Jump to content

Ping.exe in task manager


FireChip
 Share

Recommended Posts

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

It makes cpu usage to 90+%

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 9.0.8112.16421

Run by simon at 21:42:39 on 2011-11-11

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.2386 [GMT -5:00]

.

AV: AVG Internet Security *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Internet Security *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Disabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\rundll32.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = about:Tabs

uDefault_Page_URL = hxxp://www.msn.com

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

BHO: CSolidBrowserObj Object: {bd08a9d5-0e5c-4f42-99a3-c0cb5e860557} - C:\Windows\SysWow64\SolidStateNetworks\SolidStateION\solidax.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [DriverUpdaterPro] C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun: [AVGIDS] "C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [smad] "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download with ImTOO YouTube to iPod Converter - C:\Program Files (x86)\ImTOO\YouTube to iPod Converter\upod_link.HTM

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.playwhat.com/solidPlugin/solidstateion.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 64.71.255.198

TCP: Interfaces\{1E50D4B2-111F-469A-991E-AADA7BBBF156} : DhcpNameServer = 64.71.255.198

TCP: Interfaces\{C430E01F-6A58-4C11-AB58-8FD2F61A5E95} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO-X64: Skype add-on (mastermind) - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

BHO-X64: CSolidBrowserObj Object: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\SysWow64\SolidStateNetworks\SolidStateION\solidax.dll

BHO-X64: Solid State Networks IE Browser Plugin - No File

BHO-X64: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

TB-X64: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

mRun-x64: [AVGIDS] "C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]

S1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

S1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]

S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]

S1 AvgTdiA;AVG8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [2009-7-22 132104]

S3 AVGIDSFilter;AVGIDSFilter;C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [2009-7-22 35848]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S4 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2072-07-31 21:44:42 375808 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo\binkw32.dll

2011-11-06 00:16:17 -------- d-----we C:\Windows\system64

.

==================== Find3M ====================

.

2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 21:55:23.40 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/1/2008 6:20:04 AM

System Uptime: 11/11/2011 9:40:54 PM (0 hours ago)

.

Motherboard: ECS | | MCP61PM-GM

Processor: AMD Phenom 8400 Triple-Core Processor | Socket AM2 | 2109/213mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 222.609 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 5.172 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

Adobe Acrobat 4.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Shockwave Player 11.5

Advertising Center

Apple Application Support

Apple Software Update

AVG 8.5

AVG Identity Protection

CCleaner (remove only)

Cisco Network Magic

DAEMON Tools Toolbar

DolbyFiles

Dora Backpack

DragonNest

Feedback Tool

GameSpy Arcade

Google Update Helper

Grand Chase

Halo 2 for Windows Vista

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImagXpress

iTunes

Java Auto Updater

Java 6 Update 23

Malwarebytes' Anti-Malware version 1.51.2.1300

MapleStory

Messenger Plus! Live

Microsoft Choice Guard

Microsoft Games for Windows - LIVE Redistributable

Microsoft Halo

Microsoft LifeCam

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Professional 2007 Trial

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

MSN Toolbar

MSVCRT

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Nero ControlCenter

Nero Installer

neroxml

Network Magic

Nexon Game Manager

NVIDIA 3D Vision Controller Driver

OpenOffice.org 3.1

Opera 11.10

Pure Networks Platform

Quake Live Mozilla Plugin

QuickTime

Reader Rabbit Kindergarten

REALTEK Wireless LAN Driver and Utility

SecurDisc Viewer

Sid Meier's Pirates!

Skype web features

Skype™ 4.1

Solid State ION Internet Explorer Plugin

SpongeBob SquarePants® Operation Krabby Patty

Spybot - Search & Destroy

System Requirements Lab

System Requirements Lab CYRI

The Incredibles: Rise of The Underminer

Update for Microsoft Office Word 2007 (KB974631)

VLC media player 1.0.5

Warcraft III

Warcraft III: All Products

WebEx Support Manager for Internet Explorer

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

WinRAR archiver

Worms 4 Mayhem

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 8:35:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

11/9/2011 8:24:34 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/9/2011 8:23:00 PM, Error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).

11/8/2011 8:03:01 PM, Error: Service Control Manager [7034] - The WebEx Service Host for Support Center service terminated unexpectedly. It has done this 1 time(s).

11/7/2011 9:38:23 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

11/7/2011 9:36:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Service Host service to connect.

11/7/2011 9:36:14 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 9:34:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Agere Modem Call Progress Audio service to connect.

11/7/2011 9:34:12 PM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 9:00:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

11/7/2011 9:00:31 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 8:27:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Display Driver Service service to connect.

11/7/2011 8:27:05 PM, Error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2011 8:10:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

11/7/2011 6:54:14 PM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).

11/7/2011 6:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

11/7/2011 6:24:24 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\lgnbvbmk.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/7/2011 6:24:04 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.

11/6/2011 9:56:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Plug Manager service to connect.

11/6/2011 9:56:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MouseDriver service to connect.

11/6/2011 9:56:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Local Account Authority Service service to connect.

11/6/2011 9:49:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/6/2011 8:58:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

11/6/2011 8:58:02 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/6/2011 8:56:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WebEx Service Host for Support Center service to connect.

11/6/2011 8:56:44 PM, Error: Service Control Manager [7000] - The WebEx Service Host for Support Center service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/6/2011 8:27:24 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the AVG8 WatchDog service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/6/2011 8:27:24 PM, Error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

11/6/2011 8:23:31 PM, Error: Service Control Manager [7034] - The AVGIDSWatcher service terminated unexpectedly. It has done this 1 time(s).

11/6/2011 8:23:30 PM, Error: Service Control Manager [7034] - The AVG8 Firewall service terminated unexpectedly. It has done this 2 time(s).

11/6/2011 8:23:29 PM, Error: Service Control Manager [7034] - The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).

11/6/2011 8:23:23 PM, Error: Service Control Manager [7034] - The AVG8 Firewall service terminated unexpectedly. It has done this 1 time(s).

11/6/2011 6:55:27 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/6/2011 6:12:25 PM, Error: EventLog [6008] - The previous system shutdown at 6:08:27 PM on 11/6/2011 was unexpected.

11/6/2011 5:00:52 PM, Error: EventLog [6008] - The previous system shutdown at 4:47:22 PM on 11/6/2011 was unexpected.

11/6/2011 3:45:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG8 Firewall service to connect.

11/6/2011 3:45:47 PM, Error: Service Control Manager [7000] - The AVG8 Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/6/2011 3:44:27 PM, Error: EventLog [6008] - The previous system shutdown at 3:39:09 PM on 11/6/2011 was unexpected.

11/6/2011 2:03:59 AM, Error: Service Control Manager [7030] - The Plug Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/6/2011 2:03:02 AM, Error: Service Control Manager [7030] - The Local Account Authority Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/6/2011 2:01:43 AM, Error: Service Control Manager [7030] - The MouseDriver service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/6/2011 1:34:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG8 E-mail Scanner service to connect.

11/6/2011 1:34:54 AM, Error: Service Control Manager [7000] - The AVG8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/5/2011 9:58:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/5/2011 9:53:24 PM, Error: EventLog [6008] - The previous system shutdown at 9:51:27 PM on 11/5/2011 was unexpected.

11/5/2011 9:45:57 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

11/5/2011 9:40:33 PM, Error: EventLog [6008] - The previous system shutdown at 9:38:15 PM on 11/5/2011 was unexpected.

11/5/2011 9:05:16 PM, Error: EventLog [6008] - The previous system shutdown at 10:02:10 PM on 11/5/2011 was unexpected.

11/5/2011 1:45:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.

11/11/2011 9:43:49 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AvgLdx64 AvgMfx64 AvgTdiA DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/11/2011 9:42:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/11/2011 9:42:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/11/2011 9:42:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/11/2011 9:42:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/11/2011 9:42:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/11/2011 9:42:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/11/2011 9:41:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/11/2011 9:41:49 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .

11/11/2011 9:41:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

11/11/2011 9:40:08 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon Inkjet iP2200 with shared resource name . Error 1215. The printer cannot be used by others on the network.

11/11/2011 9:39:45 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/11/2011 9:39:45 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/11/2011 9:39:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetBIOS

11/11/2011 9:39:23 PM, Error: Application Popup [1060] - \SystemRoot\system32\DRIVERS\netbios.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/11/2011 9:23:29 PM, Error: Service Control Manager [7000] - The NetBIOS Interface service failed to start due to the following error: This driver has been blocked from loading

11/11/2011 9:16:01 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8171

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/15/2011 8:32:25 PM

mbam-log-2011-11-15 (20-32-24).txt

Scan type: Quick scan

Objects scanned: 169435

Time elapsed: 18 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-11-07.03 - simon 11/16/2011 15:52:07.1.3 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1841 [GMT -5:00]

Running from: c:\users\simon\Desktop\ComboFix.exe

AV: AVG Internet Security *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

FW: AVG Firewall *Disabled* {34A811A1-D438-CA83-C13E-A23981B1E8F9}

SP: AVG Internet Security *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files (x86)\Microsoft Games\Halo\binkw32.dll

2011-11-16 20:56 . 2011-11-16 20:59 -------- d-----w- c:\users\simon\AppData\Local\temp

2011-11-16 20:56 . 2011-11-16 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-06 00:16 . 2011-11-06 00:16 -------- d-----we c:\windows\system64

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 22:00 . 2009-08-19 18:20 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 dump_wmimmc;dump_wmimmc;c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\users\simon\Desktop\Garena\safedrv.sys [x]

R3 Realtek92SU;Realtek92SU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2009-02-05 40960]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 X6va001;X6va001;c:\users\simon\AppData\Local\Temp\001197.tmp [x]

R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]

.

.

Contents of the 'Scheduled Tasks' folder

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:Tabs

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download with ImTOO YouTube to iPod Converter - c:\program files (x86)\ImTOO\YouTube to iPod Converter\upod_link.HTM

IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000

LSP: mswsock.dll

TCP: DhcpNameServer = 64.71.255.198

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKCU-Run-DriverUpdaterPro - c:\program files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe

Wow6432Node-HKU-Default-Run-Smad - c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe

AddRemove-SolidStateIONIE - c:\windows\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]

"ImagePath"="\??\c:\users\simon\AppData\Local\Temp\001197.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:b0,00,46,62,a4,9d,cc,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ping.exe

.

**************************************************************************

.

Completion time: 2011-11-16 16:24:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-16 21:24

.

Pre-Run: 240,097,214,464 bytes free

Post-Run: 239,984,025,600 bytes free

.

- - End Of File - - 3442C6FB5986A61D518E454AA8EFBFDD

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by simon at 16:28:05 on 2011-11-16

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1897 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\atashost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\agr64svc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\mobsync.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:Tabs

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: CSolidBrowserObj Object: {bd08a9d5-0e5c-4f42-99a3-c0cb5e860557} - C:\Windows\SysWow64\SolidStateNetworks\SolidStateION\solidax.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download with ImTOO YouTube to iPod Converter - C:\Program Files (x86)\ImTOO\YouTube to iPod Converter\upod_link.HTM

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.playwhat.com/solidPlugin/solidstateion.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1E50D4B2-111F-469A-991E-AADA7BBBF156} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C430E01F-6A58-4C11-AB58-8FD2F61A5E95} : DhcpNameServer = 192.168.1.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO-X64: Skype add-on (mastermind) - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: CSolidBrowserObj Object: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\SysWow64\SolidStateNetworks\SolidStateION\solidax.dll

BHO-X64: Solid State Networks IE Browser Plugin - No File

BHO-X64: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-6-1 20376]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-24 89920]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Realtek92SU;Realtek92SU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-6-1 40960]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S4 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]

S4 gupdate;Google Update Service (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2072-07-31 21:44:42 375808 ----a-w- C:\Program Files (x86)\Microsoft Games\Halo\binkw32.dll

2011-11-16 21:25:21 -------- d-----w- C:\Users\simon\AppData\Local\temp

2011-11-16 20:43:34 98816 ----a-w- C:\Windows\sed.exe

2011-11-16 20:43:34 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-16 20:43:34 256000 ----a-w- C:\Windows\PEV.exe

2011-11-16 20:43:34 208896 ----a-w- C:\Windows\MBR.exe

2011-11-16 20:42:07 -------- d-----w- C:\ComboFix

2011-11-06 00:16:17 -------- d-----we C:\Windows\system64

.

==================== Find3M ====================

.

2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 16:35:53.58 ===============

Link to post
Share on other sites

ComboFix 11-11-21.01 - simon 11/21/2011 20:58:52.2.3 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1782 [GMT -5:00]

Running from: c:\users\simon\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\simon\Favorites\Documents\~WRL0001.tmp

c:\users\simon\Favorites\Documents\~WRL0003.tmp

c:\users\simon\Favorites\Documents\~WRL0005.tmp

c:\users\simon\Favorites\Documents\~WRL0183.tmp

c:\users\simon\Favorites\Documents\~WRL1281.tmp

c:\users\simon\Favorites\Documents\~WRL1366.tmp

c:\users\simon\Favorites\Documents\~WRL1775.tmp

c:\users\simon\Favorites\Documents\~WRL3423.tmp

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))

.

.

2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files (x86)\Microsoft Games\Halo\binkw32.dll

2011-11-22 02:32 . 2011-11-22 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-16 21:25 . 2011-11-22 02:36 -------- d-----w- c:\users\simon\AppData\Local\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-31 22:00 . 2009-08-19 18:20 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 dump_wmimmc;dump_wmimmc;c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\users\simon\Desktop\Garena\safedrv.sys [x]

R3 Realtek92SU;Realtek92SU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2009-02-05 40960]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 X6va001;X6va001;c:\users\simon\AppData\Local\Temp\001197.tmp [x]

R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"combofix"="c:\combofix\CF32007.3XE" [2008-01-21 363008]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:Tabs

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download with ImTOO YouTube to iPod Converter - c:\program files (x86)\ImTOO\YouTube to iPod Converter\upod_link.HTM

IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 64.71.255.198

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe

AddRemove-SolidStateIONIE - c:\windows\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]

"ImagePath"="\??\c:\users\simon\AppData\Local\Temp\001197.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:b0,00,46,62,a4,9d,cc,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2011-11-21 21:56:22 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-22 02:56

.

Pre-Run: 248,361,394,176 bytes free

Post-Run: 248,114,151,424 bytes free

.

- - End Of File - - 7B892E22A6DABB9F7552B03BE259EDF4

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c9d5093a9e329544bb72b6e6f4238ef0

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-27 08:49:42

# local_time=2011-11-27 03:49:42 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 56 71282010 159014527 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=151644

# found=3

# cleaned=3

# scan_time=11161

C:\downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\simon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\14e8782-1b0a1c72 Win32/TrojanDownloader.Small.PHM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.28

Windows Vista x64 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner (remove only)

Java 6 Update 23

Java version out of date!

Adobe Flash Player ( 10.1.82.76) Flash Player out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log.

Grab a fresh copy of ComboFix, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8310

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

12/4/2011 2:59:09 PM

mbam-log-2011-12-04 (14-59-09).txt

Scan type: Quick scan

Objects scanned: 175199

Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ComboFix 11-12-04.04 - simon 12/04/2011 15:25:08.3.3 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1954 [GMT -5:00]

Running from: c:\users\simon\Desktop\ComboFix2.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))

.

.

2072-07-31 21:44 . 2004-08-24 18:27 375808 ----a-w- c:\program files (x86)\Microsoft Games\Halo\binkw32.dll

2011-12-04 20:58 . 2011-12-04 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-27 17:40 . 2011-11-27 17:40 -------- d-----w- c:\program files (x86)\ESET

2011-11-22 02:56 . 2011-12-04 20:58 -------- d-----w- c:\users\simon\AppData\Local\temp

2011-11-22 01:49 . 2011-12-04 20:06 -------- d-----w- C:\ComboFix

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-22_02.37.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:23 . 2011-12-03 19:27 74610 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-01-01 08:29 . 2008-01-01 05:07 20304 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2925707062-3540589001-2309371925-1000_UserData.bin

+ 2008-01-01 08:26 . 2011-12-03 20:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-01 08:26 . 2011-11-22 01:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-01 08:26 . 2011-12-03 20:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-01 08:26 . 2011-11-22 01:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-01 08:26 . 2011-12-03 20:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-01 08:26 . 2011-11-22 01:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-11-22 02:35 . 2011-11-22 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-01-01 05:00 . 2008-01-01 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-01-01 05:00 . 2008-01-01 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-22 02:35 . 2011-11-22 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 15:45 . 2008-01-01 05:07 154206 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 12:46 . 2011-12-04 19:29 595446 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2011-11-22 01:49 595446 c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2011-12-04 19:29 101144 c:\windows\system32\perfc009.dat

- 2006-11-02 12:46 . 2011-11-22 01:49 101144 c:\windows\system32\perfc009.dat

+ 2011-02-14 04:27 . 2011-12-03 00:51 390164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-02-14 04:27 . 2011-11-22 02:34 390164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-14 04:27 . 2011-12-03 00:51 24912670 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2925707062-3540589001-2309371925-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 dump_wmimmc;dump_wmimmc;c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\users\simon\Desktop\Garena\safedrv.sys [x]

R3 Realtek92SU;Realtek92SU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2009-02-05 40960]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 X6va001;X6va001;c:\users\simon\AppData\Local\Temp\001197.tmp [x]

R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:Tabs

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download with ImTOO YouTube to iPod Converter - c:\program files (x86)\ImTOO\YouTube to iPod Converter\upod_link.HTM

IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 64.71.255.198

DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va001]

"ImagePath"="\??\c:\users\simon\AppData\Local\Temp\001197.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:b0,00,46,62,a4,9d,cc,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2011-12-04 16:22:07

ComboFix-quarantined-files.txt 2011-12-04 21:21

ComboFix2.txt 2011-11-22 02:56

.

Pre-Run: 245,709,086,720 bytes free

Post-Run: 247,957,270,528 bytes free

.

- - End Of File - - 3523A173F876A811B6009FC868C9C8E4

Link to post
Share on other sites

16:28:24.0737 3756 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

16:28:24.0862 3756 ============================================================

16:28:24.0862 3756 Current date / time: 2011/12/04 16:28:24.0862

16:28:24.0862 3756 SystemInfo:

16:28:24.0862 3756

16:28:24.0862 3756 OS Version: 6.0.6002 ServicePack: 2.0

16:28:24.0862 3756 Product type: Workstation

16:28:24.0862 3756 ComputerName: SIMON-PC

16:28:24.0862 3756 UserName: simon

16:28:24.0862 3756 Windows directory: C:\Windows

16:28:24.0862 3756 System windows directory: C:\Windows

16:28:24.0862 3756 Running under WOW64

16:28:24.0862 3756 Processor architecture: Intel x64

16:28:24.0862 3756 Number of processors: 3

16:28:24.0862 3756 Page size: 0x1000

16:28:24.0862 3756 Boot type: Normal boot

16:28:24.0862 3756 ============================================================

16:28:28.0060 3756 Initialize success

16:28:53.0410 3628 ============================================================

16:28:53.0410 3628 Scan started

16:28:53.0410 3628 Mode: Manual;

16:28:53.0410 3628 ============================================================

16:28:54.0049 3628 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

16:28:54.0049 3628 ACPI - ok

16:28:54.0112 3628 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

16:28:54.0127 3628 adp94xx - ok

16:28:54.0174 3628 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

16:28:54.0190 3628 adpahci - ok

16:28:54.0190 3628 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

16:28:54.0205 3628 adpu160m - ok

16:28:54.0221 3628 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

16:28:54.0221 3628 adpu320 - ok

16:28:54.0268 3628 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

16:28:54.0283 3628 AFD - ok

16:28:55.0656 3628 AgereSoftModem (ccca8b810769c4218011878378a31587) C:\Windows\system32\DRIVERS\agrsm64.sys

16:28:55.0687 3628 AgereSoftModem - ok

16:28:55.0734 3628 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

16:28:55.0750 3628 agp440 - ok

16:28:55.0796 3628 ahcix64s (dada9751964a7d217a762c873c332b0e) C:\Windows\system32\drivers\ahcix64s.sys

16:28:55.0796 3628 ahcix64s - ok

16:28:55.0843 3628 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

16:28:55.0859 3628 aic78xx - ok

16:28:55.0890 3628 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

16:28:55.0890 3628 aliide - ok

16:28:55.0906 3628 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

16:28:55.0906 3628 amdide - ok

16:28:55.0921 3628 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

16:28:55.0921 3628 AmdK8 - ok

16:28:55.0968 3628 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

16:28:55.0968 3628 arc - ok

16:28:55.0984 3628 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

16:28:55.0984 3628 arcsas - ok

16:28:56.0046 3628 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

16:28:56.0046 3628 AsyncMac - ok

16:28:56.0077 3628 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

16:28:56.0077 3628 atapi - ok

16:28:56.0124 3628 Beep - ok

16:28:56.0171 3628 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

16:28:56.0171 3628 blbdrive - ok

16:28:56.0218 3628 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

16:28:56.0218 3628 bowser - ok

16:28:56.0233 3628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

16:28:56.0233 3628 BrFiltLo - ok

16:28:56.0249 3628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

16:28:56.0249 3628 BrFiltUp - ok

16:28:56.0280 3628 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

16:28:56.0280 3628 Brserid - ok

16:28:56.0296 3628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

16:28:56.0296 3628 BrSerWdm - ok

16:28:56.0311 3628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

16:28:56.0311 3628 BrUsbMdm - ok

16:28:56.0327 3628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

16:28:56.0327 3628 BrUsbSer - ok

16:28:56.0342 3628 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

16:28:56.0342 3628 BTHMODEM - ok

16:28:56.0374 3628 catchme - ok

16:28:56.0389 3628 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

16:28:56.0389 3628 cdfs - ok

16:28:56.0420 3628 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

16:28:56.0420 3628 cdrom - ok

16:28:56.0452 3628 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

16:28:56.0452 3628 circlass - ok

16:28:56.0498 3628 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

16:28:56.0514 3628 CLFS - ok

16:28:56.0530 3628 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

16:28:56.0530 3628 cmdide - ok

16:28:56.0545 3628 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

16:28:56.0545 3628 Compbatt - ok

16:28:56.0576 3628 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

16:28:56.0576 3628 crcdisk - ok

16:28:56.0639 3628 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

16:28:56.0654 3628 DfsC - ok

16:28:58.0620 3628 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

16:28:58.0620 3628 disk - ok

16:28:58.0698 3628 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

16:28:58.0714 3628 drmkaud - ok

16:28:58.0760 3628 dump_wmimmc - ok

16:28:58.0792 3628 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

16:28:58.0807 3628 DXGKrnl - ok

16:28:58.0854 3628 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

16:28:58.0854 3628 E1G60 - ok

16:28:58.0901 3628 EagleX64 - ok

16:28:58.0948 3628 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

16:28:58.0948 3628 Ecache - ok

16:28:58.0994 3628 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

16:28:59.0010 3628 elxstor - ok

16:28:59.0026 3628 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

16:28:59.0026 3628 ErrDev - ok

16:28:59.0057 3628 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

16:28:59.0057 3628 exfat - ok

16:28:59.0088 3628 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

16:28:59.0088 3628 fastfat - ok

16:28:59.0104 3628 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

16:28:59.0104 3628 fdc - ok

16:28:59.0119 3628 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

16:28:59.0119 3628 FileInfo - ok

16:28:59.0135 3628 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

16:28:59.0135 3628 Filetrace - ok

16:28:59.0150 3628 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

16:28:59.0150 3628 flpydisk - ok

16:28:59.0182 3628 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

16:28:59.0182 3628 FltMgr - ok

16:28:59.0260 3628 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

16:28:59.0260 3628 Fs_Rec - ok

16:28:59.0291 3628 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

16:28:59.0291 3628 gagp30kx - ok

16:28:59.0353 3628 GEARAspiWDM (d279181e1cf2d85d31cdcffd56b16795) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:28:59.0353 3628 GEARAspiWDM - ok

16:28:59.0462 3628 GGSAFERDriver - ok

16:29:00.0820 3628 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

16:29:00.0820 3628 HdAudAddService - ok

16:29:00.0866 3628 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:29:00.0898 3628 HDAudBus - ok

16:29:00.0929 3628 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

16:29:00.0929 3628 HidBth - ok

16:29:00.0944 3628 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

16:29:00.0944 3628 HidIr - ok

16:29:01.0022 3628 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

16:29:01.0022 3628 HidUsb - ok

16:29:01.0038 3628 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

16:29:01.0038 3628 HpCISSs - ok

16:29:01.0069 3628 HTTP (5e16d9cca86ce0e117ff1856c6649b33) C:\Windows\system32\drivers\HTTP.sys

16:29:01.0085 3628 HTTP - ok

16:29:01.0116 3628 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

16:29:01.0116 3628 i2omp - ok

16:29:01.0163 3628 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

16:29:01.0163 3628 i8042prt - ok

16:29:01.0210 3628 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

16:29:01.0210 3628 iaStorV - ok

16:29:01.0225 3628 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

16:29:01.0225 3628 iirsp - ok

16:29:01.0256 3628 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

16:29:01.0256 3628 intelide - ok

16:29:01.0272 3628 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

16:29:01.0272 3628 intelppm - ok

16:29:01.0319 3628 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:29:01.0319 3628 IpFilterDriver - ok

16:29:01.0334 3628 IpInIp - ok

16:29:01.0350 3628 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

16:29:01.0350 3628 IPMIDRV - ok

16:29:01.0366 3628 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

16:29:01.0366 3628 IPNAT - ok

16:29:01.0428 3628 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

16:29:01.0428 3628 IRENUM - ok

16:29:01.0459 3628 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

16:29:01.0459 3628 isapnp - ok

16:29:01.0490 3628 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

16:29:01.0490 3628 iScsiPrt - ok

16:29:01.0506 3628 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

16:29:01.0506 3628 iteatapi - ok

16:29:01.0522 3628 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

16:29:01.0522 3628 iteraid - ok

16:29:01.0537 3628 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

16:29:01.0537 3628 kbdclass - ok

16:29:01.0584 3628 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

16:29:01.0584 3628 kbdhid - ok

16:29:01.0631 3628 KSecDD (fb88b233af3d6204f19d85934c102ba7) C:\Windows\system32\Drivers\ksecdd.sys

16:29:01.0646 3628 KSecDD - ok

16:29:01.0662 3628 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

16:29:01.0662 3628 ksthunk - ok

16:29:01.0693 3628 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

16:29:01.0724 3628 lltdio - ok

16:29:01.0756 3628 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

16:29:01.0756 3628 LSI_FC - ok

16:29:01.0771 3628 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

16:29:01.0771 3628 LSI_SAS - ok

16:29:01.0787 3628 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

16:29:01.0787 3628 LSI_SCSI - ok

16:29:01.0818 3628 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

16:29:01.0818 3628 luafv - ok

16:29:03.0690 3628 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

16:29:03.0690 3628 megasas - ok

16:29:03.0752 3628 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

16:29:03.0752 3628 MegaSR - ok

16:29:03.0784 3628 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

16:29:03.0784 3628 Modem - ok

16:29:03.0815 3628 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

16:29:03.0815 3628 monitor - ok

16:29:03.0830 3628 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

16:29:03.0830 3628 mouclass - ok

16:29:03.0862 3628 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

16:29:03.0862 3628 mouhid - ok

16:29:03.0877 3628 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

16:29:03.0893 3628 MountMgr - ok

16:29:03.0924 3628 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

16:29:03.0924 3628 mpio - ok

16:29:03.0955 3628 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

16:29:03.0955 3628 mpsdrv - ok

16:29:03.0971 3628 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

16:29:03.0971 3628 Mraid35x - ok

16:29:04.0018 3628 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

16:29:04.0018 3628 MRxDAV - ok

16:29:04.0033 3628 mrxsmb (a6c23405a24c0c48a246d4f23f0a387d) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:29:04.0033 3628 mrxsmb - ok

16:29:04.0064 3628 mrxsmb10 (d35768909607b7b4f827b2105dd6b6cf) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:29:04.0064 3628 mrxsmb10 - ok

16:29:04.0080 3628 mrxsmb20 (37abc27460f9d532efdcc0116b7e5e48) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:29:04.0080 3628 mrxsmb20 - ok

16:29:04.0111 3628 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

16:29:04.0111 3628 msahci - ok

16:29:04.0174 3628 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

16:29:04.0189 3628 msdsm - ok

16:29:04.0220 3628 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

16:29:04.0220 3628 Msfs - ok

16:29:04.0236 3628 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

16:29:04.0236 3628 msisadrv - ok

16:29:04.0298 3628 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

16:29:04.0298 3628 MSKSSRV - ok

16:29:04.0330 3628 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

16:29:04.0330 3628 MSPCLOCK - ok

16:29:04.0345 3628 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

16:29:04.0345 3628 MSPQM - ok

16:29:04.0376 3628 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

16:29:04.0376 3628 MsRPC - ok

16:29:04.0408 3628 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

16:29:04.0408 3628 mssmbios - ok

16:29:04.0423 3628 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

16:29:04.0439 3628 MSTEE - ok

16:29:04.0470 3628 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

16:29:04.0470 3628 Mup - ok

16:29:04.0517 3628 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

16:29:04.0532 3628 NativeWifiP - ok

16:29:04.0579 3628 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

16:29:04.0595 3628 NDIS - ok

16:29:04.0626 3628 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

16:29:04.0626 3628 NdisTapi - ok

16:29:04.0642 3628 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

16:29:04.0642 3628 Ndisuio - ok

16:29:04.0673 3628 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

16:29:04.0673 3628 NdisWan - ok

16:29:05.0905 3628 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

16:29:05.0936 3628 NDProxy - ok

16:29:05.0983 3628 NetBIOS (30eeb75ea6dd31cd813ae0500284455c) C:\Windows\system32\DRIVERS\netbios.sys

16:29:05.0983 3628 NetBIOS - ok

16:29:06.0030 3628 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

16:29:06.0046 3628 netbt - ok

16:29:06.0077 3628 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

16:29:06.0077 3628 nfrd960 - ok

16:29:06.0139 3628 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

16:29:06.0139 3628 Npfs - ok

16:29:06.0155 3628 NPPTNT2 - ok

16:29:06.0186 3628 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

16:29:06.0186 3628 nsiproxy - ok

16:29:06.0233 3628 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

16:29:06.0264 3628 Ntfs - ok

16:29:06.0280 3628 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

16:29:06.0280 3628 Null - ok

16:29:06.0436 3628 NVENETFD (87da57169825c4376508c10447c4a37d) C:\Windows\system32\DRIVERS\nvmfdx64.sys

16:29:06.0451 3628 NVENETFD - ok

16:29:06.0763 3628 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:29:06.0982 3628 nvlddmkm - ok

16:29:07.0028 3628 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

16:29:07.0028 3628 nvraid - ok

16:29:08.0854 3628 nvrd64 (9340b273f9d2b4efdb94bdcd89550c1f) C:\Windows\system32\drivers\nvrd64.sys

16:29:08.0854 3628 nvrd64 - ok

16:29:08.0869 3628 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

16:29:08.0869 3628 nvstor - ok

16:29:08.0932 3628 nvstor64 (38577f17d699a28121a95c00d3fbec9a) C:\Windows\system32\DRIVERS\nvstor64.sys

16:29:08.0932 3628 nvstor64 - ok

16:29:08.0978 3628 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

16:29:08.0978 3628 nv_agp - ok

16:29:08.0978 3628 NwlnkFlt - ok

16:29:08.0994 3628 NwlnkFwd - ok

16:29:09.0041 3628 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

16:29:09.0041 3628 ohci1394 - ok

16:29:09.0072 3628 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

16:29:09.0088 3628 Parport - ok

16:29:09.0119 3628 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

16:29:09.0119 3628 partmgr - ok

16:29:09.0150 3628 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

16:29:09.0150 3628 pci - ok

16:29:09.0181 3628 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

16:29:09.0181 3628 pciide - ok

16:29:09.0212 3628 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

16:29:09.0212 3628 pcmcia - ok

16:29:09.0259 3628 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

16:29:09.0275 3628 PEAUTH - ok

16:29:09.0353 3628 pnarp (f1965ae69fdb4c6d9ffeceb2c12f7898) C:\Windows\system32\DRIVERS\pnarp.sys

16:29:09.0368 3628 pnarp - ok

16:29:09.0462 3628 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

16:29:09.0478 3628 PptpMiniport - ok

16:29:09.0493 3628 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

16:29:09.0493 3628 Processor - ok

16:29:09.0524 3628 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

16:29:09.0524 3628 PSched - ok

16:29:09.0556 3628 purendis (ec7333fc339fc6a1f9bb3e50ad9b13c6) C:\Windows\system32\DRIVERS\purendis.sys

16:29:09.0556 3628 purendis - ok

16:29:09.0618 3628 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

16:29:09.0634 3628 ql2300 - ok

16:29:09.0649 3628 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

16:29:09.0649 3628 ql40xx - ok

16:29:09.0680 3628 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

16:29:09.0680 3628 QWAVEdrv - ok

16:29:09.0696 3628 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

16:29:09.0696 3628 RasAcd - ok

16:29:09.0743 3628 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:29:09.0743 3628 Rasl2tp - ok

16:29:09.0774 3628 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

16:29:09.0774 3628 RasPppoe - ok

16:29:09.0790 3628 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

16:29:09.0790 3628 RasSstp - ok

16:29:09.0852 3628 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

16:29:11.0178 3628 rdbss - ok

16:29:11.0303 3628 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:29:11.0303 3628 RDPCDD - ok

16:29:11.0334 3628 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

16:29:11.0350 3628 rdpdr - ok

16:29:11.0350 3628 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

16:29:11.0350 3628 RDPENCDD - ok

16:29:11.0428 3628 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

16:29:11.0428 3628 RDPWD - ok

16:29:11.0490 3628 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

16:29:11.0490 3628 rspndr - ok

16:29:11.0584 3628 RTL8192su (40d719cbebeb2696a1202e8927e90428) C:\Windows\system32\DRIVERS\RTL8192su.sys

16:29:11.0599 3628 RTL8192su - ok

16:29:11.0630 3628 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

16:29:11.0630 3628 sbp2port - ok

16:29:11.0677 3628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:29:11.0693 3628 secdrv - ok

16:29:11.0724 3628 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

16:29:11.0724 3628 Serenum - ok

16:29:11.0740 3628 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

16:29:11.0740 3628 Serial - ok

16:29:11.0755 3628 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

16:29:11.0755 3628 sermouse - ok

16:29:11.0771 3628 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

16:29:11.0786 3628 sffdisk - ok

16:29:11.0786 3628 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

16:29:11.0786 3628 sffp_mmc - ok

16:29:11.0802 3628 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

16:29:11.0802 3628 sffp_sd - ok

16:29:11.0818 3628 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

16:29:11.0818 3628 sfloppy - ok

16:29:11.0849 3628 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

16:29:11.0849 3628 SiSRaid2 - ok

16:29:11.0864 3628 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

16:29:11.0864 3628 SiSRaid4 - ok

16:29:11.0911 3628 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

16:29:11.0911 3628 Smb - ok

16:29:11.0942 3628 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

16:29:11.0942 3628 spldr - ok

16:29:12.0005 3628 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys

16:29:12.0005 3628 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf

16:29:12.0020 3628 sptd ( LockedFile.Multi.Generic ) - warning

16:29:12.0020 3628 sptd - detected LockedFile.Multi.Generic (1)

16:29:12.0036 3628 srv (08d8358006d13b61aa3d25efa558f101) C:\Windows\system32\DRIVERS\srv.sys

16:29:12.0052 3628 srv - ok

16:29:12.0067 3628 srv2 (efca77e9f9fdab1de37cc473066dc715) C:\Windows\system32\DRIVERS\srv2.sys

16:29:12.0083 3628 srv2 - ok

16:29:12.0083 3628 srvnet (54f34ef396760ec51abf85e12cc72acf) C:\Windows\system32\DRIVERS\srvnet.sys

16:29:12.0083 3628 srvnet - ok

16:29:12.0130 3628 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

16:29:12.0130 3628 swenum - ok

16:29:12.0161 3628 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

16:29:12.0161 3628 Symc8xx - ok

16:29:12.0176 3628 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

16:29:12.0176 3628 Sym_hi - ok

16:29:12.0192 3628 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

16:29:12.0192 3628 Sym_u3 - ok

16:29:14.0048 3628 Tcpip (99d07ad0ef2c535610f6573c29bc045e) C:\Windows\system32\drivers\tcpip.sys

16:29:14.0111 3628 Tcpip - ok

16:29:14.0126 3628 Tcpip6 (99d07ad0ef2c535610f6573c29bc045e) C:\Windows\system32\DRIVERS\tcpip.sys

16:29:14.0142 3628 Tcpip6 - ok

16:29:14.0173 3628 tcpipreg (ff0c49db68d4f451343ef06abaea3dc9) C:\Windows\system32\drivers\tcpipreg.sys

16:29:14.0173 3628 tcpipreg - ok

16:29:14.0204 3628 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

16:29:14.0204 3628 TDPIPE - ok

16:29:14.0236 3628 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

16:29:14.0236 3628 TDTCP - ok

16:29:14.0251 3628 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

16:29:14.0251 3628 tdx - ok

16:29:14.0282 3628 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

16:29:14.0282 3628 TermDD - ok

16:29:14.0329 3628 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:29:14.0329 3628 tssecsrv - ok

16:29:14.0360 3628 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

16:29:14.0360 3628 tunmp - ok

16:29:14.0360 3628 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

16:29:14.0376 3628 tunnel - ok

16:29:14.0407 3628 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

16:29:14.0423 3628 uagp35 - ok

16:29:14.0516 3628 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

16:29:14.0516 3628 udfs - ok

16:29:14.0548 3628 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

16:29:14.0563 3628 uliagpkx - ok

16:29:14.0579 3628 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

16:29:14.0579 3628 uliahci - ok

16:29:14.0594 3628 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

16:29:14.0594 3628 UlSata - ok

16:29:14.0610 3628 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

16:29:14.0610 3628 ulsata2 - ok

16:29:14.0641 3628 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

16:29:14.0641 3628 umbus - ok

16:29:14.0657 3628 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

16:29:14.0657 3628 UMPass - ok

16:29:14.0688 3628 USBAAPL64 - ok

16:29:14.0750 3628 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

16:29:14.0750 3628 usbaudio - ok

16:29:14.0782 3628 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

16:29:14.0797 3628 usbccgp - ok

16:29:14.0797 3628 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

16:29:14.0797 3628 usbcir - ok

16:29:14.0844 3628 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

16:29:14.0860 3628 usbehci - ok

16:29:14.0875 3628 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

16:29:14.0875 3628 usbhub - ok

16:29:14.0891 3628 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

16:29:14.0906 3628 usbohci - ok

16:29:14.0938 3628 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

16:29:14.0953 3628 usbprint - ok

16:29:14.0984 3628 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:29:14.0984 3628 USBSTOR - ok

16:29:16.0279 3628 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

16:29:16.0310 3628 usbuhci - ok

16:29:16.0373 3628 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

16:29:16.0373 3628 vga - ok

16:29:16.0373 3628 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

16:29:16.0388 3628 VgaSave - ok

16:29:16.0388 3628 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

16:29:16.0388 3628 viaide - ok

16:29:16.0435 3628 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

16:29:16.0466 3628 volmgr - ok

16:29:16.0513 3628 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

16:29:16.0529 3628 volmgrx - ok

16:29:16.0576 3628 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

16:29:16.0576 3628 volsnap - ok

16:29:16.0607 3628 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

16:29:16.0622 3628 vsmraid - ok

16:29:16.0716 3628 VX3000 (b19333c00b64edc5a53bd4a38f55fe95) C:\Windows\system32\DRIVERS\VX3000.sys

16:29:16.0810 3628 VX3000 - ok

16:29:16.0825 3628 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

16:29:16.0825 3628 WacomPen - ok

16:29:16.0856 3628 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

16:29:16.0872 3628 Wanarp - ok

16:29:16.0872 3628 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

16:29:16.0888 3628 Wanarpv6 - ok

16:29:16.0903 3628 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

16:29:16.0903 3628 Wd - ok

16:29:16.0934 3628 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

16:29:16.0950 3628 Wdf01000 - ok

16:29:17.0028 3628 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

16:29:17.0044 3628 WmiAcpi - ok

16:29:17.0137 3628 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

16:29:17.0137 3628 WpdUsb - ok

16:29:17.0137 3628 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

16:29:17.0137 3628 ws2ifsl - ok

16:29:17.0200 3628 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:29:17.0200 3628 WUDFRd - ok

16:29:17.0278 3628 X6va001 - ok

16:29:19.0056 3628 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:29:19.0134 3628 \Device\Harddisk0\DR0 - ok

16:29:19.0150 3628 Boot (0x1200) (d2629427e426f2dd099e97cfd9bae230) \Device\Harddisk0\DR0\Partition0

16:29:19.0150 3628 \Device\Harddisk0\DR0\Partition0 - ok

16:29:19.0150 3628 Boot (0x1200) (365cfbdb91df040bce4496eb98f7a4e9) \Device\Harddisk0\DR0\Partition1

16:29:19.0150 3628 \Device\Harddisk0\DR0\Partition1 - ok

16:29:19.0150 3628 ============================================================

16:29:19.0150 3628 Scan finished

16:29:19.0150 3628 ============================================================

16:29:19.0181 3932 Detected object count: 1

16:29:19.0181 3932 Actual detected object count: 1

16:30:58.0037 3932 sptd ( LockedFile.Multi.Generic ) - skipped by user

16:30:58.0037 3932 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

16:31:09.0518 1924 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8344

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

12/9/2011 12:47:42 PM

mbam-log-2011-12-09 (12-47-42).txt

Scan type: Quick scan

Objects scanned: 179199

Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-09 13:09:46

-----------------------------

13:09:46.718 OS Version: Windows x64 6.0.6002 Service Pack 2

13:09:46.718 Number of processors: 3 586 0x202

13:09:46.718 ComputerName: SIMON-PC UserName: simon

13:09:53.036 Initialize success

13:10:02.037 AVAST engine defs: 11120901

13:10:04.970 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c

13:10:04.970 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6

13:10:07.029 Disk 0 MBR read successfully

13:10:07.029 Disk 0 MBR scan

13:10:07.029 Disk 0 Windows VISTA default MBR code

13:10:07.045 Service scanning

13:10:07.544 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

13:10:08.121 Modules scanning

13:10:08.121 Disk 0 trace - called modules:

13:10:09.135 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8004c28254]<<

13:10:09.151 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004956790]

13:10:09.151 3 CLASSPNP.SYS[fffffa60009cac33] -> nt!IofCallDriver -> [0xfffffa8003369380]

13:10:09.151 5 acpi.sys[fffffa6000b78fde] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8003364060]

13:10:09.166 \Driver\nvstor64[0xfffffa8003350960] -> IRP_MJ_CREATE -> 0xfffffa80031912c0

13:10:12.302 AVAST engine scan C:\Windows

13:10:53.985 AVAST engine scan C:\Windows\system32

13:14:05.241 AVAST engine scan C:\Windows\system32\drivers

13:14:21.746 AVAST engine scan C:\Users\simon

13:28:42.044 AVAST engine scan C:\ProgramData

13:31:43.518 Scan finished successfully

13:32:59.132 Disk 0 MBR has been saved successfully to "C:\Users\simon\Desktop\MBR.dat"

13:32:59.132 The log file has been saved successfully to "C:\Users\simon\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download Farbar Recovery Scan Tool and save it to a flash drive.

To enter System Recovery Options from the Advanced Boot Options:

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0

Ran by SYSTEM at 2011-12-15 21:06:13

Running from J:\

Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [709992 2007-04-10] (Microsoft Corporation)

HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [279912 2007-05-17] (Microsoft Corporation)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141608 2010-02-15] (Apple Inc.)

HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [647216 2009-07-07] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [472112 2009-07-07] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)

HKU\Default\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)

HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]

HKU\Default User\...\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)

HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]

HKU\simon\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun [691656 2009-04-23] (DT Soft Ltd)

HKU\simon\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 64.71.255.198

==================== Services (Whitelisted) ======

2 AgereModemAudio; C:\Windows\system32\agr64svc.exe [10752 2006-10-05] (Agere Systems)

2 atashost; "C:\Windows\SysWOW64\atashost.exe" [20376 2009-03-06] (WebEx Communications, Inc.)

4 iPod Service; "C:\Program Files (x86)\iPod\bin\iPodService.exe" [545576 2010-02-15] (Apple Inc.)

4 MSCamSvc; "C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe" [443752 2007-05-17] (Microsoft Corporation)

4 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [647216 2009-07-07] (Cisco Systems, Inc.)

3 Realtek92SU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-02-05] (Realtek)

4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1204736 2006-10-05] (Agere Systems)

4 ahcix64s; C:\Windows\System32\drivers\ahcix64s.sys [209424 2007-12-19] (AMD Technologies Inc.)

3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx64.sys [1487784 2007-05-03] (NVIDIA Corporation)

4 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [164384 2007-12-08] (NVIDIA Corporation)

0 nvstor64; C:\Windows\System32\DRIVERS\nvstor64.sys [122664 2007-04-19] (NVIDIA Corporation)

2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [33328 2009-07-07] (Cisco Systems, Inc.)

2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [35376 2009-07-07] (Cisco Systems, Inc.)

3 RTL8192su; C:\Windows\System32\DRIVERS\RTL8192su.sys [579072 2009-03-27] (Realtek Semiconductor Corporation )

0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2007-12-31] (Duplex Secure Ltd.)

3 VX3000; C:\Windows\System32\DRIVERS\VX3000.sys [2105192 2007-04-10] (Microsoft Corporation)

1 Beep; [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 dump_wmimmc; \??\c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [x]

3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

3 GGSAFERDriver; \??\C:\Users\simon\Desktop\Garena\safedrv.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 npggsvc; C:\Windows\system32\GameMon.des -service [x]

3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [x]

3 X6va001; \??\C:\Users\simon\AppData\Local\Temp\001197.tmp [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-15 21:06 - 2011-12-15 21:06 - 0000000 ____D C:\FRST

2011-12-15 17:00 - 2011-12-15 17:00 - 0000000 ____A C:\Windows\setuperr.log

2011-12-15 17:00 - 2011-12-15 17:00 - 0000000 ____A C:\Windows\setupact.log

2011-12-15 16:43 - 2011-12-15 17:52 - 3085426688 __ASH C:\hiberfil.sys

2011-12-09 15:57 - 2011-12-09 15:57 - 0750227 ____A C:\Users\simon\Desktop\MapleStory Updates - v_104 – Legends Update Notes – Cannoneer and more.mht

2011-12-09 10:41 - 2011-12-09 10:41 - 0000553 ____A C:\Users\simon\Desktop\MBR.zip

2011-12-09 09:24 - 2011-12-09 09:24 - 1916416 ____A (AVAST Software) C:\Users\simon\Desktop\aswMBR.exe

2011-12-06 19:29 - 2011-12-06 19:29 - 454727999 ____A C:\Windows\MEMORY.DMP

2011-12-06 19:29 - 2011-12-06 19:29 - 0275432 ____A C:\Windows\Minidump\Mini120611-01.dmp

2011-12-06 19:29 - 2011-12-06 19:29 - 0000000 ____D C:\Windows\Minidump

2011-12-06 14:28 - 2011-12-15 16:33 - 0389214 ____A C:\Windows\ntbtlog.txt

2011-12-04 14:48 - 2011-12-15 13:13 - 0018018 ____A C:\Windows\PFRO.log

2011-12-04 13:28 - 2011-12-04 13:31 - 0067380 ____A C:\TDSSKiller.2.6.21.0_04.12.2011_16.28.24_log.txt

2011-12-04 13:27 - 2011-12-04 13:28 - 0000000 ____D C:\Users\simon\Desktop\tdds

2011-12-04 13:27 - 2011-12-04 13:27 - 1547774 ____A C:\Users\simon\Desktop\tdsskiller.zip

2011-12-04 13:27 - 2011-12-04 13:27 - 0000000 __SHD C:\$RECYCLE.BIN

2011-12-04 13:22 - 2011-12-04 13:22 - 0012104 ____A C:\ComboFix.txt

2011-12-04 12:11 - 2011-12-04 13:23 - 0000000 ____D C:\ComboFix2

2011-12-04 12:04 - 2011-12-04 12:08 - 4327522 ____R (Swearware) C:\Users\simon\Desktop\ComboFix2.exe

2011-11-30 09:51 - 2011-11-30 09:53 - 0000000 ____D C:\Users\simon\Desktop\stuff

2011-11-27 18:08 - 2011-11-28 12:55 - 0000000 ____D C:\Users\simon\Downloads\Jackie Chan's Heart of the Dragon [1985] DVDRip AAC SmartGuy Silver RG

2011-11-27 18:07 - 2011-11-27 18:07 - 0012393 ____A C:\Users\simon\Desktop\Jackie_Chan__s_Heart_of_the_Dragon_[1985]_DVDRip_AAC_SmartGuy_Si.6659937.TPB.torrent

2011-11-27 12:56 - 2011-11-27 12:56 - 0879652 ____A C:\Users\simon\Desktop\SecurityCheck.exe

2011-11-27 09:40 - 2011-11-27 09:40 - 0000000 ____D C:\Program Files (x86)\ESET

2011-11-21 18:34 - 2011-11-21 18:34 - 0262144 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\COMPONENTS.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\COMPONENTS.tmp.LOG1

2011-11-21 18:33 - 2011-11-21 18:36 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts

2011-11-21 17:50 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe

2011-11-21 17:50 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe

2011-11-21 17:50 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2011-11-21 17:50 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2011-11-21 17:50 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe

2011-11-21 17:50 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe

2011-11-21 17:50 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe

2011-11-21 17:49 - 2011-12-04 12:06 - 0000000 ____D C:\ComboFix

2011-11-21 17:48 - 2011-12-04 13:23 - 0000000 ____D C:\Qoobox

2011-11-21 17:46 - 2011-11-21 16:46 - 4303424 ____R (Swearware) C:\Users\simon\Desktop\ComboFix.exe

2011-11-16 13:03 - 2011-12-15 17:58 - 0230424 ____A C:\Windows\WindowsUpdate.log

2011-11-16 12:43 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2011-11-16 12:42 - 2011-11-21 18:33 - 0000000 ____D C:\Windows\ERDNT

2011-11-15 17:58 - 2011-11-15 18:07 - 0262144 ____A C:\users\Mcx1

2011-11-15 17:58 - 2011-11-15 18:07 - 0005120 ___AH C:\users\Mcx1.LOG1

2011-11-15 17:58 - 2011-11-15 17:58 - 0000000 ___AH C:\users\Mcx1.LOG2

============ 3 Months Modified Files and Folders =============

2011-12-15 21:06 - 2011-12-15 21:06 - 0000000 ____D C:\FRST

2011-12-15 17:58 - 2011-11-16 13:03 - 0230424 ____A C:\Windows\WindowsUpdate.log

2011-12-15 17:58 - 2006-11-02 07:42 - 0032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2011-12-15 17:58 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2011-12-15 17:58 - 2006-11-02 07:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2011-12-15 17:58 - 2006-11-02 07:22 - 0003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2011-12-15 17:58 - 2006-11-02 04:46 - 0690960 ____A C:\Windows\System32\PerfStringBackup.INI

2011-12-15 17:52 - 2011-12-15 16:43 - 3085426688 __ASH C:\hiberfil.sys

2011-12-15 17:00 - 2011-12-15 17:00 - 0000000 ____A C:\Windows\setuperr.log

2011-12-15 17:00 - 2011-12-15 17:00 - 0000000 ____A C:\Windows\setupact.log

2011-12-15 16:33 - 2011-12-06 14:28 - 0389214 ____A C:\Windows\ntbtlog.txt

2011-12-15 13:13 - 2011-12-04 14:48 - 0018018 ____A C:\Windows\PFRO.log

2011-12-13 15:33 - 2009-09-03 18:10 - 0000000 ____D C:\Users\simon\Tracing

2011-12-12 13:43 - 2010-11-27 17:13 - 0000000 ____D C:\Users\simon\Desktop\New Folder

2011-12-12 13:43 - 2008-01-01 02:25 - 0000000 ____D C:\Program Files (x86)\Opera

2011-12-11 11:18 - 2011-02-21 07:57 - 0000000 ____D C:\Users\simon\Desktop\Maplestory sites

2011-12-09 15:57 - 2011-12-09 15:57 - 0750227 ____A C:\Users\simon\Desktop\MapleStory Updates - v_104 – Legends Update Notes – Cannoneer and more.mht

2011-12-09 10:41 - 2011-12-09 10:41 - 0000553 ____A C:\Users\simon\Desktop\MBR.zip

2011-12-09 09:24 - 2011-12-09 09:24 - 1916416 ____A (AVAST Software) C:\Users\simon\Desktop\aswMBR.exe

2011-12-07 19:23 - 2008-01-01 02:29 - 0000000 ____D C:\Users\simon\AppData\Roaming\uTorrent

2011-12-07 19:11 - 2010-02-26 17:06 - 0000000 ____D C:\Users\simon\AppData\Roaming\vlc

2011-12-07 14:28 - 2010-03-18 18:47 - 0000000 ____D C:\Users\simon\Downloads\Hedley - (2009) The Show Must Go

2011-12-07 14:27 - 2011-02-01 18:11 - 0000000 ____D C:\Users\simon\Desktop\HW

2011-12-06 19:29 - 2011-12-06 19:29 - 454727999 ____A C:\Windows\MEMORY.DMP

2011-12-06 19:29 - 2011-12-06 19:29 - 0275432 ____A C:\Windows\Minidump\Mini120611-01.dmp

2011-12-06 19:29 - 2011-12-06 19:29 - 0000000 ____D C:\Windows\Minidump

2011-12-04 13:31 - 2011-12-04 13:28 - 0067380 ____A C:\TDSSKiller.2.6.21.0_04.12.2011_16.28.24_log.txt

2011-12-04 13:28 - 2011-12-04 13:27 - 0000000 ____D C:\Users\simon\Desktop\tdds

2011-12-04 13:27 - 2011-12-04 13:27 - 1547774 ____A C:\Users\simon\Desktop\tdsskiller.zip

2011-12-04 13:27 - 2011-12-04 13:27 - 0000000 __SHD C:\$RECYCLE.BIN

2011-12-04 13:23 - 2011-12-04 12:11 - 0000000 ____D C:\ComboFix2

2011-12-04 13:23 - 2011-11-21 17:48 - 0000000 ____D C:\Qoobox

2011-12-04 13:22 - 2011-12-04 13:22 - 0012104 ____A C:\ComboFix.txt

2011-12-04 13:00 - 2006-11-02 04:34 - 0000215 ____A C:\Windows\system.ini

2011-12-04 12:08 - 2011-12-04 12:04 - 4327522 ____R (Swearware) C:\Users\simon\Desktop\ComboFix2.exe

2011-12-04 12:06 - 2011-11-21 17:49 - 0000000 ____D C:\ComboFix

2011-12-04 11:54 - 2011-10-10 15:36 - 0000000 ____D C:\Users\simon\Desktop\ics

2011-12-04 11:27 - 2011-10-10 15:37 - 0000000 ____D C:\Users\simon\Desktop\Visual Basic 6 Portable

2011-11-30 09:53 - 2011-11-30 09:51 - 0000000 ____D C:\Users\simon\Desktop\stuff

2011-11-28 12:55 - 2011-11-27 18:08 - 0000000 ____D C:\Users\simon\Downloads\Jackie Chan's Heart of the Dragon [1985] DVDRip AAC SmartGuy Silver RG

2011-11-27 18:07 - 2011-11-27 18:07 - 0012393 ____A C:\Users\simon\Desktop\Jackie_Chan__s_Heart_of_the_Dragon_[1985]_DVDRip_AAC_SmartGuy_Si.6659937.TPB.torrent

2011-11-27 12:56 - 2011-11-27 12:56 - 0879652 ____A C:\Users\simon\Desktop\SecurityCheck.exe

2011-11-27 09:40 - 2011-11-27 09:40 - 0000000 ____D C:\Program Files (x86)\ESET

2011-11-27 09:40 - 2006-11-02 05:33 - 0000000 ___SD C:\Windows\Downloaded Program Files

2011-11-21 18:36 - 2011-11-21 18:33 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts

2011-11-21 18:35 - 2006-11-02 04:33 - 67371008 ____A C:\Windows\System32\config\SOFTWARE.bak

2011-11-21 18:35 - 2006-11-02 04:33 - 47972352 ____A C:\Windows\System32\config\COMPONENTS.bak

2011-11-21 18:35 - 2006-11-02 04:33 - 4456448 ____A C:\Windows\System32\config\DEFAULT.bak

2011-11-21 18:35 - 2006-11-02 04:33 - 17039360 ____A C:\Windows\System32\config\SYSTEM.bak

2011-11-21 18:35 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak

2011-11-21 18:35 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\SAM.bak

2011-11-21 18:34 - 2011-11-21 18:34 - 0262144 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG1

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\COMPONENTS.tmp.LOG2

2011-11-21 18:34 - 2011-11-21 18:34 - 0000000 ___AH C:\Windows\System32\config\COMPONENTS.tmp.LOG1

2011-11-21 18:33 - 2011-11-16 12:42 - 0000000 ____D C:\Windows\ERDNT

2011-11-21 17:06 - 2011-06-25 06:18 - 0000000 ____D C:\SG Interactive

2011-11-21 16:46 - 2011-11-21 17:46 - 4303424 ____R (Swearware) C:\Users\simon\Desktop\ComboFix.exe

2011-11-16 13:25 - 2006-11-02 05:33 - 0000000 __RHD C:\users\Default

2011-11-16 13:25 - 2006-11-02 05:33 - 0000000 ___RD C:\users\Public

2011-11-15 18:11 - 2007-12-31 21:04 - 0000732 ____A C:\Users\simon\AppData\Local\d3d9caps64.dat

2011-11-15 18:07 - 2011-11-15 17:58 - 0262144 ____A C:\users\Mcx1

2011-11-15 18:07 - 2011-11-15 17:58 - 0005120 ___AH C:\users\Mcx1.LOG1

2011-11-15 17:58 - 2011-11-15 17:58 - 0000000 ___AH C:\users\Mcx1.LOG2

2011-11-15 17:44 - 2008-01-01 06:14 - 0309262 ____A C:\Windows\SysWOW64\commonpriv.log

2011-11-11 18:25 - 2011-11-11 18:36 - 0607260 ____R (Swearware) C:\Users\simon\Desktop\dds.scr

2011-11-09 17:15 - 2011-11-09 17:15 - 0487264 ____A C:\Users\simon\Desktop\maplestory_hackshield.zip

2011-11-07 17:07 - 2011-07-31 07:47 - 0000000 ____D C:\Users\simon\Desktop\clutter

2011-11-07 13:59 - 2009-08-19 10:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-06 14:07 - 2008-01-01 00:28 - 0000000 ____D C:\Users\simon\AppData\LocalLow

2011-11-04 18:38 - 2011-09-19 17:44 - 0000000 ____D C:\Users\simon\Desktop\Garena

2011-11-03 18:16 - 2011-09-19 18:26 - 0051186 ____A C:\Users\simon\AppData\Roaming\room_v3.dat

2011-11-03 18:15 - 2008-01-01 02:39 - 0000000 ____D C:\Program Files (x86)\Warcraft III

2011-10-14 17:41 - 2011-09-18 20:14 - 0000680 ____A C:\Users\simon\AppData\Local\d3d9caps.dat

2011-10-02 17:10 - 2011-10-02 17:10 - 0000531 ____A C:\Users\simon\Desktop\Garena - Shortcut.lnk

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 18%

Total physical RAM: 2941.7 MB

Available physical RAM: 2410.58 MB

Total Pagefile: 2700.06 MB

Available Pagefile: 2389.5 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:287.14 GB) (Free:229.44 GB) NTFS ==>[system with boot components]

2 Drive d: (RECOVERY) (Fixed) (Total:10.95 GB) (Free:5.17 GB) NTFS ==>[system with boot components]

3 Drive e: (OSDVD2.9) (CDROM) (Total:3.73 GB) (Free:0 GB) CDFS

8 Drive j: (USB) (Removable) (Total:1.88 GB) (Free:1.22 GB) FAT

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 Online 1928 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 11 GB 32 KB

Partition 2 Primary 287 GB 11 GB

Disk: 0

Partition 2

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 287 GB Healthy

==========================================================

Last Boot: 2011-12-15 17:01

======================= End Of Log ==========================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.