1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New and need help

Discussion in 'Virus & Other Malware Removal' started by Ulkterna, Dec 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    After much effort spending most of my night, I have managed to get the problems to stop (I think) I'd like your guy's approval and tell me if I missed anything..... The first log is what I had before, second is after much hard work I have done on my own.. Could you please tell me if I missed anything ~Ulkterna
     

    Attached Files:

  2. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    I hope bumping is alloud, as this is on the second page, and I still need clearity on if I missed anything, take your time to get to me, Just don't want this to get lost in the threads ^^;;
     
  3. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    Bump for clarity, and bump so it doesn't get lost
     
  4. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    Bump so it does not get lost Added details, I am now having intermittent network issues, to the point I'm being forced to flush my dns and ipconfig /release and /renew all the times.. It started happening after I cleaned out a good chunk of the virus's. I know you guys are busy but any help would be grateful...
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    follow advice here and post the logs those programs make

    Ignore Gmer as it won't run on 64 bit computer & tell us EXACTLY what problems you were having before you started to fix things
     
  6. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    I was debating following that, but I figured I'd let you guys instrust me first on what speficly things you need from me Well before I started fixing things I had a Audio Virus (or so I like to call it anyways) where it was playing Sounds, Looking at ViriaTask manager (I think I spelt that right) It showed 3 files about 200 or more KB's that looked like windows media player icons, But they where called like LFD.exe etc.. LFE.exe and uploading them to virus total showed many different types of virsu's, I had a few trojan downloaders, etc... after I cleaned out everything, Most if not all the problems I where having stopped, including the audio virus, and the pcs running allot better, the only problem I am having now is My network keeps forcing me to reset by ipconfig /release and /renew almost every day, this only started accouring after fixing the Virus's Both with software and manually, The logs I uploaded from Hijackthis the first log shows What I had before, and teh second one is After I cleaned, I attached them to avoid cluttering the Text box Following the advice on that site, You need all those logs correct? all but gmer?
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  8. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Spirit at 2:40:53.98 on Sat 01/01/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3839.1059 [GMT -8:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: ClamAV for Windows *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\ClamAV for Windows\2.0.17\agent.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ClamAV for Windows\2.0.17\iptray.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Users\Spirit\AppData\Local\Apps\2.0\JO7PYPHW.39Q\AWQM5NKV.NBG\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\GemX\do-Organizer4\doOrganizer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Ventrilo\Ventrilo.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\PlayerScoreClient\Patcher.exe
    C:\Program Files (x86)\PlayerScoreClient\PlayerScore.exe
    N:\Backup\World of Warcraft\WoW.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\Spirit\Downloads\dds.scr
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [Immunet Protect] "C:\Program Files\ClamAV for Windows\2.0.17\iptray.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    dRun: [JP595IR86O] C:\Windows\TEMP\Lfd.exe
    StartupFolder: C:\Users\Spirit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Spirit\AppData\Roaming\Mozilla\Firefox\Profiles\y9wk89i6.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected]

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-28 121936]
    R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\ImmunetProtect.sys [2010-12-28 46160]
    R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\ImmunetSelfProtect.sys [2010-12-28 29776]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-28 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-28 61008]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-15 46136]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-25 8120320]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-25 289792]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
    R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

    =============== Created Last 30 ================

    2011-01-01 06:18:52 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{334D28BF-51EA-419B-B421-11D12BF8F75C}\mpengine.dll
    2010-12-31 17:45:50 -------- d-----w- C:\Users\Spirit\AppData\Local\{D7860A5F-E117-4992-B62F-8A9BCAF214D0}
    2010-12-31 03:01:42 -------- d-----w- C:\Users\Spirit\AppData\Local\{8651D4DF-147F-46BF-BFDE-76CC0DC9C72B}
    2010-12-30 11:03:59 -------- d-----w- C:\Users\Spirit\AppData\Local\Microsoft Games
    2010-12-30 05:46:41 -------- d-----w- C:\Program Files (x86)\Messenger Plus! Live
    2010-12-30 05:35:37 -------- d-----w- C:\Users\Spirit\AppData\Local\{2C73AE98-86B0-4BE3-A8C1-12EC0F1CE640}
    2010-12-29 17:31:16 -------- d-----w- C:\Users\Spirit\AppData\Local\{B34077B6-7137-403A-A703-BE4EA3E87A72}
    2010-12-29 03:14:27 -------- d-----w- C:\Program Files\CCleaner
    2010-12-29 03:10:44 -------- d-----w- C:\PROGRA~3\STOPzilla!
    2010-12-29 03:05:05 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2010-12-29 03:02:36 38848 ----a-w- C:\Windows\avastSS.scr
    2010-12-29 03:02:23 -------- d-----w- C:\PROGRA~3\Alwil Software
    2010-12-29 02:59:41 -------- d-----w- C:\Windows\pss
    2010-12-29 02:51:34 -------- d-----w- C:\Users\Spirit\AppData\Local\Immunet
    2010-12-29 02:51:34 -------- d-----w- C:\PROGRA~3\Immunet
    2010-12-29 02:50:05 29776 ----a-w- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
    2010-12-29 02:50:03 46160 ----a-w- C:\Windows\System32\drivers\ImmunetProtect.sys
    2010-12-29 02:49:58 -------- d-----w- C:\Program Files\ClamAV for Windows
    2010-12-29 02:31:34 388096 ----a-r- C:\Users\Spirit\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-29 02:31:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-12-29 01:31:50 -------- d-----w- C:\Users\Spirit\AppData\Local\{4BEF79E5-322C-4370-ABE7-E620FC892B7F}
    2010-12-28 08:03:35 -------- d-----w- C:\Program Files\Ventrilo
    2010-12-28 08:03:02 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2010-12-28 06:12:46 -------- d-----w- C:\Users\Spirit\AppData\Local\AnVir
    2010-12-28 05:50:29 -------- d-----w- C:\Users\Spirit\DoctorWeb
    2010-12-28 05:47:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-12-28 05:47:04 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-12-28 05:31:39 -------- d-----w- C:\Program Files (x86)\Safer Networking
    2010-12-28 05:28:44 -------- d-----w- C:\Users\Spirit\AppData\Roaming\LockHunter
    2010-12-28 05:28:20 -------- d-----w- C:\Program Files\LockHunter
    2010-12-28 03:07:41 -------- d-----w- C:\Program Files (x86)\AnVir Task Manager Free
    2010-12-28 00:20:42 -------- d-----w- C:\Users\Spirit\AppData\Local\{799D1A6C-3984-4AC5-93BD-A68F9192093D}
    2010-12-27 09:48:32 -------- d-----w- C:\PROGRA~3\Media Center Programs
    2010-12-27 09:37:42 -------- d-----w- C:\Program Files\Flagship Studios
    2010-12-27 04:26:16 -------- d-----w- C:\GemX
    2010-12-27 04:11:21 -------- d-----w- C:\Users\Spirit\AppData\Roaming\Foxit
    2010-12-27 04:11:20 72960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    2010-12-27 04:11:20 -------- d-----w- C:\Program Files (x86)\Foxit Software
    2010-12-27 01:49:06 -------- d-----w- C:\Users\Spirit\AppData\Local\{9F1097DA-8346-48B8-B28C-DFC335154AB9}
    2010-12-26 12:14:46 -------- d-----w- C:\Users\Spirit\AppData\Local\{1F175F12-80B4-4CF1-ABCB-25098FC4FE28}
    2010-12-26 06:37:31 -------- d-----w- C:\Windows\System32\appmgmt
    2010-12-26 00:14:19 -------- d-----w- C:\Users\Spirit\AppData\Local\{387B9A42-8A30-4084-A948-72D76AE8C74B}
    2010-12-25 11:36:33 -------- d-----w- C:\Users\Spirit\AppData\Local\{24E2442E-0832-483F-9B13-4D2A4E2C0772}
    2010-12-25 04:50:27 -------- d-----w- C:\Games
    2010-12-24 23:36:10 -------- d-----w- C:\Users\Spirit\AppData\Local\{3D08E207-E2A0-494E-86E5-298A469E9C01}
    2010-12-24 11:35:48 -------- d-----w- C:\Users\Spirit\AppData\Local\{59B52F99-204D-40A9-94FB-98A01AE31A73}
    2010-12-23 23:35:13 -------- d-----w- C:\Users\Spirit\AppData\Local\{BF9010C8-492D-47A2-A2C9-39878260160C}
    2010-12-23 13:57:53 -------- d-----w- C:\Users\Spirit\AppData\Roaming\runic games
    2010-12-23 12:48:40 -------- d-----w- C:\Users\Spirit\AppData\Roaming\Beat Hazard
    2010-12-23 12:42:16 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2010-12-23 12:42:15 -------- d-----w- C:\Program Files (x86)\Steam
    2010-12-23 12:10:02 -------- d-----w- C:\Users\Spirit\AppData\Roaming\NeopleLauncherDFO
    2010-12-23 12:05:36 -------- d-----w- C:\Nexon
    2010-12-23 12:04:45 -------- d-----w- C:\PROGRA~3\NexonUS
    2010-12-23 11:34:38 -------- d-----w- C:\Users\Spirit\AppData\Local\{99415D56-4F34-4DE5-8506-ECC103CB774B}
    2010-12-23 11:34:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-12-23 11:34:15 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-23 11:33:11 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2010-12-23 06:36:14 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
    2010-12-22 23:17:09 -------- d-----w- C:\Users\Spirit\AppData\Local\{4BBB8503-EBBF-4C64-ACE3-7F71A3914642}
    2010-12-22 10:47:59 -------- d-----w- C:\Program Files (x86)\THQ
    2010-12-21 22:13:27 758272 ----a-w- C:\Windows\System32\cohelper.dll
    2010-12-21 22:13:27 11164 ----a-w- C:\Windows\System32\drivers\nvphy.bin
    2010-12-21 22:13:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2010-12-21 22:09:28 -------- d-----w- C:\Users\Spirit\AppData\Local\{A8144A80-5503-4F3C-B4C6-770638803459}
    2010-12-21 06:52:32 -------- d-----w- C:\PROGRA~3\Electronic Arts
    2010-12-21 06:52:32 -------- d-----w- C:\PROGRA~3\EA Core
    2010-12-20 21:50:54 -------- d-----w- C:\Users\Spirit\AppData\Local\{93D6A1B3-46C6-4241-9F61-7BBB94BA3A89}
    2010-12-19 22:29:36 -------- d-----w- C:\Users\Spirit\AppData\Local\PlayerScore
    2010-12-19 22:29:26 -------- d-----w- C:\Program Files (x86)\PlayerScoreClient
    2010-12-19 21:10:22 -------- d-----w- C:\Users\Spirit\AppData\Local\{ABD6A312-4312-42BC-B6AD-A54CC48D806C}
    2010-12-19 21:10:22 -------- d-----w- C:\Users\Spirit\AppData\Local\{7E67D5CD-9641-4305-922B-0B26BBE614C3}
    2010-12-19 11:42:56 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-19 01:35:57 -------- d-----w- C:\Program Files (x86)\OpenSource Flash Video Splitter
    2010-12-19 01:35:57 -------- d-----w- C:\Program Files (x86)\DirectVobSub
    2010-12-19 01:35:53 -------- d-----w- C:\Program Files (x86)\Haali
    2010-12-19 01:35:49 -------- d-----w- C:\Program Files (x86)\Bass Audio Decoder
    2010-12-19 01:35:12 -------- d-----w- C:\Program Files (x86)\Zoom Player
    2010-12-19 01:35:12 -------- d-----w- C:\PROGRA~3\Zoom Player
    2010-12-18 23:37:57 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{93109654-7FAE-4069-8FBC-C592AF12577F}\gapaengine.dll
    2010-12-18 23:31:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2010-12-18 23:31:34 -------- d-----w- C:\Program Files\Microsoft Security Client
    2010-12-18 23:31:17 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2010-12-18 22:06:24 -------- d-----w- C:\Users\Spirit\AppData\Local\{C3EFEEC1-234C-4E71-A840-645A08CF8629}
    2010-12-18 02:37:10 -------- d-----w- C:\Program Files (x86)\Uplink
    2010-12-18 02:37:04 303616 ----a-w- C:\Windows\IsUninst.exe
    2010-12-18 02:36:00 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
    2010-12-18 02:36:00 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
    2010-12-18 02:35:59 -------- d-----w- C:\Program Files (x86)\MagicDisc
    2010-12-18 02:35:48 -------- d-----w- C:\Program Files (x86)\MagicISO
    2010-12-18 02:29:27 -------- d-----w- C:\Program Files (x86)\uTorrent
    2010-12-18 02:28:55 -------- d-----w- C:\Users\Spirit\AppData\Roaming\uTorrent
    2010-12-17 21:20:32 -------- d-----w- C:\Users\Spirit\AppData\Local\{B2FAFDD1-54CF-4A6A-9D23-A1F1E086E9FE}
    2010-12-17 16:42:15 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-12-17 16:42:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3AB2EDE5-FB15-4E61-B0F5-841ACC1B2A24}\mpengine.dll
    2010-12-17 03:52:40 -------- d-----w- C:\Users\Spirit\AppData\Local\Apps
    2010-12-17 03:52:39 -------- d-----w- C:\Users\Spirit\AppData\Local\Deployment
    2010-12-16 18:28:09 -------- d-----w- C:\Users\Spirit\AppData\Local\{4DF9B248-E18D-4D82-B72B-6B1FC957F3FB}
    2010-12-16 07:41:25 -------- d-----w- C:\Users\Spirit\AppData\Local\PhoenixViewer
    2010-12-16 06:34:55 -------- d-----w- C:\Program Files (x86)\GRETECH
    2010-12-16 03:04:11 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2010-12-16 01:01:52 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
    2010-12-16 00:59:09 -------- d-----w- C:\Program Files (x86)\Phoenix Viewer
    2010-12-16 00:58:37 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2010-12-16 00:18:30 -------- d-----r- C:\Program Files (x86)\Skype
    2010-12-16 00:10:25 -------- d-----w- C:\Users\Spirit\AppData\Local\{12427B10-F7A1-4CCC-9B2C-F6B2F2D93A2E}
    2010-12-16 00:10:11 -------- d-----w- C:\Users\Spirit\Tracing
    2010-12-16 00:04:47 -------- d-----w- C:\Windows\PCHEALTH
    2010-12-16 00:03:30 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
    2010-12-16 00:03:30 206848 ----a-w- C:\Windows\System32\mfps.dll
    2010-12-16 00:03:29 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
    2010-12-16 00:03:29 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2010-12-16 00:03:29 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
    2010-12-16 00:03:28 4068864 ----a-w- C:\Windows\System32\mf.dll
    2010-12-16 00:03:28 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
    2010-12-16 00:03:04 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9ad798901cb9cb414\Silverlight.4.0.exe
    2010-12-16 00:00:19 -------- d-----w- C:\Users\Spirit\AppData\Local\Windows Live
    2010-12-16 00:00:18 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2010-12-15 23:45:00 -------- d-----w- C:\Users\Spirit\AppData\Local\Mozilla
    2010-12-15 23:40:56 -------- d-----w- C:\Users\Spirit\AppData\Local\ATI
    2010-12-15 23:39:48 0 ----a-w- C:\Windows\ativpsrm.bin
    2010-12-15 23:38:25 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2010-12-15 23:37:28 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
    2010-12-15 23:37:21 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2010-12-15 23:36:28 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2010-12-15 23:36:25 -------- d-----w- C:\Program Files\ATI
    2010-12-15 23:35:54 -------- d-----w- C:\Program Files\ATI Technologies
    2010-12-15 23:35:16 -------- d-----w- C:\AMD
    2010-12-15 23:24:50 -------- d-----w- C:\Windows\SysWow64\Wat
    2010-12-15 23:24:50 -------- d-----w- C:\Windows\System32\Wat
    2010-12-15 23:21:55 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-12-15 23:13:37 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2010-12-15 23:13:37 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2010-12-15 23:09:40 53248 ----a-r- C:\Users\Spirit\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-12-15 23:09:33 -------- d-----w- C:\Windows\SysWow64\logishrd
    2010-12-15 23:09:33 -------- d-----w- C:\Windows\System32\logishrd
    2010-12-15 23:09:22 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
    2010-12-15 23:09:10 -------- d-sh--w- C:\Windows\Installer
    2010-12-15 23:08:02 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
    2010-12-15 23:05:56 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2010-12-15 23:05:56 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2010-12-15 23:05:56 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2010-12-15 23:05:56 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2010-12-15 23:05:56 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2010-12-15 23:05:56 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2010-12-15 23:05:56 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2010-12-15 23:05:56 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2010-12-15 23:05:56 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2010-12-15 23:05:56 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2010-12-15 22:58:13 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-12-15 22:58:13 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2010-12-15 22:56:59 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2010-12-15 22:53:06 -------- d-----w- C:\Program Files\Microsoft Games
    2010-12-15 22:51:56 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-12-15 22:51:56 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-12-15 22:51:56 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-12-15 22:51:56 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-12-15 22:51:56 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-12-15 22:45:06 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2010-12-15 22:45:06 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2010-12-15 22:45:06 139264 ----a-w- C:\Windows\System32\cabview.dll
    2010-12-15 22:45:06 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2010-12-15 22:33:54 -------- d-----w- C:\Windows\Panther

    ==================== Find3M ====================

    2010-11-26 04:20:20 8120320 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2010-11-26 03:19:32 21610496 ----a-w- C:\Windows\System32\atio6axx.dll
    2010-11-26 03:02:08 16702976 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2010-11-26 02:58:22 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2010-11-26 02:58:12 550400 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2010-11-26 02:57:08 648704 ----a-w- C:\Windows\System32\aticfx64.dll
    2010-11-26 02:54:58 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2010-11-26 02:54:48 478720 ----a-w- C:\Windows\System32\atieclxx.exe
    2010-11-26 02:54:12 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2010-11-26 02:53:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2010-11-26 02:52:42 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2010-11-26 02:52:36 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2010-11-26 02:52:26 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2010-11-26 02:52:20 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2010-11-26 02:52:16 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2010-11-26 02:52:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2010-11-26 02:49:04 4066816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2010-11-26 02:40:14 4794368 ----a-w- C:\Windows\System32\atidxx64.dll
    2010-11-26 02:30:20 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2010-11-26 02:30:20 4122624 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2010-11-26 02:30:18 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2010-11-26 02:30:10 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2010-11-26 02:30:08 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2010-11-26 02:29:58 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
    2010-11-26 02:29:52 3217408 ----a-w- C:\Windows\System32\atiumd6a.dll
    2010-11-26 02:28:44 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2010-11-26 02:24:38 58880 ----a-w- C:\Windows\System32\coinst.dll
    2010-11-26 02:24:06 5258240 ----a-w- C:\Windows\System32\atiumd64.dll
    2010-11-26 02:22:26 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2010-11-26 02:17:28 351232 ----a-w- C:\Windows\System32\atiadlxx.dll
    2010-11-26 02:17:20 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2010-11-26 02:17:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2010-11-26 02:17:04 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2010-11-26 02:17:04 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2010-11-26 02:17:00 31744 ----a-w- C:\Windows\System32\atig6txx.dll
    2010-11-26 02:16:54 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2010-11-26 02:16:46 289792 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2010-11-26 02:16:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
    2010-11-26 02:15:58 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2010-11-26 02:15:52 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
    2010-11-26 02:15:42 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2010-11-26 02:15:00 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2010-11-26 02:09:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2010-11-26 02:09:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2010-11-17 12:04:32 115216 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
    2010-11-10 10:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-11-10 10:49:26 539232 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
    2010-11-10 10:49:02 543328 ----a-w- C:\Windows\SysWow64\LVUI2.dll
    2010-11-10 10:47:14 416352 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
    2010-11-10 10:45:54 4162784 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
    2010-11-10 10:45:32 559712 ----a-w- C:\Windows\System32\LVUIRC64.dll
    2010-11-10 10:45:32 102744 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
    2010-11-10 10:45:32 102744 ----a-w- C:\Windows\System32\LogiDPPApp.exe
    2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
    2010-11-10 10:45:30 10871128 ----a-w- C:\Windows\System32\LogiDPP.dll
    2010-11-10 10:45:20 316248 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
    2010-11-10 10:45:20 316248 ----a-w- C:\Windows\System32\DevManagerCore.dll
    2010-11-10 10:45:02 767584 ----a-w- C:\Windows\System32\LVUI64.dll
    2010-11-10 10:44:24 341856 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
    2010-11-10 10:43:32 259680 ----a-w- C:\Windows\System32\lvco13101216.dll
    2010-11-10 10:43:12 400480 ----a-w- C:\Windows\System32\lvcod64.dll
    2010-11-10 10:32:14 38238 ----a-w- C:\Windows\System32\Repository.reg
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-25 05:25:38 72064 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2010-10-25 05:25:38 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
    2010-10-25 05:25:38 188928 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

    ============= FINISH: 2:42:55.77 ===============
     
  9. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    The other log as requested.


    2011/01/01 02:46:21.0521 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/01 02:46:21.0521 ================================================================================
    2011/01/01 02:46:21.0521 SystemInfo:
    2011/01/01 02:46:21.0521
    2011/01/01 02:46:21.0521 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/01 02:46:21.0521 Product type: Workstation
    2011/01/01 02:46:21.0521 ComputerName: SPIRIT-PC
    2011/01/01 02:46:21.0522 UserName: Spirit
    2011/01/01 02:46:21.0522 Windows directory: C:\Windows
    2011/01/01 02:46:21.0522 System windows directory: C:\Windows
    2011/01/01 02:46:21.0522 Running under WOW64
    2011/01/01 02:46:21.0522 Processor architecture: Intel x64
    2011/01/01 02:46:21.0522 Number of processors: 3
    2011/01/01 02:46:21.0522 Page size: 0x1000
    2011/01/01 02:46:21.0522 Boot type: Normal boot
    2011/01/01 02:46:21.0522 ================================================================================
    2011/01/01 02:46:21.0523 Utility is running under WOW64
    2011/01/01 02:46:22.0782 Initialize success
    2011/01/01 02:46:27.0005 ================================================================================
    2011/01/01 02:46:27.0005 Scan started
    2011/01/01 02:46:27.0005 Mode: Manual;
    2011/01/01 02:46:27.0005 ================================================================================
    2011/01/01 02:46:27.0531 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/01/01 02:46:27.0582 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/01/01 02:46:27.0623 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/01/01 02:46:27.0674 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/01/01 02:46:27.0720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/01/01 02:46:27.0756 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/01/01 02:46:27.0814 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/01/01 02:46:27.0869 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/01/01 02:46:27.0918 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/01/01 02:46:27.0988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/01/01 02:46:28.0020 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    2011/01/01 02:46:28.0077 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/01/01 02:46:28.0306 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/01/01 02:46:28.0519 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/01/01 02:46:28.0554 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/01/01 02:46:28.0599 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/01/01 02:46:28.0648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/01/01 02:46:28.0672 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/01/01 02:46:28.0745 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/01/01 02:46:28.0919 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/01/01 02:46:28.0941 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/01/01 02:46:28.0991 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/01/01 02:46:29.0039 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/01/01 02:46:29.0078 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
    2011/01/01 02:46:29.0117 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
    2011/01/01 02:46:29.0161 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
    2011/01/01 02:46:29.0210 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/01 02:46:29.0235 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/01/01 02:46:29.0301 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
    2011/01/01 02:46:29.0413 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/01/01 02:46:29.0488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/01/01 02:46:29.0518 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/01/01 02:46:29.0605 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/01/01 02:46:29.0637 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/01 02:46:29.0664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/01/01 02:46:29.0695 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/01/01 02:46:29.0730 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/01/01 02:46:29.0757 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/01/01 02:46:29.0784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/01/01 02:46:29.0812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/01/01 02:46:29.0840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/01/01 02:46:29.0888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/01 02:46:29.0917 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/01 02:46:29.0961 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/01/01 02:46:30.0001 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/01/01 02:46:30.0148 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/01 02:46:30.0188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/01/01 02:46:30.0341 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/01/01 02:46:30.0420 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/01 02:46:30.0450 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/01/01 02:46:30.0491 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/01/01 02:46:30.0560 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2011/01/01 02:46:30.0623 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/01 02:46:30.0655 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/01/01 02:46:30.0687 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/01/01 02:46:30.0779 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/01 02:46:30.0846 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/01 02:46:30.0978 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/01/01 02:46:31.0111 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/01/01 02:46:31.0153 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/01/01 02:46:31.0193 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/01/01 02:46:31.0218 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/01/01 02:46:31.0251 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/01 02:46:31.0294 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/01 02:46:31.0325 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/01/01 02:46:31.0376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/01 02:46:31.0407 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/01 02:46:31.0453 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/01/01 02:46:31.0481 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/01 02:46:31.0528 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/01/01 02:46:31.0566 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/01/01 02:46:31.0594 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/01/01 02:46:31.0651 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/01 02:46:31.0695 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/01 02:46:31.0724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/01/01 02:46:31.0744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/01/01 02:46:31.0760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/01/01 02:46:31.0803 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/01 02:46:31.0849 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/01/01 02:46:31.0918 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/01/01 02:46:31.0961 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/01/01 02:46:31.0997 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/01 02:46:32.0045 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/01/01 02:46:32.0089 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/01/01 02:46:32.0145 ImmunetProtectDriver (bd7e2d208dc07495a3c71bbd06eb239f) C:\Windows\system32\DRIVERS\ImmunetProtect.sys
    2011/01/01 02:46:32.0167 ImmunetSelfProtectDriver (9f57d4c8b40369cfdc64a89abcf3e43d) C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
    2011/01/01 02:46:32.0209 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/01/01 02:46:32.0249 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/01 02:46:32.0279 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/01 02:46:32.0312 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/01/01 02:46:32.0351 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/01/01 02:46:32.0387 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/01/01 02:46:32.0406 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/01/01 02:46:32.0448 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/01 02:46:32.0487 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/01 02:46:32.0519 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/01 02:46:32.0558 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/01 02:46:32.0601 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/01/01 02:46:32.0622 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/01/01 02:46:32.0674 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/01 02:46:32.0721 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/01/01 02:46:32.0748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/01/01 02:46:32.0772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/01/01 02:46:32.0798 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/01/01 02:46:32.0873 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/01/01 02:46:32.0924 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/01/01 02:46:32.0950 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
    2011/01/01 02:46:33.0003 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
    2011/01/01 02:46:33.0123 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
    2011/01/01 02:46:33.0253 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/01/01 02:46:33.0296 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/01/01 02:46:33.0330 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/01/01 02:46:33.0403 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/01/01 02:46:33.0449 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/01 02:46:33.0487 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/01 02:46:33.0508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/01 02:46:33.0537 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/01 02:46:33.0579 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/01/01 02:46:33.0609 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/01/01 02:46:33.0630 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/01/01 02:46:33.0663 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/01 02:46:33.0697 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/01 02:46:33.0739 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/01 02:46:33.0763 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/01 02:46:33.0810 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/01 02:46:33.0845 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/01/01 02:46:33.0894 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/01/01 02:46:33.0964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/01/01 02:46:33.0988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/01/01 02:46:34.0012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/01/01 02:46:34.0128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/01 02:46:34.0186 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/01 02:46:34.0205 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/01 02:46:34.0241 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/01 02:46:34.0276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/01 02:46:34.0303 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/01 02:46:34.0325 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/01/01 02:46:34.0364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/01/01 02:46:34.0424 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/01 02:46:34.0508 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/01/01 02:46:34.0581 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/01/01 02:46:34.0620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/01 02:46:34.0643 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/01 02:46:34.0660 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/01 02:46:34.0703 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/01 02:46:34.0725 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/01 02:46:34.0743 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/01 02:46:34.0797 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/01/01 02:46:34.0834 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/01/01 02:46:34.0866 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/01/01 02:46:34.0894 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/01 02:46:34.0974 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/01 02:46:35.0065 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/01/01 02:46:35.0116 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
    2011/01/01 02:46:35.0460 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/01/01 02:46:35.0787 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
    2011/01/01 02:46:35.0821 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/01/01 02:46:35.0841 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/01/01 02:46:35.0879 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/01/01 02:46:35.0904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/01 02:46:35.0957 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/01/01 02:46:35.0973 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/01/01 02:46:36.0003 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/01/01 02:46:36.0039 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/01/01 02:46:36.0118 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/01/01 02:46:36.0142 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/01/01 02:46:36.0181 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/01/01 02:46:36.0318 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/01 02:46:36.0347 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/01/01 02:46:36.0390 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/01 02:46:36.0459 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/01/01 02:46:36.0512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/01/01 02:46:36.0552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/01 02:46:36.0594 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/01 02:46:36.0635 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/01/01 02:46:36.0658 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/01 02:46:36.0683 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/01 02:46:36.0702 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/01 02:46:36.0732 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/01 02:46:36.0757 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/01/01 02:46:36.0780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/01 02:46:36.0838 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/01 02:46:36.0865 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/01 02:46:36.0901 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/01/01 02:46:36.0940 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/01 02:46:36.0989 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/01/01 02:46:37.0062 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/01 02:46:37.0126 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/01/01 02:46:37.0158 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/01/01 02:46:37.0216 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/01/01 02:46:37.0266 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/01/01 02:46:37.0311 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/01/01 02:46:37.0336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/01/01 02:46:37.0363 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/01/01 02:46:37.0425 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/01 02:46:37.0464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/01/01 02:46:37.0505 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/01 02:46:37.0527 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/01/01 02:46:37.0566 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/01/01 02:46:37.0595 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/01/01 02:46:37.0642 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/01 02:46:37.0688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/01/01 02:46:37.0755 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/01 02:46:37.0812 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/01 02:46:37.0866 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/01 02:46:37.0931 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/01/01 02:46:37.0991 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/01/01 02:46:38.0030 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/01/01 02:46:38.0094 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/01 02:46:38.0203 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/01/01 02:46:38.0357 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/01 02:46:38.0401 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/01 02:46:38.0438 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/01 02:46:38.0468 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/01 02:46:38.0498 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/01 02:46:38.0521 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/01 02:46:38.0578 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/01 02:46:38.0617 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/01 02:46:38.0643 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/01/01 02:46:38.0673 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/01 02:46:38.0721 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/01/01 02:46:38.0796 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/01 02:46:38.0818 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/01/01 02:46:38.0865 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/01/01 02:46:38.0903 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/01 02:46:38.0938 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/01/01 02:46:39.0083 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/01 02:46:39.0131 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/01 02:46:39.0198 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/01/01 02:46:39.0244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/01 02:46:39.0270 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/01 02:46:39.0306 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/01 02:46:39.0357 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    2011/01/01 02:46:39.0461 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/01/01 02:46:39.0502 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/01 02:46:39.0531 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/01/01 02:46:39.0568 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/01/01 02:46:39.0592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/01/01 02:46:39.0638 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/01/01 02:46:39.0667 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/01/01 02:46:39.0694 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/01/01 02:46:39.0734 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/01 02:46:39.0762 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/01/01 02:46:39.0800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/01/01 02:46:39.0835 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/01/01 02:46:39.0883 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/01/01 02:46:39.0973 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/01 02:46:39.0991 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/01 02:46:40.0052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/01/01 02:46:40.0120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/01 02:46:40.0200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/01/01 02:46:40.0224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/01/01 02:46:40.0305 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/01 02:46:40.0379 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/01 02:46:40.0450 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/01/01 02:46:40.0498 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/01 02:46:40.0551 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/01 02:46:40.0577 ================================================================================
    2011/01/01 02:46:40.0577 Scan finished
    2011/01/01 02:46:40.0577 ================================================================================
    2011/01/01 02:46:40.0598 Detected object count: 1
    2011/01/01 02:46:50.0753 \HardDisk0 - will be cured after reboot
    2011/01/01 02:46:50.0754 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    OK I can see malware still there
    BUT the biggest problem is 3 active antiviruses , which will be clashing & preventing each other fixing anything
    To be perfecrtly honest & blunt Clam AV is a total waste of space on windows and is only really any good on linux boxes so uninstall that immediately
    then decide which of the 2 othr antiviruses you wanty
    I would suggest keeping MSE & uninstall Avast becasue it is a 64 bit system & MSE works better than Avast in W7 64 bit

    After you have uninstalled the 2 unwanted antiviruses then reboot twice & then


    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  11. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    when combo fix got to the window where it was creating the log I had a none stop pop up happening saying

    PEV.cfxxe has stopped working
    Problem signature:
    Problem Event Name: BEX
    Application Name: PEV.cfxxe
    Application Version: 0.0.0.0
    Application Timestamp: 4bd0e994
    Fault Module Name: PEV.cfxxe
    Fault Module Version: 0.0.0.0
    Fault Module Timestamp: 4bd0e994
    Exception Offset: 00082899
    Exception Code: c0000417
    Exception Data: 00000000
    OS Version: 6.1.7600.2.0.0.256.48
    Locale ID: 1033
    Additional Information 1: a18b
    Additional Information 2: a18b76c918258790b67df1332fee2996
    Additional Information 3: 19dd
    Additional Information 4: 19dda5d6ef68b5ffa3db2bf0717c45f7

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt

    here is the log you requested, not sure what the above is about perhaps you have a idea?
    -----------------------------------------------------------------------------------------------
    ComboFix 10-12-31.02 - Spirit 01/01/2011 3:25.1.3 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3839.2583 [GMT -8:00]
    Running from: c:\users\Spirit\Desktop\username123.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    N:\install.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
    .

    2011-01-01 11:20 . 2011-01-01 11:23 -------- d-----w- C:\32788R22FWJFW
    2011-01-01 06:18 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{334D28BF-51EA-419B-B421-11D12BF8F75C}\mpengine.dll
    2010-12-30 05:46 . 2010-12-30 05:46 -------- d-----w- c:\program files (x86)\Messenger Plus! Live
    2010-12-29 03:14 . 2010-12-29 03:14 -------- d-----w- c:\program files\CCleaner
    2010-12-29 03:10 . 2010-12-29 03:54 -------- d-----w- c:\programdata\STOPzilla!
    2010-12-29 03:02 . 2010-12-29 03:02 -------- d-----w- c:\programdata\Alwil Software
    2010-12-29 03:02 . 2010-12-29 03:02 -------- d-----w- c:\program files\Alwil Software
    2010-12-29 02:51 . 2011-01-01 11:08 -------- d-----w- c:\programdata\Immunet
    2010-12-29 02:31 . 2010-12-29 02:31 -------- d-----w- c:\program files (x86)\Trend Micro
    2010-12-28 08:03 . 2010-12-28 08:03 -------- d-----w- c:\program files\Ventrilo
    2010-12-28 08:03 . 2010-12-28 08:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2010-12-28 05:47 . 2010-12-29 03:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-12-28 05:47 . 2010-12-28 05:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2010-12-28 05:31 . 2010-12-28 05:31 -------- d-----w- c:\program files (x86)\Safer Networking
    2010-12-28 05:28 . 2010-12-28 05:28 -------- d-----w- c:\program files\LockHunter
    2010-12-28 03:07 . 2010-12-28 03:07 -------- d-----w- c:\program files (x86)\AnVir Task Manager Free
    2010-12-27 09:48 . 2010-12-27 09:48 -------- d-----w- c:\programdata\Media Center Programs
    2010-12-27 09:37 . 2010-12-27 09:37 -------- d-----w- c:\program files\Flagship Studios
    2010-12-27 04:26 . 2010-12-27 04:46 -------- d-----w- C:\GemX
    2010-12-27 04:11 . 2010-12-27 04:11 -------- d-----w- c:\program files (x86)\Foxit Software
    2010-12-25 04:50 . 2010-12-27 04:45 -------- d-----w- C:\Games
    2010-12-23 12:42 . 2010-12-23 12:42 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2010-12-23 12:42 . 2010-12-29 02:04 -------- d-----w- c:\program files (x86)\Steam
    2010-12-23 12:05 . 2010-12-23 12:05 -------- d-----w- C:\Nexon
    2010-12-23 12:04 . 2010-12-23 12:04 -------- d-----w- c:\programdata\NexonUS
    2010-12-23 11:41 . 2010-12-23 11:41 -------- d-----w- c:\windows\Sun
    2010-12-23 11:34 . 2010-12-23 11:34 -------- d-----w- c:\program files (x86)\Common Files\Java
    2010-12-23 11:34 . 2010-12-23 11:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-12-23 11:33 . 2010-12-23 11:33 -------- d-----w- c:\program files (x86)\Java
    2010-12-23 11:33 . 2010-12-28 06:10 -------- d-----w- c:\program files (x86)\Pando Networks
    2010-12-23 07:35 . 2010-12-23 07:35 -------- d-----w- c:\programdata\NVIDIA
    2010-12-23 06:36 . 2010-12-23 06:36 -------- d-----w- c:\programdata\NVIDIA Corporation
    2010-12-22 10:47 . 2010-12-22 10:47 -------- d-----w- c:\program files (x86)\THQ
    2010-12-22 10:47 . 2010-12-22 10:47 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
    2010-12-21 22:13 . 2010-12-23 06:36 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-12-21 06:52 . 2010-12-21 06:52 -------- d-----w- c:\programdata\Electronic Arts
    2010-12-21 06:52 . 2010-12-21 06:52 -------- d-----w- c:\programdata\EA Core
    2010-12-21 06:16 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
    2010-12-20 23:52 . 2010-12-20 23:52 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2010-12-19 22:29 . 2011-01-01 11:08 -------- d-----w- c:\program files (x86)\PlayerScoreClient
    2010-12-19 11:42 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\OpenSource Flash Video Splitter
    2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\DirectVobSub
    2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\Haali
    2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\Bass Audio Decoder
    2010-12-19 01:35 . 2010-12-26 06:49 -------- d-----w- c:\programdata\Zoom Player
    2010-12-19 01:35 . 2010-12-19 01:35 -------- d-----w- c:\program files (x86)\Zoom Player
    2010-12-18 23:37 . 2010-12-18 23:37 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93109654-7FAE-4069-8FBC-C592AF12577F}\gapaengine.dll
    2010-12-18 23:31 . 2010-12-18 23:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2010-12-18 23:31 . 2010-12-18 23:32 -------- d-----w- c:\program files\Microsoft Security Client
    2010-12-18 02:37 . 2010-12-26 06:40 -------- d-----w- c:\program files (x86)\Uplink
    2010-12-18 02:37 . 1997-11-19 23:49 303616 ----a-w- c:\windows\IsUninst.exe
    2010-12-18 02:36 . 2009-02-25 02:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
    2010-12-18 02:35 . 2010-12-18 02:36 -------- d-----w- c:\program files (x86)\MagicDisc
    2010-12-18 02:35 . 2010-12-18 02:35 -------- d-----w- c:\program files (x86)\MagicISO
    2010-12-18 02:29 . 2010-12-18 02:29 -------- d-----w- c:\program files (x86)\uTorrent
    2010-12-17 16:42 . 2010-11-16 20:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AB2EDE5-FB15-4E61-B0F5-841ACC1B2A24}\mpengine.dll
    2010-12-16 06:34 . 2010-12-16 06:34 -------- d-----w- c:\program files (x86)\GRETECH
    2010-12-16 03:04 . 2010-12-16 03:04 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
    2010-12-16 01:01 . 2010-12-16 01:01 -------- d-----w- c:\programdata\Blizzard Entertainment
    2010-12-16 00:59 . 2010-12-16 00:59 -------- d-----w- c:\program files (x86)\Phoenix Viewer
    2010-12-16 00:58 . 2010-12-16 00:58 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2010-12-16 00:18 . 2010-12-16 00:18 -------- d-----r- c:\program files (x86)\Skype
    2010-12-16 00:18 . 2010-12-16 00:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2010-12-16 00:18 . 2010-12-16 00:18 -------- d-----w- c:\programdata\Skype
    2010-12-16 00:05 . 2010-12-16 00:06 -------- d-----w- c:\program files (x86)\Windows Live
    2010-12-16 00:04 . 2010-12-16 00:04 -------- d-----w- c:\windows\PCHEALTH
    2010-12-16 00:04 . 2010-12-23 07:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2010-12-16 00:03 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2010-12-16 00:03 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2010-12-16 00:03 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
    2010-12-16 00:00 . 2010-12-16 00:00 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    2010-12-15 23:40 . 2010-12-15 23:40 -------- d-----w- c:\programdata\ATI
    2010-12-15 23:39 . 2010-12-15 23:39 0 ----a-w- c:\windows\ativpsrm.bin
    2010-12-15 23:38 . 2010-12-15 23:38 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2010-12-15 23:37 . 2010-12-15 23:37 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2010-12-15 23:36 . 2010-12-15 23:38 -------- d-----w- c:\program files (x86)\ATI Technologies
    2010-12-15 23:36 . 2010-12-15 23:36 -------- d-----w- c:\program files\ATI
    2010-12-15 23:35 . 2010-12-15 23:38 -------- d-----w- c:\program files\ATI Technologies
    2010-12-15 23:35 . 2010-12-15 23:35 -------- d-----w- C:\AMD
    2010-12-15 23:24 . 2010-12-15 23:24 -------- d-----w- c:\windows\SysWow64\Wat
    2010-12-15 23:13 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2010-12-15 23:12 . 2010-12-15 23:12 -------- d-----w- c:\programdata\LogiShrd
    2010-12-15 23:09 . 2011-01-01 11:13 -------- d-----w- c:\windows\SysWow64\logishrd
    2010-12-15 23:09 . 2010-12-15 23:09 -------- d-----w- c:\programdata\Logitech
    2010-12-15 23:09 . 2010-12-15 23:09 -------- d-----w- c:\program files (x86)\Common Files\LWS
    2010-12-15 23:09 . 2010-12-15 23:09 -------- d-----w- c:\program files (x86)\Logitech
    2010-12-15 23:09 . 2010-12-29 04:08 -------- d-sh--w- c:\windows\Installer
    2010-12-15 23:07 . 2010-12-15 23:10 -------- d-----w- c:\program files (x86)\Common Files\logishrd
    2010-12-15 23:07 . 2010-12-15 23:09 -------- d-----w- c:\program files\Common Files\logishrd
    2010-12-15 23:05 . 2009-11-25 20:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2010-12-15 23:05 . 2009-11-25 20:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2010-12-15 23:05 . 2009-11-25 20:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2010-12-15 23:05 . 2009-11-25 20:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2010-12-15 23:05 . 2009-11-25 20:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2010-12-15 22:56 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-15 22:56 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-15 22:56 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2010-12-15 22:56 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
    2010-12-15 22:56 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-12-15 22:56 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2010-12-15 22:56 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2010-12-15 22:55 . 2010-12-15 22:55 -------- d-----w- c:\windows\SysWow64\Macromed
    2010-12-15 22:53 . 2010-12-15 22:53 -------- d-----w- c:\program files\Microsoft Games
    2010-12-15 22:51 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
    2010-12-15 22:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
    2010-12-15 22:45 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
    2010-12-15 22:43 . 2010-12-28 05:50 -------- d-----w- c:\users\Spirit
    2010-12-15 22:43 . 2010-12-15 22:43 -------- d-----w- C:\Recovery
    2010-12-15 22:33 . 2010-12-15 22:43 -------- d-----w- c:\windows\Panther

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2010-11-10 10:54 . 2010-11-10 10:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2010-11-10 10:49 . 2010-11-10 10:49 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
    2010-11-10 10:49 . 2010-11-10 10:49 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll
    2010-11-10 10:47 . 2010-11-10 10:47 416352 ----a-w- c:\windows\SysWow64\lvcodec2.dll
    2010-11-10 10:45 . 2010-11-10 10:45 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
    2010-11-10 10:45 . 2010-11-10 10:45 10871128 ----a-w- c:\windows\SysWow64\LogiDPP.dll
    2010-11-10 10:45 . 2010-11-10 10:45 316248 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-18 396152]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]

    c:\users\Spirit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-12-16 0]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
    S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]

    .
    Contents of the 'Scheduled Tasks' folder
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    FF - ProfilePath - c:\users\Spirit\AppData\Roaming\Mozilla\Firefox\Profiles\y9wk89i6.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: BrowserProtect: [email protected] - %profile%\extensions\[email protected]
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1596606946-2218308209-1634007678-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a6,f4,66,43,dc,69,7e,45,61,5d,37,3a,de,e2,6e,93,9b,0c,18,99,91,
    1a,62,26,bc,c5,e8,e8,01,92,ed,17,fb,a8,43,92,b2,ca,39,47,6a,ef,f3,59,93,62,\
    "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-01 03:32:57
    ComboFix-quarantined-files.txt 2011-01-01 11:32

    Pre-Run: 110,102,945,792 bytes free
    Post-Run: 109,377,830,912 bytes free

    - - End Of File - - 3013A49E13A185E8BF0ABDF2263F3E8E
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    it looks like the combination of TDSSkiller & com,bofix has cleared up the malware so
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
     
  13. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    Thank you for your help but I think you missed a above question

    when combo fix got to the window where it was creating the log I had a none stop pop up happening saying

    PEV.cfxxe has stopped working
    Problem signature:
    Problem Event Name: BEX
    Application Name: PEV.cfxxe
    Application Version: 0.0.0.0
    Application Timestamp: 4bd0e994
    Fault Module Name: PEV.cfxxe
    Fault Module Version: 0.0.0.0
    Fault Module Timestamp: 4bd0e994
    Exception Offset: 00082899
    Exception Code: c0000417
    Exception Data: 00000000
    OS Version: 6.1.7600.2.0.0.256.48
    Locale ID: 1033
    Additional Information 1: a18b
    Additional Information 2: a18b76c918258790b67df1332fee2996
    Additional Information 3: 19dd
    Additional Information 4: 19dda5d6ef68b5ffa3db2bf0717c45f7

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?link...8&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt

    This accoured when combo fix was creating the log report I posted at your request, daring the entire time it was telling me to wait while it generated the logs for ya, I kept getting this above error, Any ideas? I fixed the curse client, Guess I jumped the gun, I needed to reboot and reinstall it to make it work again.. How ever the error above still has me abit boogled.
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that error was nothing to worry about
    it is fairly common on 64 bit computers and is most likely a security tool interfering or windows itself blocking that part of Combofix looking at certain parts of windows. 64 bit windows versions by default block access to certain areas, except by authorised system files
     
  15. Ulkterna

    Ulkterna Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    38
    DVk thank you so much, as a Software tech to another software tech I want to thank you for helping me learn how to deal with this, and providing the support you have provided, Normaly I am the person fixing peoples computers of virus's and not asking others to assist me with fixing it and I greatly thank you for the time you took to assist me with my pc to make it run smoother, ever since we fixed these issues my network hasn't had any further issues no more random Audio thingys trying to convince me to buy Car insurance (To a car I don't have lol) I am greatful for what you guys have done, You have solved my issue *shakes your hand* Thank you ~Ulkterna
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971291

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice