Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scour Virus


  • This topic is locked This topic is locked
45 replies to this topic

#1 dfort3

dfort3

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 22 October 2012 - 09:24 AM

Am experiencing a rather nasty redirect virus. My wife, after 20-odd years of marriage, suddenly decided to take cooking seriously (I pause to shudder), and upon her first forray into research, she searched for a tater-tot casserole recipe, clicked a link, and hooked a rather nasty malware (my stomach was left growling). I want to call it The Tater-Tot Casserole Virus, but somehow doubt there is such an entity. I have seen "Scour Virus" referenced here, and as that is one of the redirects it has issued, I will go with that. It appears to be smarter than I am (not a stretch, admittedly), as it blocks all attempts to run tdsskiller and aswMBR. Have ran Malware Bytes and Avast (including a boot scan), and each find multiple trojans, remove them, but computer is summarily infected again each time. Am at wit's end. Thinking I may just have to reformat drive. Have uttered (screamed) words I didn't even know were left inside me. :( Help me Gringo-Wan Kenobi, you're my only hope!

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 22 October 2012 - 03:39 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Do you have a USB Flash Drive you can use?

Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 October 2012 - 09:01 AM

"Please tell us if you have your original Windows CD/DVD available"

I do not.


"If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far."


I outlined most of my issues and attempts to fix them in my original post, but will try to be a little more detailed here about some things. When I say that I am unable to get tdsskiller and aswMBR to run, perhaps I should explain it a little more clearly. I click on the icon, and the little circle (the thing that used to be an hourglass on my older computers) spins like it is attempting to load, and then the circle disappears, the icon goes back to its normal appearance, but it never displays the program. I have tried right-clicking on it, running it as Administrator. I have tried going on my noninfected computer and downloading the program directly to a USB flash drive, and then taking that flash drive to the infected computer and opening it through the Files section of the flash drive. I have tried doing so in Safe Mode, Safe Mode With Networking, and Normal Start-up, with the same results every time. I have also tried simply opening the program sans flash drive, just from the infected computer itself, in all three of those modes, to no avail. Avast will run fine, but not its aswMBR product.

Some of this becomes hazy now, as I've tried these things over a span of time, but if memory serves, I believe the RogueKiller was also problematic as far as trying to get it to run. And there might be others, but those are the ones that readily come to mind.
I have ran Ad-Aware, Malware Bytes, Avast scans, both full scans and quick scans, and, of course, they find myriad trojans, as well as more harmless things, and appear to remove them, but upon rebooting the computer, the main virus is always alive and well, and readily begins taking over the computer again. I have tried running Avast in boot scan mode, as well.

I deleted Google Chrome, as much of my problems appeared to be in that program, and that helped somewhat with the redirects. Actually, it helped a lot with the redirects. Problems that persist are primarily a very, very slow computer, and that very often there is a prompt that says that Internet Explorer has stopped working, and then all open windows of Explorer close, the program shuts down. Avast appears to be catching much of the malicious activity in its real-time protection, and perhaps that is why the redirects are less. There will be a flash of some odd site that it starts to redirect to, but then will go back to whatever site I had in the address bar before the redirect attempt.

I'm sure I'm leaving something out, but hopefully that's enough for a start. :)

#4 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 October 2012 - 09:16 AM

Below is the DDS log report. A second window popped up with a log entitled "Attach," but said not to post it unless specifically instructed to do so, so I left that one out, but have saved the file in the event you need it, so please let me know if it is something you need and I will send it, as well.


DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Talley at 9:02:45 on 2012-10-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1913.572 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=5
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn9\yt.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {bb78b434-c869-e534-65a9-f4a7dab04d57} - c:\program files\socialribbons lp4\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn9\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: SocialRibbons LP4: {DAA05029-EECE-7A44-A584-C603C68CB608} - c:\program files\socialribbons lp4\Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn7\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn9\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Facebook Update] "c:\users\talley\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [TpShocks] TpShocks.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpncisco.captcolo.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{652DC228-989D-4D44-AC1B-A7035FD3F4FE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{652DC228-989D-4D44-AC1B-A7035FD3F4FE}\2456C6B696E6E233533364 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{652DC228-989D-4D44-AC1B-A7035FD3F4FE}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{652DC228-989D-4D44-AC1B-A7035FD3F4FE}\84F6D6560AE4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AAE053AB-CEAE-484D-8908-5F1BDE184534} : DHCPNameServer = 192.168.2.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-13 64512]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-8-24 310320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1737728]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-10 233472]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-21 729752]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-21 355632]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-8-24 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-8-24 482432]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100922.001\IDSvix86.sys [2010-9-23 344112]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-16 13480]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-21 21256]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-21 58680]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-21 44808]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
S2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-12-18 171872]
S2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-12-18 163680]
S2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-8-24 117640]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-11-21 632792]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-4 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-4 166384]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
S2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-1-6 5120]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
S2 W32Serv;Windows Search Scheduler; [x]
S3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-7-10 125568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-10 122880]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-7 119256]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-1 15232]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-10 75112]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-4 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-4 1124848]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-8-24 48688]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-26 1343400]
S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2009-7-15 18952]
.
=============== Created Last 30 ================
.
2012-10-21 20:31:06 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-21 20:31:03 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-21 20:31:02 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-21 20:28:42 41224 ----a-w- c:\windows\avastSS.scr
2012-10-19 19:13:30 308224 ----a-w- c:\windows\msisear.exe
2012-10-18 20:39:06 0 ----a-w- c:\windows\system32\sho5208.tmp
2012-10-17 04:10:48 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f2f80938-7e56-4768-9341-ee0b1a1093ef}\mpengine.dll
2012-10-17 03:06:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-17 02:39:59 -------- d-----w- c:\users\talley\appdata\local\temp
2012-10-17 01:25:19 208896 ----a-w- c:\windows\MBR.exe
2012-10-17 01:25:18 98816 ----a-w- c:\windows\sed.exe
2012-10-17 01:25:18 256000 ----a-w- c:\windows\PEV.exe
2012-10-17 01:23:57 -------- d-----w- C:\ComboFix10110675C
2012-10-16 19:15:11 -------- d-----w- c:\program files\VS Revo Group
2012-10-16 16:35:08 -------- d-----w- C:\ComboFix101
2012-10-15 20:35:22 -------- d-----w- c:\users\talley\appdata\roaming\Xied
2012-10-15 20:35:22 -------- d-----w- c:\users\talley\appdata\roaming\Noow
2012-10-11 06:20:44 -------- d-----w- C:\e
2012-10-10 21:25:06 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 21:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 21:20:11 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-10 21:20:09 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-10 21:20:09 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-10 21:20:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 21:20:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 21:20:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 21:20:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 21:20:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 21:20:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 21:20:00 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 21:15:21 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 21:15:16 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 21:15:14 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 21:11:42 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 21:11:26 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 21:11:26 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 21:10:49 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 09:22:15 -------- d-----w- C:\ComboFix
2012-10-09 07:30:17 -------- d--h--w- c:\windows\PIF
2012-10-09 05:21:39 -------- d-----w- c:\users\talley\appdata\roaming\RealNetworks
2012-10-01 10:23:39 0 ----a-w- c:\windows\system32\sho5F49.tmp
2012-09-29 07:35:07 0 ----a-w- c:\windows\system32\sho7072.tmp
2012-09-25 20:03:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-08 20:19:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 20:19:32 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-09 03:23:56 0 ----a-w- c:\windows\system32\sho4C3E.tmp
2012-08-07 00:25:08 0 ----a-w- c:\windows\system32\shoBD6C.tmp
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-01 05:44:56 0 ----a-w- c:\windows\system32\sho6182.tmp
2012-07-27 21:13:46 0 ----a-w- c:\windows\system32\sho848D.tmp
2012-07-27 03:29:46 0 ----a-w- c:\windows\system32\sho3122.tmp
2012-07-26 22:27:04 4024320 ----a-w- c:\program files\GUTB85.tmp
2012-07-25 03:28:20 4024320 ----a-w- c:\program files\GUTEEA3.tmp
.
============= FINISH: 9:08:34.78 ===============

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 23 October 2012 - 11:04 AM

Hello dfort3,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
You say you have and are now using Avast antivirus. We must now get rid of the the other Antivirus on your machine.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove both Lavasoft Ad-Watch Live! Anti-Virus and Norton Internet Security.. For Norton please use the following uninstaller to remove it correctly.

Uninstall Norton

  • Download the Norton Removal Tool to your desktop.
  • On the Windows desktop, double-click the Norton Removal Tool icon.
  • Follow the on-screen instructions.
    Note:Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts
Norton should now be removed from your PC.


2.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

Edited by fireman4it, 23 October 2012 - 11:05 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 October 2012 - 11:28 AM

fireman, first off, thanks for your prompt and thorough reply! I will read through and digest your last posting momentarily. Am having trouble staying connected to Internet Explorer, so wanted to go ahead and post this GMER log before I get kicked off Explorer again. Thanks again! Oh, by the way, the GMER scan would not work as you'd requested. Don't know if it's me not being able to figure it out, or if it has something to do with the virus. This is all that it would allow me to check. The rest were gray and inactive. Here's what it scanned: Services, Registry, Files, C:, ADS.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-23 11:10:13
Windows 6.1.7601 Service Pack 1
Running: i7idpp1g.exe; Driver: C:\Users\Talley\AppData\Local\Temp\kxroapoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Talley\AppData\Local\temp\~DFC83CC49E49610941.TMP 0 bytes
File C:\Users\Talley\AppData\Local\temp\~DFC9DB7F7FAD6D2B34.TMP 0 bytes
File C:\Users\Talley\AppData\Local\temp\~DFDBDA13AFF1D4567A.TMP 0 bytes
File C:\Users\Talley\AppData\Local\temp\~DF4CEC130D02D3E848.TMP 0 bytes
File C:\Users\Talley\AppData\Local\temp\~DFFC2C395B58937486.TMP 0 bytes
File C:\Users\Talley\AppData\Local\temp\~DFFCC4981136A2CF00.TMP 0 bytes
File C:\Users\Talley\AppData\Local\temp\~DFFEFFA96FA4235603.TMP 0 bytes
File C:\Users\Talley\AppData\Local\temp\~DF4396AC48B3B9C89B.TMP 0 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\css_8f92bc03578de91edea4d8d156a42c1a_3[1].css 121 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\data[1].htm 54 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\data_1349701978[1].js 116351 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\ddc[1].htm 15335 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\ddc[2].htm 15335 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\ddc[3].htm 15335 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\ddc[4].htm 15335 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\DefaultPlayer[1].js 4110 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\delsym_core_lozenges_rain15_onshipping_us_linear_480x360_h264[1].mp4 674097 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\tap[5].gif 49 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\TBG_logo[1].jpg 33942 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\tell-a-friend[1].jpg 675 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\TidalTV_AS3_API_v1_0_4[1].swf 135195 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\tools[1].js 7239 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\tooltips[1].js 482 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQPA8CQ\tr-apx[1].htm 1554 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJVKP70D\ErrorPageTemplate[2] 2168 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJVKP70D\httpErrorPagesScripts[2] 0 bytes
File C:\Users\Talley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVEX2VEE\errorPageStrings[1] 0 bytes
File C:\Users\Talley\AppData\Roaming\Microsoft\Windows\Cookies\SVG8Q06S.txt 724 bytes
File C:\Windows\temp\Cookies\T62PXG5M.txt 0 bytes
File C:\Windows\temp\Cookies\EJ92JCV4.txt 0 bytes

---- EOF - GMER 1.0.15 ----

#7 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 October 2012 - 01:35 PM

Below is the FRST scan log. I think Norton is removed, but ran into difficulties when it tried to reboot the computer. It tried to go to a Symantec site, of course, but would not allow me to connect to the internet. I tried this more than once, with the same results. It would freeze and not show any list of available connections. So I am not sure what the status is of that. Looked as if it uninstalled it, but some components might still be there due to that glitch. As for Ad-Aware, fireman, I ran into this same problem the other day, and it still persists. I go to Computer, but cannot find it listed under the programs, either as Lavasoft of Ad-Aware under Publisher. Have also tried to search from the Start button, but it doesn't show up there either. It is obviously still there (Unless it's some virus that mimics Ad-Aware or something), as it seems to run and find trojans, adware, et cetera. But I just see no indication of where it is either in Programs or a file search. So that program is not deleted.

Now, as far as the FRST scan goes, I was unable to do it per the directions. When I tried to click on Repair Your Computer, it froze, and could go no further. Tried this twice, same result. I rebooted yet again and chose the Safe Mode With Command Prompt option, and ran the scan via that prompt, which I believe said something like Windows\System 32. Should have written that down, sorry. I didn't go the notepad route, as I ran into a glitch there (I'm thinking that one was of my own making), so I simply typed the flash drive letter followed by the frst.exe that you mentioned, and it found it and started the program from there, from the c:Windows\System 32 prompt, booting the flash drive exe from there.

Sorry to be so verbose. I ain't exactly The Great Communicator, so please let me know if you need clarification or further information. Also, fireman, if you need to tend to other folks, please do so. I don't know how much more time I'll have to work on this today, so please don't feel any pressure from my end. I suspect I'll be able to get back to it late tonight or in the morning. Thanks so much!


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2012
Ran by Talley at 23-10-2012 13:02:27
Running from E:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-10-23 11:10 - 2012-10-23 11:10 - 00006066 ____A C:\Users\Talley\Desktop\GMER Log.log
2012-10-23 09:44 - 2012-10-23 11:12 - 00000112 ____A C:\Users\All Users\06Hillw.dat
2012-10-23 09:44 - 2012-10-23 09:44 - 00127016 ____A (four) C:\Users\Talley\woavjrkquebhvuvmedkt.exe
2012-10-23 09:44 - 2012-10-23 09:44 - 00127016 ____A (four) C:\Users\All Users\o543FuR0.exe_
2012-10-23 09:44 - 2012-10-23 09:44 - 00127016 ____A (four) C:\Users\All Users\o543FuR0.exe
2012-10-23 09:44 - 2012-10-23 09:44 - 00000001 ____A C:\Users\All Users\o543FuR0.exe_.b
2012-10-23 09:44 - 2012-10-23 09:44 - 00000001 ____A C:\Users\All Users\o543FuR0.exe.b
2012-10-23 09:27 - 2012-10-23 09:38 - 00000000 ____D C:\Users\Talley\Desktop\gmer
2012-10-23 09:26 - 2012-10-23 09:26 - 00294216 ____A C:\Users\Talley\Desktop\gmer.zip
2012-10-23 09:24 - 2012-10-23 09:24 - 00302592 ____A C:\Users\Talley\Desktop\i7idpp1g.exe
2012-10-23 09:17 - 2012-10-23 09:17 - 00015596 ____A C:\Users\Talley\Documents\DDS attach.txt
2012-10-23 08:23 - 2012-10-23 12:57 - 00000384 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-10-22 15:59 - 2012-10-22 15:59 - 00015891 ____A C:\Windows\System32\hs_err_pid6072.log
2012-10-21 15:31 - 2012-10-21 15:31 - 00002090 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-21 15:31 - 2012-08-21 04:13 - 00729752 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-21 15:31 - 2012-08-21 04:13 - 00355632 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-10-21 15:31 - 2012-08-21 04:13 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-21 15:31 - 2012-08-21 04:13 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-21 15:31 - 2012-08-21 04:13 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-10-21 15:31 - 2012-08-21 04:13 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-10-21 15:28 - 2012-08-21 04:12 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-21 15:28 - 2012-08-21 04:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-19 14:13 - 2012-10-19 14:13 - 00308224 ____A () C:\Windows\msisear.exe
2012-10-19 14:10 - 2012-10-19 14:10 - 00184836 ____A C:\Windows\System32\c_7265170.nls
2012-10-18 15:39 - 2012-10-18 15:39 - 00000000 ____A C:\Windows\System32\sho5208.tmp
2012-10-18 15:15 - 2012-10-18 15:15 - 00000310 ____A C:\Windows\Tasks\WebReg HP Deskjet D1600 series.job
2012-10-16 22:09 - 2012-10-16 22:09 - 00041985 ____A C:\ComboFix.txt
2012-10-16 20:25 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-16 20:25 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-16 20:25 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-16 20:25 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-16 20:25 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-16 20:25 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-16 20:25 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-16 20:23 - 2012-10-16 22:10 - 00000000 ____D C:\ComboFix10110675C
2012-10-16 18:28 - 2012-10-16 22:10 - 00000000 ____D C:\Qoobox
2012-10-16 18:22 - 2012-10-16 18:22 - 00000000 ____A C:\Users\Talley\defogger_reenable
2012-10-16 14:15 - 2012-10-16 14:15 - 00000000 ____D C:\Program Files\VS Revo Group
2012-10-16 11:35 - 2012-10-16 17:58 - 00000000 ____D C:\ComboFix101
2012-10-16 10:58 - 2012-10-16 10:58 - 00001582 ____A C:\AdwCleaner[R9].txt
2012-10-16 10:58 - 2012-10-16 10:58 - 00001522 ____A C:\AdwCleaner[S7].txt
2012-10-16 10:54 - 2012-10-16 10:54 - 00001522 ____A C:\AdwCleaner[R8].txt
2012-10-15 15:35 - 2012-10-16 02:49 - 00000000 ____D C:\Users\Talley\AppData\Roaming\Xied
2012-10-15 15:35 - 2012-10-15 15:35 - 00000000 ____D C:\Users\Talley\AppData\Roaming\Noow
2012-10-14 14:51 - 2012-10-14 14:51 - 00001404 ____A C:\AdwCleaner[R7].txt
2012-10-14 14:51 - 2012-10-14 14:51 - 00001344 ____A C:\AdwCleaner[S4].txt
2012-10-14 14:05 - 2012-10-14 14:05 - 00001284 ____A C:\AdwCleaner[R6].txt
2012-10-14 14:05 - 2012-10-14 14:05 - 00001224 ____A C:\AdwCleaner[S3].txt
2012-10-12 20:19 - 2012-10-17 14:47 - 00000000 ____D C:\Windows\Sun
2012-10-11 03:01 - 2012-10-11 03:03 - 00000361 ____A C:\rkill.log
2012-10-11 01:54 - 2012-10-11 01:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Talley\Desktop\tdsskiller (1).exe
2012-10-11 01:52 - 2012-10-11 01:52 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Talley\Desktop\tdsskiller.exe
2012-10-11 01:34 - 2012-10-11 01:34 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Talley\Downloads\rkill (1).exe
2012-10-11 01:20 - 2012-10-11 01:20 - 00000000 ____D C:\e
2012-10-11 01:15 - 2012-10-16 18:00 - 00000000 ____D C:\Users\Talley\Desktop\RK_Quarantine
2012-10-11 01:15 - 2012-10-11 01:15 - 00005608 ____A C:\AdwCleaner[R2].txt
2012-10-11 01:02 - 2012-10-11 00:46 - 00538327 ____A C:\Users\Talley\Desktop\adwcleaner.exe
2012-10-11 01:02 - 2012-07-26 16:38 - 04731392 ____A (AVAST Software) C:\Users\Talley\Desktop\aswMBR.exe
2012-10-11 01:01 - 2012-07-26 16:32 - 00881494 ____A C:\Users\Talley\Desktop\SecurityCheck.exe
2012-10-11 00:58 - 2012-10-11 00:59 - 00005527 ____A C:\AdwCleaner[R1].txt
2012-10-10 16:25 - 2012-08-24 11:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 16:24 - 2012-09-14 13:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 16:20 - 2012-08-20 12:40 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 16:20 - 2012-08-20 12:40 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 16:20 - 2012-08-20 12:40 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 16:20 - 2012-08-20 12:37 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 16:20 - 2012-08-20 12:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 16:20 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 16:20 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 16:20 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 16:20 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 16:20 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 16:20 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 12:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 10:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 10:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 10:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 16:19 - 2012-08-20 10:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 16:15 - 2012-06-01 23:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 16:15 - 2012-06-01 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 16:15 - 2012-06-01 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 16:11 - 2012-08-31 12:18 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 16:11 - 2012-08-30 12:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 16:11 - 2012-08-30 12:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 16:10 - 2012-08-10 18:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 04:22 - 2012-10-16 20:23 - 00000000 ____D C:\ComboFix
2012-10-09 04:19 - 2012-10-09 04:20 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Talley\Downloads\rkill.exe
2012-10-09 04:12 - 2012-10-09 04:13 - 04764063 ___RA (Swearware) C:\Users\Talley\Downloads\ComboFix.exe
2012-10-09 03:20 - 2012-10-09 03:20 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-09 02:31 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-09 02:30 - 2012-10-09 05:00 - 00000000 ___HD C:\Windows\PIF
2012-10-09 00:21 - 2012-10-09 00:21 - 00000000 ____D C:\Users\Talley\AppData\Roaming\RealNetworks
2012-10-07 22:44 - 2012-10-07 22:44 - 00000144 ____A C:\Users\All Users\-YRNOk1kPiPRKyxr
2012-10-07 22:44 - 2012-10-07 22:44 - 00000144 ____A C:\Users\All Users\-YRNOk1kPiPRKyx
2012-10-01 05:23 - 2012-10-01 05:23 - 00000000 ____A C:\Windows\System32\sho5F49.tmp
2012-09-29 02:35 - 2012-09-29 02:35 - 00000000 ____A C:\Windows\System32\sho7072.tmp
2012-09-25 15:03 - 2012-08-21 15:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe


==================== 3 Months Modified Files ==================

2012-10-23 12:57 - 2012-10-23 08:23 - 00000384 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-10-23 12:57 - 2011-04-13 13:05 - 00356469 ____A C:\aaw7boot.log
2012-10-23 11:45 - 2009-07-13 23:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-23 11:44 - 2009-07-13 23:39 - 00234680 ____A C:\Windows\setupact.log
2012-10-23 11:35 - 2010-08-25 01:53 - 00060000 ____A C:\Windows\PFRO.log
2012-10-23 11:12 - 2012-10-23 09:44 - 00000112 ____A C:\Users\All Users\06Hillw.dat
2012-10-23 11:10 - 2012-10-23 11:10 - 00006066 ____A C:\Users\Talley\Desktop\GMER Log.log
2012-10-23 09:44 - 2012-10-23 09:44 - 00127016 ____A (four) C:\Users\Talley\woavjrkquebhvuvmedkt.exe
2012-10-23 09:44 - 2012-10-23 09:44 - 00127016 ____A (four) C:\Users\All Users\o543FuR0.exe_
2012-10-23 09:44 - 2012-10-23 09:44 - 00127016 ____A (four) C:\Users\All Users\o543FuR0.exe
2012-10-23 09:44 - 2012-10-23 09:44 - 00000001 ____A C:\Users\All Users\o543FuR0.exe_.b
2012-10-23 09:44 - 2012-10-23 09:44 - 00000001 ____A C:\Users\All Users\o543FuR0.exe.b
2012-10-23 09:26 - 2012-10-23 09:26 - 00294216 ____A C:\Users\Talley\Desktop\gmer.zip
2012-10-23 09:24 - 2012-10-23 09:24 - 00302592 ____A C:\Users\Talley\Desktop\i7idpp1g.exe
2012-10-23 09:17 - 2012-10-23 09:17 - 00015596 ____A C:\Users\Talley\Documents\DDS attach.txt
2012-10-23 07:33 - 2009-07-13 23:34 - 00016976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-23 07:33 - 2009-07-13 23:34 - 00016976 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-23 00:34 - 2012-08-18 21:29 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3295158799-1558734291-2803518208-1001UA.job
2012-10-22 21:34 - 2012-08-18 21:29 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3295158799-1558734291-2803518208-1001Core.job
2012-10-22 15:59 - 2012-10-22 15:59 - 00015891 ____A C:\Windows\System32\hs_err_pid6072.log
2012-10-21 15:31 - 2012-10-21 15:31 - 00002090 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-21 15:31 - 2009-07-13 21:04 - 00002620 ____A C:\Windows\System32\config.nt
2012-10-19 14:13 - 2012-10-19 14:13 - 00308224 ____A () C:\Windows\msisear.exe
2012-10-19 14:10 - 2012-10-19 14:10 - 00184836 ____A C:\Windows\System32\c_7265170.nls
2012-10-18 15:39 - 2012-10-18 15:39 - 00000000 ____A C:\Windows\System32\sho5208.tmp
2012-10-18 15:15 - 2012-10-18 15:15 - 00000310 ____A C:\Windows\Tasks\WebReg HP Deskjet D1600 series.job
2012-10-17 11:00 - 2010-07-10 18:55 - 00000340 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-10-17 01:10 - 2010-07-10 18:28 - 01305342 ____A C:\Windows\WindowsUpdate.log
2012-10-16 22:09 - 2012-10-16 22:09 - 00041985 ____A C:\ComboFix.txt
2012-10-16 21:49 - 2009-07-13 21:04 - 00000215 ____A C:\Windows\system.ini
2012-10-16 21:42 - 2009-07-13 21:03 - 57671680 ____A C:\Windows\System32\config\software.bak
2012-10-16 21:42 - 2009-07-13 21:03 - 20709376 ____A C:\Windows\System32\config\system.bak
2012-10-16 21:42 - 2009-07-13 21:03 - 01048576 ____A C:\Windows\System32\config\default.bak
2012-10-16 21:42 - 2009-07-13 21:03 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-10-16 21:42 - 2009-07-13 21:03 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-10-16 18:22 - 2012-10-16 18:22 - 00000000 ____A C:\Users\Talley\defogger_reenable
2012-10-16 18:02 - 2011-04-26 11:24 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-10-16 18:02 - 2011-04-26 11:24 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-10-16 10:58 - 2012-10-16 10:58 - 00001582 ____A C:\AdwCleaner[R9].txt
2012-10-16 10:58 - 2012-10-16 10:58 - 00001522 ____A C:\AdwCleaner[S7].txt
2012-10-16 10:54 - 2012-10-16 10:54 - 00001522 ____A C:\AdwCleaner[R8].txt
2012-10-14 14:51 - 2012-10-14 14:51 - 00001404 ____A C:\AdwCleaner[R7].txt
2012-10-14 14:51 - 2012-10-14 14:51 - 00001344 ____A C:\AdwCleaner[S4].txt
2012-10-14 14:05 - 2012-10-14 14:05 - 00001284 ____A C:\AdwCleaner[R6].txt
2012-10-14 14:05 - 2012-10-14 14:05 - 00001224 ____A C:\AdwCleaner[S3].txt
2012-10-11 03:03 - 2012-10-11 03:01 - 00000361 ____A C:\rkill.log
2012-10-11 01:54 - 2012-10-11 01:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Talley\Desktop\tdsskiller (1).exe
2012-10-11 01:52 - 2012-10-11 01:52 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Talley\Desktop\tdsskiller.exe
2012-10-11 01:34 - 2012-10-11 01:34 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Talley\Downloads\rkill (1).exe
2012-10-11 01:15 - 2012-10-11 01:15 - 00005608 ____A C:\AdwCleaner[R2].txt
2012-10-11 01:00 - 2009-07-21 00:30 - 00779526 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-11 00:59 - 2012-10-11 00:58 - 00005527 ____A C:\AdwCleaner[R1].txt
2012-10-11 00:46 - 2012-10-11 01:02 - 00538327 ____A C:\Users\Talley\Desktop\adwcleaner.exe
2012-10-10 20:53 - 2010-09-01 03:00 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 04:20 - 2012-10-09 04:19 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Talley\Downloads\rkill.exe
2012-10-09 04:13 - 2012-10-09 04:12 - 04764063 ___RA (Swearware) C:\Users\Talley\Downloads\ComboFix.exe
2012-10-09 03:20 - 2012-10-09 03:20 - 00001082 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-08 15:19 - 2012-04-16 02:15 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-08 15:19 - 2011-07-10 19:19 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-07 22:44 - 2012-10-07 22:44 - 00000144 ____A C:\Users\All Users\-YRNOk1kPiPRKyxr
2012-10-07 22:44 - 2012-10-07 22:44 - 00000144 ____A C:\Users\All Users\-YRNOk1kPiPRKyx
2012-10-01 05:23 - 2012-10-01 05:23 - 00000000 ____A C:\Windows\System32\sho5F49.tmp
2012-09-29 02:35 - 2012-09-29 02:35 - 00000000 ____A C:\Windows\System32\sho7072.tmp
2012-09-25 14:56 - 2009-07-13 23:53 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-17 18:00 - 2010-07-10 18:55 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-09-16 23:43 - 2012-09-16 23:43 - 00001664 ____A C:\Users\Talley\Downloads\Amazon-MP3-1347857000.amz
2012-09-14 13:28 - 2012-10-10 16:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-08-31 22:33 - 2012-08-31 22:33 - 00001922 ____A C:\Users\Public\Desktop\Amazon Unbox.lnk
2012-08-31 12:18 - 2012-10-10 16:11 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 12:12 - 2012-10-10 16:11 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-30 12:12 - 2012-10-10 16:11 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-29 20:28 - 2012-08-29 20:28 - 00001694 ____A C:\Users\Talley\Downloads\Amazon-MP3-1346290094.amz
2012-08-29 20:27 - 2012-08-29 20:27 - 00002301 ____A C:\Users\Talley\Downloads\Amazon-MP3-1346290026.amz
2012-08-29 20:19 - 2012-08-29 20:19 - 00002261 ____A C:\Users\Talley\Downloads\Amazon-MP3-1346289561.amz
2012-08-29 20:18 - 2011-07-11 21:35 - 00002172 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2012-08-24 11:57 - 2012-10-10 16:25 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 02:27 - 2012-09-21 22:06 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:03 - 2012-09-21 22:06 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 01:59 - 2012-09-21 22:06 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 01:51 - 2012-09-21 22:06 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 01:51 - 2012-09-21 22:06 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 01:51 - 2012-09-21 22:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 01:49 - 2012-09-21 22:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 01:48 - 2012-09-21 22:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 01:47 - 2012-09-21 22:06 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 01:47 - 2012-09-21 22:06 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 01:47 - 2012-09-21 22:06 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 01:45 - 2012-09-21 22:06 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 01:44 - 2012-09-21 22:06 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 01:44 - 2012-09-21 22:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 01:43 - 2012-09-21 22:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 01:40 - 2012-09-21 22:06 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-22 12:16 - 2012-09-12 00:03 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 12:16 - 2012-09-12 00:03 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 12:16 - 2012-09-12 00:03 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 12:16 - 2012-09-12 00:03 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 15:12 - 2012-09-25 15:03 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 04:13 - 2012-10-21 15:31 - 00729752 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 04:13 - 2012-10-21 15:31 - 00355632 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 04:13 - 2012-10-21 15:31 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 04:13 - 2012-10-21 15:31 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 04:13 - 2012-10-21 15:31 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 04:13 - 2012-10-21 15:31 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 04:12 - 2012-10-21 15:28 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 04:12 - 2012-10-21 15:28 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-20 15:44 - 2012-08-20 15:44 - 00000000 ____A C:\Users\Talley\Documents\20120820164548.txt
2012-08-20 12:40 - 2012-10-10 16:20 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 12:40 - 2012-10-10 16:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 12:40 - 2012-10-10 16:20 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 12:37 - 2012-10-10 16:20 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 12:32 - 2012-10-10 16:20 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:20 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:20 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:20 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:20 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:20 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:20 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 12:32 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 10:33 - 2012-10-10 16:19 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:33 - 2012-10-10 16:19 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:33 - 2012-10-10 16:19 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:33 - 2012-10-10 16:19 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-15 21:41 - 2009-07-13 23:33 - 00315824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 21:39 - 2012-08-15 21:39 - 00000017 ____A C:\Windows\System32\shortcut_ex.dat
2012-08-10 18:56 - 2012-10-10 16:10 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-08 22:23 - 2012-08-08 22:23 - 00000000 ____A C:\Windows\System32\sho4C3E.tmp
2012-08-08 17:54 - 2012-07-27 01:35 - 00000696 ____A C:\aswBoot.log
2012-08-06 19:25 - 2012-08-06 19:25 - 00000000 ____A C:\Windows\System32\shoBD6C.tmp
2012-08-02 11:57 - 2012-09-12 00:03 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 03:54 - 2012-08-02 03:54 - 00022528 ____A C:\Users\Talley\Downloads\Texas Success Initiative Exemptions-2007 update (1).wiz
2012-08-02 03:50 - 2012-08-02 03:50 - 00022528 ____A C:\Users\Talley\Downloads\Texas Success Initiative Exemptions-2007 update.wiz
2012-08-01 00:44 - 2012-08-01 00:44 - 00000000 ____A C:\Windows\System32\sho6182.tmp
2012-07-27 16:13 - 2012-07-27 16:13 - 00000000 ____A C:\Windows\System32\sho848D.tmp
2012-07-26 22:29 - 2012-07-26 22:29 - 00000000 ____A C:\Windows\System32\sho3122.tmp
2012-07-26 17:27 - 2012-07-26 17:27 - 04024320 ____A C:\Program Files\GUTB85.tmp
2012-07-26 16:47 - 2012-07-26 16:47 - 00139568 ____A C:\Windows\Minidump\072612-52135-01.dmp
2012-07-26 16:47 - 2011-08-16 15:39 - 178368815 ____A C:\Windows\MEMORY.DMP
2012-07-26 16:45 - 2012-07-26 16:45 - 00139568 ____A C:\Windows\Minidump\072612-64615-01.dmp
2012-07-26 16:38 - 2012-10-11 01:02 - 04731392 ____A (AVAST Software) C:\Users\Talley\Desktop\aswMBR.exe
2012-07-26 16:32 - 2012-10-11 01:01 - 00881494 ____A C:\Users\Talley\Desktop\SecurityCheck.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3295158799-1558734291-2803518208-1001\$40692c7369b277751283b1358a9ff3f6

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 1912.84 MB
Available physical RAM: 1463.09 MB
Total Pagefile: 3825.68 MB
Available Pagefile: 3455.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.48 MB

==================== Partitions =============================

1 Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:123.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:0.49 GB) (Free:0.11 GB) FAT
4 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.75 GB) (Free:3.32 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 503 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 221 GB 1201 MB
Partition 3 Primary 9 GB 223 GB
Partition 4 Primary 10 MB 232 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM_DRV NTFS Partition 1200 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 221 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Q Lenovo_Reco NTFS Partition 9 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 503 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E FAT Removable 503 MB Healthy

=========================================================

Last Boot: 2012-10-16 17:23

==================== End Of Log ============================

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 23 October 2012 - 04:55 PM

Hello,

Please run the following tools.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.


Things to include in your next reply::
TdssKiller log
Combofix.txt
Results.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 October 2012 - 07:15 PM

Thanks, fireman. Unfortunately, I am still not able to run tdsskiller in any mode. Tried Normal, Safe Mode, and Safe Mode With Networking. I click on it twice, as instructed, and it acts like it is trying to start, but then goes back to idle after having done nothing. I am going to wait to try and run the other two programs you linked me to until I hear back from you, in case there is a necessary or preferred order to all of this.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 23 October 2012 - 07:41 PM

Hello,

Go ahead skip tdsskiller and do the other steps.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 24 October 2012 - 04:48 PM

Below is the ComboFix log. I still am unable to get tdsskiller to work. I tried it again after ComboFix was complete, but still will not boot the program.

ComboFix 12-10-24.02 - Talley 10/24/2012 14:42:30.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1913.580 [GMT -5:00]
Running from: c:\users\Talley\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\@
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\L\00000004.@
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\L\201d3dde
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\n
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\U\00000004.@
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\U\00000008.@
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\U\000000cb.@
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\U\80000000.@
c:\$recycle.bin\S-1-5-18\$40692c7369b277751283b1358a9ff3f6\U\80000032.@
c:\$recycle.bin\S-1-5-21-3295158799-1558734291-2803518208-1001\$40692c7369b277751283b1358a9ff3f6\@
c:\$recycle.bin\S-1-5-21-3295158799-1558734291-2803518208-1001\$40692c7369b277751283b1358a9ff3f6\L\00000004.@
c:\$recycle.bin\S-1-5-21-3295158799-1558734291-2803518208-1001\$40692c7369b277751283b1358a9ff3f6\n
c:\programdata\o543FuR0.exe
c:\programdata\o543FuR0.exe.b
c:\programdata\o543FuR0.exe_
c:\users\Talley\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Talley\woavjrkquebhvuvmedkt.exe
c:\windows\assembly\GAC\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))
.
.
2012-10-24 20:31 . 2012-10-24 20:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-24 20:31 . 2012-10-24 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-23 18:02 . 2012-10-23 18:02 -------- d-----w- C:\FRST
2012-10-21 20:31 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-21 20:31 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-21 20:31 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-21 20:31 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-21 20:31 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-21 20:31 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-21 20:28 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-21 20:28 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-19 19:13 . 2012-10-19 19:13 308224 ----a-w- c:\windows\msisear.exe
2012-10-18 20:39 . 2012-10-18 20:39 0 ----a-w- c:\windows\system32\sho5208.tmp
2012-10-17 02:39 . 2012-10-24 20:55 -------- d-----w- c:\users\Talley\AppData\Local\temp
2012-10-16 19:15 . 2012-10-16 19:15 -------- d-----w- c:\program files\VS Revo Group
2012-10-15 20:35 . 2012-10-16 07:49 -------- d-----w- c:\users\Talley\AppData\Roaming\Xied
2012-10-15 20:35 . 2012-10-15 20:35 -------- d-----w- c:\users\Talley\AppData\Roaming\Noow
2012-10-13 01:19 . 2012-10-17 19:47 -------- d-----w- c:\windows\Sun
2012-10-11 06:20 . 2012-10-11 06:20 -------- d-----w- C:\e
2012-10-10 21:25 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 21:24 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 21:20 . 2012-08-20 17:40 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-10 21:20 . 2012-08-20 17:40 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-10 21:20 . 2012-08-20 17:37 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-10 21:20 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 21:20 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 21:20 . 2012-08-20 17:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 21:20 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 21:20 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 21:20 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 21:20 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 21:15 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 21:15 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 21:15 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 21:11 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 21:11 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 21:11 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 21:10 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 07:30 . 2012-10-09 10:00 -------- d--h--w- c:\windows\PIF
2012-10-09 05:21 . 2012-10-09 05:21 -------- d-----w- c:\users\Talley\AppData\Roaming\RealNetworks
2012-10-01 10:23 . 2012-10-01 10:23 0 ----a-w- c:\windows\system32\sho5F49.tmp
2012-09-29 07:35 . 2012-09-29 07:35 0 ----a-w- c:\windows\system32\sho7072.tmp
2012-09-25 20:03 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 20:36 . 2012-10-24 20:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2F80938-7E56-4768-9341-EE0B1A1093EF}\offreg.dll
2012-10-08 20:19 . 2012-04-16 07:15 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:19 . 2011-07-11 00:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 05:59 . 2012-10-17 04:10 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2F80938-7E56-4768-9341-EE0B1A1093EF}\mpengine.dll
2012-08-24 06:59 . 2012-09-22 03:06 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 03:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 03:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 03:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 03:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 03:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 05:03 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 05:03 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 05:03 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 05:03 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-09 03:23 . 2012-08-09 03:23 0 ----a-w- c:\windows\system32\sho4C3E.tmp
2012-08-07 00:25 . 2012-08-07 00:25 0 ----a-w- c:\windows\system32\shoBD6C.tmp
2012-08-02 16:57 . 2012-09-12 05:03 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-01 05:44 . 2012-08-01 05:44 0 ----a-w- c:\windows\system32\sho6182.tmp
2012-07-27 21:13 . 2012-07-27 21:13 0 ----a-w- c:\windows\system32\sho848D.tmp
2012-07-27 03:29 . 2012-07-27 03:29 0 ----a-w- c:\windows\system32\sho3122.tmp
2012-07-26 22:27 . 2012-07-26 22:27 4024320 ----a-w- c:\program files\GUTB85.tmp
2012-07-25 03:28 . 2012-07-25 03:28 4024320 ----a-w- c:\program files\GUTEEA3.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn9\yt.dll" [2012-06-11 1524056]
"{bb78b434-c869-e534-65a9-f4a7dab04d57}"= "c:\program files\SocialRibbons LP4\Helper.dll" [2011-08-16 357376]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{bb78b434-c869-e534-65a9-f4a7dab04d57}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{3B6845FF-5FF1-1934-C9C5-B53AB9AC567D}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAA05029-EECE-7A44-A584-C603C68CB608}]
2011-08-16 20:47 1534976 ----a-w- c:\program files\SocialRibbons LP4\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2010-09-21 01:25 731280 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2010-09-21 01:25 731280 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2010-09-21 01:25 731280 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Talley\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-19 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Personal Coach.lnk]
backup=c:\windows\pss\Personal Coach.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 01:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2010-09-21 01:25 913552 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2007-04-16 13:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7]
2012-06-09 21:58 10555904 ----a-w- c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-07 12:29 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IdeaNotesUser]
2009-06-10 21:20 221872 ----a-w- c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-07-23 16:53 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-28 05:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 22:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2010-03-02 18:20 886120 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-08-05 04:33 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-02-25 09:02 8522272 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2009-08-28 11:37 614400 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2010-11-15 22:05 112600 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-26 08:15 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
R1 MpKsl015aa518;MpKsl015aa518;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8CF66A4-CB18-4DF6-B2BA-0CC8B040180F}\MpKsl015aa518.sys [x]
R1 MpKsl01cce6d5;MpKsl01cce6d5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D9D7C3B-4E97-417E-B65A-CBD68DD4ACF1}\MpKsl01cce6d5.sys [x]
R1 MpKsl0540c690;MpKsl0540c690;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{123B8D6A-6489-4659-B01A-1D21A170EF84}\MpKsl0540c690.sys [x]
R1 MpKsl05f1e406;MpKsl05f1e406;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DE77074-E247-4821-99BD-95CF9E77E4D0}\MpKsl05f1e406.sys [x]
R1 MpKsl084d6a37;MpKsl084d6a37;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD49640C-915E-4992-9066-E69970FFB82A}\MpKsl084d6a37.sys [x]
R1 MpKsl0c9fe656;MpKsl0c9fe656;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD084A61-860E-4B4C-AA27-CCF037C4B54D}\MpKsl0c9fe656.sys [x]
R1 MpKsl11333343;MpKsl11333343;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB9A3B1C-E6D4-4ACD-81DF-288F6768320F}\MpKsl11333343.sys [x]
R1 MpKsl16779f1c;MpKsl16779f1c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE10F9C1-7494-44A1-9E4E-90342292E901}\MpKsl16779f1c.sys [x]
R1 MpKsl1a81ad05;MpKsl1a81ad05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4DFED8C-1A29-4DEF-99C0-9C92A6E6DE76}\MpKsl1a81ad05.sys [x]
R1 MpKsl1c44017b;MpKsl1c44017b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B516C050-8224-4DF1-85F0-F8ADAA4B4F86}\MpKsl1c44017b.sys [x]
R1 MpKsl1d027a9c;MpKsl1d027a9c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{942F6AAE-D44B-4CAE-8643-D984D3425592}\MpKsl1d027a9c.sys [x]
R1 MpKsl2126e056;MpKsl2126e056;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFC692FD-958F-4114-BA18-4730C8DFB13E}\MpKsl2126e056.sys [x]
R1 MpKsl24b5fd6a;MpKsl24b5fd6a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13664A50-8847-4B01-ADDF-301593D1281F}\MpKsl24b5fd6a.sys [x]
R1 MpKsl2a1c20a1;MpKsl2a1c20a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E31C369-27C0-43D2-9677-FE0463550F86}\MpKsl2a1c20a1.sys [x]
R1 MpKsl2d0892c9;MpKsl2d0892c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{792B98FA-5B81-4A4B-9EB8-B91D568D8DAF}\MpKsl2d0892c9.sys [x]
R1 MpKsl3165745d;MpKsl3165745d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71C7F95E-94D3-4A52-A07D-3A3FA4CF64EF}\MpKsl3165745d.sys [x]
R1 MpKsl31f4a5f2;MpKsl31f4a5f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{268A4FD0-9088-44A8-8455-B607F71FF497}\MpKsl31f4a5f2.sys [x]
R1 MpKsl37774016;MpKsl37774016;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F14BD0D7-2AAE-4247-9EC8-164E164DC262}\MpKsl37774016.sys [x]
R1 MpKsl40df427b;MpKsl40df427b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C82D378D-8062-40E3-9639-A1A05E3D7865}\MpKsl40df427b.sys [x]
R1 MpKsl4449af31;MpKsl4449af31;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7764C846-1890-43D9-B660-F65271324EA3}\MpKsl4449af31.sys [x]
R1 MpKsl45f6a837;MpKsl45f6a837;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B357AAF2-43D0-4222-8A7F-647CA20D8F01}\MpKsl45f6a837.sys [x]
R1 MpKsl48e8cba8;MpKsl48e8cba8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{228735F3-462B-4153-B1AA-2C063A6E2232}\MpKsl48e8cba8.sys [x]
R1 MpKsl4fcf7c9b;MpKsl4fcf7c9b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF2E3989-FD39-4C17-8DC4-1A49BBAAD7C9}\MpKsl4fcf7c9b.sys [x]
R1 MpKsl50573eb5;MpKsl50573eb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3370E120-83E7-4BD6-A5DF-1EE4A8D00850}\MpKsl50573eb5.sys [x]
R1 MpKsl51b2879d;MpKsl51b2879d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B138B622-A78D-4FFF-9BE5-D51491E00F02}\MpKsl51b2879d.sys [x]
R1 MpKsl53c1ea6a;MpKsl53c1ea6a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52B96788-1D4B-4155-96C2-7F87430F1104}\MpKsl53c1ea6a.sys [x]
R1 MpKsl5fa32665;MpKsl5fa32665;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60507470-1025-4157-BD4E-3B48485BDD9B}\MpKsl5fa32665.sys [x]
R1 MpKsl633e317f;MpKsl633e317f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DDDD49A-205C-4861-AF1B-0C95BE957C70}\MpKsl633e317f.sys [x]
R1 MpKsl6ab07ce6;MpKsl6ab07ce6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E194E76-24CD-4C9B-8920-A8345A09BB71}\MpKsl6ab07ce6.sys [x]
R1 MpKsl6acd7cad;MpKsl6acd7cad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F537B1E-04F7-4162-BA36-99E8ED1BDFD1}\MpKsl6acd7cad.sys [x]
R1 MpKsl6cb8c3b1;MpKsl6cb8c3b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{268A4FD0-9088-44A8-8455-B607F71FF497}\MpKsl6cb8c3b1.sys [x]
R1 MpKsl7102db0d;MpKsl7102db0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84F09D0F-6F34-40CD-9B5F-50B592C44E44}\MpKsl7102db0d.sys [x]
R1 MpKsl71784433;MpKsl71784433;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B63E40C-424C-4780-87EC-407488F46B21}\MpKsl71784433.sys [x]
R1 MpKsl72686923;MpKsl72686923;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0B27424-02B0-4B38-8643-CFCF9F43A06D}\MpKsl72686923.sys [x]
R1 MpKsl7574960d;MpKsl7574960d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FDE6752-59AB-4386-872A-01CB8E1C9BED}\MpKsl7574960d.sys [x]
R1 MpKsl76ec4bca;MpKsl76ec4bca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10BE2C69-AF5F-4D77-8D5B-FCADCA446336}\MpKsl76ec4bca.sys [x]
R1 MpKsl7be608e8;MpKsl7be608e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B138B622-A78D-4FFF-9BE5-D51491E00F02}\MpKsl7be608e8.sys [x]
R1 MpKsl7eef5eaa;MpKsl7eef5eaa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE56DD74-8754-46A8-BBB2-5529C40657C5}\MpKsl7eef5eaa.sys [x]
R1 MpKsl7f1f620d;MpKsl7f1f620d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E72BB7B9-64F6-4DB2-BCC6-BCF0A5C8B6B3}\MpKsl7f1f620d.sys [x]
R1 MpKsl8132c6ca;MpKsl8132c6ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5376D8A0-3551-4C16-BF1A-DCB84D6016B9}\MpKsl8132c6ca.sys [x]
R1 MpKsl82c4d957;MpKsl82c4d957;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E88FEC61-743E-41F8-9016-6FDBBDE5079A}\MpKsl82c4d957.sys [x]
R1 MpKsl836279b6;MpKsl836279b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B4D1C9-9882-4EFC-8F73-7EBF58297983}\MpKsl836279b6.sys [x]
R1 MpKsl909d4d31;MpKsl909d4d31;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{113E0EA2-CF36-49AA-A406-A9E2FEF19246}\MpKsl909d4d31.sys [x]
R1 MpKsl958561ba;MpKsl958561ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89CE4D62-4DAB-429F-90D4-DFB1CD06A47D}\MpKsl958561ba.sys [x]
R1 MpKsl9604a48b;MpKsl9604a48b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A51C9D2-7122-4756-A013-B6EDAB361216}\MpKsl9604a48b.sys [x]
R1 MpKsl9db2caf6;MpKsl9db2caf6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{280AF3E6-3EA6-4730-AF1A-7341BEEAE8B2}\MpKsl9db2caf6.sys [x]
R1 MpKsl9dd8454e;MpKsl9dd8454e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DDDD49A-205C-4861-AF1B-0C95BE957C70}\MpKsl9dd8454e.sys [x]
R1 MpKsl9f75a44f;MpKsl9f75a44f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3923526-040C-47B9-AC74-AFF18EF35840}\MpKsl9f75a44f.sys [x]
R1 MpKsl9fdec142;MpKsl9fdec142;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BB7754E-0A11-4A9A-8A35-9EC3D8071113}\MpKsl9fdec142.sys [x]
R1 MpKsla133e21c;MpKsla133e21c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E78CAB3-945F-4E52-A602-146087395392}\MpKsla133e21c.sys [x]
R1 MpKsla2fbbc69;MpKsla2fbbc69;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FDE6752-59AB-4386-872A-01CB8E1C9BED}\MpKsla2fbbc69.sys [x]
R1 MpKsla4f9c717;MpKsla4f9c717;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{268A4FD0-9088-44A8-8455-B607F71FF497}\MpKsla4f9c717.sys [x]
R1 MpKsla62b6854;MpKsla62b6854;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B88553B-CBFC-4DC7-9BF3-4DD1575FCDD8}\MpKsla62b6854.sys [x]
R1 MpKsla69e9d00;MpKsla69e9d00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89CE4D62-4DAB-429F-90D4-DFB1CD06A47D}\MpKsla69e9d00.sys [x]
R1 MpKsla748af85;MpKsla748af85;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B357AAF2-43D0-4222-8A7F-647CA20D8F01}\MpKsla748af85.sys [x]
R1 MpKslb3c259d9;MpKslb3c259d9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ACD160C-06C6-4FBE-854C-C996AAE01E82}\MpKslb3c259d9.sys [x]
R1 MpKslb8127017;MpKslb8127017;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E1B5EA9-134D-48A4-80D9-2B1EC6135C96}\MpKslb8127017.sys [x]
R1 MpKslbf97ab55;MpKslbf97ab55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B63E40C-424C-4780-87EC-407488F46B21}\MpKslbf97ab55.sys [x]
R1 MpKslc185430a;MpKslc185430a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F119AE8F-DC6F-4C2B-9CC0-961F093F1A23}\MpKslc185430a.sys [x]
R1 MpKslc19f051d;MpKslc19f051d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD49640C-915E-4992-9066-E69970FFB82A}\MpKslc19f051d.sys [x]
R1 MpKslc28c3b56;MpKslc28c3b56;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4DFED8C-1A29-4DEF-99C0-9C92A6E6DE76}\MpKslc28c3b56.sys [x]
R1 MpKslc2a15b09;MpKslc2a15b09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D9D7C3B-4E97-417E-B65A-CBD68DD4ACF1}\MpKslc2a15b09.sys [x]
R1 MpKslc2a1fe4a;MpKslc2a1fe4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71C7F95E-94D3-4A52-A07D-3A3FA4CF64EF}\MpKslc2a1fe4a.sys [x]
R1 MpKslc37c7b21;MpKslc37c7b21;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84F09D0F-6F34-40CD-9B5F-50B592C44E44}\MpKslc37c7b21.sys [x]
R1 MpKslc69b760e;MpKslc69b760e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24B81CD3-DA5A-4E72-8ADC-21A2986A9554}\MpKslc69b760e.sys [x]
R1 MpKslc87ada6f;MpKslc87ada6f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE56DD74-8754-46A8-BBB2-5529C40657C5}\MpKslc87ada6f.sys [x]
R1 MpKslc8c1d0dd;MpKslc8c1d0dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E72BB7B9-64F6-4DB2-BCC6-BCF0A5C8B6B3}\MpKslc8c1d0dd.sys [x]
R1 MpKslccae4721;MpKslccae4721;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B4D1C9-9882-4EFC-8F73-7EBF58297983}\MpKslccae4721.sys [x]
R1 MpKslce5f2cc5;MpKslce5f2cc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E194E76-24CD-4C9B-8920-A8345A09BB71}\MpKslce5f2cc5.sys [x]
R1 MpKsld1e65f8b;MpKsld1e65f8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F26EBF7-2346-468D-ADB4-968954FD973B}\MpKsld1e65f8b.sys [x]
R1 MpKsld43e42cc;MpKsld43e42cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC446FDF-3559-4A24-BEF2-A86064B02B2D}\MpKsld43e42cc.sys [x]
R1 MpKsldb83878b;MpKsldb83878b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A51C9D2-7122-4756-A013-B6EDAB361216}\MpKsldb83878b.sys [x]
R1 MpKsldba3f5e0;MpKsldba3f5e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5CC624-9252-40C1-89CA-36D1717F57B5}\MpKsldba3f5e0.sys [x]
R1 MpKsldc361eac;MpKsldc361eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE56DD74-8754-46A8-BBB2-5529C40657C5}\MpKsldc361eac.sys [x]
R1 MpKsldcf52d5b;MpKsldcf52d5b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC446FDF-3559-4A24-BEF2-A86064B02B2D}\MpKsldcf52d5b.sys [x]
R1 MpKsle1b0bf5d;MpKsle1b0bf5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52B96788-1D4B-4155-96C2-7F87430F1104}\MpKsle1b0bf5d.sys [x]
R1 MpKsle68bbc50;MpKsle68bbc50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7785807-2C4C-4A15-BCD1-892C0CDB5BF9}\MpKsle68bbc50.sys [x]
R1 MpKsle8a7cb96;MpKsle8a7cb96;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8672835-654F-41BF-B29E-0CF2B064476D}\MpKsle8a7cb96.sys [x]
R1 MpKslea02e1ec;MpKslea02e1ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13664A50-8847-4B01-ADDF-301593D1281F}\MpKslea02e1ec.sys [x]
R1 MpKslead90734;MpKslead90734;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8CF66A4-CB18-4DF6-B2BA-0CC8B040180F}\MpKslead90734.sys [x]
R1 MpKslebf2ffec;MpKslebf2ffec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84F09D0F-6F34-40CD-9B5F-50B592C44E44}\MpKslebf2ffec.sys [x]
R1 MpKslf075542e;MpKslf075542e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{792B98FA-5B81-4A4B-9EB8-B91D568D8DAF}\MpKslf075542e.sys [x]
R1 MpKslf1572e55;MpKslf1572e55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BDAED27-5E7C-4D0D-91E6-DE6551B4AAD6}\MpKslf1572e55.sys [x]
R1 MpKslf19bd60e;MpKslf19bd60e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFC692FD-958F-4114-BA18-4730C8DFB13E}\MpKslf19bd60e.sys [x]
R1 MpKslf2223694;MpKslf2223694;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71C7F95E-94D3-4A52-A07D-3A3FA4CF64EF}\MpKslf2223694.sys [x]
R1 MpKslf238c51c;MpKslf238c51c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFAD9239-F66D-4DB5-A1F1-4474C66D64E9}\MpKslf238c51c.sys [x]
R1 MpKslf982eb60;MpKslf982eb60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E1B5EA9-134D-48A4-80D9-2B1EC6135C96}\MpKslf982eb60.sys [x]
R1 MpKslfb6debc9;MpKslfb6debc9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BDAED27-5E7C-4D0D-91E6-DE6551B4AAD6}\MpKslfb6debc9.sys [x]
R1 MpKslfedcbc20;MpKslfedcbc20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B357AAF2-43D0-4222-8A7F-647CA20D8F01}\MpKslfedcbc20.sys [x]
R2 5762;5762;c:\users\Talley\AppData\Local\Temp\5762.sys [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R2 W32Serv;Windows Search Scheduler; [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\DRIVERS\wdfsgusb.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [x]
S2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [x]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 07:40]
.
2012-10-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3295158799-1558734291-2803518208-1001Core.job
- c:\users\Talley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 02:29]
.
2012-10-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3295158799-1558734291-2803518208-1001UA.job
- c:\users\Talley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 02:29]
.
2012-09-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2011-08-20 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-11-22 16:02]
.
2012-10-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 17:51]
.
2012-10-18 c:\windows\Tasks\WebReg HP Deskjet D1600 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-22 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=5
uInternet Settings,ProxyOverride = *.local
Trusted Zone: captcolo.com\vpncisco
TCP: DhcpNameServer = 192.168.1.254
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpncisco.captcolo.com/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Update - c:\users\Talley\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3295158799-1558734291-2803518208-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3295158799-1558734291-2803518208-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5548)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\System32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-10-24 16:15:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-24 21:15
ComboFix2.txt 2012-10-17 03:09
.
Pre-Run: 131,912,142,848 bytes free
Post-Run: 132,869,832,704 bytes free
.
- - End Of File - - B4C64FDB8C312D6BCBA3FF7080A4AEA8

#12 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 24 October 2012 - 04:58 PM

Below is my Listparts log. I did not fun the "Fix" part of that program, just the "Scan." In terms of how my computer is doing now, it's really not much (if any) better. Turned Avast back on after the ComboFix scan, and it is blocking lots of things, I believe most say something to do with URL programs. Also, Internet Explorer stopped working and shut down and had to be restarted. Redirects do maybe seem a little better, though.

ListParts by Farbar Version: 16-10-2012
Ran by Talley (administrator) on 24-10-2012 at 16:45:24
Windows 7 (X86)
Running From: C:\Users\Talley\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 81%
Total physical RAM: 1912.84 MB
Available physical RAM: 347.32 MB
Total Pagefile: 3825.68 MB
Available Pagefile: 2257.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.36 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:123.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.75 GB) (Free:3.32 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 13 MB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 221 GB 1201 MB
Partition 3 Primary 9 GB 223 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM_DRV NTFS Partition 1200 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 221 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Q Lenovo_Reco NTFS Partition 9 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {a14e927c-8c7f-11df-bd9e-c80aa9db23ff}
resumeobject {a14e927b-8c7f-11df-bd9e-c80aa9db23ff}
displayorder {a14e927c-8c7f-11df-bd9e-c80aa9db23ff}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 0
customactions 0x10000ba000001
0x54000001
custom:54000001 {572bcd55-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\tvtos\winpe.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description WinPE
bootems Yes
osdevice ramdisk=[boot]\tvtos\winpe.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
nx OptIn
detecthal Yes

Windows Boot Loader
-------------------
identifier {9e3dd479-af7a-11df-a6e5-c80aa9db23ff}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9e3dd47a-af7a-11df-a6e5-c80aa9db23ff}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9e3dd47a-af7a-11df-a6e5-c80aa9db23ff}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Windows Boot Loader
-------------------
identifier {a14e927c-8c7f-11df-bd9e-c80aa9db23ff}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {9e3dd479-af7a-11df-a6e5-c80aa9db23ff}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a14e927b-8c7f-11df-bd9e-c80aa9db23ff}
nx OptIn

Resume from Hibernate
---------------------
identifier {a14e927b-8c7f-11df-bd9e-c80aa9db23ff}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {9e3dd47a-af7a-11df-a6e5-c80aa9db23ff}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi


****** End Of Log ******

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:34 PM

Posted 24 October 2012 - 07:24 PM

Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.



  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 24 October 2012 - 11:45 PM

Thanks for all your help thus far, fireman! Below is the adwcleaner log:

# AdwCleaner v2.005 - Logfile created 10/24/2012 at 23:39:38
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Talley - TALLEY-THINK
# Boot Mode : Normal
# Running from : C:\Users\Talley\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5527 octets] - [11/10/2012 00:58:54]
AdwCleaner[R2].txt - [5608 octets] - [11/10/2012 01:15:02]
AdwCleaner[S7].txt - [1522 octets] - [16/10/2012 10:58:27]
AdwCleaner[R10].txt - [1127 octets] - [24/10/2012 23:15:36]
AdwCleaner[R11].txt - [1072 octets] - [24/10/2012 23:34:55]
AdwCleaner[R12].txt - [943 octets] - [24/10/2012 23:39:38]

########## EOF - C:\AdwCleaner[R12].txt - [1003 octets] ##########

#15 dfort3

dfort3
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 24 October 2012 - 11:53 PM

And here is the RogueKiller log: (Way to state the obvious?) :)


RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Talley [Admin rights]
Mode : Remove -- Date : 10/24/2012 23:50:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-08A23T1 +++++
--- User ---
[MBR] 6cc1ddf90e1990b3c7c81ae4aaf7948e
[BSP] 9baa9e75ab6e7cbe8f079c748ddb8263 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 227272 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 9986 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] fec25ff5761a477e922c3e337edb91db
[BSP] 9baa9e75ab6e7cbe8f079c748ddb8263 : Lenovo tatooed MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 227272 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 9986 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 488368128 | Size: 10 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] fec25ff5761a477e922c3e337edb91db
[BSP] 9baa9e75ab6e7cbe8f079c748ddb8263 : Lenovo tatooed MBR Code [possible maxSST in 3!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 227272 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 9986 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 488368128 | Size: 10 Mo

Finished : << RKreport[8].txt >>

Edited by dfort3, 24 October 2012 - 11:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users