals.com)
2 IviRegMgr; "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361976 2012-03-22] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\windows\system32\mfevtps.exe" [151880 2012-03-20] (McAfee, Inc.)
2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.)
2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.)
3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [129976 2012-04-30] (Mozilla Foundation)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 qqrota; C:\windows\system32\qqrota.exe [18944 2011-07-01] ()
3 ROQXQWNU; C:\Users\Martin\AppData\Local\Temp\ROQXQWNU.exe [453504 2011-12-07] (Sysinternals - www.sysinternals.com)
3 SCMYIMZRLQLPY; C:\Users\Martin\AppData\Local\Temp\SCMYIMZRLQLPY.exe [359296 2012-04-13] (Sysinternals - www.sysinternals.com)
3 TapiSrv; C:\Windows\System32\svchost.exe -k NetworkService [20992 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\svchost.exe -k NetworkService [20992 2009-07-13] (Microsoft Corporation)
3 VGTWWQGEA; C:\Users\Martin\AppData\Local\Temp\VGTWWQGEA.exe [564096 2011-12-07] (Sysinternals - www.sysinternals.com)
3 YPQ; C:\Users\Martin\AppData\Local\Temp\YPQ.exe [576384 2012-04-14] (Sysinternals - www.sysinternals.com)
2 3comtftp; C:\Windows\System32\MA8032U.dll [x]
2 aalogger; C:\Windows\System32\hpqwmi.dll [x]
2 advservice; C:\Windows\System32\naveng.dll [x]
2 agpcpq; C:\Windows\System32\splitter.dll [x]
2 AlteraByteBlaster; C:\Windows\System32\imapiservice.dll [x]
2 ALYac_PZSrv; C:\Windows\System32\SprintRcAppSvc.dll [x]
2 amfilter; C:\Windows\System32\sbpci.dll [x]
2 apache2; C:\Windows\System32\wg6n.dll [x]
2 appdrv; C:\Windows\System32\rpcnet.dll [x]
2 appmgmt; C:\Windows\System32\PCTINDIS5.dll [x]
2 ARCSOFTVIRTUALCAPTURE; C:\Windows\System32\slave.dll [x]
2 armoucfltr; C:\Windows\System32\cmpci.dll [x]
2 ARPolicy; C:\Windows\System32\rnadirectory.dll [x]
2 asc; C:\Windows\System32\PGPdisk.dll [x]
2 asctrm; C:\Windows\System32\UimBus.dll [x]
2 AsIO; C:\Windows\System32\rp32service.dll [x]
2 asp.net_2.0.50727; C:\Windows\System32\swwd.dll [x]
2 atfsd; C:\Windows\System32\webrootspysweeperservice.dll [x]
2 ATIBTCAP; C:\Windows\System32\uphclean.dll [x]
2 ATIBTXBAR; C:\Windows\System32\npkcrypt.dll [x]
2 ativraxx; C:\Windows\System32\USB28xxBGA.dll [x]
2 atmarpc; C:\Windows\System32\isapisearch.dll [x]
2 AVCamUSB20; C:\Windows\System32\VX3000.dll [x]
2 avgclean; C:\Windows\System32\PGPsdkDriver.dll [x]
2 avgio; C:\Windows\System32\inport.dll [x]
2 avidstartup; C:\Windows\System32\awlegacy.dll [x]
2 BCMTPM; C:\Windows\System32\winpowerrmi.dll [x]
2 bcoreusb; C:\Windows\System32\adiusbaw.dll [x]
2 bc_tdi_f; C:\Windows\System32\TMHIDSRV.dll [x]
2 bdfdll; C:\Windows\System32\symwsc.dll [x]
2 bdrsdrv; C:\Windows\System32\nimcrpcsu.dll [x]
2 Blfp; C:\Windows\System32\vhidmini.dll [x]
2 BVRPMPR5; C:\Windows\System32\vpcvmm.dll [x]
2 cachemgr; C:\Windows\System32\venturi2.dll [x]
2 carboniteservice; C:\Windows\System32\ar5211.dll [x]
2 CBTNDIS5; C:\Windows\System32\retrolauncher.dll [x]
2 ccdecode; C:\Windows\System32\pdframe.dll [x]
2 cdaudio; C:\Windows\System32\iPassPeriodicUpdateService.dll [x]
2 cmudau; C:\Windows\System32\Defrag32b.dll [x]
2 CnxTrLan; C:\Windows\System32\eventclientmultiplexer.dll [x]
2 contentindex; C:\Windows\System32\SE2Dmdfl.dll [x]
2 cpqfcalm; C:\Windows\System32\dmboot.dll [x]
2 crystaloutputfileserver; C:\Windows\System32\relational.dll [x]
2 CrystalSysInfo; C:\Windows\System32\DgiVecp.dll [x]
2 curtainssyssvc; C:\Windows\System32\omsad.dll [x]
2 cwafrmiregistry; C:\Windows\System32\smapint.dll [x]
2 d-link_st3402; C:\Windows\System32\PSDNServ.dll [x]
2 db2; C:\Windows\System32\XFX_program.dll [x]
2 DCamUSBGrandTek; C:\Windows\System32\nicconfigsvc.dll [x]
2 DcLps; C:\Windows\System32\ldlcserv.dll [x]
2 deltafw; C:\Windows\System32\ql1280.dll [x]
2 de_serv; C:\Windows\System32\UxTuneUp.dll [x]
2 df5serv; C:\Windows\System32\odserv.dll [x]
2 dlapoolm; C:\Windows\System32\ATIBTXBAR.dll [x]
2 dlbx_device; C:\Windows\System32\pae_avs.dll [x]
2 dmio; C:\Windows\System32\nchssvad.dll [x]
2 dmusic; C:\Windows\System32\nimcdlbk.dll [x]
2 dntus26; C:\Windows\System32\ASFWHide.dll [x]
2 dtscsi; C:\Windows\System32\tsmapip.dll [x]
2 e1express; C:\Windows\System32\lightscribeservice.dll [x]
2 EACSvrMngr; C:\Windows\System32\disk.dll [x]
2 easdrv; C:\Windows\System32\ALABULK.dll [x]
2 EIO_XP; C:\Windows\System32\btkrnl.dll [x]
2 EKECioCtl; C:\Windows\System32\s716unic.dll [x]
2 EL90X; C:\Windows\System32\agpcpq.dll [x]
2 ELmon; C:\Windows\System32\cpsvc.dll [x]
2 elservice; C:\Windows\System32\zfdwm.dll [x]
2 emAudio; C:\Windows\System32\pgpserv.dll [x]
2 emu10k1; C:\Windows\System32\websensecamreportserver.dll [x]
2 epgspooler; C:\Windows\System32\Sk9920nt.dll [x]
2 Epiusb; C:\Windows\System32\ncupdatesvc.dll [x]
2 epsonstatusagent2; C:\Windows\System32\NMSSvc.dll [x]
2 euq_monitor; C:\Windows\System32\rtl8029.dll [x]
2 FETNDIS; C:\Windows\System32\retrowdsvc.dll [x]
2 filechecker; C:\Windows\System32\TUWinStylerThemeSvc.dll [x]
2 FireHook; C:\Windows\System32\beatjammusicstreamingserver.dll [x]
2 firelm01; C:\Windows\System32\MxlW2k.dll [x]
2 FireTDI; C:\Windows\System32\fdc.dll [x]
2 flashcomadmin; C:\Windows\System32\RalinkRegistryWriter.dll [x]
2 FlexBios; C:\Windows\System32\usbehci.dll [x]
2 ghostsec; C:\Windows\System32\IntelC51.dll [x]
2 hpqwmiex; C:\Windows\System32\SymIM.dll [x]
2 HPSLPSVC; C:\Windows\System32\nm.dll [x]
2 hsxhwazl; C:\Windows\System32\tsp.dll [x]
2 hwpsgt; C:\Windows\System32\se2Bnd5.dll [x]
2 iaimtv4; C:\Windows\System32\uiusys.dll [x]
2 iap; C:\Windows\System32\genmcmn.dll [x]
2 ibmpmdrv; C:\Windows\System32\infrastructure.dll [x]
2 ibmsmbus; C:\Windows\System32\db2das00.dll [x]
2 imountsrv; C:\Windows\System32\aiclient.dll [x]
2 int15.sys; C:\Windows\System32\EQDRV5.dll [x]
2 InterBaseServer; C:\Windows\System32\secdrv.dll [x]
2 iviVD; C:\Windows\System32\incdrm.dll [x]
2 k750obex; C:\Windows\System32\wlancig.dll [x]
2 kerbkey; C:\Windows\System32\kraidsvc.dll [x]
2 L6POD; C:\Windows\System32\cpqrcmc.dll [x]
2 lckfldservice; C:\Windows\System32\FlexBios.dll [x]
2 LHidUsbK; C:\Windows\System32\iPassPeriodicUpdateApp.dll [x]
2 LKbdFlt2; C:\Windows\System32\pvservice.dll [x]
2 LMouKE; C:\Windows\System32\ABVPN2K.dll [x]
2 logmein; C:\Windows\System32\MegaSR.dll [x]
2 LUsbKbd; C:\Windows\System32\rimusb.dll [x]
2 lvpopflt; C:\Windows\System32\dsproct.dll [x]
2 lvtuner; C:\Windows\System32\symevent.dll [x]
2 lvupdtio; C:\Windows\System32\TryAndDecideService.dll [x]
2 lxbt_device; C:\Windows\System32\Video3D.dll [x]
2 lxcf_device; C:\Windows\System32\M3AD.dll [x]
2 lxrsge10s; C:\Windows\System32\licenseservice.dll [x]
2 ma763004; C:\Windows\System32\nimcdfxk.dll [x]
2 MailService; C:\Windows\System32\CAMFLT.dll [x]
2 mcafeeantispyware; C:\Windows\System32\ssm_mdfl.dll [x]
2 mcredirector; C:\Windows\System32\wacomkey.dll [x]
2 megamonitorsrv; C:\Windows\System32\pdlndoem.dll [x]
2 Memctl; C:\Windows\System32\wlsetupsvc.dll [x]
2 mnsframework; C:\Windows\System32\NVXBAR.dll [x]
2 modemcsa; C:\Windows\System32\https-nassry.dll [x]
2 mpservice; C:\Windows\System32\mrobeservice.dll [x]
2 MRESP50; C:\Windows\System32\srv.dll [x]
2 mrpostman; C:\Windows\System32\mxnic.dll [x]
2 mwspollserver; C:\Windows\System32\NEOFLTR_600_13319.dll [x]
2 mwstick; C:\Windows\System32\oracleorahome92tnslistener.dll [x]
2 naimagent32; C:\Windows\System32\atitool.dll [x]
2 ndasscsi; C:\Windows\System32\rtl8023.dll [x]
2 NetMsmqActivator; C:\Windows\System32\mcvsrte.dll [x]
2 networkx; C:\Windows\System32\se58mgmt.dll [x]
2 nic1394; C:\Windows\System32\btserial.dll [x]
2 nimcrpcsu; C:\Windows\System32\bgs_sdservice.dll [x]
2 nimxdfk; C:\Windows\System32\atinevxx.dll [x]
2 nipsvc; C:\Windows\System32\mcredirector.dll [x]
2 nmap; C:\Windows\System32\rfcomm.dll [x]
2 nmservice; C:\Windows\System32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll [x]
2 nsausvc; C:\Windows\System32\AR5416.dll [x]
2 nsysaudm; C:\Windows\System32\wmccds.dll [x]
2 NTACCESS; C:\Windows\System32\nipsvc.dll [x]
2 ntsecure; C:\Windows\System32\pcx1nd5.dll [x]
2 nvatabus; C:\Windows\System32\Subsonic.dll [x]
2 nvnforce; C:\Windows\System32\z525mdm.dll [x]
2 NWHOST; C:\Windows\System32\CTMFLT.dll [x]
2 nwlnkflt; C:\Windows\System32\AsuhfivrO.dll [x]
2 nwlnkspx; C:\Windows\System32\tfsnifs.dll [x]
2 olregcap; C:\Windows\System32\spsslm.dll [x]
2 OneCareMP; C:\Windows\System32\winpppoverethernet.dll [x]
2 oracle%oracle_home_service%clientcache80; C:\Windows\System32\ssmdrv.dll [x]
2 oracleorahome811cmadmin; C:\Windows\System32\v2imount.dll [x]
2 oracleorahomedatagatherer; C:\Windows\System32\DCamUSBMke2.dll [x]
2 oracleorahometnslistener; C:\Windows\System32\{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}.dll [x]
2 oracle_load_balancer_60_server-forms6ip14; C:\Windows\System32\CdaD10BA.dll [x]
2 p1131vid; C:\Windows\System32\netdevio.dll [x]
2 pcctlcom; C:\Windows\System32\noipducservice.dll [x]
2 PciBus; C:\Windows\System32\om518p.dll [x]
2 pcidrv; C:\Windows\System32\symantecantibotagent.dll [x]
2 pctavsvc; C:\Windows\System32\cdr4_2k.dll [x]
2 pdlncbas; C:\Windows\System32\GoToAssist.dll [x]
2 pdlndint; C:\Windows\System32\nmraapache.dll [x]
2 pdlndtdl; C:\Windows\System32\dpfusmgr.dll [x]
2 pinetmgr; C:\Windows\System32\inetaccs.dll [x]
2 prevxagent; C:\Windows\System32\tpkd.dll [x]
2 prodrv06; C:\Windows\System32\sr_watchdog.dll [x]
2 prohlp02; C:\Windows\System32\VSP1284D.dll [x]
2 proxyhostdriver; C:\Windows\System32\ROB_V.dll [x]
2 ql12160; C:\Windows\System32\3c1807pd.dll [x]
2 racsvc; C:\Windows\System32\e1express.dll [x]
2 raidmagt; C:\Windows\System32\motoswitchservice.dll [x]
2 rapapp; C:\Windows\System32\PCDRSRVC.dll [x]
2 rimusb; C:\Windows\System32\tones.dll [x]
2 rismxdp; C:\Windows\System32\oracle_load_balancer_60_client-forms6i.dll [x]
2 rmedia; C:\Windows\System32\winss.dll [x]
2 ROCKEYNT; C:\Windows\System32\SWNC8U20.dll [x]
2 roxmediadb; C:\Windows\System32\s117bus.dll [x]
2 roxmediadb9; C:\Windows\System32\ctljystk.dll [x]
2 roxupnpserver; C:\Windows\System32\ofcservice.dll [x]
2 rp32service; C:\Windows\System32\svchost.dll [x]
2 RR2Vbi; C:\Windows\System32\SE2Cmdfl.dll [x]
2 rsvp; C:\Windows\System32\rrrspy.dll [x]
2 RTL8169; C:\Windows\System32\tifm.dll [x]
2 RTSTOR; C:\Windows\System32\MA_CMIDI.dll [x]
2 s116bus; C:\Windows\System32\appmgmt.dll [x]
2 s117obex; C:\Windows\System32\ACDaemon.dll [x]
2 s3ssavage; C:\Windows\System32\NSSvcMgr.dll [x]
2 s616mdm; C:\Windows\System32\DritekPortIO.dll [x]
2 s616unic; C:\Windows\System32\arc.dll [x]
2 s716obex; C:\Windows\System32\ATSWPDRV.dll [x]
2 sagefserver; C:\Windows\System32\zpsc.dll [x]
2 savrtpel; C:\Windows\System32\WmVirHid.dll [x]
2 ScanUSBEMPIA; C:\Windows\System32\clr_optimization_v2.0.50727_32.dll [x]
2 sdcplh; C:\Windows\System32\ASInsHelp.dll [x]
2 SE26mgmt; C:\Windows\System32\ONSIO.dll [x]
2 SE2Bmdm; C:\Windows\System32\pwkntmon.dll [x]
2 SE2Cmgmt; C:\Windows\System32\BrPar.dll [x]
2 se44nd5; C:\Windows\System32\sony_ssm.sys.dll [x]
2 se44obex; C:\Windows\System32\NMSAccessU.dll [x]
2 SED133x; C:\Windows\System32\SQLWriter.dll [x]
2 SerTVOutCtlr; C:\Windows\System32\dxdebug.dll [x]
2 servicelayer; C:\Windows\System32\savrtpel.dll [x]
2 sfhlp01; C:\Windows\System32\msk80service.dll [x]
2 sfvfs02; C:\Windows\System32\c34nb4c5.dll [x]
2 sgeclient; C:\Windows\System32\tosrfsnd.dll [x]
2 sit_mdm; C:\Windows\System32\Si3132.dll [x]
2 slabser; C:\Windows\System32\HFACSVC.dll [x]
2 slave; C:\Windows\System32\penrendezvous.dll [x]
2 SlNtHal; C:\Windows\System32\lsdiorw.dll [x]
2 SndTDriverV32; C:\Windows\System32\tfsnudf.dll [x]
2 SNMP; C:\Windows\System32\LRMINIPORT.dll [x]
2 spbbcsvc; C:\Windows\System32\k750mdfl.dll [x]
2 speedfan; C:\Windows\System32\backuplauncher.dll [x]
2 Spsmqvsm; C:\Windows\System32\wg111nd5.dll [x]
2 spupdsvc; C:\Windows\System32\ithsgt.dll [x]
2 SQTECH9080; C:\Windows\System32\cicssfs.scmmc223.dll [x]
2 SRTSPL; C:\Windows\System32\stylexpservice.dll [x]
2 ss_mdm; C:\Windows\System32\usrbridg.dll [x]
2 sweepsrv.sys; C:\Windows\System32\NWUSBModem.dll [x]
2 symndis; C:\Windows\System32\tifmsony.dll [x]
2 T6963C; C:\Windows\System32\hwpsgt.dll [x]
2 tdrpman174; C:\Windows\System32\nsm1serd.dll [x]
2 tdsmapi; C:\Windows\System32\lxcr_device.dll [x]
2 tfsndrct; C:\Windows\System32\uclauncherservice.dll [x]
2 thotkey; C:\Windows\System32\wltwo51b.dll [x]
2 tlntsvr; C:\Windows\System32\E1000.dll [x]
2 tmactmon; C:\Windows\System32\mnsframework.dll [x]
2 tmesrv3; C:\Windows\System32\vserial.dll [x]
2 tmtdi; C:\Windows\System32\Xyz777b.dll [x]
2 TNaviSrv; C:\Windows\System32\o2flash.dll [x]
2 tng-doba; C:\Windows\System32\gs30s.dll [x]
2 tphkdrv; C:\Windows\System32\hsfhwazl.dll [x]
2 TPM; C:\Windows\System32\vmparport.dll [x]
2 transactional; C:\Windows\System32\netddedsdm.dll [x]
2 transbaseservice; C:\Windows\System32\mfesmfk.dll [x]
2 trlokom_rmhsvc; C:\Windows\System32\atixsaudio.dll [x]
2 TSHWMDTCP; C:\Windows\System32\wmdmpmsn.dll [x]
2 tunnelguardservice; C:\Windows\System32\v124.dll [x]
2 TUWinStylerThemeSvc; C:\Windows\System32\wlankeeper.dll [x]
2 tvicport; C:\Windows\System32\3comtftp.dll [x]
2 U2SP; C:\Windows\System32\wintabservice.dll [x]
2 U3sHlpDr; C:\Windows\System32\VAIOMediaPlatform-VideoServer-HTTP.dll [x]
2 UDFReadr; C:\Windows\System32\viairda.dll [x]
2 ufdsvc; C:\Windows\System32\cqmghost.dll [x]
2 uploadmgr; C:\Windows\System32\curtainssyssvc.dll [x]
2 USB28xxOEM; C:\Windows\System32\atiavaiw.dll [x]
2 usbsermptxp; C:\Windows\System32\bdss.dll [x]
2 uscbs108; C:\Windows\System32\PTDCBus.dll [x]
2 usprserv; C:\Windows\System32\snpstd.dll [x]
2 UxTuneUp; C:\Windows\System32\mstdfrgs.dll [x]
2 V0080Dev; C:\Windows\System32\zumbus.dll [x]
2 VAIOMediaPlatform-VideoServer-HTTP; C:\Windows\System32\CVPNDRVA.dll [x]
2 VC6SecS; C:\Windows\System32\adobeactivefilemonitor5.0.dll [x]
2 vcsw; C:\Windows\System32\regmon701.dll [x]
2 vhidmini; C:\Windows\System32\issuser.dll [x]
2 Via4in1; C:\Windows\System32\rdnaoflsvc.dll [x]
2 vncdrv; C:\Windows\System32\Hardlock.dll [x]
2 vpcnfltr; C:\Windows\System32\DSI_SiUSBXp_3_1.dll [x]
2 VrAcFil; C:\Windows\System32\dsbrokerservice.dll [x]
2 W2acehid; C:\Windows\System32\hamachi.dll [x]
2 w550bus; C:\Windows\System32\CTSBLFX.DLL.dll [x]
2 w800obex; C:\Windows\System32\firesvc.dll [x]
2 W8335XP; C:\Windows\System32\ibmsmbus.dll [x]
2 was; C:\Windows\System32\HWSCtrl.dll [x]
2 Wbutton; C:\Windows\System32\null.dll [x]
2 webrootenterpriseclientservice; C:\Windows\System32\ups.dll [x]
2 websensecamreportserver; C:\Windows\System32\cvsnt.dll [x]
2 websensecamserver; C:\Windows\System32\pctoolsfirewallplus.dll [x]
2 websensepolicyserver; C:\Windows\System32\hotspotshieldservice.dll [x]
2 websenseuserservice; C:\Windows\System32\cebdaldr.dll [x]
2 webupdate; C:\Windows\System32\nwlnkflt.dll [x]
2 WINIO; C:\Windows\System32\epfwtdi.dll [x]
2 winproxy; C:\Windows\System32\nvcap.dll [x]
2 wkscfgsrv; C:\Windows\System32\awservice.dll [x]
2 wlancfg; C:\Windows\System32\w800bus.dll [x]
2 WmaCDriverV32; C:\Windows\System32\simbad.dll [x]
2 WmHidLo; C:\Windows\System32\AEADIFilters.dll [x]
2 wps; C:\Windows\System32\pctavsvc.dll [x]
2 WUSB54Gv4SVC; C:\Windows\System32\adsexpb.dll [x]
2 Wuser32; C:\Windows\System32\mdmxsdk.dll [x]
2 XFX_program; C:\Windows\System32\qmofiltr.dll [x]
2 XUIF; C:\Windows\System32\trackcam4.dll [x]
2 Xyz777b; C:\Windows\System32\ldap.dll [x]
2 yats32; C:\Windows\System32\mhn.dll [x]
2 yukonwxp; C:\Windows\System32\tvald.dll [x]
2 z525obex; C:\Windows\System32\eaps2kbd.dll [x]
2 zebrmdm; C:\Windows\System32\odclientservice.dll [x]
2 zpsc; C:\Windows\System32\vmkbd2.dll [x]
2 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}; C:\Windows\System32\sglfb.dll [x]
2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Windows\System32\fallback.dll [x]
2 {a7447300-8075-4b0d-83f1-3d75c8ebc623}; C:\Windows\System32\zpmysql.dll [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4994560 2009-07-30] (ATI Technologies Inc.)
0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [14392 2009-05-05] (Advanced Micro Devices Inc.)
3 BTMCOM; C:\Windows\System32\Drivers\btmcom.sys [40448 2009-07-09] (Motorola, Inc.)
3 btmhid; C:\Windows\System32\DRIVERS\btmhid.sys [27008 2009-06-29] (Motorola, Inc.)
3 BTMUSB; C:\Windows\System32\Drivers\btmusb.sys [516608 2009-07-13] (Motorola, Inc.)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)
3 MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [40776 2012-05-13] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-13] ()
3 netr28; C:\Windows\System32\DRIVERS\netr28.sys [604672 2009-06-18] (Ralink Technology, Corp.)
2 regi; C:\Windows\System32\drivers\regi.sys [11032 2007-04-17] (InterVideo)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1068032 2009-07-13] (Motorola Inc.)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [x]
3 mfeavfk01; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: admservice
NETSVC: savrtpel
NETSVC: bdrsdrv
NETSVC: EL90X
NETSVC: tdsmapi
NETSVC: zntport
NETSVC: vhidmini
NETSVC: lvpopflt
NETSVC: hpqwmiex
NETSVC: lxcr_device
NETSVC: EIO_XP
NETSVC: thotkey
NETSVC: Nmea
NETSVC: rtl8187Se
NETSVC: lckfldservice
NETSVC: FlexBios
NETSVC: euq_monitor
NETSVC: LPDSVC
NETSVC: ar5211
NETSVC: websensecamreportserver
NETSVC: TNaviSrv
NETSVC: ibmsmbus
NETSVC: TSHWMDTCP
NETSVC: RTSTOR
NETSVC: nic1394
NETSVC: d-link_st3402
NETSVC: ccdecode
NETSVC: UDFReadr
NETSVC: websensepolicyserver
NETSVC: mrpostman
NETSVC: NTACCESS
NETSVC: Xyz777b
NETSVC: spbbcsvc
NETSVC: sit_mdm
NETSVC: s116bus
NETSVC: agpcpq
NETSVC: SE26mgmt
NETSVC: RTL8169
NETSVC: cdaudio
NETSVC: wlancfg
NETSVC: cwafrmiregistry
NETSVC: TPM
NETSVC: VrAcFil
NETSVC: {a7447300-8075-4b0d-83f1-3d75c8ebc623}
NETSVC: s616unic
NETSVC: Blfp
NETSVC: hsxhwazl
NETSVC: webupdate
NETSVC: s117obex
NETSVC: aeaudio
NETSVC: usbbus
NETSVC: {95808DC4-FA4A-4c74-92FE-5B863F82066B}
NETSVC: carboniteservice
NETSVC: CBTNDIS5
NETSVC: ndasscsi
NETSVC: se44obex
NETSVC: nsvclog
NETSVC: dlbx_device
NETSVC: firelm01
NETSVC: OneCareMP
NETSVC: crystaloutputfileserver
NETSVC: rimusb
NETSVC: snoopfreesvc
NETSVC: 3comtftp
NETSVC: roxupnpserver
NETSVC: BCMTPM
NETSVC: servicemgr
NETSVC: w550bus
NETSVC: smapint
NETSVC: flashcomadmin
NETSVC: L6POD
NETSVC: networkx
NETSVC: lxbt_device
NETSVC: iap
NETSVC: ibmpmdrv
NETSVC: mpservice
NETSVC: servicelayer
NETSVC: logmein
NETSVC: nimxdfk
NETSVC: yukonwxp
NETSVC: asp.net_2.0.50727
NETSVC: SE2Cmgmt
NETSVC: tdrpman174
NETSVC: df5serv
NETSVC: dlapoolm
NETSVC: rapapp
NETSVC: contentindex
NETSVC: s616mdm
NETSVC: ghostsec
NETSVC: ATIBTXBAR
NETSVC: V0080Dev
NETSVC: tfsndrct
NETSVC: SerTVOutCtlr
NETSVC: spupdsvc
NETSVC: SNMP
NETSVC: ql12160
NETSVC: tphkdrv
NETSVC: DcLps
NETSVC: mwspollserver
NETSVC: amfilter
NETSVC: sfhlp01
NETSVC: vcsw
NETSVC: raidmagt
NETSVC: bcoreusb
NETSVC: lxcf_device
NETSVC: DCamUSBGrandTek
NETSVC: megamonitorsrv
NETSVC: nsausvc
NETSVC: Epiusb
NETSVC: ativraxx
NETSVC: w800obex
NETSVC: pctavsvc
NETSVC: oracle_load_balancer_60_server-forms6ip14
NETSVC: s3ssavage
NETSVC: CrystalSysInfo
NETSVC: elservice
NETSVC: VC6SecS
NETSVC: avgclean
NETSVC: imountsrv
NETSVC: modemcsa
NETSVC: tmesrv3
NETSVC: Spsmqvsm
NETSVC: iviVD
NETSVC: emAudio
NETSVC: PciBus
NETSVC: nwlnkflt
NETSVC: NWHOST
NETSVC: deltafw
NETSVC: avgio
NETSVC: epsonstatusagent2
NETSVC: T6963C
NETSVC: SRTSPL
NETSVC: mnsframework
NETSVC: asc
NETSVC: sfcure01
NETSVC: wkscfgsrv
NETSVC: MRESP50
NETSVC: wps
NETSVC: se44nd5
NETSVC: bc_tdi_f
NETSVC: mwstick
NETSVC: nwlnkspx
NETSVC: hwpsgt
NETSVC: sdcplh
NETSVC: e1express
NETSVC: websenseuserservice
NETSVC: aalogger
NETSVC: naimagent32
NETSVC: pdlndtdl
NETSVC: z525obex
NETSVC: mi-raysat_3dsMax2008_32
NETSVC: WmHidLo
NETSVC: W2acehid
NETSVC: LUsbKbd
NETSVC: olregcap
NETSVC: prevxagent
NETSVC: SlNtHal
NETSVC: k750obex
NETSVC: XUIF
NETSVC: {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
NETSVC: rismxdp
NETSVC: lxrsge10s
NETSVC: bdfdll
NETSVC: TUWinStylerThemeSvc
NETSVC: SQTECH9080
NETSVC: ALYac_PZSrv
NETSVC: pcidrv
NETSVC: racsvc
NETSVC: U3sHlpDr
NETSVC: prohlp02
NETSVC: nimcrpcsu
NETSVC: transactional
NETSVC: db2
NETSVC: oracleorahome811cmadmin
NETSVC: tunnelguardservice
NETSVC: CTAudSvcService
NETSVC: websensecamserver
NETSVC: mcredirector
NETSVC: RR2Vbi
NETSVC: EKECioCtl
NETSVC: U2SP
NETSVC: apache2
NETSVC: AsIO
NETSVC: ufdsvc
NETSVC: nvnforce
NETSVC: cachemgr
NETSVC: pdlndint
NETSVC: nvatabus
NETSVC: de_serv
NETSVC: WmaCDriverV32
NETSVC: filechecker
NETSVC: armoucfltr
NETSVC: appdrv
NETSVC: Memctl
NETSVC: atfsd
NETSVC: oracleorahomedatagatherer
NETSVC: SE2Bmdm
NETSVC: nmservice
NETSVC: lvupdtio
NETSVC: InterBaseServer
NETSVC: AlteraByteBlaster
NETSVC: serialkeys
NETSVC: Wuser32
NETSVC: usprserv
NETSVC: int15.sys
NETSVC: was
NETSVC: WINIO
NETSVC: emu10k1
NETSVC: atmarpc
NETSVC: LKbdFlt2
NETSVC: winproxy
NETSVC: VAIOMediaPlatform-VideoServer-HTTP
NETSVC: tmactmon
NETSVC: pcctlcom
NETSVC: LMouKE
NETSVC: MailService
NETSVC: pdlncbas
NETSVC: ROCKEYNT
NETSVC: FireHook
NETSVC: rp32service
NETSVC: sfvfs02
NETSVC: W8335XP
NETSVC: zebrmdm
NETSVC: yats32
NETSVC: oracle%oracle_home_service%clientcache80
NETSVC: avidstartup
NETSVC: lvtuner
NETSVC: nmap
NETSVC: slave
NETSVC: epgspooler
NETSVC: proxyhostdriver
NETSVC: vncdrv
NETSVC: nipsvc
NETSVC: transbaseservice
NETSVC: Wbutton
NETSVC: easdrv
NETSVC: ss_mdm
NETSVC: UxTuneUp
NETSVC: BVRPMPR5
NETSVC: nhcDriverDevice
NETSVC: cpqfcalm
NETSVC: HPSLPSVC
NETSVC: symndis
NETSVC: curtainssyssvc
NETSVC: prodrv06
NETSVC: advservice
NETSVC: s716obex
NETSVC: tng-doba
NETSVC: sagefserver
NETSVC: pinetmgr
NETSVC: p1131vid
NETSVC: AVCamUSB20
NETSVC: Stltrk2k
NETSVC: FETNDIS
NETSVC: dtscsi
NETSVC: ScanUSBEMPIA
NETSVC: cmudau
NETSVC: FireTDI
NETSVC: rmedia
NETSVC: zpsc
NETSVC: sgeclient
NETSVC: tlntsvr
NETSVC: usbsermptxp
NETSVC: SndTDriverV32
NETSVC: uscbs108
NETSVC: mcafeeantispyware
NETSVC: tvicport
NETSVC: dntus26
NETSVC: DCamUSBEMPIA
NETSVC: slabser
NETSVC: ma763004
NETSVC: ARPolicy
NETSVC: dmio
NETSVC: Via4in1
NETSVC: SED133x
NETSVC: vpcnfltr
NETSVC: asctrm
NETSVC: nsysaudm
NETSVC: dmusic
NETSVC: iaimtv4
NETSVC: speedfan
NETSVC: tmtdi
NETSVC: regdefend
NETSVC: ARCSOFTVIRTUALCAPTURE
NETSVC: ELmon
NETSVC: LHidUsbK
NETSVC: kerbkey
NETSVC: webrootenterpriseclientservice
NETSVC: USB28xxOEM
NETSVC: trlokom_rmhsvc
NETSVC: roxmediadb
NETSVC: CnxTrLan
NETSVC: ATIBTCAP
NETSVC: oracleorahometnslistener
NETSVC: acs
NETSVC: EACSvrMngr
NETSVC: NetMsmqActivator
NETSVC: XFX_program
NETSVC: roxmediadb9
NETSVC: WUSB54Gv4SVC
NETSVC: sweepsrv.sys
NETSVC: rsvp
NETSVC: ntsecure

============ One Month Created Files and Folders ==============

2012-05-20 12:20 - 2012-05-20 12:22 - 0000000 ____D C:\FRST
2012-05-19 16:57 - 2012-05-19 16:58 - 0143540 ____A C:\Windows\ntbtlog.txt
2012-05-19 16:42 - 2012-05-19 16:42 - 0000000 ____D C:\Users\Martin\AppData\Local\{AEDC2023-EF5E-4860-898C-C99E7E82394C}
2012-05-19 16:42 - 2012-05-19 16:42 - 0000000 ____D C:\Users\Martin\AppData\Local\{4B7C1BCE-6C37-48A3-BAE6-7BE9A4F21511}
2012-05-19 16:38 - 2012-05-19 16:38 - 0132096 ____A C:\Users\Martin\AppData\Roaming\wpbt0.dll
2012-05-17 00:57 - 2012-05-17 00:57 - 0000000 ____D C:\Users\Martin\AppData\Local\{2E08117B-F42B-4537-8ED1-22DB01CE70FB}
2012-05-17 00:56 - 2012-05-17 00:57 - 0000000 ____D C:\Users\Martin\AppData\Local\{EFA6687B-4F01-456D-AC49-336A84D06ABE}
2012-05-13 23:57 - 2012-05-13 23:57 - 0000000 ____D C:\Users\Martin\AppData\Local\{D4225C93-AC08-4E09-A364-878E291C182C}
2012-05-13 23:57 - 2012-05-13 23:57 - 0000000 ____D C:\Users\Martin\AppData\Local\{11DBF370-3730-46E0-BB4E-6C0E531FEB4B}
2012-05-13 07:48 - 2012-05-13 07:48 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-05-13 05:08 - 2012-05-13 05:08 - 0078021 ____A C:\Users\Martin\Downloads\image.jpg
2012-05-13 00:58 - 2012-05-13 22:30 - 0000000 __SHD C:\Config.Msi
2012-05-12 10:29 - 2012-05-12 10:29 - 0000000 ____D C:\Users\Martin\AppData\Local\{DDEFED6B-15D5-4FCD-B6B2-6629C950E846}
2012-05-12 10:29 - 2012-05-12 10:29 - 0000000 ____D C:\Users\Martin\AppData\Local\{D1EFA6BA-91D6-49A8-8EAE-F66EEDA1576B}
2012-05-12 01:51 - 2012-04-01 20:46 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-12 01:51 - 2012-04-01 20:46 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 01:51 - 2012-04-01 18:43 - 2342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 01:51 - 2012-03-30 02:29 - 1287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 01:51 - 2012-03-16 23:20 - 0056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 01:50 - 2012-03-02 21:40 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-12 01:50 - 2012-03-02 21:40 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 01:50 - 2012-03-02 21:40 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-12 01:50 - 2012-03-02 21:40 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-12 01:50 - 2012-03-02 21:40 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-10 01:02 - 2012-05-10 01:02 - 0000000 ____D C:\Users\Martin\AppData\Local\{840DE7E1-5AF3-4A3A-9AA5-08EFBBFBEAFD}
2012-05-10 01:01 - 2012-05-10 01:02 - 0000000 ____D C:\Users\Martin\AppData\Local\{4D4D6C08-63BB-4FCA-855E-6B1CC76D71D7}
2012-05-06 04:22 - 2012-05-06 04:22 - 0105004 ____A C:\Users\Martin\Desktop\molly9.jpg
2012-05-06 04:15 - 2012-05-06 04:15 - 0029073 ____A C:\Users\Martin\Desktop\molly8.jpg
2012-05-06 04:13 - 2012-05-06 04:13 - 0009842 ____A C:\Users\Martin\Desktop\molly7.jpg
2012-05-06 04:11 - 2012-05-06 04:11 - 0014913 ____A C:\Users\Martin\Desktop\molly6.jpeg
2012-05-06 04:09 - 2012-05-06 04:09 - 0137564 ____A C:\Users\Martin\Desktop\molly5.png
2012-05-06 03:59 - 2012-05-06 03:59 - 0023032 ____A C:\Users\Martin\Desktop\molly4.jpg
2012-05-06 03:56 - 2012-05-06 03:56 - 0054936 ____A C:\Users\Martin\Desktop\molly3.jpg
2012-05-06 03:47 - 2012-05-06 03:47 - 0095409 ____A C:\Users\Martin\Desktop\molly2.jpg
2012-05-06 03:23 - 2012-05-06 03:23 - 0049378 ____A C:\Users\Martin\Desktop\molly1.jpg
2012-05-05 04:53 - 2012-05-05 04:53 - 3668041 ____A C:\Users\Martin\Downloads\No Strings - Mayer Hawthorne.mp3
2012-05-05 04:50 - 2012-05-05 04:50 - 3798027 ____A C:\Users\Martin\Downloads\Live From Daryl's House - No Strings.mp3
2012-05-05 04:48 - 2012-05-05 04:48 - 6406928 ____A C:\Users\Martin\Downloads\Daryl Hall & Booker T Jones I Can Go For That.mp3
2012-05-05 04:47 - 2012-05-05 04:47 - 5172694 ____A C:\Users\Martin\Downloads\Green Onions - Booker T. Jones, Daryl Hall, Mayer Hawthorne.mp3
2012-05-05 04:43 - 2012-05-05 04:43 - 3516322 ____A C:\Users\Martin\Downloads\Mayer Hawthorne - The Walk.mp3
2012-05-05 04:34 - 2012-05-05 04:34 - 2452198 ____A C:\Users\Martin\Downloads\Mayer Hawthorne - Just Ain't Gonna Work Out (Official Video).mp3
2012-05-03 04:39 - 2012-05-03 04:39 - 0000000 ____D C:\Users\Martin\AppData\Local\{E9137BC5-69B9-4642-8A74-82BD4E9D7675}
2012-05-03 04:39 - 2012-05-03 04:39 - 0000000 ____D C:\Users\Martin\AppData\Local\{9DD7B83B-B6C7-4B58-AA47-C64AFF9332C5}
2012-04-30 15:15 - 2012-04-30 15:15 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-30 15:15 - 2012-04-30 15:15 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-30 15:15 - 2012-04-30 15:15 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service

============ 3 Months Modified Files and Folders ===============

2012-05-20 12:22 - 2012-05-20 12:20 - 0000000 ____D C:\FRST
2012-05-20 02:58 - 2011-02-22 06:32 - 1629893 ____A C:\Windows\WindowsUpdate.log
2012-05-20 02:58 - 2009-07-13 20:34 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-20 02:58 - 2009-07-13 20:34 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-20 02:57 - 2009-07-13 15:19 - 0000000 ____A C:\Windows\System32\mlkkbdntdriver.dll
2012-05-20 02:52 - 2012-04-12 06:28 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-20 02:52 - 2011-09-28 05:13 - 0000932 ___AH C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552212946-2046552680-650322686-1000UA.job
2012-05-19 17:02 - 2012-04-12 06:28 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-19 17:02 - 2011-02-22 21:21 - 2616696832 __ASH C:\hiberfil.sys
2012-05-19 17:02 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-19 16:58 - 2012-05-19 16:57 - 0143540 ____A C:\Windows\ntbtlog.txt
2012-05-19 16:53 - 2009-10-29 18:14 - 0311766 ____A C:\Windows\PFRO.log
2012-05-19 16:42 - 2012-05-19 16:42 - 0000000 ____D C:\Users\Martin\AppData\Local\{AEDC2023-EF5E-4860-898C-C99E7E82394C}
2012-05-19 16:42 - 2012-05-19 16:42 - 0000000 ____D C:\Users\Martin\AppData\Local\{4B7C1BCE-6C37-48A3-BAE6-7BE9A4F21511}
2012-05-19 16:42 - 2011-02-24 16:21 - 0000000 ___HD C:\Users\Martin\AppData\Roaming\skypePM
2012-05-19 16:42 - 2011-02-24 16:16 - 0000000 ___HD C:\Users\Martin\AppData\Roaming\Skype
2012-05-19 16:42 - 2011-02-23 10:52 - 0000000 ___HD C:\Users\Martin\Tracing
2012-05-19 16:38 - 2012-05-19 16:38 - 0132096 ____A C:\Users\Martin\AppData\Roaming\wpbt0.dll
2012-05-19 16:11 - 2011-09-28 05:13 - 0000910 ___AH C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552212946-2046552680-650322686-1000Core.job
2012-05-17 08:12 - 2009-07-13 20:39 - 0052246 ____A C:\Windows\setupact.log
2012-05-17 00:57 - 2012-05-17 00:57 - 0000000 ____D C:\Users\Martin\AppData\Local\{2E08117B-F42B-4537-8ED1-22DB01CE70FB}
2012-05-17 00:57 - 2012-05-17 00:56 - 0000000 ____D C:\Users\Martin\AppData\Local\{EFA6687B-4F01-456D-AC49-336A84D06ABE}
2012-05-13 23:57 - 2012-05-13 23:57 - 0000000 ____D C:\Users\Martin\AppData\Local\{D4225C93-AC08-4E09-A364-878E291C182C}
2012-05-13 23:57 - 2012-05-13 23:57 - 0000000 ____D C:\Users\Martin\AppData\Local\{11DBF370-3730-46E0-BB4E-6C0E531FEB4B}
2012-05-13 22:38 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-13 22:32 - 2011-02-22 09:15 - 0000000 ____D C:\Program Files\McAfee
2012-05-13 22:31 - 2009-07-13 20:33 - 0341864 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 22:30 - 2012-05-13 00:58 - 0000000 __SHD C:\Config.Msi
2012-05-13 22:30 - 2011-02-22 06:47 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-13 22:29 - 2009-10-29 17:43 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-13 08:19 - 2011-10-03 06:40 - 0000000 ____D C:\Users\Martin\Documents\888poker
2012-05-13 07:48 - 2012-05-13 07:48 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-05-13 05:08 - 2012-05-13 05:08 - 0078021 ____A C:\Users\Martin\Downloads\image.jpg
2012-05-13 01:08 - 2009-10-29 17:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 01:08 - 2009-10-29 17:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-13 01:06 - 2009-10-29 17:46 - 0732070 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-12 10:29 - 2012-05-12 10:29 - 0000000 ____D C:\Users\Martin\AppData\Local\{DDEFED6B-15D5-4FCD-B6B2-6629C950E846}
2012-05-12 10:29 - 2012-05-12 10:29 - 0000000 ____D C:\Users\Martin\AppData\Local\{D1EFA6BA-91D6-49A8-8EAE-F66EEDA1576B}
2012-05-12 10:27 - 2011-03-28 06:36 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-05-10 01:02 - 2012-05-10 01:02 - 0000000 ____D C:\Users\Martin\AppData\Local\{840DE7E1-5AF3-4A3A-9AA5-08EFBBFBEAFD}
2012-05-10 01:02 - 2012-05-10 01:01 - 0000000 ____D C:\Users\Martin\AppData\Local\{4D4D6C08-63BB-4FCA-855E-6B1CC76D71D7}
2012-05-06 06:47 - 2011-10-03 06:40 - 0000000 ___HD C:\Users\Martin\AppData\Roaming\PacificPoker
2012-05-06 06:47 - 2011-10-03 06:39 - 0000000 ____D C:\Program Files\PacificPoker
2012-05-06 04:39 - 2012-04-12 06:28 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-06 04:39 - 2011-10-26 03:37 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-05-06 04:22 - 2012-05-06 04:22 - 0105004 ____A C:\Users\Martin\Desktop\molly9.jpg
2012-05-06 04:15 - 2012-05-06 04:15 - 0029073 ____A C:\Users\Martin\Desktop\molly8.jpg
2012-05-06 04:13 - 2012-05-06 04:13 - 0009842 ____A C:\Users\Martin\Desktop\molly7.jpg
2012-05-06 04:11 - 2012-05-06 04:11 - 0014913 ____A C:\Users\Martin\Desktop\molly6.jpeg
2012-05-06 04:09 - 2012-05-06 04:09 - 0137564 ____A C:\Users\Martin\Desktop\molly5.png
2012-05-06 03:59 - 2012-05-06 03:59 - 0023032 ____A C:\Users\Martin\Desktop\molly4.jpg
2012-05-06 03:56 - 2012-05-06 03:56 - 0054936 ____A C:\Users\Martin\Desktop\molly3.jpg
2012-05-06 03:47 - 2012-05-06 03:47 - 0095409 ____A C:\Users\Martin\Desktop\molly2.jpg
2012-05-06 03:23 - 2012-05-06 03:23 - 0049378 ____A C:\Users\Martin\Desktop\molly1.jpg
2012-05-05 04:53 - 2012-05-05 04:53 - 3668041 ____A C:\Users\Martin\Downloads\No Strings - Mayer Hawthorne.mp3
2012-05-05 04:50 - 2012-05-05 04:50 - 3798027 ____A C:\Users\Martin\Downloads\Live From Daryl's House - No Strings.mp3
2012-05-05 04:48 - 2012-05-05 04:48 - 6406928 ____A C:\Users\Martin\Downloads\Daryl Hall & Booker T Jones I Can Go For That.mp3
2012-05-05 04:47 - 2012-05-05 04:47 - 5172694 ____A C:\Users\Martin\Downloads\Green Onions - Booker T. Jones, Daryl Hall, Mayer Hawthorne.mp3
2012-05-05 04:43 - 2012-05-05 04:43 - 3516322 ____A C:\Users\Martin\Downloads\Mayer Hawthorne - The Walk.mp3
2012-05-05 04:34 - 2012-05-05 04:34 - 2452198 ____A C:\Users\Martin\Downloads\Mayer Hawthorne - Just Ain't Gonna Work Out (Official Video).mp3
2012-05-03 04:39 - 2012-05-03 04:39 - 0000000 ____D C:\Users\Martin\AppData\Local\{E9137BC5-69B9-4642-8A74-82BD4E9D7675}
2012-05-03 04:39 - 2012-05-03 04:39 - 0000000 ____D C:\Users\Martin\AppData\Local\{9DD7B83B-B6C7-4B58-AA47-C64AFF9332C5}
2012-04-30 15:15 - 2012-04-30 15:15 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-30 15:15 - 2012-04-30 15:15 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-30 15:15 - 2012-04-30 15:15 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-04-17 05:27 - 2012-04-17 05:27 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-14 05:52 - 2011-10-13 06:24 - 0000000 ___HD C:\Users\Martin\AppData\Roaming\uTorrent
2012-04-14 05:46 - 2012-04-14 05:45 - 0000000 ____D C:\Users\Martin\Downloads\Tulisa Sex Tape
2012-04-14 03:27 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-04-13 15:48 - 2012-04-13 15:48 - 0000000 ____D C:\Users\Martin\AppData\Local\{58907569-4DF5-4D59-8A64-9D1A21288696}
2012-04-13 11:17 - 2012-04-13 11:17 - 0000000 ____D C:\Users\Martin\AppData\Local\{81A62DAF-146F-4C7E-8367-F2F385D7E8DF}
2012-04-13 10:48 - 2012-04-13 10:48 - 0000000 ____D C:\Users\Martin\AppData\Local\{47B8D6F1-2509-4691-844A-3F75CAB539D4}
2012-04-13 10:46 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\L2Schemas
2012-04-13 04:39 - 2012-04-13 04:39 - 0001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-13 04:39 - 2011-04-06 10:00 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-12 19:44 - 2012-04-12 19:44 - 0000000 ____D C:\Users\Martin\AppData\Local\{2020B402-EBC7-49BE-B7F2-35464D71A5BA}
2012-04-12 17:26 - 2012-04-12 17:25 - 0000000 ____D C:\Users\Martin\AppData\Local\{0B9320FD-609B-4031-80BD-1A2D87F5F8C6}
2012-04-12 17:25 - 2012-04-12 17:25 - 0000000 ____D C:\Users\Martin\AppData\Local\{954AD4BE-3529-4BA9-BD13-49E925C1A360}
2012-04-12 17:25 - 2012-03-17 17:12 - 0000000 ____D C:\Users\Martin\AppData\Local\{89A3BA83-98C0-412E-A544-A983CABD6EB1}
2012-04-12 07:02 - 2012-04-12 07:02 - 3839823 ____A C:\Users\Martin\Downloads\Will Young - Losing myself again.mp3
2012-04-12 05:24 - 2012-04-12 05:24 - 4049220 ____A C:\Users\Martin\Downloads\Closer-Ne Yo lyrics.mp3
2012-04-12 05:24 - 2012-04-12 05:23 - 3184463 ____A C:\Users\Martin\Downloads\John Legend 'Number One'.mp3
2012-04-12 05:21 - 2012-04-12 05:21 - 4535307 ____A C:\Users\Martin\Downloads\Green Light- John Legend ft Andre 3000 (Lyrics).mp3
2012-04-12 05:17 - 2012-04-12 05:17 - 4512319 ____A C:\Users\Martin\Downloads\John Legend - Ordinary People.mp3
2012-04-12 05:17 - 2012-04-12 05:17 - 3320581 ____A C:\Users\Martin\Downloads\LMFAO - Sorry For Party Rocking LYRICS HD.mp3
2012-04-10 17:14 - 2012-04-10 17:14 - 0000000 ____D C:\Users\Martin\AppData\Local\{5DB31AFA-207D-4773-8F53-20E0D704F1BC}
2012-04-08 08:05 - 2012-04-08 08:05 - 0000000 ____D C:\Users\Martin\AppData\Local\{7FE12350-3BF9-4AB8-AD53-53D1D4A2F5EB}
2012-04-07 16:32 - 2012-04-07 16:31 - 0000000 ____D C:\Users\Martin\AppData\Local\{1B23D1F2-5180-4D24-8A6C-E1D312FA3065}
2012-04-07 03:28 - 2012-04-07 03:28 - 0000000 ____D C:\Users\Martin\AppData\Local\{71520C79-7353-4363-B3B6-84C51DA2B263}
2012-04-04 16:21 - 2012-04-04 16:20 - 0000000 ____D C:\Users\Martin\AppData\Local\{7A3B5F97-B068-4FE3-BC22-A46F6DC6BE06}
2012-04-04 16:20 - 2011-03-24 08:58 - 0000000 ___HD C:\Users\Martin\AppData\Local\Windows Live
2012-04-04 06:56 - 2011-04-06 10:00 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-01 20:46 - 2012-05-12 01:51 - 3958128 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-01 20:46 - 2012-05-12 01:51 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-01 18:43 - 2012-05-12 01:51 - 2342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:29 - 2012-05-12 01:51 - 1287024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 15:47 - 2012-03-28 15:47 - 0000000 ____D C:\Users\Martin\AppData\Local\{93036D74-6B79-4D41-9461-3F9EC2A397A0}
2012-03-27 23:44 - 2012-03-27 23:43 - 0000000 ____D C:\Users\Martin\AppData\Local\{05A5D9D3-FF3A-4FCA-A9AD-D08F17EAD636}
2012-03-26 15:12 - 2012-03-26 15:11 - 0000000 ____D C:\Users\Martin\AppData\Local\{254C8F20-B803-4AE1-840D-9A794B2150F5}
2012-03-26 05:44 - 2011-02-22 06:55 - 0000000 ____D C:\Users\Martin\Documents\My Received Files
2012-03-26 03:11 - 2012-03-26 03:11 - 0000000 ____D C:\Users\Martin\AppData\Local\{38A7A83E-7C71-40E0-93F1-99EEB73B67D8}
2012-03-25 05:50 - 2012-03-25 05:50 - 0000000 ____D C:\Users\Martin\AppData\Local\{117E3A54-CF82-4360-9330-0627ED9C1662}
2012-03-24 17:50 - 2012-03-24 17:49 - 0000000 ____D C:\Users\Martin\AppData\Local\{8AF872E3-BA84-455B-A4B8-A0AC300052B9}
2012-03-24 03:40 - 2012-03-24 03:40 - 0000000 ____D C:\Users\Martin\AppData\Local\{D1B96ADD-B169-462C-9CBC-9C1F1B537F05}
2012-03-23 09:44 - 2012-03-23 09:44 - 0000000 ____D C:\Users\Martin\AppData\Local\{68EAC2E7-12FD-4789-B531-2B583F40B01D}
2012-03-22 21:21 - 2012-03-22 21:21 - 0000000 ____D C:\Users\Martin\AppData\Local\{134FFEFD-2871-4D4D-B527-1B3FCFBC444D}
2012-03-22 09:21 - 2012-03-22 09:21 - 0000000 ____D C:\Users\Martin\AppData\Local\{84AC2160-AF5B-41C2-A2A9-E50607ED0A20}
2012-03-21 16:27 - 2012-03-21 16:27 - 0000000 ____D C:\Users\Martin\AppData\Local\{2BE8E47B-D8FC-42E0-AE70-BA36AAD9FAFD}
2012-03-21 04:27 - 2012-03-21 04:26 - 0000000 ____D C:\Users\Martin\AppData\Local\{2A40B9C7-1BC6-4319-9CF7-BDFD4FEF1D25}
2012-03-20 16:26 - 2012-03-20 16:26 - 0000000 ____D C:\Users\Martin\AppData\Local\{43742BE9-54EB-4EEF-A384-750BA9F7E0DB}
2012-03-20 04:11 - 2011-02-22 08:56 - 0151880 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-03-20 01:56 - 2012-03-20 01:56 - 5845609 ____A C:\Users\Martin\Downloads\Pharrell Williams - Number One (Feat. Kanye West).mp3
2012-03-20 01:55 - 2012-03-20 01:55 - 3517576 ____A C:\Users\Martin\Downloads\Jay-Z & Kanye West - bleeps In Paris.mp3
2012-03-20 01:44 - 2012-03-20 01:44 - 2715094 ____A C:\Users\Martin\Downloads\Cody Rhodes Theme Song 2012_ Smoke & Mirrors (WWE Edit) (V2) Download Link (HD).mp3
2012-03-20 01:38 - 2012-03-20 01:38 - 4440012 ____A C:\Users\Martin\Downloads\metallica-The Memory Remains (lyrics).mp3
2012-03-19 09:30 - 2012-03-19 09:30 - 0000000 ____D C:\Users\Martin\AppData\Local\{497957B6-201E-4043-9DD6-330922DAB8EB}
2012-03-18 09:20 - 2012-03-18 09:20 - 0000000 ____D C:\Users\Martin\AppData\Local\{13BC8EB2-2073-4A61-BCD0-A22C41487437}
2012-03-17 05:09 - 2012-03-17 05:09 - 0000000 ____D C:\Users\Martin\AppData\Local\{CE00899E-7CC6-45A1-BB04-171C10D4664C}
2012-03-17 05:09 - 2012-03-14 10:02 - 0000000 ____D C:\Users\Martin\AppData\Local\{2D8DD82F-0122-4814-8E25-2149D426B3D0}
2012-03-16 23:20 - 2012-05-12 01:51 - 0056688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 17:09 - 2012-03-16 17:09 - 0000000 ____D C:\Users\Martin\AppData\Local\{D30D0E6A-4C79-482F-873A-9D086C2BBE39}
2012-03-16 05:57 - 2012-03-16 05:57 - 4414098 ____A C:\Users\Martin\Downloads\earth wind and fire _ after the love has gone.mp3
2012-03-16 05:56 - 2012-03-16 05:56 - 4108988 ____A C:\Users\Martin\Downloads\The Commodores - Easy(1).mp3
2012-03-16 05:56 - 2012-03-16 05:56 - 3554356 ____A C:\Users\Martin\Downloads\September by. Earth, Wind and Fire.mp3
2012-03-16 05:55 - 2012-03-16 05:55 - 4108988 ____A C:\Users\Martin\Downloads\The Commodores - Easy.mp3
2012-03-16 05:54 - 2012-03-16 05:54 - 2657416 ____A C:\Users\Martin\Downloads\The four tops - I Can't Help Myself (Sugar Pie, Honey Bunch).mp3
2012-03-16 05:52 - 2012-03-16 05:52 - 3505455 ____A C:\Users\Martin\Downloads\Kiss - Crazy Crazy Nights.mp3
2012-03-16 05:50 - 2012-03-16 05:50 - 2846334 ____A C:\Users\Martin\Downloads\Love Machine - The Miracles featuring Billy Griffin.mp3
2012-03-16 05:49 - 2012-03-16 05:49 - 3193658 ____A C:\Users\Martin\Downloads\George Clinton & The Goombas- Walk The Dinosaur.mp3
2012-03-16 05:47 - 2012-03-16 05:47 - 3904606 ____A C:\Users\Martin\Downloads\05. Five Star - System Addict.mp3
2012-03-16 05:45 - 2012-03-16 05:45 - 3849854 ____A C:\Users\Martin\Downloads\Take That - Pray.mp3
2012-03-16 05:44 - 2012-03-16 05:44 - 3544743 ____A C:\Users\Martin\Downloads\Boyzone - Picture Of You.mp3
2012-03-16 05:41 - 2012-03-16 05:41 - 3325315 ____A C:\Users\Martin\Downloads\Ms Grace _ The Tymes.mp3
2012-03-16 01:50 - 2012-03-16 01:50 - 0000000 ____D C:\Users\Martin\AppData\Local\{B10B48B7-EA53-4D05-ACA1-F9864D553741}
2012-03-15 01:03 - 2012-03-15 01:02 - 0000000 ____D C:\Users\Martin\AppData\Local\{F335741B-BAE2-4B1A-85F2-4FDCED743D04}
2012-03-14 10:02 - 2012-03-14 10:02 - 0000000 ____D C:\Users\Martin\AppData\Local\{3371162A-BE2C-4669-90B5-A02CE9846B17}
2012-03-13 18:11 - 2012-03-13 18:11 - 0000000 ____D C:\Users\Martin\AppData\Local\{B1AB6BD2-46EF-4F0D-AC80-9BB02ECF852D}
2012-03-13 18:11 - 2012-03-08 02:15 - 0000000 ____D C:\Users\Martin\AppData\Local\{334D4C90-AE93-444C-B35B-A243B7383200}
2012-03-12 21:44 - 2012-03-12 21:44 - 0000000 ____D C:\Users\Martin\AppData\Local\{75526D8A-3412-4D3C-B3B8-064AA802F638}
2012-03-12 09:43 - 2012-03-12 09:43 - 0000000 ____D C:\Users\Martin\AppData\Local\{9DD05918-DF39-4727-84F2-08AB7E2BD627}
2012-03-11 20:13 - 2012-03-11 20:13 - 0000000 ____D C:\Users\Martin\AppData\Local\{396932D8-904D-43EC-8F4F-9FBD5EE541D3}
2012-03-11 08:13 - 2012-03-11 08:12 - 0000000 ____D C:\Users\Martin\AppData\Local\{0595EFD0-BDF3-464B-9924-41F1524E716F}
2012-03-09 16:41 - 2012-03-09 16:41 - 0000000 ____D C:\Users\Martin\AppData\Local\{106E95AF-03D6-4D6F-AFBC-4A82D22C34FE}
2012-03-09 03:52 - 2012-03-09 03:52 - 0000000 ____D C:\Users\Martin\AppData\Local\{109E249B-D0C8-4148-A11E-FFDB5F84AA29}
2012-03-08 15:51 - 2012-03-08 15:51 - 0000000 ____D C:\Users\Martin\AppData\Local\{2030417C-CA38-4C4A-B108-0C2769CBF12C}
2012-03-08 02:16 - 2012-03-08 02:16 - 0000000 ____D C:\Users\Martin\AppData\Local\{EEE0EA66-7194-4F43-9261-34DACAF6388A}
2012-03-07 04:29 - 2012-03-07 04:05 - 1506750502 ____A C:\Users\Martin\Documents\clip0041.avi
2012-03-07 03:12 - 2012-03-07 03:12 - 0000000 ____D C:\Users\Martin\AppData\Local\{7E9CF7F5-B655-4119-85DD-791814E0A337}
2012-03-07 03:12 - 2012-03-07 03:12 - 0000000 ____D C:\Users\Martin\AppData\Local\{17FD7506-E884-4410-AC26-DAAEAE36F615}
2012-03-07 03:04 - 2012-03-07 03:03 - 0000000 ____D C:\Users\Martin\AppData\Local\{69C782FD-97C0-44F1-92D2-BC050BF87CAD}
2012-03-04 19:00 - 2012-03-04 19:00 - 0000000 ____D C:\Users\Martin\AppData\Local\{1A8494FA-A3D1-4934-AF10-C5E892E2E58E}
2012-03-04 19:00 - 2012-03-01 10:51 - 0000000 ____D C:\Users\Martin\AppData\Local\{35CFC5E9-4D28-408D-A24A-7A78D8087652}
2012-03-02 21:40 - 2012-05-12 01:50 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-02 21:40 - 2012-05-12 01:50 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:40 - 2012-05-12 01:50 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-02 21:40 - 2012-05-12 01:50 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-02 21:40 - 2012-05-12 01:50 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-02 13:11 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2012-03-02 11:12 - 2012-03-02 11:12 - 0000000 ____D C:\Users\Martin\AppData\Local\{E3EA258E-985B-4F51-9242-D2AC35DD69FF}
2012-03-01 23:12 - 2012-03-01 23:12 - 0000000 ____D C:\Users\Martin\AppData\Local\{E6C6C968-BC89-43DA-A9A4-2CED0FB7E7F6}
2012-03-01 10:52 - 2012-03-01 10:52 - 0000000 ____D C:\Users\Martin\AppData\Local\{E236654D-06B0-436B-96F1-34CA0E0DE42C}
2012-03-01 10:46 - 2012-03-01 10:46 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-01 10:46 - 2012-03-01 10:46 - 0580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-01 10:46 - 2012-03-01 10:46 - 0353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-01 10:46 - 2012-03-01 10:46 - 0150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-01 10:46 - 2012-03-01 10:46 - 0142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-01 10:46 - 2012-03-01 10:46 - 0130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-01 10:46 - 2012-03-01 10:46 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-01 10:46 - 2012-03-01 10:46 - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-01 10:46 - 2012-03-01 10:46 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-01 10:46 - 2012-03-01 10:46 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-01 10:46 - 2012-03-01 10:46 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-01 10:46 - 2012-03-01 10:46 - 0011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-01 10:46 - 2012-03-01 10:46 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-01 10:46 - 2012-03-01 07:06 - 0007766 ____A C:\Windows\IE9_main.log
2012-02-29 21:53 - 2012-04-12 18:00 - 0019312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 21:49 - 2012-04-12 18:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 21:45 - 2012-04-12 18:00 - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 21:40 - 2012-04-12 18:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-27 17:52 - 2012-04-12 18:04 - 12281856 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 17:27 - 2012-04-12 18:04 - 9705984 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 17:18 - 2012-04-12 18:04 - 1799168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 17:12 - 2012-04-12 18:04 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 17:11 - 2012-04-12 18:04 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 18:04 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 17:09 - 2012-04-12 18:04 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 17:08 - 2012-04-12 18:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 18:04 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 17:04 - 2012-04-12 18:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 17:03 - 2012-04-12 18:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 18:04 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 18:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-23 00:03 - 2012-02-23 00:03 - 0000000 ____D C:\Users\Martin\AppData\Local\{1CE95C0D-3ABC-4EE2-8A7C-0DF078C2C1B7}
2012-02-22 06:17 - 2012-02-22 06:17 - 0000000 ____D C:\Users\Martin\AppData\Local\{9662CAFD-5A79-4C01-AC6D-F301ABD74A43}
2012-02-22 06:17 - 2012-02-21 18:16 - 0000000 ____D C:\Users\Martin\AppData\Local\{106DA04D-C32A-4DB7-9E63-FE9AC2D77829}
2012-02-22 04:29 - 2011-02-22 09:16 - 0009608 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-02-22 04:29 - 2011-02-22 09:15 - 0340920 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-02-22 04:29 - 2011-02-22 09:15 - 0180848 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-02-22 04:29 - 2011-02-22 09:15 - 0169608 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-02-22 04:29 - 2011-02-22 09:15 - 0087656 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-02-22 04:29 - 2011-02-22 09:15 - 0064912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-02-22 04:29 - 2011-02-22 09:15 - 0059456 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfebopk.sys
2012-02-22 04:29 - 2011-02-22 09:15 - 0057600 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-02-22 04:29 - 2010-10-13 14:28 - 0464304 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-02-22 04:29 - 2010-10-13 14:28 - 0121544 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-02-21 18:17 - 2012-02-21 18:17 - 0000000 ____D C:\Users\Martin\AppData\Local\{72F8E4C0-59BB-40CD-969E-D8BA2618BE4D}
2012-02-21 02:15 - 2012-02-21 02:15 - 0000000 ____D C:\Users\Martin\AppData\Local\{34658106-8567-46D2-9375-6FFC1737D999}
2012-02-21 02:15 - 2012-02-20 06:50 - 0000000 ____D C:\Users\Martin\AppData\Local\{53B03C40-7411-4500-803C-662247B2FEED}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 3839.3 MB
Available physical RAM: 3358.09 MB
Total Pagefile: 3837.58 MB
Available Pagefile: 3360.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.31 MB

======================= Partitions =========================

1 Drive c: (OS_Install) (Fixed) (Total:273.39 GB) (Free:173.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Data) (Fixed) (Total:182.27 GB) (Free:179.73 GB) NTFS
3 Drive e: (BIOS_RVY) (Fixed) (Total:10 GB) (Free:3.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive h: () (Removable) (Total:3.72 GB) (Free:1.22 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3815 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Recovery 100 MB 10 GB
Partition 3 Primary 273 GB 10 GB
Partition 4 Primary 182 GB 283 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E BIOS_RVY NTFS Partition 10 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F System NTFS Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS_Install NTFS Partition 273 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 182 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3814 MB 8 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3814 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-10 08:22

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   62.75KB   4 downloads

Edited by thcbytes, 22 May 2012 - 02:11 PM.


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:11 PM

Posted 22 May 2012 - 02:32 PM

Aspall,

In the future, please just copy and paste any logs asked for directly into your reply, unless asked to attach them. It's easier to read that way. :)

Please open notepad, and copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\Winlogon: [Shell] C:\Windows\Temp\rrydqi\setup.exe [x ] ()
HKU\Martin\...\Run: [Update] C:\Users\Martin\AppData\Roaming\wpbt0.dll [132096 2012-05-19] ()
C:\Users\Martin\AppData\Roaming\wpbt0.dll
C:\Windows\Temp\rrydqi\setup.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as we did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 23 May 2012 - 06:04 AM

ok will do. Heres the log:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 19-05-2012
Ran by SYSTEM at 2012-05-23 12:02:26 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored.
HKEY_USERS\Martin\Software\Microsoft\Windows\CurrentVersion\Run\\Update Value deleted successfully.
C:\Users\Martin\AppData\Roaming\wpbt0.dll moved successfully.
C:\Windows\Temp\rrydqi\setup.exe moved successfully.

==== End of Fixlog ====

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:11 PM

Posted 23 May 2012 - 07:53 AM

Aspall,

Are you able to start your computer normally?

If you are, how is it running now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 24 May 2012 - 08:27 AM

i actually switched it on after, and the "celas" sign had dissappeared, however i immediately turnt it off as i realised you hadn't said to turn it back on! Worried i may have caused something to "und". loaded it up now and everything seems back to normal. im assuming i should try and find out what ever caused it and remove that also? assuming that the cause is probably still on there somewhere. I had this weird thing where when i searched in google, it would take me to another site randomly, rather than the link i clicked. i had removed it once using malwarebyes ( i think) but it came back, ignored it for a couple of days and then this "celas" thing happened.

Thanks for all your help by the way!

#8 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 24 May 2012 - 08:30 AM

update: just tried searching in google and that seems to be working fine to now. I'll run malware bytes, rootkit revealer etc to make sure though.

#9 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 24 May 2012 - 08:41 AM

Another update: just occured to me that i have no sound, and the icon for it has dissappeared from the task bar?

#10 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 24 May 2012 - 08:45 AM

sorry for all these replies, just reporting as it comes. redirection on google is still occuring to.

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:11 PM

Posted 24 May 2012 - 06:23 PM

Aspall,

Multiple replies are ok. :)

I think you're still partially infected.

:step1: Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


:step2: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next reply, please include:
  • Combofix log
  • FSS log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 29 May 2012 - 07:25 AM

Sorry its been a few days. Work had got kind of busy and finding the time was differcult to run properly. Have currently ran combofix. The 2nd time it rebooted, my desktop was almost full of things that had previously dissappeared from past viruses...stuff i haven't seen for a good year, so im guessing its rid of something! I've not ran any programs as its requested. Says "preparing log report" but it has said that for a good half an hour, and doesnt seem to be doing anything? Have not yet runn FSS.

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:11 PM

Posted 29 May 2012 - 10:19 PM

Aspall,

If you haven't done so already, reboot your computer. If the Combofix log exists, it'll be located at C:\Combofix Please copy and paste it in your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Aspall

Aspall
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 30 May 2012 - 10:38 AM

Combofix log:
ComboFix 12-05-28.05 - Martin 29/05/2012 12:19:46.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.2584 [GMT 1:00]
Running from: C:\Users\Martin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\HyperCam Toolbar\tbHElper.dll
C:\ProgramData\windows
C:\ProgramData\windows\dumd.dat
C:\ProgramData\Windows\xdor.dat
C:\Users\Martin\AppData\Roaming\11.gif
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
C:\windows\$NtUninstallKB56528$\1055580730\@
C:\windows\$NtUninstallKB56528$\1055580730\cfg.ini
C:\windows\$NtUninstallKB56528$\1055580730\Desktop.ini
C:\windows\$NtUninstallKB56528$\1055580730\L\xadqgnnk
C:\windows\$NtUninstallKB56528$\1055580730\oemid
C:\windows\$NtUninstallKB56528$\1055580730\U\00000001.@
C:\windows\$NtUninstallKB56528$\1055580730\U\00000002.@
C:\windows\$NtUninstallKB56528$\1055580730\U\00000004.@
C:\windows\$NtUninstallKB56528$\1055580730\U\80000000.@
C:\windows\$NtUninstallKB56528$\1055580730\U\80000004.@
C:\windows\$NtUninstallKB56528$\1055580730\U\80000032.@
C:\windows\$NtUninstallKB56528$\1055580730\version
C:\windows\$NtUninstallKB56528$\3338442117
C:\windows\security\Database\tmp.edb
c:\windows\system32\carboniteservice.dll
C:\windows\system32\dds_trash_log.cmd
C:\windows\system32\UxTuneUp.dll

Infected copy of C:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
C:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - C:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_de_serv
-------\Service_epsonstatusagent2
-------\Service_whoisd32


((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))


2012-05-29 11:34:00 . 2012-05-29 11:37:49 -------- d-----w- C:\Users\Martin\AppData\Local\temp
2012-05-20 20:20:54 . 2012-05-20 20:23:54 -------- d-----w- C:\FRST
2012-05-13 15:48:14 . 2012-05-13 15:48:14 40776 ----a-w- C:\windows\system32\drivers\mbamswissarmy.sys
2012-05-12 09:51:36 . 2012-03-30 10:29:05 1287024 ----a-w- C:\windows\system32\drivers\tcpip.sys
2012-05-12 09:51:27 . 2012-04-02 04:40:25 936960 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:51:26 . 2012-04-02 04:41:36 1221632 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 09:51:25 . 2012-04-02 04:40:25 989184 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 09:51:24 . 2012-04-02 04:40:25 969216 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 09:51:13 . 2012-03-17 07:20:17 56688 ----a-w- C:\windows\system32\drivers\partmgr.sys
2012-05-12 09:51:08 . 2012-04-02 04:46:44 3958128 ----a-w- C:\windows\system32\ntkrnlpa.exe
2012-05-12 09:51:08 . 2012-04-02 04:46:44 3902320 ----a-w- C:\windows\system32\ntoskrnl.exe
2012-05-12 09:51:07 . 2012-04-02 02:43:16 2342400 ----a-w- C:\windows\system32\win32k.sys
2012-05-12 09:50:52 . 2012-03-03 05:40:21 1074176 ----a-w- C:\windows\system32\DWrite.dll
2012-05-12 09:50:51 . 2012-03-03 05:40:10 1170944 ----a-w- C:\windows\system32\d3d10warp.dll
2012-05-12 09:50:51 . 2012-03-03 05:40:09 218624 ----a-w- C:\windows\system32\d3d10_1core.dll
2012-05-12 09:50:50 . 2012-03-03 05:40:09 739840 ----a-w- C:\windows\system32\d2d1.dll
2012-05-12 09:50:50 . 2012-03-03 05:40:09 161792 ----a-w- C:\windows\system32\d3d10_1.dll
2012-04-30 23:15:43 . 2012-04-30 23:15:46 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
2012-04-30 23:15:38 . 2012-04-30 23:15:38 157352 ----a-w- C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-30 23:15:38 . 2012-04-30 23:15:38 129976 ----a-w- C:\Program Files\Mozilla Firefox\maintenanceservice.exe
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-06 12:39:50 . 2012-04-12 14:28:49 419488 ----a-w- C:\windows\system32\FlashPlayerApp.exe
2012-05-06 12:39:50 . 2011-10-26 11:37:51 70304 ----a-w- C:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56:40 . 2011-04-06 18:00:34 22344 ----a-w- C:\windows\system32\drivers\mbam.sys
2012-03-20 12:11:32 . 2011-02-22 16:56:26 151880 ----a-w- C:\windows\system32\mfevtps.exe
2012-03-01 18:46:22 . 2012-03-01 18:46:22 74752 ----a-w- C:\windows\system32\RegisterIEPKEYs.exe
2012-03-01 18:46:22 . 2012-03-01 18:46:22 161792 ----a-w- C:\windows\system32\msls31.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 86528 ----a-w- C:\windows\system32\iesysprep.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 76800 ----a-w- C:\windows\system32\SetIEInstalledDate.exe
2012-03-01 18:46:21 . 2012-03-01 18:46:21 74752 ----a-w- C:\windows\system32\iesetup.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 63488 ----a-w- C:\windows\system32\tdc.ocx
2012-03-01 18:46:21 . 2012-03-01 18:46:21 48640 ----a-w- C:\windows\system32\mshtmler.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 420864 ----a-w- C:\windows\system32\vbscript.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 367104 ----a-w- C:\windows\system32\html.iec
2012-03-01 18:46:21 . 2012-03-01 18:46:21 35840 ----a-w- C:\windows\system32\imgutil.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 23552 ----a-w- C:\windows\system32\licmgr10.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 152064 ----a-w- C:\windows\system32\wextract.exe
2012-03-01 18:46:21 . 2012-03-01 18:46:21 150528 ----a-w- C:\windows\system32\iexpress.exe
2012-03-01 18:46:21 . 2012-03-01 18:46:21 142848 ----a-w- C:\windows\system32\ieUnatt.exe
2012-03-01 18:46:21 . 2012-03-01 18:46:21 11776 ----a-w- C:\windows\system32\mshta.exe
2012-03-01 18:46:21 . 2012-03-01 18:46:21 110592 ----a-w- C:\windows\system32\IEAdvpack.dll
2012-03-01 18:46:21 . 2012-03-01 18:46:21 101888 ----a-w- C:\windows\system32\admparse.dll
2012-03-01 05:53:27 . 2012-04-13 02:00:44 19312 ----a-w- C:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 . 2012-04-13 02:00:44 172544 ----a-w- C:\windows\system32\wintrust.dll
2012-03-01 05:45:05 . 2012-04-13 02:00:44 158720 ----a-w- C:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 . 2012-04-13 02:00:44 5120 ----a-w- C:\windows\system32\wmi.dll
2012-04-30 23:15:38 . 2011-03-28 14:36:39 97208 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2010-10-13 22:28:54 . 2011-03-29 18:29:22 24376 ----a-w- C:\Program Files\mozilla firefox\components\Scriptff.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2010-11-20 08:39:17 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12:11 . 38F57D262164CB35BC8659785703CD6B . 74240 . . [------] . . C:\windows\System32\drivers\tdx.sys
[-] 2009-07-13 23:12:11 . 38F57D262164CB35BC8659785703CD6B . 74240 . . [------] . . C:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54:02 175912 ----a-w- C:\Program Files\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54:02 175912 ----a-w- C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll" [2011-01-17 14:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11:16 2872120 ----a-w- C:\Program Files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11:16 2872120 ----a-w- C:\Program Files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11:16 2872120 ----a-w- C:\Program Files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2011-01-26 17:05:34 15026056]
"Facebook Update"="C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-28 13:13:14 137536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 05:20:52 98304]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-24 12:00:06 7596576]
"BTMTrayAgent"="C:\Program Files\Motorola\Bluetooth\btmshell.dll" [2009-07-23 01:54:58 17753352]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2009-07-24 16:52:08 2068480]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 18:17:52 207424]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 17:10:28 35696]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-21 20:16:10 1318816]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
"VX3000"="C:\windows\vVX3000.exe" [2010-05-20 14:27:26 762736]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 14:27:24 119152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xromnop]
2012-05-20 16:53:32 15872 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\xromnop.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Unknown 3517

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 13:16:28 130384]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 17:28:14 214904]
R2 qqrota;NVIDIA Display Srv;C:\windows\system32\qqrota.exe [2011-07-02 00:57:29 18944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 12:39:51 257696]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 13:06:40 17920]
R3 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 17:44:14 183560]
R3 BTMCOM;Bluetooth Serial Port;C:\windows\System32\Drivers\btmcom.sys [2009-07-10 00:13:30 40448]
R3 btmhid;btmhid;C:\windows\system32\DRIVERS\btmhid.sys [2009-06-29 21:30:50 27008]
R3 BTMUSB;Motorola Bluetooth Radio Service;C:\windows\system32\Drivers\btmusb.sys [2009-07-13 21:01:42 516608]
R3 HRN;HRN;C:\Users\Martin\AppData\Local\Temp\HRN.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\system32\drivers\mbamswissarmy.sys [2012-05-13 15:48:14 40776]
R3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys [2012-02-22 12:29:46 87656]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-30 23:15:38 129976]
R3 ROQXQWNU;ROQXQWNU;C:\Users\Martin\AppData\Local\Temp\ROQXQWNU.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 08:45:48 166912]
R3 RtsUIR;Realtek IR Driver;C:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SCMYIMZRLQLPY;SCMYIMZRLQLPY;C:\Users\Martin\AppData\Local\Temp\SCMYIMZRLQLPY.exe [x]
R3 VGTWWQGEA;VGTWWQGEA;C:\Users\Martin\AppData\Local\Temp\VGTWWQGEA.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2011-02-24 03:03:24 1343400]
R3 YPQ;YPQ;C:\Users\Martin\AppData\Local\Temp\YPQ.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys [2012-02-22 12:29:46 169608]
S1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 12:29:46 64912]
S1 MOBKFilter;MOBKFilter;C:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 20:10:22 54776]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2009-07-30 03:03:26 176128]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2009-07-23 01:56:24 474888]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 17:28:14 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 17:28:14 214904]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 12:05:00 161632]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe [2012-03-20 12:11:32 151880]
S2 Micro Star SCM;Micro Star SCM;C:\Program Files\System Control Manager\MSIService.exe [2009-07-09 22:54:42 160768]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 20:11:14 229688]
S2 regi;regi;C:\windows\system32\drivers\regi.sys [2007-04-17 20:09:28 11032]
S3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2009-07-23 01:55:46 3473672]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2009-07-23 01:54:30 709384]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys [2012-02-22 12:29:46 57600]
S3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys [2012-02-22 12:29:46 340920]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28.sys [2009-06-19 07:57:14 604672]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 14:52:04 167936]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
admservice
savrtpel
bdrsdrv
EL90X
tdsmapi
zntport
vhidmini
lvpopflt
hpqwmiex
lxcr_device
EIO_XP
thotkey
Nmea
rtl8187Se
lckfldservice
FlexBios
euq_monitor
appmgmt
LPDSVC
ar5211
websensecamreportserver
TNaviSrv
ibmsmbus
TSHWMDTCP
RTSTOR
nic1394
d-link_st3402
ccdecode
UDFReadr
websensepolicyserver
mrpostman
NTACCESS
Xyz777b
spbbcsvc
sit_mdm
s116bus
agpcpq
SE26mgmt
RTL8169
cdaudio
wlancfg
cwafrmiregistry
TPM
VrAcFil
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
s616unic
Blfp
hsxhwazl
webupdate
s117obex
aeaudio
usbbus
{95808DC4-FA4A-4c74-92FE-5B863F82066B}
carboniteservice
CBTNDIS5
ndasscsi
se44obex
nsvclog
dlbx_device
firelm01
OneCareMP
crystaloutputfileserver
rimusb
snoopfreesvc
3comtftp
roxupnpserver
BCMTPM
servicemgr
w550bus
smapint
flashcomadmin
L6POD
networkx
lxbt_device
iap
ibmpmdrv
mpservice
servicelayer
logmein
nimxdfk
yukonwxp
asp.net_2.0.50727
SE2Cmgmt
tdrpman174
df5serv
dlapoolm
rapapp
contentindex
s616mdm
ghostsec
ATIBTXBAR
V0080Dev
tfsndrct
SerTVOutCtlr
spupdsvc
SNMP
ql12160
tphkdrv
DcLps
mwspollserver
amfilter
sfhlp01
vcsw
raidmagt
bcoreusb
lxcf_device
DCamUSBGrandTek
megamonitorsrv
nsausvc
Epiusb
ativraxx
w800obex
pctavsvc
oracle_load_balancer_60_server-forms6ip14
s3ssavage
CrystalSysInfo
elservice
VC6SecS
avgclean
imountsrv
modemcsa
tmesrv3
Spsmqvsm
iviVD
emAudio
PciBus
nwlnkflt
NWHOST
deltafw
avgio
T6963C
SRTSPL
mnsframework
asc
sfcure01
wkscfgsrv
MRESP50
wps
se44nd5
bc_tdi_f
mwstick
nwlnkspx
hwpsgt
sdcplh
e1express
websenseuserservice
aalogger
naimagent32
pdlndtdl
z525obex
mi-raysat_3dsMax2008_32
LVBulk
whoisd32
pfmodnt
WmHidLo
W2acehid
LUsbKbd
olregcap
prevxagent
SlNtHal
k750obex
XUIF
{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
rismxdp
lxrsge10s
bdfdll
TUWinStylerThemeSvc
SQTECH9080
ALYac_PZSrv
pcidrv
racsvc
U3sHlpDr
prohlp02
nimcrpcsu
transactional
db2
oracleorahome811cmadmin
tunnelguardservice
CTAudSvcService
websensecamserver
mcredirector
RR2Vbi
EKECioCtl
U2SP
apache2
AsIO
ufdsvc
nvnforce
cachemgr
pdlndint
nvatabus
WmaCDriverV32
filechecker
armoucfltr
appdrv
Memctl
atfsd
oracleorahomedatagatherer
SE2Bmdm
nmservice
lvupdtio
InterBaseServer
AlteraByteBlaster
serialkeys
Wuser32
usprserv
int15.sys
was
WINIO
emu10k1
atmarpc
LKbdFlt2
winproxy
VAIOMediaPlatform-VideoServer-HTTP
tmactmon
pcctlcom
LMouKE
MailService
pdlncbas
ROCKEYNT
FireHook
rp32service
sfvfs02
W8335XP
zebrmdm
yats32
oracle%oracle_home_service%clientcache80
avidstartup
lvtuner
nmap
slave
epgspooler
proxyhostdriver
vncdrv
nipsvc
transbaseservice
Wbutton
easdrv
ss_mdm
UxTuneUp
BVRPMPR5
nhcDriverDevice
cpqfcalm
HPSLPSVC
symndis
curtainssyssvc
prodrv06
advservice
s716obex
tng-doba
sagefserver
pinetmgr
p1131vid
AVCamUSB20
Stltrk2k
FETNDIS
dtscsi
ScanUSBEMPIA
cmudau
FireTDI
rmedia
zpsc
sgeclient
tlntsvr
usbsermptxp
SndTDriverV32
uscbs108
mcafeeantispyware
tvicport
dntus26
DCamUSBEMPIA
slabser
ma763004
ARPolicy
dmio
Via4in1
SED133x
vpcnfltr
asctrm
nsysaudm
dmusic
iaimtv4
speedfan
tmtdi
regdefend
ARCSOFTVIRTUALCAPTURE
ELmon
LHidUsbK
kerbkey
webrootenterpriseclientservice
USB28xxOEM
trlokom_rmhsvc
roxmediadb
CnxTrLan
ATIBTCAP
oracleorahometnslistener
acs
EACSvrMngr
NetMsmqActivator
XFX_program
roxmediadb9
WUSB54Gv4SVC
sweepsrv.sys
rsvp
ntsecure
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


Contents of the 'Scheduled Tasks' folder

2012-05-29 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 14:28:49 . 2012-05-06 12:39:51]

2012-05-28 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552212946-2046552680-650322686-1000Core.job
- C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-28 13:13:24 . 2011-09-28 13:13:14]

2012-05-29 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1552212946-2046552680-650322686-1000UA.job
- C:\Users\Martin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-28 13:13:24 . 2011-09-28 13:13:14]







FSS scan log:

Farbar Service Scanner Version: 27-05-2012
Ran by Martin (administrator) on 30-05-2012 at 16:33:38
Running from "C:\Users\Martin\Desktop"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys
[2009-07-14 00:12] - [2009-07-14 00:12] - 0074240 ____A () 38F57D262164CB35BC8659785703CD6B

ATTENTION!=====> C:\windows\system32\Drivers\tdx.sys IS INFECTED AND SHOULD BE REPLACED.

C:\windows\system32\Drivers\tcpip.sys
[2012-05-12 10:51] - [2012-03-30 11:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\windows\system32\dnsrslvr.dll
[2011-04-14 19:24] - [2011-03-03 06:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\windows\system32\mpssvc.dll
[2009-07-14 00:53] - [2009-07-14 02:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\windows\system32\bfe.dll
[2009-07-14 00:54] - [2009-07-14 02:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-14 00:23] - [2009-07-14 02:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\windows\system32\vssvc.exe
[2009-07-14 00:24] - [2009-07-14 02:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\windows\system32\wscsvc.dll
[2011-02-23 18:43] - [2010-12-21 06:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll
[2009-07-14 01:15] - [2009-07-14 02:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\windows\system32\qmgr.dll
[2009-07-14 00:30] - [2009-07-14 02:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:11 PM

Posted 31 May 2012 - 11:12 AM

Aspall,

Combofix took care of serveral items, but there's still a bit more work to do. :thumbup2:

:step1: Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

NETSVC: admservice
NETSVC: savrtpel
NETSVC: bdrsdrv
NETSVC: EL90X
NETSVC: tdsmapi
NETSVC: zntport
NETSVC: vhidmini
NETSVC: lvpopflt
NETSVC: hpqwmiex
NETSVC: lxcr_device
NETSVC: EIO_XP
NETSVC: thotkey
NETSVC: Nmea
NETSVC: rtl8187Se
NETSVC: lckfldservice
NETSVC: FlexBios
NETSVC: euq_monitor
NETSVC: LPDSVC
NETSVC: ar5211
NETSVC: websensecamreportserver
NETSVC: TNaviSrv
NETSVC: ibmsmbus
NETSVC: TSHWMDTCP
NETSVC: RTSTOR
NETSVC: nic1394
NETSVC: d-link_st3402
NETSVC: ccdecode
NETSVC: UDFReadr
NETSVC: websensepolicyserver
NETSVC: mrpostman
NETSVC: NTACCESS
NETSVC: Xyz777b
NETSVC: spbbcsvc
NETSVC: sit_mdm
NETSVC: s116bus
NETSVC: agpcpq
NETSVC: SE26mgmt
NETSVC: RTL8169
NETSVC: cdaudio
NETSVC: wlancfg
NETSVC: cwafrmiregistry
NETSVC: TPM
NETSVC: VrAcFil
NETSVC: {a7447300-8075-4b0d-83f1-3d75c8ebc623}
NETSVC: s616unic
NETSVC: Blfp
NETSVC: hsxhwazl
NETSVC: webupdate
NETSVC: s117obex
NETSVC: aeaudio
NETSVC: usbbus
NETSVC: {95808DC4-FA4A-4c74-92FE-5B863F82066B}
NETSVC: carboniteservice
NETSVC: CBTNDIS5
NETSVC: ndasscsi
NETSVC: se44obex
NETSVC: nsvclog
NETSVC: dlbx_device
NETSVC: firelm01
NETSVC: OneCareMP
NETSVC: crystaloutputfileserver
NETSVC: rimusb
NETSVC: snoopfreesvc
NETSVC: 3comtftp
NETSVC: roxupnpserver
NETSVC: BCMTPM
NETSVC: servicemgr
NETSVC: w550bus
NETSVC: smapint
NETSVC: flashcomadmin
NETSVC: L6POD
NETSVC: networkx
NETSVC: lxbt_device
NETSVC: iap
NETSVC: ibmpmdrv
NETSVC: mpservice
NETSVC: servicelayer
NETSVC: logmein
NETSVC: nimxdfk
NETSVC: yukonwxp
NETSVC: asp.net_2.0.50727
NETSVC: SE2Cmgmt
NETSVC: tdrpman174
NETSVC: df5serv
NETSVC: dlapoolm
NETSVC: rapapp
NETSVC: contentindex
NETSVC: s616mdm
NETSVC: ghostsec
NETSVC: ATIBTXBAR
NETSVC: V0080Dev
NETSVC: tfsndrct
NETSVC: SerTVOutCtlr
NETSVC: spupdsvc
NETSVC: SNMP
NETSVC: ql12160
NETSVC: tphkdrv
NETSVC: DcLps
NETSVC: mwspollserver
NETSVC: amfilter
NETSVC: sfhlp01
NETSVC: vcsw
NETSVC: raidmagt
NETSVC: bcoreusb
NETSVC: lxcf_device
NETSVC: DCamUSBGrandTek
NETSVC: megamonitorsrv
NETSVC: nsausvc
NETSVC: Epiusb
NETSVC: ativraxx
NETSVC: w800obex
NETSVC: pctavsvc
NETSVC: oracle_load_balancer_60_server-forms6ip14
NETSVC: s3ssavage
NETSVC: CrystalSysInfo
NETSVC: elservice
NETSVC: VC6SecS
NETSVC: avgclean
NETSVC: imountsrv
NETSVC: modemcsa
NETSVC: tmesrv3
NETSVC: Spsmqvsm
NETSVC: iviVD
NETSVC: emAudio
NETSVC: PciBus
NETSVC: nwlnkflt
NETSVC: NWHOST
NETSVC: deltafw
NETSVC: avgio
NETSVC: epsonstatusagent2
NETSVC: T6963C
NETSVC: SRTSPL
NETSVC: mnsframework
NETSVC: asc
NETSVC: sfcure01
NETSVC: wkscfgsrv
NETSVC: MRESP50
NETSVC: wps
NETSVC: se44nd5
NETSVC: bc_tdi_f
NETSVC: mwstick
NETSVC: nwlnkspx
NETSVC: hwpsgt
NETSVC: sdcplh
NETSVC: e1express
NETSVC: websenseuserservice
NETSVC: aalogger
NETSVC: naimagent32
NETSVC: pdlndtdl
NETSVC: z525obex
NETSVC: mi-raysat_3dsMax2008_32
NETSVC: WmHidLo
NETSVC: W2acehid
NETSVC: LUsbKbd
NETSVC: olregcap
NETSVC: prevxagent
NETSVC: SlNtHal
NETSVC: k750obex
NETSVC: XUIF
NETSVC: {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
NETSVC: rismxdp
NETSVC: lxrsge10s
NETSVC: bdfdll
NETSVC: TUWinStylerThemeSvc
NETSVC: SQTECH9080
NETSVC: ALYac_PZSrv
NETSVC: pcidrv
NETSVC: racsvc
NETSVC: U3sHlpDr
NETSVC: prohlp02
NETSVC: nimcrpcsu
NETSVC: transactional
NETSVC: db2
NETSVC: oracleorahome811cmadmin
NETSVC: tunnelguardservice
NETSVC: CTAudSvcService
NETSVC: websensecamserver
NETSVC: mcredirector
NETSVC: RR2Vbi
NETSVC: EKECioCtl
NETSVC: U2SP
NETSVC: apache2
NETSVC: AsIO
NETSVC: ufdsvc
NETSVC: nvnforce
NETSVC: cachemgr
NETSVC: pdlndint
NETSVC: nvatabus
NETSVC: de_serv
NETSVC: WmaCDriverV32
NETSVC: filechecker
NETSVC: armoucfltr
NETSVC: appdrv
NETSVC: Memctl
NETSVC: atfsd
NETSVC: oracleorahomedatagatherer
NETSVC: SE2Bmdm
NETSVC: nmservice
NETSVC: lvupdtio
NETSVC: InterBaseServer
NETSVC: AlteraByteBlaster
NETSVC: serialkeys
NETSVC: Wuser32
NETSVC: usprserv
NETSVC: int15.sys
NETSVC: was
NETSVC: WINIO
NETSVC: emu10k1
NETSVC: atmarpc
NETSVC: LKbdFlt2
NETSVC: winproxy
NETSVC: VAIOMediaPlatform-VideoServer-HTTP
NETSVC: tmactmon
NETSVC: pcctlcom
NETSVC: LMouKE
NETSVC: MailService
NETSVC: pdlncbas
NETSVC: ROCKEYNT
NETSVC: FireHook
NETSVC: rp32service
NETSVC: sfvfs02
NETSVC: W8335XP
NETSVC: zebrmdm
NETSVC: yats32
NETSVC: oracle%oracle_home_service%clientcache80
NETSVC: avidstartup
NETSVC: lvtuner
NETSVC: nmap
NETSVC: slave
NETSVC: epgspooler
NETSVC: proxyhostdriver
NETSVC: vncdrv
NETSVC: nipsvc
NETSVC: transbaseservice
NETSVC: Wbutton
NETSVC: easdrv
NETSVC: ss_mdm
NETSVC: UxTuneUp
NETSVC: BVRPMPR5
NETSVC: nhcDriverDevice
NETSVC: cpqfcalm
NETSVC: HPSLPSVC
NETSVC: symndis
NETSVC: curtainssyssvc
NETSVC: prodrv06
NETSVC: advservice
NETSVC: s716obex
NETSVC: tng-doba
NETSVC: sagefserver
NETSVC: pinetmgr
NETSVC: p1131vid
NETSVC: AVCamUSB20
NETSVC: Stltrk2k
NETSVC: FETNDIS
NETSVC: dtscsi
NETSVC: ScanUSBEMPIA
NETSVC: cmudau
NETSVC: FireTDI
NETSVC: rmedia
NETSVC: zpsc
NETSVC: sgeclient
NETSVC: tlntsvr
NETSVC: usbsermptxp
NETSVC: SndTDriverV32
NETSVC: uscbs108
NETSVC: mcafeeantispyware
NETSVC: tvicport
NETSVC: dntus26
NETSVC: DCamUSBEMPIA
NETSVC: slabser
NETSVC: ma763004
NETSVC: ARPolicy
NETSVC: dmio
NETSVC: Via4in1
NETSVC: SED133x
NETSVC: vpcnfltr
NETSVC: asctrm
NETSVC: nsysaudm
NETSVC: dmusic
NETSVC: iaimtv4
NETSVC: speedfan
NETSVC: tmtdi
NETSVC: regdefend
NETSVC: ARCSOFTVIRTUALCAPTURE
NETSVC: ELmon
NETSVC: LHidUsbK
NETSVC: kerbkey
NETSVC: webrootenterpriseclientservice
NETSVC: USB28xxOEM
NETSVC: trlokom_rmhsvc
NETSVC: roxmediadb
NETSVC: CnxTrLan
NETSVC: ATIBTCAP
NETSVC: oracleorahometnslistener
NETSVC: acs
NETSVC: EACSvrMngr
NETSVC: NetMsmqActivator
NETSVC: XFX_program
NETSVC: roxmediadb9
NETSVC: WUSB54Gv4SVC
NETSVC: sweepsrv.sys
NETSVC: rsvp
NETSVC: ntsecure
Replace: C:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys C:\windows\system32\Drivers\tdx.sys

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as we did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

:step2: Rerun Combofix

Please close any browsers, and any other open programs.

Double click on Combofix to run it again. If prompted to update Combofix, please allow it to do so.

Please be patient, as it may take some time to scan. Do not mouseclick Combofix while it is running, as that may cause it to stall.

Combofix will produce a log, located at C:\Combofix.txt


In your next reply, please include:
  • FRST log
  • Combofix log
  • How's your computer running now? Please be as descriptive as possible.

Edited by jntkwx, 31 May 2012 - 11:06 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users