New and need help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
After much effort spending most of my night, I have managed to get the problems to stop (I think) I'd like your guy's approval and tell me if I missed anything..... The first log is what I had before, second is after much hard work I have done on my own.. Could you please tell me if I missed anything ~Ulkterna
 

Attachments

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
I hope bumping is alloud, as this is on the second page, and I still need clearity on if I missed anything, take your time to get to me, Just don't want this to get lost in the threads ^^;;
 

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
Bump so it does not get lost Added details, I am now having intermittent network issues, to the point I'm being forced to flush my dns and ipconfig /release and /renew all the times.. It started happening after I cleaned out a good chunk of the virus's. I know you guys are busy but any help would be grateful...
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
follow advice here and post the logs those programs make

Ignore Gmer as it won't run on 64 bit computer & tell us EXACTLY what problems you were having before you started to fix things
 

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
follow advice here and post the logs those programs make

Ignore Gmer as it won't run on 64 bit computer & tell us EXACTLY what problems you were having before you started to fix things
I was debating following that, but I figured I'd let you guys instrust me first on what speficly things you need from me Well before I started fixing things I had a Audio Virus (or so I like to call it anyways) where it was playing Sounds, Looking at ViriaTask manager (I think I spelt that right) It showed 3 files about 200 or more KB's that looked like windows media player icons, But they where called like LFD.exe etc.. LFE.exe and uploading them to virus total showed many different types of virsu's, I had a few trojan downloaders, etc... after I cleaned out everything, Most if not all the problems I where having stopped, including the audio virus, and the pcs running allot better, the only problem I am having now is My network keeps forcing me to reset by ipconfig /release and /renew almost every day, this only started accouring after fixing the Virus's Both with software and manually, The logs I uploaded from Hijackthis the first log shows What I had before, and teh second one is After I cleaned, I attached them to avoid cluttering the Text box Following the advice on that site, You need all those logs correct? all but gmer?
 

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Spirit at 2:40:53.98 on Sat 01/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3839.1059 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: ClamAV for Windows *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ClamAV for Windows\2.0.17\agent.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ClamAV for Windows\2.0.17\iptray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Spirit\AppData\Local\Apps\2.0\JO7PYPHW.39Q\AWQM5NKV.NBG\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\GemX\do-Organizer4\doOrganizer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\PlayerScoreClient\Patcher.exe
C:\Program Files (x86)\PlayerScoreClient\PlayerScore.exe
N:\Backup\World of Warcraft\WoW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Spirit\Downloads\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Immunet Protect] "C:\Program Files\ClamAV for Windows\2.0.17\iptray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
dRun: [JP595IR86O] C:\Windows\TEMP\Lfd.exe
StartupFolder: C:\Users\Spirit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Spirit\AppData\Roaming\Mozilla\Firefox\Profiles\y9wk89i6.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected]

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-28 121936]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\ImmunetProtect.sys [2010-12-28 46160]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\ImmunetSelfProtect.sys [2010-12-28 29776]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-28 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-28 61008]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-15 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

=============== Created Last 30 ================

2011-01-01 06:18:52 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{334D28BF-51EA-419B-B421-11D12BF8F75C}\mpengine.dll
2010-12-31 17:45:50 -------- d-----w- C:\Users\Spirit\AppData\Local\{D7860A5F-E117-4992-B62F-8A9BCAF214D0}
2010-12-31 03:01:42 -------- d-----w- C:\Users\Spirit\AppData\Local\{8651D4DF-147F-46BF-BFDE-76CC0DC9C72B}
2010-12-30 11:03:59 -------- d-----w- C:\Users\Spirit\AppData\Local\Microsoft Games
2010-12-30 05:46:41 -------- d-----w- C:\Program Files (x86)\Messenger Plus! Live
2010-12-30 05:35:37 -------- d-----w- C:\Users\Spirit\AppData\Local\{2C73AE98-86B0-4BE3-A8C1-12EC0F1CE640}
2010-12-29 17:31:16 -------- d-----w- C:\Users\Spirit\AppData\Local\{B34077B6-7137-403A-A703-BE4EA3E87A72}
2010-12-29 03:14:27 -------- d-----w- C:\Program Files\CCleaner
2010-12-29 03:10:44 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-12-29 03:05:05 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-12-29 03:02:36 38848 ----a-w- C:\Windows\avastSS.scr
2010-12-29 03:02:23 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-12-29 02:59:41 -------- d-----w- C:\Windows\pss
2010-12-29 02:51:34 -------- d-----w- C:\Users\Spirit\AppData\Local\Immunet
2010-12-29 02:51:34 -------- d-----w- C:\PROGRA~3\Immunet
2010-12-29 02:50:05 29776 ----a-w- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
2010-12-29 02:50:03 46160 ----a-w- C:\Windows\System32\drivers\ImmunetProtect.sys
2010-12-29 02:49:58 -------- d-----w- C:\Program Files\ClamAV for Windows
2010-12-29 02:31:34 388096 ----a-r- C:\Users\Spirit\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-29 02:31:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-29 01:31:50 -------- d-----w- C:\Users\Spirit\AppData\Local\{4BEF79E5-322C-4370-ABE7-E620FC892B7F}
2010-12-28 08:03:35 -------- d-----w- C:\Program Files\Ventrilo
2010-12-28 08:03:02 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-12-28 06:12:46 -------- d-----w- C:\Users\Spirit\AppData\Local\AnVir
2010-12-28 05:50:29 -------- d-----w- C:\Users\Spirit\DoctorWeb
2010-12-28 05:47:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-28 05:47:04 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-12-28 05:31:39 -------- d-----w- C:\Program Files (x86)\Safer Networking
2010-12-28 05:28:44 -------- d-----w- C:\Users\Spirit\AppData\Roaming\LockHunter
2010-12-28 05:28:20 -------- d-----w- C:\Program Files\LockHunter
2010-12-28 03:07:41 -------- d-----w- C:\Program Files (x86)\AnVir Task Manager Free
2010-12-28 00:20:42 -------- d-----w- C:\Users\Spirit\AppData\Local\{799D1A6C-3984-4AC5-93BD-A68F9192093D}
2010-12-27 09:48:32 -------- d-----w- C:\PROGRA~3\Media Center Programs
2010-12-27 09:37:42 -------- d-----w- C:\Program Files\Flagship Studios
2010-12-27 04:26:16 -------- d-----w- C:\GemX
2010-12-27 04:11:21 -------- d-----w- C:\Users\Spirit\AppData\Roaming\Foxit
2010-12-27 04:11:20 72960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
2010-12-27 04:11:20 -------- d-----w- C:\Program Files (x86)\Foxit Software
2010-12-27 01:49:06 -------- d-----w- C:\Users\Spirit\AppData\Local\{9F1097DA-8346-48B8-B28C-DFC335154AB9}
2010-12-26 12:14:46 -------- d-----w- C:\Users\Spirit\AppData\Local\{1F175F12-80B4-4CF1-ABCB-25098FC4FE28}
2010-12-26 06:37:31 -------- d-----w- C:\Windows\System32\appmgmt
2010-12-26 00:14:19 -------- d-----w- C:\Users\Spirit\AppData\Local\{387B9A42-8A30-4084-A948-72D76AE8C74B}
2010-12-25 11:36:33 -------- d-----w- C:\Users\Spirit\AppData\Local\{24E2442E-0832-483F-9B13-4D2A4E2C0772}
2010-12-25 04:50:27 -------- d-----w- C:\Games
2010-12-24 23:36:10 -------- d-----w- C:\Users\Spirit\AppData\Local\{3D08E207-E2A0-494E-86E5-298A469E9C01}
2010-12-24 11:35:48 -------- d-----w- C:\Users\Spirit\AppData\Local\{59B52F99-204D-40A9-94FB-98A01AE31A73}
2010-12-23 23:35:13 -------- d-----w- C:\Users\Spirit\AppData\Local\{BF9010C8-492D-47A2-A2C9-39878260160C}
2010-12-23 13:57:53 -------- d-----w- C:\Users\Spirit\AppData\Roaming\runic games
2010-12-23 12:48:40 -------- d-----w- C:\Users\Spirit\AppData\Roaming\Beat Hazard
2010-12-23 12:42:16 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2010-12-23 12:42:15 -------- d-----w- C:\Program Files (x86)\Steam
2010-12-23 12:10:02 -------- d-----w- C:\Users\Spirit\AppData\Roaming\NeopleLauncherDFO
2010-12-23 12:05:36 -------- d-----w- C:\Nexon
2010-12-23 12:04:45 -------- d-----w- C:\PROGRA~3\NexonUS
2010-12-23 11:34:38 -------- d-----w- C:\Users\Spirit\AppData\Local\{99415D56-4F34-4DE5-8506-ECC103CB774B}
2010-12-23 11:34:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-23 11:34:15 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-23 11:33:11 -------- d-----w- C:\Program Files (x86)\Pando Networks
2010-12-23 06:36:14 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-12-22 23:17:09 -------- d-----w- C:\Users\Spirit\AppData\Local\{4BBB8503-EBBF-4C64-ACE3-7F71A3914642}
2010-12-22 10:47:59 -------- d-----w- C:\Program Files (x86)\THQ
2010-12-21 22:13:27 758272 ----a-w- C:\Windows\System32\cohelper.dll
2010-12-21 22:13:27 11164 ----a-w- C:\Windows\System32\drivers\nvphy.bin
2010-12-21 22:13:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-12-21 22:09:28 -------- d-----w- C:\Users\Spirit\AppData\Local\{A8144A80-5503-4F3C-B4C6-770638803459}
2010-12-21 06:52:32 -------- d-----w- C:\PROGRA~3\Electronic Arts
2010-12-21 06:52:32 -------- d-----w- C:\PROGRA~3\EA Core
2010-12-20 21:50:54 -------- d-----w- C:\Users\Spirit\AppData\Local\{93D6A1B3-46C6-4241-9F61-7BBB94BA3A89}
2010-12-19 22:29:36 -------- d-----w- C:\Users\Spirit\AppData\Local\PlayerScore
2010-12-19 22:29:26 -------- d-----w- C:\Program Files (x86)\PlayerScoreClient
2010-12-19 21:10:22 -------- d-----w- C:\Users\Spirit\AppData\Local\{ABD6A312-4312-42BC-B6AD-A54CC48D806C}
2010-12-19 21:10:22 -------- d-----w- C:\Users\Spirit\AppData\Local\{7E67D5CD-9641-4305-922B-0B26BBE614C3}
2010-12-19 11:42:56 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-19 01:35:57 -------- d-----w- C:\Program Files (x86)\OpenSource Flash Video Splitter
2010-12-19 01:35:57 -------- d-----w- C:\Program Files (x86)\DirectVobSub
2010-12-19 01:35:53 -------- d-----w- C:\Program Files (x86)\Haali
2010-12-19 01:35:49 -------- d-----w- C:\Program Files (x86)\Bass Audio Decoder
2010-12-19 01:35:12 -------- d-----w- C:\Program Files (x86)\Zoom Player
2010-12-19 01:35:12 -------- d-----w- C:\PROGRA~3\Zoom Player
2010-12-18 23:37:57 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{93109654-7FAE-4069-8FBC-C592AF12577F}\gapaengine.dll
2010-12-18 23:31:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2010-12-18 23:31:34 -------- d-----w- C:\Program Files\Microsoft Security Client
2010-12-18 23:31:17 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2010-12-18 22:06:24 -------- d-----w- C:\Users\Spirit\AppData\Local\{C3EFEEC1-234C-4E71-A840-645A08CF8629}
2010-12-18 02:37:10 -------- d-----w- C:\Program Files (x86)\Uplink
2010-12-18 02:37:04 303616 ----a-w- C:\Windows\IsUninst.exe
2010-12-18 02:36:00 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2010-12-18 02:36:00 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2010-12-18 02:35:59 -------- d-----w- C:\Program Files (x86)\MagicDisc
2010-12-18 02:35:48 -------- d-----w- C:\Program Files (x86)\MagicISO
2010-12-18 02:29:27 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-18 02:28:55 -------- d-----w- C:\Users\Spirit\AppData\Roaming\uTorrent
2010-12-17 21:20:32 -------- d-----w- C:\Users\Spirit\AppData\Local\{B2FAFDD1-54CF-4A6A-9D23-A1F1E086E9FE}
2010-12-17 16:42:15 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-17 16:42:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3AB2EDE5-FB15-4E61-B0F5-841ACC1B2A24}\mpengine.dll
2010-12-17 03:52:40 -------- d-----w- C:\Users\Spirit\AppData\Local\Apps
2010-12-17 03:52:39 -------- d-----w- C:\Users\Spirit\AppData\Local\Deployment
2010-12-16 18:28:09 -------- d-----w- C:\Users\Spirit\AppData\Local\{4DF9B248-E18D-4D82-B72B-6B1FC957F3FB}
2010-12-16 07:41:25 -------- d-----w- C:\Users\Spirit\AppData\Local\PhoenixViewer
2010-12-16 06:34:55 -------- d-----w- C:\Program Files (x86)\GRETECH
2010-12-16 03:04:11 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2010-12-16 01:01:52 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2010-12-16 00:59:09 -------- d-----w- C:\Program Files (x86)\Phoenix Viewer
2010-12-16 00:58:37 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-12-16 00:18:30 -------- d-----r- C:\Program Files (x86)\Skype
2010-12-16 00:10:25 -------- d-----w- C:\Users\Spirit\AppData\Local\{12427B10-F7A1-4CCC-9B2C-F6B2F2D93A2E}
2010-12-16 00:10:11 -------- d-----w- C:\Users\Spirit\Tracing
2010-12-16 00:04:47 -------- d-----w- C:\Windows\PCHEALTH
2010-12-16 00:03:30 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-12-16 00:03:30 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-12-16 00:03:29 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-12-16 00:03:29 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-12-16 00:03:29 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-12-16 00:03:28 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-12-16 00:03:28 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-12-16 00:03:04 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9ad798901cb9cb414\Silverlight.4.0.exe
2010-12-16 00:00:19 -------- d-----w- C:\Users\Spirit\AppData\Local\Windows Live
2010-12-16 00:00:18 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2010-12-15 23:45:00 -------- d-----w- C:\Users\Spirit\AppData\Local\Mozilla
2010-12-15 23:40:56 -------- d-----w- C:\Users\Spirit\AppData\Local\ATI
2010-12-15 23:39:48 0 ----a-w- C:\Windows\ativpsrm.bin
2010-12-15 23:38:25 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-12-15 23:37:28 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2010-12-15 23:37:21 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-12-15 23:36:28 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2010-12-15 23:36:25 -------- d-----w- C:\Program Files\ATI
2010-12-15 23:35:54 -------- d-----w- C:\Program Files\ATI Technologies
2010-12-15 23:35:16 -------- d-----w- C:\AMD
2010-12-15 23:24:50 -------- d-----w- C:\Windows\SysWow64\Wat
2010-12-15 23:24:50 -------- d-----w- C:\Windows\System32\Wat
2010-12-15 23:21:55 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-15 23:13:37 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-12-15 23:13:37 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-12-15 23:09:40 53248 ----a-r- C:\Users\Spirit\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-15 23:09:33 -------- d-----w- C:\Windows\SysWow64\logishrd
2010-12-15 23:09:33 -------- d-----w- C:\Windows\System32\logishrd
2010-12-15 23:09:22 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2010-12-15 23:09:10 -------- d-sh--w- C:\Windows\Installer
2010-12-15 23:08:02 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-12-15 23:05:56 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-12-15 23:05:56 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-12-15 23:05:56 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-12-15 23:05:56 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-12-15 23:05:56 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-12-15 23:05:56 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-12-15 23:05:56 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-12-15 23:05:56 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-12-15 23:05:56 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-12-15 23:05:56 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-12-15 22:58:13 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-12-15 22:58:13 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-12-15 22:56:59 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-12-15 22:53:06 -------- d-----w- C:\Program Files\Microsoft Games
2010-12-15 22:51:56 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-12-15 22:51:56 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-12-15 22:51:56 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-12-15 22:51:56 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-12-15 22:51:56 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-12-15 22:45:06 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-12-15 22:45:06 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-12-15 22:45:06 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-12-15 22:45:06 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-12-15 22:33:54 -------- d-----w- C:\Windows\Panther

==================== Find3M ====================

2010-11-26 04:20:20 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-11-26 03:19:32 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
2010-11-26 03:02:08 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-11-26 02:58:22 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-11-26 02:58:12 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-11-26 02:57:08 648704 ----a-w- C:\Windows\System32\aticfx64.dll
2010-11-26 02:54:58 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-11-26 02:54:48 478720 ----a-w- C:\Windows\System32\atieclxx.exe
2010-11-26 02:54:12 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-11-26 02:53:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-11-26 02:52:42 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-11-26 02:52:36 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-11-26 02:52:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-11-26 02:52:20 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-11-26 02:52:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-11-26 02:52:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-11-26 02:49:04 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-11-26 02:40:14 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
2010-11-26 02:30:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-11-26 02:30:20 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-11-26 02:30:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-11-26 02:30:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-11-26 02:30:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-11-26 02:29:58 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-11-26 02:29:52 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-11-26 02:28:44 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-11-26 02:24:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-11-26 02:24:06 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
2010-11-26 02:22:26 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-11-26 02:17:28 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-11-26 02:17:20 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-11-26 02:17:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-11-26 02:17:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-11-26 02:17:00 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-11-26 02:16:54 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-11-26 02:16:46 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-11-26 02:16:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-11-26 02:15:58 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-11-26 02:15:52 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-11-26 02:15:42 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-11-26 02:15:00 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-11-17 12:04:32 115216 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2010-11-10 10:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-11-10 10:49:26 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2010-11-10 10:49:02 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2010-11-10 10:47:14 416352 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2010-11-10 10:45:54 4162784 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2010-11-10 10:45:32 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll
2010-11-10 10:45:32 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2010-11-10 10:45:32 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\System32\LogiDPP.dll
2010-11-10 10:45:20 316248 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2010-11-10 10:45:20 316248 ----a-w- C:\Windows\System32\DevManagerCore.dll
2010-11-10 10:45:02 767584 ----a-w- C:\Windows\System32\LVUI64.dll
2010-11-10 10:44:24 341856 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2010-11-10 10:43:32 259680 ----a-w- C:\Windows\System32\lvco13101216.dll
2010-11-10 10:43:12 400480 ----a-w- C:\Windows\System32\lvcod64.dll
2010-11-10 10:32:14 38238 ----a-w- C:\Windows\System32\Repository.reg
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-25 05:25:38 72064 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2010-10-25 05:25:38 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2010-10-25 05:25:38 188928 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 2:42:55.77 ===============
 

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
The other log as requested.


2011/01/01 02:46:21.0521 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/01 02:46:21.0521 ================================================================================
2011/01/01 02:46:21.0521 SystemInfo:
2011/01/01 02:46:21.0521
2011/01/01 02:46:21.0521 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/01 02:46:21.0521 Product type: Workstation
2011/01/01 02:46:21.0521 ComputerName: SPIRIT-PC
2011/01/01 02:46:21.0522 UserName: Spirit
2011/01/01 02:46:21.0522 Windows directory: C:\Windows
2011/01/01 02:46:21.0522 System windows directory: C:\Windows
2011/01/01 02:46:21.0522 Running under WOW64
2011/01/01 02:46:21.0522 Processor architecture: Intel x64
2011/01/01 02:46:21.0522 Number of processors: 3
2011/01/01 02:46:21.0522 Page size: 0x1000
2011/01/01 02:46:21.0522 Boot type: Normal boot
2011/01/01 02:46:21.0522 ================================================================================
2011/01/01 02:46:21.0523 Utility is running under WOW64
2011/01/01 02:46:22.0782 Initialize success
2011/01/01 02:46:27.0005 ================================================================================
2011/01/01 02:46:27.0005 Scan started
2011/01/01 02:46:27.0005 Mode: Manual;
2011/01/01 02:46:27.0005 ================================================================================
2011/01/01 02:46:27.0531 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/01 02:46:27.0582 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/01 02:46:27.0623 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/01 02:46:27.0674 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/01 02:46:27.0720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/01 02:46:27.0756 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/01 02:46:27.0814 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/01/01 02:46:27.0869 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/01 02:46:27.0918 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/01 02:46:27.0988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/01 02:46:28.0020 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/01/01 02:46:28.0077 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/01 02:46:28.0306 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/01 02:46:28.0519 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/01/01 02:46:28.0554 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/01 02:46:28.0599 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/01 02:46:28.0648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/01 02:46:28.0672 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/01 02:46:28.0745 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/01/01 02:46:28.0919 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/01/01 02:46:28.0941 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/01 02:46:28.0991 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/01/01 02:46:29.0039 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/01/01 02:46:29.0078 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
2011/01/01 02:46:29.0117 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
2011/01/01 02:46:29.0161 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
2011/01/01 02:46:29.0210 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/01 02:46:29.0235 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/01 02:46:29.0301 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/01/01 02:46:29.0413 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/01/01 02:46:29.0488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/01 02:46:29.0518 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/01 02:46:29.0605 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/01 02:46:29.0637 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/01 02:46:29.0664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/01 02:46:29.0695 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/01 02:46:29.0730 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/01 02:46:29.0757 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/01 02:46:29.0784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/01 02:46:29.0812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/01 02:46:29.0840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/01 02:46:29.0888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/01 02:46:29.0917 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/01 02:46:29.0961 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/01 02:46:30.0001 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/01 02:46:30.0148 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/01 02:46:30.0188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/01 02:46:30.0341 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/01/01 02:46:30.0420 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/01 02:46:30.0450 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/01 02:46:30.0491 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/01 02:46:30.0560 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/01/01 02:46:30.0623 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/01/01 02:46:30.0655 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/01 02:46:30.0687 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/01/01 02:46:30.0779 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/01 02:46:30.0846 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/01 02:46:30.0978 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/01/01 02:46:31.0111 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/01 02:46:31.0153 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/01 02:46:31.0193 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/01 02:46:31.0218 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/01 02:46:31.0251 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/01 02:46:31.0294 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/01 02:46:31.0325 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/01 02:46:31.0376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/01 02:46:31.0407 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/01/01 02:46:31.0453 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/01 02:46:31.0481 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/01 02:46:31.0528 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/01 02:46:31.0566 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/01 02:46:31.0594 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/01 02:46:31.0651 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/01/01 02:46:31.0695 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/01 02:46:31.0724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/01 02:46:31.0744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/01 02:46:31.0760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/01 02:46:31.0803 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/01 02:46:31.0849 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/01 02:46:31.0918 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/01/01 02:46:31.0961 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/01 02:46:31.0997 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/01 02:46:32.0045 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/01 02:46:32.0089 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/01 02:46:32.0145 ImmunetProtectDriver (bd7e2d208dc07495a3c71bbd06eb239f) C:\Windows\system32\DRIVERS\ImmunetProtect.sys
2011/01/01 02:46:32.0167 ImmunetSelfProtectDriver (9f57d4c8b40369cfdc64a89abcf3e43d) C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
2011/01/01 02:46:32.0209 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/01 02:46:32.0249 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/01 02:46:32.0279 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/01 02:46:32.0312 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/01 02:46:32.0351 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/01 02:46:32.0387 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/01 02:46:32.0406 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/01 02:46:32.0448 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/01 02:46:32.0487 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/01 02:46:32.0519 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/01 02:46:32.0558 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/01 02:46:32.0601 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/01 02:46:32.0622 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/01 02:46:32.0674 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/01 02:46:32.0721 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/01 02:46:32.0748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/01 02:46:32.0772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/01 02:46:32.0798 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/01 02:46:32.0873 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/01 02:46:32.0924 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/01/01 02:46:32.0950 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/01/01 02:46:33.0003 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/01/01 02:46:33.0123 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/01/01 02:46:33.0253 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/01/01 02:46:33.0296 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/01 02:46:33.0330 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/01 02:46:33.0403 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/01 02:46:33.0449 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/01 02:46:33.0487 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/01 02:46:33.0508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/01 02:46:33.0537 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/01/01 02:46:33.0579 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/01 02:46:33.0609 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/01 02:46:33.0630 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/01 02:46:33.0663 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/01 02:46:33.0697 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/01 02:46:33.0739 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/01 02:46:33.0763 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/01 02:46:33.0810 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/01 02:46:33.0845 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/01 02:46:33.0894 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/01 02:46:33.0964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/01 02:46:33.0988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/01 02:46:34.0012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/01 02:46:34.0128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/01 02:46:34.0186 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/01 02:46:34.0205 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/01 02:46:34.0241 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/01/01 02:46:34.0276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/01 02:46:34.0303 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/01 02:46:34.0325 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/01 02:46:34.0364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/01 02:46:34.0424 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/01 02:46:34.0508 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/01/01 02:46:34.0581 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/01 02:46:34.0620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/01 02:46:34.0643 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/01 02:46:34.0660 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/01 02:46:34.0703 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/01/01 02:46:34.0725 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/01 02:46:34.0743 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/01 02:46:34.0797 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/01 02:46:34.0834 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/01/01 02:46:34.0866 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/01 02:46:34.0894 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/01 02:46:34.0974 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/01/01 02:46:35.0065 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/01 02:46:35.0116 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/01/01 02:46:35.0460 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/01/01 02:46:35.0787 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/01/01 02:46:35.0821 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/01 02:46:35.0841 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/01 02:46:35.0879 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/01 02:46:35.0904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/01 02:46:35.0957 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/01/01 02:46:35.0973 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/01/01 02:46:36.0003 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/01/01 02:46:36.0039 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/01 02:46:36.0118 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/01 02:46:36.0142 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/01 02:46:36.0181 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/01 02:46:36.0318 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/01 02:46:36.0347 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/01/01 02:46:36.0390 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/01 02:46:36.0459 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/01 02:46:36.0512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/01 02:46:36.0552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/01 02:46:36.0594 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/01 02:46:36.0635 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/01 02:46:36.0658 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/01 02:46:36.0683 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/01 02:46:36.0702 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/01 02:46:36.0732 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/01 02:46:36.0757 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/01 02:46:36.0780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/01 02:46:36.0838 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/01/01 02:46:36.0865 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/01 02:46:36.0901 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/01 02:46:36.0940 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/01/01 02:46:36.0989 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/01/01 02:46:37.0062 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/01 02:46:37.0126 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/01/01 02:46:37.0158 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/01 02:46:37.0216 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/01 02:46:37.0266 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/01 02:46:37.0311 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/01 02:46:37.0336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/01/01 02:46:37.0363 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/01 02:46:37.0425 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/01 02:46:37.0464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/01 02:46:37.0505 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/01 02:46:37.0527 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/01 02:46:37.0566 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/01 02:46:37.0595 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/01 02:46:37.0642 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/01 02:46:37.0688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/01 02:46:37.0755 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/01 02:46:37.0812 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/01 02:46:37.0866 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/01 02:46:37.0931 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/01 02:46:37.0991 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/01/01 02:46:38.0030 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/01/01 02:46:38.0094 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/01 02:46:38.0203 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/01/01 02:46:38.0357 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/01 02:46:38.0401 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/01 02:46:38.0438 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/01 02:46:38.0468 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/01 02:46:38.0498 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/01 02:46:38.0521 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/01 02:46:38.0578 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/01 02:46:38.0617 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/01 02:46:38.0643 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/01 02:46:38.0673 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/01 02:46:38.0721 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/01 02:46:38.0796 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/01 02:46:38.0818 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/01 02:46:38.0865 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/01/01 02:46:38.0903 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/01 02:46:38.0938 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/01 02:46:39.0083 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/01 02:46:39.0131 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/01 02:46:39.0198 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/01 02:46:39.0244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/01 02:46:39.0270 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/01 02:46:39.0306 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/01 02:46:39.0357 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/01/01 02:46:39.0461 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/01 02:46:39.0502 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/01 02:46:39.0531 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/01 02:46:39.0568 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/01 02:46:39.0592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/01 02:46:39.0638 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/01/01 02:46:39.0667 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/01/01 02:46:39.0694 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/01 02:46:39.0734 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/01/01 02:46:39.0762 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/01 02:46:39.0800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/01 02:46:39.0835 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/01/01 02:46:39.0883 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/01 02:46:39.0973 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/01 02:46:39.0991 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/01 02:46:40.0052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/01/01 02:46:40.0120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/01 02:46:40.0200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/01 02:46:40.0224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/01 02:46:40.0305 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/01 02:46:40.0379 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/01 02:46:40.0450 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/01/01 02:46:40.0498 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/01 02:46:40.0551 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/01 02:46:40.0577 ================================================================================
2011/01/01 02:46:40.0577 Scan finished
2011/01/01 02:46:40.0577 ================================================================================
2011/01/01 02:46:40.0598 Detected object count: 1
2011/01/01 02:46:50.0753 \HardDisk0 - will be cured after reboot
2011/01/01 02:46:50.0754 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
OK I can see malware still there
BUT the biggest problem is 3 active antiviruses , which will be clashing & preventing each other fixing anything
To be perfecrtly honest & blunt Clam AV is a total waste of space on windows and is only really any good on linux boxes so uninstall that immediately
then decide which of the 2 othr antiviruses you wanty
I would suggest keeping MSE & uninstall Avast becasue it is a 64 bit system & MSE works better than Avast in W7 64 bit

After you have uninstalled the 2 unwanted antiviruses then reboot twice & then


Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
 

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
when combo fix got to the window where it was creating the log I had a none stop pop up happening saying

PEV.cfxxe has stopped working
Problem signature:
Problem Event Name: BEX
Application Name: PEV.cfxxe
Application Version: 0.0.0.0
Application Timestamp: 4bd0e994
Fault Module Name: PEV.cfxxe
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4bd0e994
Exception Offset: 00082899
Exception Code: c0000417
Exception Data: 00000000
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 1033
Additional Information 1: a18b
Additional Information 2: a18b76c918258790b67df1332fee2996
Additional Information 3: 19dd
Additional Information 4: 19dda5d6ef68b5ffa3db2bf0717c45f7

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

here is the log you requested, not sure what the above is about perhaps you have a idea?
-----------------------------------------------------------------------------------------------
ComboFix 10-12-31.02 - Spirit 01/01/2011 3:25.1.3 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3839.2583 [GMT -8:00]
Running from: c:\users\Spirit\Desktop\username123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

N:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
.

2011-01-01 11:20 . 2011-01-01 11:23 -------- d-----w- C:\32788R22FWJFW
2011-01-01 06:18 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{334D28BF-51EA-419B-B421-11D12BF8F75C}\mpengine.dll
2010-12-30 05:46 . 2010-12-30 05:46 -------- d-----w- c:\program files (x86)\Messenger Plus! Live
2010-12-29 03:14 . 2010-12-29 03:14 -------- d-----w- c:\program files\CCleaner
2010-12-29 03:10 . 2010-12-29 03:54 -------- d-----w- c:\programdata\STOPzilla!
2010-12-29 03:02 . 2010-12-29 03:02 -------- d-----w- c:\programdata\Alwil Software
2010-12-29 03:02 . 2010-12-29 03:02 -------- d-----w- c:\program files\Alwil Software
2010-12-29 02:51 . 2011-01-01 11:08 -------- d-----w- c:\programdata\Immunet
2010-12-29 02:31 . 2010-12-29 02:31 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-28 08:03 . 2010-12-28 08:03 -------- d-----w- c:\program files\Ventrilo
2010-12-28 08:03 . 2010-12-28 08:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2010-12-28 05:47 . 2010-12-29 03:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-28 05:47 . 2010-12-28 05:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-12-28 05:31 . 2010-12-28 05:31 -------- d-----w- c:\program files (x86)\Safer Networking
2010-12-28 05:28 . 2010-12-28 05:28 -------- d-----w- c:\program files\LockHunter
2010-12-28 03:07 . 2010-12-28 03:07 -------- d-----w- c:\program files (x86)\AnVir Task Manager Free
2010-12-27 09:48 . 2010-12-27 09:48 -------- d-----w- c:\programdata\Media Center Programs
2010-12-27 09:37 . 2010-12-27 09:37 -------- d-----w- c:\program files\Flagship Studios
2010-12-27 04:26 . 2010-12-27 04:46 -------- d-----w- C:\GemX
2010-12-27 04:11 . 2010-12-27 04:11 -------- d-----w- c:\program files (x86)\Foxit Software
2010-12-25 04:50 . 2010-12-27 04:45 -------- d-----w- C:\Games
2010-12-23 12:42 . 2010-12-23 12:42 -------- d-----w- c:\program files (x86)\Common Files\Steam
2010-12-23 12:42 . 2010-12-29 02:04 -------- d-----w- c:\program files (x86)\Steam
2010-12-23 12:05 . 2010-12-23 12:05 -------- d-----w- C:\Nexon
2010-12-23 12:04 . 2010-12-23 12:04 -------- d-----w- c:\programdata\NexonUS
2010-12-23 11:41 . 2010-12-23 11:41 -------- d-----w- c:\windows\Sun
2010-12-23 11:34 . 2010-12-23 11:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-23 11:34 . 2010-12-23 11:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-23 11:33 . 2010-12-23 11:33 -------- d-----w- c:\program files (x86)\Java
2010-12-23 11:33 . 2010-12-28 06:10 -------- d-----w- c:\program files (x86)\Pando Networks
2010-12-23 07:35 . 2010-12-23 07:35 -------- d-----w- c:\programdata\NVIDIA
2010-12-23 06:36 . 2010-12-23 06:36 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-12-22 10:47 . 2010-12-22 10:47 -------- d-----w- c:\program files (x86)\THQ
2010-12-22 10:47 . 2010-12-22 10:47 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2010-12-21 22:13 . 2010-12-23 06:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-21 06:52 . 2010-12-21 06:52 -------- d-----w- c:\programdata\Electronic Arts
2010-12-21 06:52 . 2010-12-21 06:52 -------- d-----w- c:\programdata\EA Core
2010-12-21 06:16 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2010-12-20 23:52 . 2010-12-20 23:52 -------- d-----w- c:\program files (x86)\Microsoft.NET
2010-12-19 22:29 . 2011-01-01 11:08 -------- d-----w- c:\program files (x86)\PlayerScoreClient
2010-12-19 11:42 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\OpenSource Flash Video Splitter
2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\DirectVobSub
2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\Haali
2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\Bass Audio Decoder
2010-12-19 01:35 . 2010-12-26 06:49 -------- d-----w- c:\programdata\Zoom Player
2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\Zoom Player
2010-12-18 23:37 . 2010-12-18 23:37 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93109654-7FAE-4069-8FBC-C592AF12577F}\gapaengine.dll
2010-12-18 23:31 . 2010-12-18 23:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2010-12-18 23:31 . 2010-12-18 23:32 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-18 02:37 . 2010-12-26 06:40 -------- d-----w- c:\program files (x86)\Uplink
2010-12-18 02:37 . 1997-11-19 23:49 303616 ----a-w- c:\windows\IsUninst.exe
2010-12-18 02:36 . 2009-02-25 02:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2010-12-18 02:35 . 2010-12-18 02:36 -------- d-----w- c:\program files (x86)\MagicDisc
2010-12-18 02:35 . 2010-12-18 02:35 -------- d-----w- c:\program files (x86)\MagicISO
2010-12-18 02:29 . 2010-12-18 02:29 -------- d-----w- c:\program files (x86)\uTorrent
2010-12-17 16:42 . 2010-11-16 20:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AB2EDE5-FB15-4E61-B0F5-841ACC1B2A24}\mpengine.dll
2010-12-16 06:34 . 2010-12-16 06:34 -------- d-----w- c:\program files (x86)\GRETECH
2010-12-16 03:04 . 2010-12-16 03:04 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-12-16 01:01 . 2010-12-16 01:01 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-12-16 00:59 . 2010-12-16 00:59 -------- d-----w- c:\program files (x86)\Phoenix Viewer
2010-12-16 00:58 . 2010-12-16 00:58 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2010-12-16 00:18 . 2010-12-16 00:18 -------- d-----r- c:\program files (x86)\Skype
2010-12-16 00:18 . 2010-12-16 00:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-16 00:18 . 2010-12-16 00:18 -------- d-----w- c:\programdata\Skype
2010-12-16 00:05 . 2010-12-16 00:06 -------- d-----w- c:\program files (x86)\Windows Live
2010-12-16 00:04 . 2010-12-16 00:04 -------- d-----w- c:\windows\PCHEALTH
2010-12-16 00:04 . 2010-12-23 07:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-16 00:03 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-12-16 00:03 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-12-16 00:03 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2010-12-16 00:00 . 2010-12-16 00:00 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-15 23:40 . 2010-12-15 23:40 -------- d-----w- c:\programdata\ATI
2010-12-15 23:39 . 2010-12-15 23:39 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-15 23:38 . 2010-12-15 23:38 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2010-12-15 23:37 . 2010-12-15 23:37 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-12-15 23:36 . 2010-12-15 23:38 -------- d-----w- c:\program files (x86)\ATI Technologies
2010-12-15 23:36 . 2010-12-15 23:36 -------- d-----w- c:\program files\ATI
2010-12-15 23:35 . 2010-12-15 23:38 -------- d-----w- c:\program files\ATI Technologies
2010-12-15 23:35 . 2010-12-15 23:35 -------- d-----w- C:\AMD
2010-12-15 23:24 . 2010-12-15 23:24 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-15 23:13 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-12-15 23:12 . 2010-12-15 23:12 -------- d-----w- c:\programdata\LogiShrd
2010-12-15 23:09 . 2011-01-01 11:13 -------- d-----w- c:\windows\SysWow64\logishrd
2010-12-15 23:09 . 2010-12-15 23:09 -------- d-----w- c:\programdata\Logitech
2010-12-15 23:09 . 2010-12-15 23:09 -------- d-----w- c:\program files (x86)\Common Files\LWS
2010-12-15 23:09 . 2010-12-15 23:09 -------- d-----w- c:\program files (x86)\Logitech
2010-12-15 23:09 . 2010-12-29 04:08 -------- d-sh--w- c:\windows\Installer
2010-12-15 23:07 . 2010-12-15 23:10 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2010-12-15 23:07 . 2010-12-15 23:09 -------- d-----w- c:\program files\Common Files\logishrd
2010-12-15 23:05 . 2009-11-25 20:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-12-15 23:05 . 2009-11-25 20:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-12-15 23:05 . 2009-11-25 20:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-12-15 23:05 . 2009-11-25 20:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-12-15 23:05 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-12-15 22:56 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 22:56 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 22:56 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-15 22:56 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-12-15 22:56 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-15 22:56 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2010-12-15 22:56 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2010-12-15 22:55 . 2010-12-15 22:55 -------- d-----w- c:\windows\SysWow64\Macromed
2010-12-15 22:53 . 2010-12-15 22:53 -------- d-----w- c:\program files\Microsoft Games
2010-12-15 22:51 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2010-12-15 22:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2010-12-15 22:45 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-12-15 22:43 . 2010-12-28 05:50 -------- d-----w- c:\users\Spirit
2010-12-15 22:43 . 2010-12-15 22:43 -------- d-----w- C:\Recovery
2010-12-15 22:33 . 2010-12-15 22:43 -------- d-----w- c:\windows\Panther

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-11-10 10:54 . 2010-11-10 10:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 10:49 . 2010-11-10 10:49 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2010-11-10 10:49 . 2010-11-10 10:49 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll
2010-11-10 10:47 . 2010-11-10 10:47 416352 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2010-11-10 10:45 . 2010-11-10 10:45 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2010-11-10 10:45 . 2010-11-10 10:45 10871128 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2010-11-10 10:45 . 2010-11-10 10:45 316248 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-18 396152]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]

c:\users\Spirit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-16 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]

.
Contents of the 'Scheduled Tasks' folder
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Spirit\AppData\Roaming\Mozilla\Firefox\Profiles\y9wk89i6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1596606946-2218308209-1634007678-1000\Software\SecuROM\License information*]
"datasecu"=hex:a6,f4,66,43,dc,69,7e,45,61,5d,37,3a,de,e2,6e,93,9b,0c,18,99,91,
1a,62,26,bc,c5,e8,e8,01,92,ed,17,fb,a8,43,92,b2,ca,39,47,6a,ef,f3,59,93,62,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-01 03:32:57
ComboFix-quarantined-files.txt 2011-01-01 11:32

Pre-Run: 110,102,945,792 bytes free
Post-Run: 109,377,830,912 bytes free

- - End Of File - - 3013A49E13A185E8BF0ABDF2263F3E8E
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
it looks like the combination of TDSSkiller & com,bofix has cleared up the malware so
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
 

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
Thank you for your help but I think you missed a above question

when combo fix got to the window where it was creating the log I had a none stop pop up happening saying

PEV.cfxxe has stopped working
Problem signature:
Problem Event Name: BEX
Application Name: PEV.cfxxe
Application Version: 0.0.0.0
Application Timestamp: 4bd0e994
Fault Module Name: PEV.cfxxe
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4bd0e994
Exception Offset: 00082899
Exception Code: c0000417
Exception Data: 00000000
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 1033
Additional Information 1: a18b
Additional Information 2: a18b76c918258790b67df1332fee2996
Additional Information 3: 19dd
Additional Information 4: 19dda5d6ef68b5ffa3db2bf0717c45f7

Read our privacy statement online:
http://go.microsoft.com/fwlink/?link...8&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

This accoured when combo fix was creating the log report I posted at your request, daring the entire time it was telling me to wait while it generated the logs for ya, I kept getting this above error, Any ideas? I fixed the curse client, Guess I jumped the gun, I needed to reboot and reinstall it to make it work again.. How ever the error above still has me abit boogled.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
that error was nothing to worry about
it is fairly common on 64 bit computers and is most likely a security tool interfering or windows itself blocking that part of Combofix looking at certain parts of windows. 64 bit windows versions by default block access to certain areas, except by authorised system files
 

Ulkterna

Thread Starter
Joined
Dec 28, 2010
Messages
38
that error was nothing to worry about
it is fairly common on 64 bit computers and is most likely a security tool interfering or windows itself blocking that part of Combofix looking at certain parts of windows. 64 bit windows versions by default block access to certain areas, except by authorised system files
DVk thank you so much, as a Software tech to another software tech I want to thank you for helping me learn how to deal with this, and providing the support you have provided, Normaly I am the person fixing peoples computers of virus's and not asking others to assist me with fixing it and I greatly thank you for the time you took to assist me with my pc to make it run smoother, ever since we fixed these issues my network hasn't had any further issues no more random Audio thingys trying to convince me to buy Car insurance (To a car I don't have lol) I am greatful for what you guys have done, You have solved my issue *shakes your hand* Thank you ~Ulkterna
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top