Jump to content

Log files to examine please


Recommended Posts

I got infected before I purchased Malwarebytes, the requested log files follows the items that MS Security Essentials found previously.

Exploit:Java/CVE-2010-0840.EX, Removed on 7/24/2011

containerfile:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77

file:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77->bingo/haskalu.class

TrojanDownloader:Java/OpenConnection.OI, Removed on 7/24/2011

containerfile:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77

file:C:\Users\Jared\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-3ba73c77->bingo/efir.class

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7383

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/5/2011 11:13:53 PM

mbam-log-2011-08-05 (23-13-53).txt

Scan type: Quick scan

Objects scanned: 166881

Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Jared at 23:34:15 on 2011-08-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.1199 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Jared\AppData\Local\Mudlet\mudlet.exe

C:\Program Files (x86)\Turbine\DDO Unlimited\dndclient.exe

C:\Program Files (x86)\Notepad++\notepad++.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com

mWinlogon: Userinit=userinit.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: ImageShack Toolbar: {6932d140-abc4-4073-a44c-d4a541665e35} - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [<NO NAME>]

uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [<NO NAME>]

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm

IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm

IE: Post Image to Blog - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5003

IE: Tag This Image - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5002

IE: Transload Image to ImageShack - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5004

IE: Upload All Images to ImageShack - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5000

IE: Upload Image to ImageShack - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5001

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\SBLSP.dll

DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} - hxxp://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{9D3908E7-B527-4BD5-BE4E-BE20A8EB2653} : DhcpNameServer = 208.180.42.68 208.180.42.100

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL

BHO-X64: Download Accelerator Plus Integration - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: ImageShack Toolbar: {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files (x86)\ImageShackToolbar\ImageShackToolbar.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun-x64: [(Default)]

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\ce3ubxw4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Jared\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-28 366640]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-28 2320920]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]

S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2011-7-28 33592]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-7-28 14136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-08-05 21:54:16 -------- d-----w- C:\Users\Jared\AppData\Local\{79546185-D841-4FC5-BA8F-A714FF186181}

2011-08-05 21:54:04 -------- d-----w- C:\Users\Jared\AppData\Local\{16B4B874-F445-4344-B57D-8D0081CA5FBE}

2011-08-05 17:00:41 -------- d-----w- C:\Users\Jared\AppData\Local\{6A32240D-CB08-488B-97CE-3BF143A3BE9B}

2011-08-05 17:00:28 -------- d-----w- C:\Users\Jared\AppData\Local\{204C5BF0-C3B4-4E03-A21D-FFE3DADB6DA5}

2011-08-05 16:17:22 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\280ef9831cc538b01\MeshBetaRemover.exe

2011-08-05 06:49:36 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49CEEFF9-9B13-43EA-B5ED-7D4B167F71C8}\mpengine.dll

2011-08-02 04:50:45 -------- d-----w- C:\Users\Jared\AppData\Local\{C4C45836-B362-491A-A3F7-F70C396AF6C3}

2011-08-01 16:50:20 -------- d-----w- C:\Users\Jared\AppData\Local\{D1347828-4D4D-4AC5-A637-B586D3CAEE17}

2011-08-01 06:43:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-08-01 06:43:16 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-08-01 04:50:08 -------- d-----w- C:\Users\Jared\AppData\Local\{200E6F91-1E74-4E6E-9C66-5FEED5C8B495}

2011-07-31 16:49:56 -------- d-----w- C:\Users\Jared\AppData\Local\{AA839F55-A419-4A12-BD30-5B3E7255D540}

2011-07-31 16:00:31 -------- d-----w- C:\Users\Jared\AppData\Local\ElevatedDiagnostics

2011-07-31 04:49:44 -------- d-----w- C:\Users\Jared\AppData\Local\{9BAE8F60-D76A-4F2F-9B24-2F50F4852D32}

2011-07-30 16:49:32 -------- d-----w- C:\Users\Jared\AppData\Local\{F0508864-9CC5-4476-8598-F1C6CDD222EB}

2011-07-30 04:49:20 -------- d-----w- C:\Users\Jared\AppData\Local\{381E3066-4A78-47A5-8FFD-ECDD17254669}

2011-07-29 16:47:43 -------- d-----w- C:\Users\Jared\AppData\Local\{61DC0A3C-E30C-4F89-9213-FF6C58AC9EB9}

2011-07-29 02:25:03 -------- d-----w- C:\Program Files\Defraggler

2011-07-28 17:12:31 -------- d-----w- C:\Program Files (x86)\MSI

2011-07-28 15:58:32 -------- d-----w- C:\Users\Jared\AppData\Local\{F12D983D-FAB5-4519-814E-DD78A14F3B7E}

2011-07-28 03:58:20 -------- d-----w- C:\Users\Jared\AppData\Local\{10075C1C-4C15-40C6-9D31-7B5A534C56F3}

2011-07-27 15:57:56 -------- d-----w- C:\Users\Jared\AppData\Local\{11EA15D8-5619-4974-B613-65AB32E0C518}

2011-07-27 03:57:44 -------- d-----w- C:\Users\Jared\AppData\Local\{08753690-1F65-48A1-9825-C7B24A1BB197}

2011-07-26 15:57:19 -------- d-----w- C:\Users\Jared\AppData\Local\{817DFD9C-A68B-4A78-9B71-93BABF870CA3}

2011-07-26 03:57:07 -------- d-----w- C:\Users\Jared\AppData\Local\{4F3569AB-2E47-4072-8D0C-1DB0CF17347A}

2011-07-25 15:56:55 -------- d-----w- C:\Users\Jared\AppData\Local\{9E58401A-DD61-4969-8066-FDCBD49D5ED0}

2011-07-25 03:15:40 -------- d-----w- C:\Users\Jared\AppData\Local\{E2AA43DD-6AF4-41D7-AADE-A51E509FF4A8}

2011-07-24 03:14:41 -------- d-----w- C:\Users\Jared\AppData\Local\{31071847-42C5-4EDE-A303-349709167728}

2011-07-21 03:13:16 -------- d-----w- C:\Users\Jared\AppData\Local\{26008D94-C7F7-4FC7-BF5F-243D94F492EC}

2011-07-20 15:12:52 -------- d-----w- C:\Users\Jared\AppData\Local\{C8BC7A50-7EFD-4C6D-A881-F59419D85A1F}

2011-07-20 03:12:40 -------- d-----w- C:\Users\Jared\AppData\Local\{93E9879D-CA3B-4737-8845-6E64CD64E6F8}

2011-07-19 15:12:28 -------- d-----w- C:\Users\Jared\AppData\Local\{B67C5C8F-786A-4F03-8BEC-4B2E27C9F739}

2011-07-19 03:12:16 -------- d-----w- C:\Users\Jared\AppData\Local\{6B250544-5B0C-4F98-A6F4-4448758A63CC}

2011-07-18 15:12:04 -------- d-----w- C:\Users\Jared\AppData\Local\{2F87A825-4E1C-4B28-89AF-7B67FBF23F23}

2011-07-18 03:28:48 -------- d-----w- C:\Program Files (x86)\ImageShackToolbar

2011-07-18 03:11:52 -------- d-----w- C:\Users\Jared\AppData\Local\{0050C8C8-A34F-4CA3-ADDB-71C10BE899CD}

2011-07-17 03:11:28 -------- d-----w- C:\Users\Jared\AppData\Local\{F151339E-551C-45A1-BC59-33C9F27BA771}

2011-07-16 15:11:03 -------- d-----w- C:\Users\Jared\AppData\Local\{004A3230-3F82-48B5-8150-78C036E5B8F0}

2011-07-15 00:13:11 -------- d-----w- C:\Users\Jared\AppData\Local\{4CC52615-80E2-48E1-8833-5F806C09D2D4}

2011-07-13 13:31:01 -------- d-----w- C:\Users\Jared\AppData\Local\{AEC6C32A-482D-436D-91F5-8230A5EE762D}

2011-07-13 00:42:38 -------- d-----w- C:\Users\Jared\AppData\Local\{513532C3-AF52-454E-82F8-CB6B7A362F90}

2011-07-12 12:42:44 -------- d-----w- C:\Users\Jared\AppData\Local\{5C6BE06C-A291-41B2-B427-FAC28AF898C3}

2011-07-10 00:43:10 -------- d-----w- C:\Users\Jared\AppData\Local\{0EF1ADE6-8FFA-488B-A75A-36BCA76A9B0D}

2011-07-09 12:42:44 -------- d-----w- C:\Users\Jared\AppData\Local\{BB99C8D7-E00F-4D7F-9D1F-CD25BDDEB6B9}

2011-07-09 00:42:32 -------- d-----w- C:\Users\Jared\AppData\Local\{5ACCB0CD-BA17-4D1F-9491-B83FCD8CB57E}

2011-07-08 20:22:06 -------- d-----w- C:\Users\Jared\AppData\Local\Help

2011-07-08 19:02:18 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll

2011-07-08 19:02:18 9216 ----a-w- C:\Windows\System32\ftlx0411.dll

2011-07-08 19:02:18 296960 ----a-w- C:\Windows\winhlp32.exe

2011-07-08 19:02:18 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll

2011-07-08 19:02:18 195072 ----a-w- C:\Windows\System32\ftsrch.dll

2011-07-08 19:02:18 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll

2011-07-08 19:02:18 10240 ----a-w- C:\Windows\System32\ftlx041e.dll

2011-07-08 00:41:55 -------- d-----w- C:\Users\Jared\AppData\Local\{9FD0BD78-6B02-41AA-970A-1C20D4FEC88E}

2011-07-07 18:56:36 -------- d-----w- C:\Program Files (x86)\Graph

2011-07-07 13:05:11 -------- d-----w- C:\Users\Jared\AppData\Local\{E16F45F2-78D1-47E4-A37C-1FFFDA4A9D7B}

.

==================== Find3M ====================

.

2011-07-21 03:12:42 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-04 17:41:17 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-07-04 16:57:10 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-18 02:46:33 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx

2011-05-18 01:35:38 90784 ----a-w- C:\Windows\SysWow64\EasyHook32.dll

2011-05-18 01:35:38 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll

2011-05-13 21:03:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2011-05-13 01:01:20 88576 ----a-w- C:\Windows\SysWow64\OptimFROG.dll

2011-05-13 00:53:46 399736 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe

.

============= FINISH: 23:35:45.86 ===============

Attach.zip

Link to post
Share on other sites

Hello Yetzederixx and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Thanks for your quick response, and on a Sunday no less!

TDS Log to follow:

2011/08/07 13:37:04.0833 4400 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29

2011/08/07 13:37:05.0309 4400 ================================================================================

2011/08/07 13:37:05.0309 4400 SystemInfo:

2011/08/07 13:37:05.0309 4400

2011/08/07 13:37:05.0309 4400 OS Version: 6.1.7601 ServicePack: 1.0

2011/08/07 13:37:05.0310 4400 Product type: Workstation

2011/08/07 13:37:05.0310 4400 ComputerName: HAL

2011/08/07 13:37:05.0310 4400 UserName: Jared

2011/08/07 13:37:05.0310 4400 Windows directory: C:\Windows

2011/08/07 13:37:05.0310 4400 System windows directory: C:\Windows

2011/08/07 13:37:05.0310 4400 Running under WOW64

2011/08/07 13:37:05.0310 4400 Processor architecture: Intel x64

2011/08/07 13:37:05.0310 4400 Number of processors: 4

2011/08/07 13:37:05.0310 4400 Page size: 0x1000

2011/08/07 13:37:05.0310 4400 Boot type: Normal boot

2011/08/07 13:37:05.0310 4400 ================================================================================

2011/08/07 13:37:06.0713 4400 Initialize success

2011/08/07 13:37:10.0476 4452 ================================================================================

2011/08/07 13:37:10.0476 4452 Scan started

2011/08/07 13:37:10.0476 4452 Mode: Manual;

2011/08/07 13:37:10.0476 4452 ================================================================================

2011/08/07 13:37:11.0185 4452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/08/07 13:37:11.0269 4452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/08/07 13:37:11.0358 4452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/08/07 13:37:11.0470 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/07 13:37:11.0608 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/07 13:37:11.0659 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/07 13:37:11.0789 4452 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/08/07 13:37:11.0904 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/08/07 13:37:12.0031 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/08/07 13:37:12.0052 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/08/07 13:37:12.0103 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/07 13:37:12.0173 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/07 13:37:12.0243 4452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/08/07 13:37:12.0285 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/07 13:37:12.0385 4452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/08/07 13:37:12.0450 4452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/08/07 13:37:12.0575 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/08/07 13:37:12.0602 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/07 13:37:12.0702 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/07 13:37:12.0737 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/08/07 13:37:12.0818 4452 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys

2011/08/07 13:37:12.0986 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/08/07 13:37:13.0095 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/08/07 13:37:13.0158 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/08/07 13:37:13.0283 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/07 13:37:13.0318 4452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/07 13:37:13.0417 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/07 13:37:13.0458 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/07 13:37:13.0576 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/08/07 13:37:13.0599 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/07 13:37:13.0631 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/07 13:37:13.0650 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/07 13:37:13.0843 4452 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

2011/08/07 13:37:13.0887 4452 BtHidBus (81229822facaa324718b3b3c973688ed) C:\Windows\system32\Drivers\BtHidBus.sys

2011/08/07 13:37:13.0998 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/07 13:37:14.0059 4452 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2011/08/07 13:37:14.0336 4452 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

2011/08/07 13:37:14.0477 4452 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

2011/08/07 13:37:14.0605 4452 btnetBUs (2531372cc2ad7c7204a7520dc7c2d0da) C:\Windows\system32\Drivers\btnetBus.sys

2011/08/07 13:37:14.0651 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/07 13:37:14.0762 4452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

2011/08/07 13:37:14.0829 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/07 13:37:14.0918 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/08/07 13:37:15.0079 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/07 13:37:15.0123 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/08/07 13:37:15.0241 4452 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/08/07 13:37:15.0353 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/07 13:37:15.0419 4452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/07 13:37:15.0529 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/07 13:37:15.0614 4452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/08/07 13:37:15.0714 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/08/07 13:37:15.0761 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/08/07 13:37:15.0877 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/08/07 13:37:15.0942 4452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/07 13:37:16.0136 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/08/07 13:37:16.0351 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/07 13:37:16.0455 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/08/07 13:37:16.0531 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/08/07 13:37:16.0626 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/08/07 13:37:16.0691 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/07 13:37:16.0803 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/08/07 13:37:16.0830 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/08/07 13:37:16.0857 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/07 13:37:16.0907 4452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/08/07 13:37:17.0015 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/08/07 13:37:17.0046 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/07 13:37:17.0104 4452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/07 13:37:17.0203 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/07 13:37:17.0229 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/07 13:37:17.0304 4452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/08/07 13:37:17.0415 4452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/07 13:37:17.0459 4452 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

2011/08/07 13:37:17.0550 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/07 13:37:17.0582 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/07 13:37:17.0631 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/07 13:37:17.0751 4452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/07 13:37:17.0830 4452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/07 13:37:17.0951 4452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/08/07 13:37:18.0049 4452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/07 13:37:18.0102 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/08/07 13:37:18.0237 4452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/08/07 13:37:18.0561 4452 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/08/07 13:37:18.0926 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/07 13:37:19.0003 4452 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

2011/08/07 13:37:19.0115 4452 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

2011/08/07 13:37:19.0160 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/08/07 13:37:19.0264 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/07 13:37:19.0323 4452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/07 13:37:19.0455 4452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/07 13:37:19.0512 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/08/07 13:37:19.0618 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/08/07 13:37:19.0654 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/08/07 13:37:19.0686 4452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/08/07 13:37:19.0791 4452 IvtBtBUs (70ebda3ed637b0212450c5542edd11a7) C:\Windows\system32\Drivers\IvtBtBus.sys

2011/08/07 13:37:19.0877 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/08/07 13:37:19.0978 4452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/08/07 13:37:20.0022 4452 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/07 13:37:20.0115 4452 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/07 13:37:20.0150 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/08/07 13:37:20.0291 4452 LEqdUsb (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys

2011/08/07 13:37:20.0342 4452 LHidEqd (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys

2011/08/07 13:37:20.0455 4452 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/08/07 13:37:20.0493 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/07 13:37:20.0608 4452 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/08/07 13:37:20.0746 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/07 13:37:20.0769 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/07 13:37:20.0794 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/07 13:37:20.0821 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/07 13:37:20.0859 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/08/07 13:37:21.0007 4452 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

2011/08/07 13:37:21.0055 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/07 13:37:21.0087 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/07 13:37:21.0203 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/08/07 13:37:21.0251 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/07 13:37:21.0364 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/07 13:37:21.0424 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/07 13:37:21.0528 4452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/08/07 13:37:21.0668 4452 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/08/07 13:37:21.0714 4452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/08/07 13:37:21.0827 4452 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/08/07 13:37:21.0869 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/07 13:37:21.0914 4452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/08/07 13:37:22.0016 4452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/07 13:37:22.0048 4452 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/07 13:37:22.0076 4452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/07 13:37:22.0123 4452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/08/07 13:37:22.0236 4452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/08/07 13:37:22.0323 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/08/07 13:37:22.0416 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/07 13:37:22.0453 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/08/07 13:37:22.0566 4452 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys

2011/08/07 13:37:22.0668 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/07 13:37:22.0712 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/07 13:37:22.0812 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/08/07 13:37:22.0859 4452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/08/07 13:37:22.0959 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/08/07 13:37:23.0005 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/08/07 13:37:23.0037 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/07 13:37:23.0151 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/08/07 13:37:23.0329 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/07 13:37:23.0409 4452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/08/07 13:37:23.0530 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/07 13:37:23.0578 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/07 13:37:23.0626 4452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/07 13:37:23.0721 4452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/07 13:37:23.0771 4452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/08/07 13:37:23.0885 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/07 13:37:23.0921 4452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/07 13:37:24.0079 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/07 13:37:24.0131 4452 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/08/07 13:37:24.0238 4452 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys

2011/08/07 13:37:24.0285 4452 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys

2011/08/07 13:37:24.0382 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/08/07 13:37:24.0536 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/07 13:37:24.0621 4452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/08/07 13:37:24.0724 4452 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys

2011/08/07 13:37:24.0805 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/08/07 13:37:24.0865 4452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/08/07 13:37:24.0965 4452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/08/07 13:37:25.0000 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/08/07 13:37:25.0034 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/08/07 13:37:25.0087 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/08/07 13:37:25.0181 4452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/08/07 13:37:25.0245 4452 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

2011/08/07 13:37:25.0341 4452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/08/07 13:37:25.0379 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/08/07 13:37:25.0425 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/07 13:37:25.0500 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/08/07 13:37:25.0549 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/08/07 13:37:25.0754 4452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/07 13:37:25.0794 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/08/07 13:37:25.0915 4452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/07 13:37:25.0966 4452 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys

2011/08/07 13:37:26.0096 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/07 13:37:26.0237 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/07 13:37:26.0273 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/07 13:37:26.0301 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/07 13:37:26.0408 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/07 13:37:26.0457 4452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/07 13:37:26.0571 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/07 13:37:26.0601 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/07 13:37:26.0642 4452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/07 13:37:26.0746 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/07 13:37:26.0792 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/07 13:37:26.0822 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/07 13:37:26.0916 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/07 13:37:26.0964 4452 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/08/07 13:37:27.0056 4452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/08/07 13:37:27.0125 4452 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/08/07 13:37:27.0254 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/07 13:37:27.0306 4452 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/08/07 13:37:27.0407 4452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/08/07 13:37:27.0454 4452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/07 13:37:27.0591 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/08/07 13:37:27.0668 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/07 13:37:27.0693 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/08/07 13:37:27.0806 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/07 13:37:27.0886 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/08/07 13:37:27.0913 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/07 13:37:28.0012 4452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/07 13:37:28.0060 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/07 13:37:28.0182 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/07 13:37:28.0202 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/07 13:37:28.0241 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/08/07 13:37:28.0365 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/08/07 13:37:28.0442 4452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/08/07 13:37:28.0546 4452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/07 13:37:28.0581 4452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/07 13:37:28.0696 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/07 13:37:28.0745 4452 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

2011/08/07 13:37:28.0853 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/08/07 13:37:28.0967 4452 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/08/07 13:37:29.0123 4452 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/07 13:37:29.0231 4452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/07 13:37:29.0274 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/08/07 13:37:29.0291 4452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/08/07 13:37:29.0342 4452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/07 13:37:29.0435 4452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/08/07 13:37:29.0519 4452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/07 13:37:29.0711 4452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/07 13:37:29.0780 4452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/07 13:37:29.0876 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/07 13:37:29.0925 4452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/07 13:37:29.0990 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/07 13:37:30.0096 4452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

2011/08/07 13:37:30.0140 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/07 13:37:30.0260 4452 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

2011/08/07 13:37:30.0310 4452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/07 13:37:30.0423 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/08/07 13:37:30.0461 4452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

2011/08/07 13:37:30.0571 4452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/07 13:37:30.0612 4452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/08/07 13:37:30.0652 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/07 13:37:30.0754 4452 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

2011/08/07 13:37:30.0788 4452 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

2011/08/07 13:37:30.0831 4452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/08/07 13:37:30.0877 4452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

2011/08/07 13:37:30.0995 4452 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/08/07 13:37:31.0193 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/07 13:37:31.0232 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/07 13:37:31.0263 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/08/07 13:37:31.0361 4452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/08/07 13:37:31.0423 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/08/07 13:37:31.0531 4452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/08/07 13:37:31.0575 4452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/08/07 13:37:31.0617 4452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/08/07 13:37:31.0724 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/07 13:37:31.0767 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/08/07 13:37:31.0794 4452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/08/07 13:37:31.0901 4452 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/08/07 13:37:31.0945 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/07 13:37:32.0047 4452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/07 13:37:32.0065 4452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/07 13:37:32.0145 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/08/07 13:37:32.0191 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/07 13:37:32.0360 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/07 13:37:32.0401 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/08/07 13:37:32.0580 4452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/08/07 13:37:32.0665 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/07 13:37:32.0786 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/07 13:37:32.0851 4452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/08/07 13:37:32.0906 4452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/07 13:37:33.0030 4452 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0

2011/08/07 13:37:33.0049 4452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/08/07 13:37:33.0207 4452 Boot (0x1200) (db849f047dc954569088d09d1e32ae89) \Device\Harddisk0\DR0\Partition0

2011/08/07 13:37:33.0228 4452 Boot (0x1200) (3e21d5cc56f9fd3dad860e80f40983c1) \Device\Harddisk0\DR0\Partition1

2011/08/07 13:37:33.0247 4452 Boot (0x1200) (5b2b8e70de72c2d0b75e29ec8e5169e6) \Device\Harddisk1\DR1\Partition0

2011/08/07 13:37:33.0259 4452 ================================================================================

2011/08/07 13:37:33.0259 4452 Scan finished

2011/08/07 13:37:33.0260 4452 ================================================================================

2011/08/07 13:37:33.0277 4292 Detected object count: 0

2011/08/07 13:37:33.0278 4292 Actual detected object count: 0

2011/08/07 13:39:13.0511 4756 Deinitialize success

Link to post
Share on other sites

ComboFix.txt

ComboFix 11-08-07.03 - Jared 08/07/2011 13:51:37.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2332 [GMT -5:00]

Running from: c:\users\Jared\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\KeePass Password Safe 2\KeePass.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))

.

.

2011-08-07 18:56 . 2011-08-07 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-07 08:32 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{064D9D0B-7A3C-4387-A222-C14280509BF9}\mpengine.dll

2011-08-05 16:17 . 2011-08-05 16:17 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\280ef9831cc538b01\MeshBetaRemover.exe

2011-08-01 06:43 . 2011-08-01 06:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-08-01 06:43 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-31 16:00 . 2011-07-31 16:00 -------- d-----w- c:\users\Jared\AppData\Local\ElevatedDiagnostics

2011-07-29 02:25 . 2011-07-29 02:25 -------- d-----w- c:\program files\Defraggler

2011-07-28 17:12 . 2011-07-28 17:12 -------- d-----w- c:\program files (x86)\MSI

2011-07-18 03:28 . 2011-07-18 03:28 -------- d-----w- c:\program files (x86)\ImageShackToolbar

2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\users\Jared\AppData\Roaming\Notepad++

2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\program files (x86)\Notepad++

2011-07-08 20:22 . 2011-07-08 20:22 -------- d-----w- c:\users\Jared\AppData\Local\Help

2011-07-08 19:02 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe

2011-07-08 19:02 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll

2011-07-08 19:02 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll

2011-07-08 19:02 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll

2011-07-08 19:02 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll

2011-07-08 19:02 . 2009-08-04 17:55 10240 ----a-w- c:\windows\SysWow64\ftlx041e.dll

2011-07-08 19:02 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-05 16:18 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-21 03:12 . 2011-05-11 20:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-07-13 04:53 . 2011-04-30 03:36 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-07 00:52 . 2011-04-29 01:00 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 00:52 . 2011-04-29 01:00 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 17:41 . 2011-04-29 05:22 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-04 16:57 . 2011-05-18 06:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-01 18:47 . 2011-07-01 18:47 53248 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-06-03 05:57 . 2011-07-13 13:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-24 11:42 . 2011-06-29 13:12 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 13:12 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 13:12 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 13:12 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 13:12 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-18 02:46 . 2011-05-18 02:46 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx

2011-05-18 01:35 . 2011-05-18 01:35 90784 ----a-w- c:\windows\SysWow64\EasyHook32.dll

2011-05-18 01:35 . 2011-05-18 01:35 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll

2011-05-13 21:03 . 2011-05-13 21:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2011-05-13 01:01 . 2006-03-04 04:52 88576 ----a-w- c:\windows\SysWow64\OptimFROG.dll

2011-05-13 00:53 . 2011-05-13 00:54 399736 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-05-18 265928]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 44095512

*NewlyCreated* - MPNWMON

*Deregistered* - 44095512

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm

IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm

IE: Post Image to Blog - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5003

IE: Tag This Image - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5002

IE: Transload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5004

IE: Upload All Images to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5000

IE: Upload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5001

LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll

TCP: DhcpNameServer = 208.180.42.68 208.180.42.100

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll

FF - ProfilePath - c:\users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\ce3ubxw4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-KeePass Password Safe 2 - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe

Wow6432Node-HKLM-Run-KeePass 2 PreLoad - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe

AddRemove-dBpoweramp Aiff Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp CLI Encoder - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp DirectShow Decoder - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Midi Decoder - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp OptimFROG Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Shorten Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp TTA Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpowerAMP Windows Media Audio 9 Codec - c:\windows\system32\SpoonUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{6932D140-ABC4-4073-A44C-D4A541665E35}"=hex:51,66,7a,6c,4c,1d,38,12,2e,d2,21,

6d,f6,e5,1d,05,db,5a,97,e5,44,38,1a,21

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF6C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,7f,

fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:7e,78,ce,da,fa,44,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,a6,29,7b,36,7b,f1,4c,86,5e,8e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,a6,29,7b,36,7b,f1,4c,86,5e,8e,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-07 14:00:16

ComboFix-quarantined-files.txt 2011-08-07 19:00

.

Pre-Run: 291,112,644,608 bytes free

Post-Run: 290,851,651,584 bytes free

.

- - End Of File - - D0F9FC11515CFA3B21A07CFEF85326BE

Link to post
Share on other sites

Security Check file

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Java SE Development Kit 6 Update 25

Java SE Development Kit 6 Update 26

Adobe Flash Player 10.3.181.26

Adobe Reader X (10.1.0)

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

44095512

File::

C:\Windows\System32\Drivers\44095512.sys

Reglock::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

ComboFix 11-08-07.03 - Jared 08/07/2011 16:34:12.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2468 [GMT -5:00]

Running from: c:\users\Jared\Desktop\ComboFix.exe

Command switches used :: c:\users\Jared\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\44095512.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_44095512

.

.

((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))

.

.

2011-08-07 21:37 . 2011-08-07 21:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-07 21:21 . 2011-08-07 21:21 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-08-07 19:21 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F4C64B2-73DC-4C5C-B546-5A7D1CD0E1AC}\mpengine.dll

2011-08-05 16:17 . 2011-08-05 16:17 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\280ef9831cc538b01\MeshBetaRemover.exe

2011-08-01 06:43 . 2011-08-01 06:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-08-01 06:43 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-31 16:00 . 2011-07-31 16:00 -------- d-----w- c:\users\Jared\AppData\Local\ElevatedDiagnostics

2011-07-29 02:25 . 2011-07-29 02:25 -------- d-----w- c:\program files\Defraggler

2011-07-28 17:12 . 2011-07-28 17:12 -------- d-----w- c:\program files (x86)\MSI

2011-07-18 03:28 . 2011-07-18 03:28 -------- d-----w- c:\program files (x86)\ImageShackToolbar

2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\users\Jared\AppData\Roaming\Notepad++

2011-07-12 14:58 . 2011-07-12 14:58 -------- d-----w- c:\program files (x86)\Notepad++

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-05 16:18 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-21 03:12 . 2011-05-11 20:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-07-13 04:53 . 2011-04-30 03:36 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-07 00:52 . 2011-04-29 01:00 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 00:52 . 2011-04-29 01:00 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 17:41 . 2011-04-29 05:22 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-04 16:57 . 2011-05-18 06:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-01 18:47 . 2011-07-01 18:47 53248 ----a-r- c:\users\Jared\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-06-03 05:57 . 2011-07-13 13:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-24 11:42 . 2011-06-29 13:12 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 13:12 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 13:12 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 13:12 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 13:12 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-18 02:46 . 2011-05-18 02:46 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx

2011-05-18 01:35 . 2011-05-18 01:35 90784 ----a-w- c:\windows\SysWow64\EasyHook32.dll

2011-05-18 01:35 . 2011-05-18 01:35 109216 ----a-w- c:\windows\SysWow64\EasyHook64.dll

2011-05-13 21:03 . 2011-05-13 21:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2011-05-13 01:01 . 2006-03-04 04:52 88576 ----a-w- c:\windows\SysWow64\OptimFROG.dll

2011-05-13 00:53 . 2011-05-13 00:54 399736 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-07_18.57.03 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-08-05 21:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-08-07 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-08-05 21:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-07 21:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-08-05 21:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-07 21:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-29 00:33 . 2011-08-07 21:24 36612 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-07 21:24 30336 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-04-29 00:30 . 2011-08-07 21:24 7806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3792824324-865341337-562943517-1001_UserData.bin

+ 2011-08-07 21:40 . 2011-08-07 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-05 21:52 . 2011-08-05 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-07 21:40 . 2011-08-07 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-05 21:52 . 2011-08-05 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-07 21:21 . 2011-08-07 21:21 2560 c:\windows\_MSRSTRT.EXE

+ 2009-07-14 02:36 . 2011-08-07 21:27 635046 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-08-07 18:34 635046 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-08-07 18:34 111548 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-08-07 21:27 111548 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2011-08-07 21:38 287004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-08-05 21:51 287004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-23 08:24 . 2011-08-07 21:22 1092876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792824324-865341337-562943517-1001-4096.dat

+ 2011-04-29 02:03 . 2011-08-07 21:38 32720928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792824324-865341337-562943517-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-05-18 265928]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF24499.cfxxe" [X]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Post Image to Blog - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5003

IE: Tag This Image - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5002

IE: Transload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5004

IE: Upload All Images to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5000

IE: Upload Image to ImageShack - c:\program files (x86)\ImageShackToolbar\ImageShackToolbar.dll/5001

LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll

TCP: DhcpNameServer = 208.180.42.68 208.180.42.100

FF - ProfilePath - c:\users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\ce3ubxw4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2011-08-07 16:44:06 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-07 21:44

ComboFix2.txt 2011-08-07 19:00

.

Pre-Run: 290,650,546,176 bytes free

Post-Run: 290,425,774,080 bytes free

.

- - End Of File - - 55936513364905D2F238E910E3E76B58

Link to post
Share on other sites

Your logs are looking better!

Before we move on, let's run some more scans to see if there's any traces left :):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-----------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

I ran the ESET Online scanner but there was no log file made. However, the scanner found nothing.

Also of note, the scanner installed to this path on my machine: C:\Program Files (x86)\ESET\ESET Online Scanner\

The BitDefender ran without any problems, and works with Firefox 5.0 just fine by the way.

Thanks a ton for your help! I'm not 100% sure what doing all these scans did for me, but I do appreciate the time you spent helping me out. Lastly, since I'm a CompSci student and should learn how to do this stuff myself, how do you learn about security in general and how to interpret/utilize the output of these programs?

Link to post
Share on other sites

Thanks a ton for your help!

No problem! ;)

I'm not 100% sure what doing all these scans did for me, but I do appreciate the time you spent helping me out. Lastly, since I'm a CompSci student and should learn how to do this stuff myself, how do you learn about security in general and how to interpret/utilize the output of these programs?

This link should provide you with the information you're looking for ;)

The following are websites who host training facilities: United Network of Instructors and Trained Eliminators

I was trained at SpywareInfo Forum's 'Boot Camp'- there is a link in my signature ;) Let me know if you have any questions about training programs, I'd be happy to answer them :)

Link to post
Share on other sites

I'm definitely going to look into taking, at least, one of those courses so I may hit you up on your offer!

I should of mentioned this in the original post (doh!), but this cleared up whatever was causing Malwarebytes to have to block an outgoing IP. It no longer does this so the powers that be can consider this "trouble call" closed. :)

Hopefully I'll be helping other users out before long!


13:31:29 Jared IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52129, Process: firefox.exe)
15:27:08 Jared IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 52388, Process: firefox.exe)

Link to post
Share on other sites

I'm definitely going to look into taking, at least, one of those courses so I may hit you up on your offer!

Sounds good :D

I should of mentioned this in the original post (doh!), but this cleared up whatever was causing Malwarebytes to have to block an outgoing IP. It no longer does this so the powers that be can consider this "trouble call" closed. :)

Glad to hear that ;)

Since all of your applications appear to be updated, I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.