Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Re-Post: Assistance is Requested.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 4th, 2011, 6:50 am

Here's the report from TDSSKiller.

06:22:46.0888 3940 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
06:22:47.0024 3940 ============================================================
06:22:47.0024 3940 Current date / time: 2011/10/04 06:22:47.0024
06:22:47.0024 3940 SystemInfo:
06:22:47.0024 3940
06:22:47.0024 3940 OS Version: 6.0.6001 ServicePack: 1.0
06:22:47.0024 3940 Product type: Workstation
06:22:47.0024 3940 ComputerName: ALS-COMPY
06:22:47.0025 3940 UserName: Alex
06:22:47.0025 3940 Windows directory: C:\Windows
06:22:47.0025 3940 System windows directory: C:\Windows
06:22:47.0025 3940 Processor architecture: Intel x86
06:22:47.0025 3940 Number of processors: 2
06:22:47.0025 3940 Page size: 0x1000
06:22:47.0025 3940 Boot type: Normal boot
06:22:47.0025 3940 ============================================================
06:22:47.0474 3940 Initialize success
06:22:50.0421 4816 ============================================================
06:22:50.0421 4816 Scan started
06:22:50.0421 4816 Mode: Manual;
06:22:50.0421 4816 ============================================================
06:22:50.0927 4816 .smb - ok
06:22:51.0045 4816 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
06:22:51.0046 4816 61883 - ok
06:22:51.0142 4816 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
06:22:51.0148 4816 ACPI - ok
06:22:51.0249 4816 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
06:22:51.0255 4816 adp94xx - ok
06:22:51.0357 4816 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
06:22:51.0361 4816 adpahci - ok
06:22:51.0416 4816 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
06:22:51.0418 4816 adpu160m - ok
06:22:51.0467 4816 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
06:22:51.0469 4816 adpu320 - ok
06:22:51.0576 4816 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
06:22:51.0591 4816 AFD - ok
06:22:51.0796 4816 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
06:22:51.0797 4816 agp440 - ok
06:22:51.0886 4816 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
06:22:51.0888 4816 aic78xx - ok
06:22:51.0942 4816 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
06:22:51.0943 4816 aliide - ok
06:22:51.0983 4816 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
06:22:51.0995 4816 amdagp - ok
06:22:52.0017 4816 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
06:22:52.0018 4816 amdide - ok
06:22:52.0069 4816 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
06:22:52.0070 4816 AmdK7 - ok
06:22:52.0107 4816 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
06:22:52.0108 4816 AmdK8 - ok
06:22:52.0172 4816 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
06:22:52.0175 4816 AmdLLD - ok
06:22:52.0339 4816 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
06:22:52.0341 4816 arc - ok
06:22:52.0413 4816 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
06:22:52.0415 4816 arcsas - ok
06:22:52.0592 4816 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
06:22:52.0593 4816 AsyncMac - ok
06:22:52.0615 4816 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
06:22:52.0616 4816 atapi - ok
06:22:52.0681 4816 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
06:22:52.0685 4816 atksgt - ok
06:22:52.0782 4816 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
06:22:52.0783 4816 Avc - ok
06:22:52.0847 4816 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
06:22:52.0849 4816 Beep - ok
06:22:52.0906 4816 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
06:22:52.0908 4816 blbdrive - ok
06:22:53.0015 4816 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
06:22:53.0017 4816 bowser - ok
06:22:53.0093 4816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
06:22:53.0094 4816 BrFiltLo - ok
06:22:53.0138 4816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
06:22:53.0139 4816 BrFiltUp - ok
06:22:53.0220 4816 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
06:22:53.0222 4816 Brserid - ok
06:22:53.0253 4816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
06:22:53.0255 4816 BrSerWdm - ok
06:22:53.0278 4816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
06:22:53.0279 4816 BrUsbMdm - ok
06:22:53.0302 4816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
06:22:53.0303 4816 BrUsbSer - ok
06:22:53.0352 4816 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
06:22:53.0354 4816 BTHMODEM - ok
06:22:53.0458 4816 catchme - ok
06:22:53.0527 4816 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
06:22:53.0529 4816 cdfs - ok
06:22:53.0602 4816 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
06:22:53.0604 4816 cdrom - ok
06:22:53.0668 4816 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
06:22:53.0670 4816 circlass - ok
06:22:53.0713 4816 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
06:22:53.0719 4816 CLFS - ok
06:22:53.0789 4816 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
06:22:53.0791 4816 cmdide - ok
06:22:53.0817 4816 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
06:22:53.0822 4816 Compbatt - ok
06:22:53.0848 4816 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
06:22:53.0849 4816 crcdisk - ok
06:22:53.0876 4816 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
06:22:53.0877 4816 Crusoe - ok
06:22:53.0950 4816 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
06:22:53.0952 4816 DfsC - ok
06:22:54.0102 4816 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
06:22:54.0104 4816 disk - ok
06:22:54.0186 4816 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
06:22:54.0189 4816 Dot4 - ok
06:22:54.0216 4816 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:22:54.0217 4816 Dot4Print - ok
06:22:54.0237 4816 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
06:22:54.0239 4816 dot4usb - ok
06:22:54.0308 4816 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
06:22:54.0309 4816 drmkaud - ok
06:22:54.0359 4816 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
06:22:54.0385 4816 DXGKrnl - ok
06:22:54.0417 4816 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
06:22:54.0419 4816 E1G60 - ok
06:22:54.0506 4816 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
06:22:54.0509 4816 Ecache - ok
06:22:54.0597 4816 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
06:22:54.0604 4816 elxstor - ok
06:22:54.0639 4816 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
06:22:54.0641 4816 ErrDev - ok
06:22:54.0715 4816 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
06:22:54.0717 4816 exfat - ok
06:22:54.0740 4816 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
06:22:54.0743 4816 fastfat - ok
06:22:54.0797 4816 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
06:22:54.0799 4816 fdc - ok
06:22:54.0842 4816 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
06:22:54.0844 4816 FileInfo - ok
06:22:54.0870 4816 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
06:22:54.0871 4816 Filetrace - ok
06:22:54.0927 4816 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:22:54.0929 4816 flpydisk - ok
06:22:54.0955 4816 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
06:22:54.0959 4816 FltMgr - ok
06:22:54.0989 4816 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
06:22:54.0991 4816 Fs_Rec - ok
06:22:55.0019 4816 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
06:22:55.0021 4816 gagp30kx - ok
06:22:55.0086 4816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:22:55.0087 4816 GEARAspiWDM - ok
06:22:55.0147 4816 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:22:55.0149 4816 HDAudBus - ok
06:22:55.0179 4816 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
06:22:55.0180 4816 HidBth - ok
06:22:55.0232 4816 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
06:22:55.0234 4816 HidIr - ok
06:22:55.0319 4816 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
06:22:55.0321 4816 HidUsb - ok
06:22:55.0416 4816 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
06:22:55.0418 4816 HpCISSs - ok
06:22:55.0494 4816 HSF_DP (617732f6c0f86df3757b1d39211c15e5) C:\Windows\system32\DRIVERS\HSX_DP.sys
06:22:55.0537 4816 HSF_DP - ok
06:22:55.0579 4816 HSXHWBS3 (b1322e002bc4a556f83e4edde8e2f30f) C:\Windows\system32\DRIVERS\HSXHWBS3.sys
06:22:55.0584 4816 HSXHWBS3 - ok
06:22:55.0633 4816 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
06:22:55.0651 4816 HTTP - ok
06:22:55.0694 4816 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
06:22:55.0695 4816 i2omp - ok
06:22:55.0763 4816 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
06:22:55.0764 4816 i8042prt - ok
06:22:55.0866 4816 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\Windows\system32\drivers\iastor.sys
06:22:55.0870 4816 iaStor - ok
06:22:55.0910 4816 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
06:22:55.0914 4816 iaStorV - ok
06:22:56.0026 4816 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
06:22:56.0103 4816 igfx - ok
06:22:56.0180 4816 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
06:22:56.0182 4816 iirsp - ok
06:22:56.0324 4816 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
06:22:56.0386 4816 IntcAzAudAddService - ok
06:22:56.0480 4816 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
06:22:56.0482 4816 intelide - ok
06:22:56.0542 4816 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
06:22:56.0544 4816 intelppm - ok
06:22:56.0608 4816 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:22:56.0610 4816 IpFilterDriver - ok
06:22:56.0635 4816 IpInIp - ok
06:22:56.0673 4816 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
06:22:56.0675 4816 IPMIDRV - ok
06:22:56.0701 4816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
06:22:56.0703 4816 IPNAT - ok
06:22:56.0740 4816 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
06:22:56.0741 4816 IRENUM - ok
06:22:56.0787 4816 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
06:22:56.0789 4816 isapnp - ok
06:22:56.0819 4816 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
06:22:56.0823 4816 iScsiPrt - ok
06:22:56.0856 4816 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
06:22:56.0858 4816 iteatapi - ok
06:22:56.0938 4816 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
06:22:56.0940 4816 iteraid - ok
06:22:57.0007 4816 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
06:22:57.0008 4816 kbdclass - ok
06:22:57.0033 4816 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
06:22:57.0035 4816 kbdhid - ok
06:22:57.0075 4816 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
06:22:57.0082 4816 KSecDD - ok
06:22:57.0145 4816 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
06:22:57.0147 4816 libusb0 - ok
06:22:57.0251 4816 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
06:22:57.0253 4816 lirsgt - ok
06:22:57.0285 4816 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
06:22:57.0287 4816 lltdio - ok
06:22:57.0380 4816 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
06:22:57.0383 4816 LSI_FC - ok
06:22:57.0421 4816 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
06:22:57.0423 4816 LSI_SAS - ok
06:22:57.0469 4816 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
06:22:57.0471 4816 LSI_SCSI - ok
06:22:57.0507 4816 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
06:22:57.0509 4816 luafv - ok
06:22:57.0570 4816 MBAMSwissArmy (c0d40beaa6dfc05602fc8f484696f7f5) C:\Windows\system32\drivers\mbamswissarmy.sys
06:22:57.0572 4816 MBAMSwissArmy - ok
06:22:57.0672 4816 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
06:22:57.0673 4816 mdmxsdk - ok
06:22:57.0745 4816 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
06:22:57.0746 4816 megasas - ok
06:22:57.0792 4816 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
06:22:57.0801 4816 MegaSR - ok
06:22:57.0916 4816 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
06:22:57.0918 4816 Modem - ok
06:22:57.0947 4816 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
06:22:57.0950 4816 monitor - ok
06:22:57.0970 4816 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
06:22:57.0971 4816 mouclass - ok
06:22:57.0990 4816 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
06:22:57.0991 4816 mouhid - ok
06:22:58.0005 4816 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
06:22:58.0007 4816 MountMgr - ok
06:22:58.0060 4816 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
06:22:58.0062 4816 mpio - ok
06:22:58.0100 4816 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
06:22:58.0102 4816 mpsdrv - ok
06:22:58.0136 4816 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
06:22:58.0138 4816 Mraid35x - ok
06:22:58.0168 4816 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
06:22:58.0171 4816 MRxDAV - ok
06:22:58.0216 4816 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:22:58.0219 4816 mrxsmb - ok
06:22:58.0289 4816 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:22:58.0292 4816 mrxsmb10 - ok
06:22:58.0337 4816 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:22:58.0339 4816 mrxsmb20 - ok
06:22:58.0390 4816 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
06:22:58.0392 4816 msahci - ok
06:22:58.0443 4816 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
06:22:58.0445 4816 msdsm - ok
06:22:58.0557 4816 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
06:22:58.0559 4816 MSDV - ok
06:22:58.0606 4816 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
06:22:58.0608 4816 Msfs - ok
06:22:58.0687 4816 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
06:22:58.0688 4816 msisadrv - ok
06:22:58.0770 4816 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
06:22:58.0772 4816 MSKSSRV - ok
06:22:58.0810 4816 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
06:22:58.0811 4816 MSPCLOCK - ok
06:22:58.0836 4816 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
06:22:58.0838 4816 MSPQM - ok
06:22:58.0866 4816 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
06:22:58.0870 4816 MsRPC - ok
06:22:58.0906 4816 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
06:22:58.0908 4816 mssmbios - ok
06:22:58.0956 4816 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
06:22:58.0958 4816 MSTEE - ok
06:22:59.0031 4816 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
06:22:59.0033 4816 Mup - ok
06:22:59.0128 4816 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
06:22:59.0131 4816 NativeWifiP - ok
06:22:59.0218 4816 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
06:22:59.0233 4816 NDIS - ok
06:22:59.0252 4816 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
06:22:59.0254 4816 NdisTapi - ok
06:22:59.0281 4816 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
06:22:59.0283 4816 Ndisuio - ok
06:22:59.0314 4816 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
06:22:59.0316 4816 NdisWan - ok
06:22:59.0357 4816 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
06:22:59.0359 4816 NDProxy - ok
06:22:59.0430 4816 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
06:22:59.0431 4816 NetBIOS - ok
06:22:59.0469 4816 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
06:22:59.0472 4816 netbt - ok
06:22:59.0597 4816 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
06:22:59.0599 4816 nfrd960 - ok
06:22:59.0647 4816 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
06:22:59.0648 4816 Npfs - ok
06:22:59.0790 4816 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
06:22:59.0791 4816 nsiproxy - ok
06:22:59.0850 4816 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
06:22:59.0880 4816 Ntfs - ok
06:22:59.0919 4816 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
06:22:59.0920 4816 ntrigdigi - ok
06:22:59.0941 4816 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
06:22:59.0942 4816 Null - ok
06:23:00.0299 4816 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:23:00.0576 4816 nvlddmkm - ok
06:23:00.0629 4816 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
06:23:00.0632 4816 nvraid - ok
06:23:00.0679 4816 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
06:23:00.0680 4816 nvstor - ok
06:23:00.0760 4816 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
06:23:00.0762 4816 nv_agp - ok
06:23:00.0797 4816 NwlnkFlt - ok
06:23:00.0816 4816 NwlnkFwd - ok
06:23:00.0906 4816 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
06:23:00.0908 4816 ohci1394 - ok
06:23:00.0986 4816 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
06:23:00.0987 4816 Parport - ok
06:23:01.0011 4816 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
06:23:01.0012 4816 partmgr - ok
06:23:01.0034 4816 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
06:23:01.0035 4816 Parvdm - ok
06:23:01.0064 4816 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
06:23:01.0066 4816 pci - ok
06:23:01.0084 4816 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
06:23:01.0085 4816 pciide - ok
06:23:01.0108 4816 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
06:23:01.0111 4816 pcmcia - ok
06:23:01.0148 4816 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\Windows\system32\drivers\PCTCore.sys
06:23:01.0151 4816 PCTCore - ok
06:23:01.0236 4816 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
06:23:01.0261 4816 PEAUTH - ok
06:23:01.0380 4816 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
06:23:01.0382 4816 PptpMiniport - ok
06:23:01.0445 4816 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
06:23:01.0447 4816 Processor - ok
06:23:01.0550 4816 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
06:23:01.0551 4816 Ps2 - ok
06:23:01.0623 4816 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
06:23:01.0625 4816 PSched - ok
06:23:01.0721 4816 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
06:23:01.0764 4816 ql2300 - ok
06:23:01.0799 4816 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
06:23:01.0801 4816 ql40xx - ok
06:23:01.0841 4816 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
06:23:01.0843 4816 QWAVEdrv - ok
06:23:01.0880 4816 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
06:23:01.0881 4816 RasAcd - ok
06:23:01.0919 4816 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:23:01.0921 4816 Rasl2tp - ok
06:23:01.0946 4816 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
06:23:01.0947 4816 RasPppoe - ok
06:23:01.0992 4816 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
06:23:01.0994 4816 RasSstp - ok
06:23:02.0013 4816 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
06:23:02.0016 4816 rdbss - ok
06:23:02.0043 4816 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:23:02.0044 4816 RDPCDD - ok
06:23:02.0092 4816 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
06:23:02.0096 4816 rdpdr - ok
06:23:02.0128 4816 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
06:23:02.0129 4816 RDPENCDD - ok
06:23:02.0172 4816 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
06:23:02.0174 4816 RDPWD - ok
06:23:02.0216 4816 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
06:23:02.0219 4816 rspndr - ok
06:23:02.0284 4816 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
06:23:02.0286 4816 RTL8169 - ok
06:23:02.0328 4816 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
06:23:02.0329 4816 sbp2port - ok
06:23:02.0406 4816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:23:02.0408 4816 secdrv - ok
06:23:02.0447 4816 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
06:23:02.0448 4816 Serenum - ok
06:23:02.0482 4816 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
06:23:02.0484 4816 Serial - ok
06:23:02.0510 4816 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
06:23:02.0512 4816 sermouse - ok
06:23:02.0587 4816 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
06:23:02.0588 4816 sffdisk - ok
06:23:02.0622 4816 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
06:23:02.0623 4816 sffp_mmc - ok
06:23:02.0656 4816 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
06:23:02.0657 4816 sffp_sd - ok
06:23:02.0694 4816 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
06:23:02.0695 4816 sfloppy - ok
06:23:02.0730 4816 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
06:23:02.0732 4816 sisagp - ok
06:23:02.0759 4816 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
06:23:02.0760 4816 SiSRaid2 - ok
06:23:02.0805 4816 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
06:23:02.0807 4816 SiSRaid4 - ok
06:23:02.0824 4816 Smb - ok
06:23:02.0863 4816 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
06:23:02.0864 4816 spldr - ok
06:23:02.0961 4816 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
06:23:02.0961 4816 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
06:23:02.0964 4816 sptd ( LockedFile.Multi.Generic ) - warning
06:23:02.0964 4816 sptd - detected LockedFile.Multi.Generic (1)
06:23:03.0006 4816 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
06:23:03.0011 4816 srv - ok
06:23:03.0084 4816 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
06:23:03.0086 4816 srv2 - ok
06:23:03.0105 4816 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
06:23:03.0107 4816 srvnet - ok
06:23:03.0180 4816 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
06:23:03.0182 4816 swenum - ok
06:23:03.0218 4816 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
06:23:03.0220 4816 Symc8xx - ok
06:23:03.0273 4816 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
06:23:03.0275 4816 Sym_hi - ok
06:23:03.0330 4816 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
06:23:03.0331 4816 Sym_u3 - ok
06:23:03.0536 4816 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
06:23:03.0572 4816 Tcpip - ok
06:23:03.0620 4816 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
06:23:03.0629 4816 Tcpip6 - ok
06:23:03.0679 4816 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
06:23:03.0681 4816 tcpipreg - ok
06:23:03.0703 4816 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
06:23:03.0704 4816 TDPIPE - ok
06:23:03.0728 4816 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
06:23:03.0730 4816 TDTCP - ok
06:23:03.0764 4816 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
06:23:03.0766 4816 tdx - ok
06:23:03.0793 4816 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
06:23:03.0795 4816 TermDD - ok
06:23:03.0874 4816 tmactmon (02ffe7402fb07f2f64d1ac6866345087) C:\Windows\system32\DRIVERS\tmactmon.sys
06:23:03.0878 4816 tmactmon - ok
06:23:03.0974 4816 tmcomm (8762cb58a489b385feef2aea7f7718f3) C:\Windows\system32\DRIVERS\tmcomm.sys
06:23:03.0978 4816 tmcomm - ok
06:23:04.0003 4816 tmevtmgr (efe60b70fa964459dde55039c5b05be7) C:\Windows\system32\DRIVERS\tmevtmgr.sys
06:23:04.0005 4816 tmevtmgr - ok
06:23:04.0107 4816 tmlwf (d5ce61a14f7489d1ae827de8ddd9a87d) C:\Windows\system32\DRIVERS\tmlwf.sys
06:23:04.0112 4816 tmlwf - ok
06:23:04.0159 4816 tmpreflt (379c4f99994a56b66e11d1e32bb22a1c) C:\Windows\system32\DRIVERS\tmpreflt.sys
06:23:04.0161 4816 tmpreflt - ok
06:23:04.0250 4816 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\Windows\system32\DRIVERS\tmtdi.sys
06:23:04.0252 4816 tmtdi - ok
06:23:04.0279 4816 tmwfp (abd052191da6d8d6f5357c600a179d48) C:\Windows\system32\DRIVERS\tmwfp.sys
06:23:04.0285 4816 tmwfp - ok
06:23:04.0397 4816 tmxpflt (717e406972bbc07f8fb2a989416cab73) C:\Windows\system32\DRIVERS\tmxpflt.sys
06:23:04.0402 4816 tmxpflt - ok
06:23:04.0462 4816 TPkd (2f4e8077febfe11199ee3b011a34cd18) C:\Windows\system32\drivers\TPkd.sys
06:23:04.0464 4816 TPkd - ok
06:23:04.0513 4816 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:23:04.0515 4816 tssecsrv - ok
06:23:04.0552 4816 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
06:23:04.0554 4816 tunmp - ok
06:23:04.0620 4816 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
06:23:04.0622 4816 tunnel - ok
06:23:04.0662 4816 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
06:23:04.0664 4816 uagp35 - ok
06:23:04.0710 4816 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
06:23:04.0715 4816 udfs - ok
06:23:04.0799 4816 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
06:23:04.0801 4816 uliagpkx - ok
06:23:04.0870 4816 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
06:23:04.0874 4816 uliahci - ok
06:23:04.0925 4816 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
06:23:04.0928 4816 UlSata - ok
06:23:04.0988 4816 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
06:23:04.0991 4816 ulsata2 - ok
06:23:05.0015 4816 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
06:23:05.0018 4816 umbus - ok
06:23:05.0084 4816 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
06:23:05.0086 4816 USBAAPL - ok
06:23:05.0180 4816 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
06:23:05.0182 4816 usbaudio - ok
06:23:05.0227 4816 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
06:23:05.0229 4816 usbccgp - ok
06:23:05.0271 4816 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
06:23:05.0273 4816 usbcir - ok
06:23:05.0341 4816 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
06:23:05.0343 4816 usbehci - ok
06:23:05.0368 4816 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
06:23:05.0372 4816 usbhub - ok
06:23:05.0415 4816 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
06:23:05.0417 4816 usbohci - ok
06:23:05.0450 4816 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
06:23:05.0452 4816 usbprint - ok
06:23:05.0478 4816 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:23:05.0480 4816 USBSTOR - ok
06:23:05.0507 4816 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
06:23:05.0509 4816 usbuhci - ok
06:23:05.0549 4816 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
06:23:05.0551 4816 vga - ok
06:23:05.0592 4816 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
06:23:05.0594 4816 VgaSave - ok
06:23:05.0652 4816 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
06:23:05.0654 4816 viaagp - ok
06:23:05.0721 4816 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
06:23:05.0722 4816 ViaC7 - ok
06:23:05.0784 4816 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
06:23:05.0785 4816 viaide - ok
06:23:05.0851 4816 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
06:23:05.0854 4816 volmgr - ok
06:23:05.0893 4816 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
06:23:05.0897 4816 volmgrx - ok
06:23:05.0941 4816 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
06:23:05.0945 4816 volsnap - ok
06:23:06.0085 4816 vsapint (642eb152cb980ad9181b2161066be629) C:\Windows\system32\DRIVERS\vsapint.sys
06:23:06.0126 4816 vsapint - ok
06:23:06.0180 4816 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
06:23:06.0182 4816 vsmraid - ok
06:23:06.0258 4816 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
06:23:06.0259 4816 wacmoumonitor - ok
06:23:06.0329 4816 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
06:23:06.0330 4816 wacommousefilter - ok
06:23:06.0363 4816 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
06:23:06.0365 4816 WacomPen - ok
06:23:06.0426 4816 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
06:23:06.0428 4816 wacomvhid - ok
06:23:06.0453 4816 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
06:23:06.0455 4816 WacomVTHid - ok
06:23:06.0502 4816 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
06:23:06.0504 4816 Wanarp - ok
06:23:06.0514 4816 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
06:23:06.0517 4816 Wanarpv6 - ok
06:23:06.0562 4816 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
06:23:06.0564 4816 Wd - ok
06:23:06.0623 4816 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
06:23:06.0632 4816 Wdf01000 - ok
06:23:06.0742 4816 winachsf (f1265727c078406299ff4b3b033e3132) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
06:23:06.0768 4816 winachsf - ok
06:23:06.0889 4816 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
06:23:06.0891 4816 WmiAcpi - ok
06:23:07.0053 4816 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
06:23:07.0055 4816 WpdUsb - ok
06:23:07.0164 4816 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
06:23:07.0166 4816 ws2ifsl - ok
06:23:07.0253 4816 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:23:07.0255 4816 WUDFRd - ok
06:23:07.0322 4816 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
06:23:07.0323 4816 XAudio - ok
06:23:07.0355 4816 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
06:23:07.0543 4816 \Device\Harddisk0\DR0 - ok
06:23:07.0555 4816 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
06:23:07.0565 4816 \Device\Harddisk4\DR4 - ok
06:23:07.0585 4816 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR6
06:23:07.0797 4816 \Device\Harddisk5\DR6 - ok
06:23:07.0802 4816 Boot (0x1200) (744030f88b7eaeef1a94ffb6e0faae5b) \Device\Harddisk0\DR0\Partition0
06:23:07.0803 4816 \Device\Harddisk0\DR0\Partition0 - ok
06:23:07.0809 4816 Boot (0x1200) (ffdfff19fa82457d432c3c16eae3c162) \Device\Harddisk0\DR0\Partition1
06:23:07.0810 4816 \Device\Harddisk0\DR0\Partition1 - ok
06:23:07.0818 4816 Boot (0x1200) (7b1abfe3202c2e384d7ef040313423de) \Device\Harddisk4\DR4\Partition0
06:23:07.0819 4816 \Device\Harddisk4\DR4\Partition0 - ok
06:23:07.0827 4816 Boot (0x1200) (87a49e5f830bcad40ce279f32b1f694d) \Device\Harddisk5\DR6\Partition0
06:23:07.0829 4816 \Device\Harddisk5\DR6\Partition0 - ok
06:23:07.0829 4816 ============================================================
06:23:07.0829 4816 Scan finished
06:23:07.0829 4816 ============================================================
06:23:07.0843 4808 Detected object count: 1
06:23:07.0844 4808 Actual detected object count: 1
06:23:18.0849 4808 sptd ( LockedFile.Multi.Generic ) - skipped by user
06:23:18.0849 4808 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


I scanned my Backup_MBR_0.bin in both Jotti's and VirusTotal and they found nothing. Would the scan have to be run from my computer instead of the laptop? If so, I still have no internet connection, so I am unable to do so.
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm
Advertisement
Register to Remove

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 4th, 2011, 9:30 am

Nothing in the latest scans.

The locked sptd.sys driver found by TDSSKiller is part of Daemon Tools, which you have installed on your machine. You can uninstall Daemon Tools if you wish, but it's unlikely to resolve your problems.

If you were able to transfer a copy of your MBR backup and scan it at VT or Jotti's then it shouldn't matter that you didn't connect directly.

I'm fairly certain the problem isn't your MBR now.

Can you run Combofix again for me please and post me the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 4th, 2011, 4:46 pm

Here's the log it came up with.


ComboFix 11-10-02.01 - Alex 10/04/2011 14:57:41.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.2326 [GMT -4:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 19:12 . 2011-10-04 19:12 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-10-04 19:12 . 2011-10-04 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-04 19:12 . 2011-10-04 19:12 -------- d-----w- c:\users\Dad\AppData\Local\temp
2011-10-04 19:12 . 2011-10-04 19:12 -------- d-----w- c:\users\CJ\AppData\Local\temp
2011-10-04 10:33 . 2011-10-04 10:44 512 ----a-w- C:\Backup_MBR_0.bin
2011-10-04 10:27 . 2009-08-06 01:55 123904 ----a-w- C:\MbrFix.exe
2011-10-03 20:59 . 2011-10-03 20:59 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEC591B3-1455-4647-80A5-DA5809614E96}\offreg.dll
2011-10-03 18:57 . 2011-10-03 18:57 -------- d-----w- C:\_OTL
2011-10-03 10:09 . 2011-10-03 10:13 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
2011-10-02 18:54 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-02 16:50 . 2011-10-02 16:50 -------- d-----w- C:\MGADiagToolOutput
2011-10-02 16:47 . 2011-10-02 16:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\users\Alex\AppData\Roaming\SYSTEMAX Software Development
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\users\Alex\AppData\Local\Zame
2011-09-30 13:24 . 2011-09-30 13:24 -------- d-----w- c:\windows\Sun
2011-09-30 11:32 . 2011-09-30 11:40 102400 ----a-w- c:\windows\RegBootClean.exe
2011-09-30 05:56 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEC591B3-1455-4647-80A5-DA5809614E96}\mpengine.dll
2011-09-18 08:26 . 2011-07-12 10:44 262416 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-09-18 08:26 . 2011-07-12 10:09 1405720 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-09-18 08:26 . 2011-07-12 10:43 36624 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-09-13 13:29 . 2011-09-13 13:30 -------- d-----w- c:\users\Alex\AppData\Local\Tific
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\users\Alex\AppData\Roaming\Tific
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\programdata\Norton
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\program files\Norton PC Checkup
2011-09-13 10:31 . 2011-09-13 10:31 -------- d-----w- c:\programdata\UAB
2011-09-13 10:30 . 2011-09-13 10:30 -------- d-----w- c:\users\Alex\AppData\Local\PC_Drivers_Headquarters
2011-09-13 10:29 . 2011-09-13 10:29 -------- d-----w- c:\programdata\Driver Tool
2011-09-13 10:26 . 2011-09-13 10:26 -------- d-----w- c:\program files\Driver Tool
2011-09-06 23:19 . 2011-10-03 20:10 -------- d-----w- c:\users\Alex\AppData\Roaming\Skype
2011-09-06 23:18 . 2011-09-06 23:19 -------- d-----r- c:\program files\Skype
2011-09-06 23:18 . 2011-09-06 23:18 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-02 12:48 . 2011-08-02 12:48 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-02 12:48 . 2011-08-02 12:48 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-24 07:51 . 2011-07-24 07:51 5830 --sha-w- c:\programdata\untfs32.dll
2011-07-24 06:51 . 2011-07-24 06:51 5830 --sha-w- c:\programdata\XAudio2_332.dll
2011-07-24 04:51 . 2011-07-24 04:51 5830 --sha-w- c:\programdata\mssprxy32.dll
2011-07-24 03:51 . 2011-07-24 03:51 5830 --sha-w- c:\programdata\KBDFO32.dll
2011-07-24 02:51 . 2011-07-24 02:51 5830 --sha-w- c:\programdata\pmspl32.dll
2011-07-24 01:51 . 2011-07-24 01:51 5830 --sha-w- c:\programdata\tvratings32.dll
2011-07-24 00:51 . 2011-07-24 00:51 5830 --sha-w- c:\programdata\dwmredir32.dll
2011-07-23 23:51 . 2011-07-23 23:51 5830 --sha-w- c:\programdata\netprofm32.dll
2011-07-23 22:51 . 2011-07-23 22:51 5830 --sha-w- c:\programdata\cfgmgr3232.dll
2011-07-23 21:51 . 2011-07-23 21:51 5830 --sha-w- c:\programdata\mtxlegih32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-14 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-26 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\users\Alex\QT Lite\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [2010-10-15 62856]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-8-26 3510680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R2 swprv32;Microsoft Software Shadow Copy Provider ;c:\windows\system32\wmdrmdev32.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3461116]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-17 721904]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-03 145424]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-05-03 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 4497704]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-05 50256]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-03 497008]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 36624]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-03 677128]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-03 256528]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 113448]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 26871406
*NewlyCreated* - ASWMBR
*Deregistered* - 26871406
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\User_Feed_Synchronization-{6BCE3385-2AE3-4C19-B5CE-CEEB79B28D40}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
2011-10-04 c:\windows\Tasks\User_Feed_Synchronization-{E3601854-F1C9-46B2-B447-AB4D7CC5C161}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-04 15:12
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1c,10,d1,3b,9d,05,cd,f2,aa,3f,0f,df,13,d7,ff,d9,ce,0b,fb,ad,2e,55,16,
f6,15,cb,a2,10,c4,46,0d,56,ac,02,c2,f4,2c,56,13,b2,6a,f1,cf,a0,2c,70,8e,61,\
"??"=hex:aa,06,ba,37,1f,bb,9e,c2,1a,37,22,8e,f0,4b,61,9b
.
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\SecuROM\License information*]
"datasecu"=hex:80,7b,d6,03,f8,23,94,0e,94,3c,68,be,fa,1b,57,38,c8,da,54,c7,17,
28,87,c0,ef,3d,c6,0d,c4,b0,94,66,51,a8,50,7e,54,0d,2f,0f,a7,78,f9,93,16,67,\
"rkeysecu"=hex:26,e1,19,a8,04,c6,31,4d,91,ec,92,f0,99,45,76,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4640)
c:\program files\Xfire\xfire_toucan_44507.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
Completion time: 2011-10-04 15:17:31
ComboFix-quarantined-files.txt 2011-10-04 19:17
ComboFix2.txt 2011-10-02 19:29
.
Pre-Run: 27,293,401,088 bytes free
Post-Run: 27,158,503,424 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=54 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54
- - End Of File - - C67A23E3FF178381FCFFBFD494BC3706
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 4th, 2011, 6:58 pm

No signs of re-infection, so it looks like we've got everything.

There is an issue with the number of control sets on your computer, which we can try again to resolve with Combofix.

  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
FixCSet::

  • Click Format and ensure Wordwrap is unchecked.
  • Save as CFScript.txt to your Desktop.

Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Combofix will now process that file.

When finished, it will produce a log for you. Post that log in your next reply please. (it can also be found at C:\Combofix.txt)

Next

Lets check the TCP/IP settings on your computer are set correctly.

  • Click Start
  • Type network connections in the search programs and files box
  • From the list produced, click on view network connections (top of list)
  • Right click on your usual connection and select Properties.
    • Under the Networking tab click on Internet Protocol version 6 (TCP/IPv6) to highlight it
    • Click Properties
      • Ensure that the following are checked ....
      • Obtain an IPv6 address automatically
      • Obtain DNS Server address automatically
      • Click OK
    • Click on Internet Protocol version 4 (TCP/IPv4) to highlight it
    • Click Properties
      • Ensure that the following are checked ....
      • Obtain an IPv4 address automatically
      • Obtain DNS Server address automatically
      • Click OK
  • Exit out of any open Windows.

Did you have to change any settings, and if so are you able to connect now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 4th, 2011, 7:40 pm

I am afraid that the infection is still there. When I dragged the CFScript into ComboFix, this popped up:

Image

The virus stopped me from using ComboFix. I'm afraid that I need a new plan.
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 5th, 2011, 1:47 am

To establish whether you're still infected, we need to check your MBR again, but this time we need to take a copy of it when Windows isn't running, so that the infection (if still present) cannot influence anything.

Before we can do that, I need some information.

Boot into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image

  • Take note of what drive Recovery Environment sees the Operating System on. RE sometimes sees drive allocations differently to how they are in Normal Mode, so it's important that I know so I can post appropriate instructions. It can be found at the top of the System Recovery Options window.

Image

  • Hit Restart button to boot back into Normal Mode.
  • Post details of the Drive letter you've just noted down.

If you don't have the Repair your computer option in the Advanced Options Menu, then you'll need to boot from your Windows installation disks if you have them. These need to be genuine Microsoft issue, not the recovery disks supplied with OEM machines.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 5th, 2011, 6:18 am

I performed the steps as you told me to, and the drive listed was the C: drive.
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 5th, 2011, 8:27 am

Download FRST to a USB flash drive, and plug the drive into your infected machine.

Next

Boot into Recovery Environment as directed in my last post.

On the System Recovery Options menu you will get the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt option.
  • A command window will open.
  • In the command window type in notepad and press Enter.
  • Notepad will open. Under File menu select Open.
  • Select Computer and find your flash drive letter and then close Notepad.
  • Back in the command window ....
  • Type c: .... hit Enter
  • Now type the following command .... C:\MBRFix /drive 0 savembr e:\Backup_MBR_0.bin .... hit Enter ( replace e: with the letter for your USB flash drive, be careful to enter the spaces in the correct places or it won't work).
  • This should make a copy of your computer's MBR on your USB drive.
  • In the command window now type e:\frst.exe and press Enter (replace letter e: with the drive letter of your flash drive.)
  • The tool FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive.

Reboot your computer into normal mode and post me FRST.txt please.

Scan the new copy of your MBR at VirusTotal or Jotti's as you did earlier and let me know what is found please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 5th, 2011, 4:31 pm

The VirusTotal scan found nothing. Here's the FRST log.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.3
Ran by SYSTEM at 2011-10-05 15:10:33
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-04-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-04-01] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-04-01] (Intel Corporation)
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-11] (Intel Corporation)
HKLM\...\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [995528 2009-10-20] (Trend Micro Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1394000 2010-01-07] ()
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Users\Alex\QT Lite\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)
HKLM\...\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe [62856 2010-10-14] ()
HKLM\...\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete [54936 2007-04-07] (Sun Microsystems, Inc.)
HKU\Alex\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1242448 2011-08-14] (Valve Corporation)
HKU\Alex\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Alex\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17361032 2011-08-26] (Skype Technologies S.A.)
HKU\CJ\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\CJ\...\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE [497008 2008-07-30] (Trend Micro Inc.)
HKU\CJ\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Dad\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Dad\...\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [497008 2008-07-30] (Trend Micro Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

================================ Services (Whitelisted) ==================

2 Browser Defender Update Service; "C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe" [112592 2010-01-21] (Threat Expert Ltd.)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1045256 2011-06-13] (Acresso Software Inc.)
3 GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-03-28] (WildTangent, Inc.)
2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
2 mi-raysat_3dsmax2011_32; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" [86016 2010-03-09] ()
2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe /s [123320 2011-05-03] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll" /prefetch:1 [132984 2011-05-03] (Symantec Corporation)
3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [365280 2009-12-09] (PC Tools)
3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1141712 2010-01-18] (PC Tools)
2 SfCtlCom; "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe" [711320 2010-10-07] ()
2 TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [4497704 2009-11-23] (Wacom Technology, Corp.)
2 TMBMServer; "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service [341256 2009-03-03] ()
2 TmPfw; "C:\Program Files\Trend Micro\Internet Security\TmPfw.exe" [497008 2009-09-03] (Trend Micro Inc.)
2 TmProxy; "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe" [677128 2009-09-03] (Trend Micro Inc.)
3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [21504 2008-01-20] (Microsoft Corporation)
2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
2 swprv32; C:\Windows\system32\wmdrmdev32.exe [x]
3 wampapache; "C:\Users\Alex\Documents\wamp\bin\apache\apache2.2.11\bin\httpd.exe" -k runservice [x]
3 wampmysqld; C:\Users\Alex\Documents\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe wampmysqld [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-20] (Microsoft Corporation)
3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2011-08-02] ()
3 Avc; C:\Windows\System32\DRIVERS\avc.sys [40448 2008-01-20] (Microsoft Corporation)
3 HSF_DP; C:\Windows\System32\DRIVERS\HSX_DP.sys [985600 2008-02-12] (Conexant Systems, Inc.)
3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2011-08-02] ()
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [38224 2010-01-07] (Malwarebytes Corporation)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 MSDV; C:\Windows\System32\DRIVERS\msdv.sys [52608 2008-01-20] (Microsoft Corporation)
3 npggsvc; C:\Windows\system32\GameMon.des -service [3461116 2010-02-24] (INCA Internet Co., Ltd.)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [207280 2009-09-23] (PC Tools)
3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [19072 2005-12-12] (Hewlett-Packard Company)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [118784 2008-02-14] (Realtek Corporation )
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [41016 2008-01-20] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-05-17] (Duplex Secure Ltd.)
2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [50256 2010-07-05] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [154192 2010-07-05] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [50256 2010-07-05] (Trend Micro Inc.)
1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [145424 2009-03-03] (Trend Micro Inc.)
2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [36624 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [80400 2009-03-03] (Trend Micro Inc.)
2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [256528 2009-03-03] (Trend Micro Inc.)
2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [262416 2011-07-12] (Trend Micro Inc.)
0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [92792 2009-12-02] (PACE Anti-Piracy, Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [115816 2008-01-20] (Promise Technology, Inc.)
2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [1405720 2011-07-12] (Trend Micro Inc.)
3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
3 .smb; \* [x]
3 catchme; \??\C:\Users\Alex\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 Smb; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-10-04 15:31 - 2011-10-04 15:28 - 0000009 ____A C:\Users\Alex\Desktop\CFScript.txt
2011-10-04 15:31 - 2011-10-02 10:40 - 4240388 ____A (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2011-10-04 11:17 - 2011-10-04 11:17 - 0018119 ____A C:\ComboFix.txt
2011-10-04 11:14 - 2011-10-04 11:14 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-04 10:55 - 2011-10-04 11:17 - 0000000 ____D C:\ComboFix
2011-10-04 02:33 - 2011-10-04 02:44 - 0000512 ____A C:\Backup_MBR_0.bin
2011-10-04 02:27 - 2009-08-05 17:55 - 0123904 ____A (Systemintegrasjon AS) C:\MbrFix.exe
2011-10-04 02:22 - 2011-10-04 02:25 - 0077616 ____A C:\TDSSKiller.2.6.4.0_04.10.2011_06.22.46_log.txt
2011-10-04 02:21 - 2011-10-03 13:38 - 1548080 ____A (Kaspersky Lab ZAO) C:\Users\Alex\Desktop\TDSSKiller.exe
2011-10-04 02:21 - 2009-08-05 18:01 - 0011638 ____A C:\Users\Alex\Desktop\MbrFix.htm
2011-10-04 02:21 - 2009-08-05 17:55 - 0133632 ____A (Systemintegrasjon AS) C:\Users\Alex\Desktop\MbrFix64.exe
2011-10-04 02:21 - 2009-08-05 17:55 - 0123904 ____A (Systemintegrasjon AS) C:\Users\Alex\Desktop\MbrFix.exe
2011-10-03 13:42 - 2011-10-03 13:14 - 1916416 ____A (AVAST Software) C:\Users\Alex\Desktop\aswMBR.exe
2011-10-03 10:57 - 2011-10-03 10:57 - 0000000 ____D C:\_OTL
2011-10-03 10:56 - 2011-10-03 10:52 - 0582656 ____A (OldTimer Tools) C:\Users\Alex\Desktop\OTL.exe
2011-10-03 02:09 - 2011-10-03 02:13 - 0000000 ____D C:\Users\Alex\Application Data\uTorrent
2011-10-03 02:09 - 2011-10-03 02:13 - 0000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2011-10-02 11:16 - 2011-10-03 10:57 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2011-10-02 10:54 - 2011-10-02 11:17 - 0262144 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 11:17 - 0262144 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\COMPON~1.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\COMPON~1.tmp.LOG1
2011-10-02 10:54 - 2008-01-20 18:23 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2011-10-02 10:48 - 2011-10-04 11:17 - 0000000 ____D C:\Qoobox
2011-10-02 10:48 - 2011-10-02 11:27 - 0000000 ____D C:\Windows\ERDNT
2011-10-02 10:48 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2011-10-02 10:48 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2011-10-02 10:48 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-10-02 10:48 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-10-02 10:48 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-10-02 10:48 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2011-10-02 10:48 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2011-10-02 10:48 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2011-10-02 08:50 - 2011-10-02 08:50 - 0000000 ____D C:\MGADiagToolOutput
2011-10-02 08:47 - 2011-10-02 08:47 - 0000000 ____D C:\Users\All Users\Office Genuine Advantage
2011-10-02 08:47 - 2011-10-02 08:47 - 0000000 ____D C:\Users\All Users\Application Data\Office Genuine Advantage
2011-10-02 08:47 - 2011-10-02 08:47 - 0000000 ____D C:\ProgramData\Office Genuine Advantage
2011-10-02 08:46 - 2011-10-02 08:06 - 2031992 ____A (Microsoft Corporation) C:\Users\Alex\Desktop\MGADiag.exe
2011-10-02 08:46 - 2011-10-02 08:06 - 0459264 ____A () C:\Users\Alex\Desktop\CKScanner.exe
2011-10-01 13:32 - 2011-10-01 13:32 - 0001889 ____A C:\Users\Public\Desktop\Adobe Reader 8.lnk
2011-10-01 13:32 - 2011-10-01 13:32 - 0001889 ____A C:\Users\All Users\Desktop\Adobe Reader 8.lnk
2011-10-01 13:27 - 2011-10-05 02:19 - 3220414464 __ASH C:\hiberfil.sys
2011-10-01 13:23 - 2011-10-01 13:24 - 0146044 ____A C:\Windows\ntbtlog.txt
2011-09-30 16:34 - 2011-09-30 16:34 - 0043641 ____A C:\Users\Alex\.recently-used.xbel
2011-09-30 09:25 - 2011-09-30 09:25 - 0002028 ____A C:\Users\Alex\Desktop\PaintTool SAI.lnk
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\All Users\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\All Users\Application Data\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\Local Settings\Zame
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\Zame
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\Application Data\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\AppData\Roaming\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\AppData\Local\Zame
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\ProgramData\SYSTEMAX Software Development
2011-09-30 07:44 - 2011-09-30 07:44 - 0351864 ____A C:\Users\Alex\Downloads\ragdolled_mediguns.zip
2011-09-30 05:24 - 2011-09-30 05:24 - 0000000 ____D C:\Windows\Sun
2011-09-30 03:32 - 2011-09-30 03:40 - 0102400 ____A C:\Windows\RegBootClean.exe
2011-09-29 18:51 - 2011-09-29 18:51 - 2114015 ____A C:\Users\Alex\Downloads\sai-eng-pack-1.1.0-f1.exe
2011-09-28 13:07 - 2011-09-28 13:08 - 0753910 ____A C:\Users\Alex\Downloads\Ultimate Main Plaza View.png
2011-09-28 13:07 - 2011-09-28 13:08 - 0493266 ____A C:\Users\Alex\Downloads\Map of Ponyville - Reference - Nice - v2.png
2011-09-26 16:27 - 2011-09-26 16:27 - 0153745 ____A C:\Users\Alex\Downloads\MLP - Friendship is Magic - 2x02 - Return of Harmony Part 2.mp4_snapshot_20.39_[2011.09.25_05.42.11].jpg
2011-09-26 16:25 - 2011-09-26 16:25 - 0228956 ____A C:\Users\Alex\Downloads\MLP - Friendship is Magic - 2x02 - Return of Harmony Part 2.mp4_snapshot_20.49_[2011.09.25_05.46.08].jpg
2011-09-26 14:17 - 2011-09-26 14:17 - 0772186 ____A C:\Users\Alex\Downloads\IMG_26092011_161753.png
2011-09-24 10:27 - 2011-09-24 10:27 - 0125227 ____A C:\Users\Alex\Downloads\MCModelPack3-adventure.zip
2011-09-24 10:24 - 2011-09-24 10:24 - 1330020 ____A C:\Users\Alex\Downloads\mcmodelpack3.zip
2011-09-24 10:24 - 2011-09-24 10:24 - 0003259 ____A C:\Users\Alex\Downloads\doorstool.zip
2011-09-21 17:40 - 2011-09-21 17:42 - 0000110 ___AH C:\Users\Alex\Downloads\.~lock.post-impressionism p2 alex marihew(2).ppt#
2011-09-21 17:35 - 2011-09-21 17:35 - 1092608 ____A C:\Users\Alex\Downloads\post-impressionism p2 alex marihew(2).ppt
2011-09-21 13:16 - 2011-09-22 02:44 - 4201472 ____A C:\Users\Alex\Downloads\Post-Impressionism P2 Alex Marihew.ppt
2011-09-21 13:16 - 2011-09-21 13:16 - 1270966 ____A C:\Users\Alex\Downloads\Post-Impressionism P2 Alex Marihew.pptx
2011-09-18 08:23 - 2011-09-18 08:23 - 0224156 ____A C:\Users\Alex\Downloads\My Little Pony_ Friendship is Magic Season 2 Episode 1 - The.mp4_snapshot_02.12_[2011.09.18_06.17.54] Marked ON.jpg
2011-09-18 00:26 - 2011-07-12 02:44 - 0262416 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmxpflt.sys
2011-09-18 00:26 - 2011-07-12 02:43 - 0036624 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmpreflt.sys
2011-09-18 00:26 - 2011-07-12 02:09 - 1405720 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\vsapint.sys
2011-09-16 16:53 - 2011-09-16 16:53 - 0012115 ____A C:\Users\Alex\My Documents\hs_err_pid9676.log
2011-09-16 16:53 - 2011-09-16 16:53 - 0012115 ____A C:\Users\Alex\Documents\hs_err_pid9676.log
2011-09-16 10:20 - 2011-09-16 10:20 - 2986028 ____A C:\Users\Alex\Downloads\MLP Theme Gladosified.wav
2011-09-14 14:10 - 2011-09-14 14:10 - 0915327 ____A C:\Users\Alex\Downloads\the_fish_fillets_v1_1.zip
2011-09-13 05:29 - 2011-09-13 05:30 - 0000000 ____D C:\Users\Alex\Local Settings\Tific
2011-09-13 05:29 - 2011-09-13 05:30 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\Tific
2011-09-13 05:29 - 2011-09-13 05:30 - 0000000 ____D C:\Users\Alex\AppData\Local\Tific
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Windows\System32\Drivers\NortonPCCheckup
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\NortonInstaller
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\Norton
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\Application Data\Norton
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\Alex\Application Data\Tific
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Tific
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\ProgramData\NortonInstaller
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\ProgramData\Norton
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Program Files\Norton PC Checkup
2011-09-13 02:32 - 2011-09-13 02:32 - 0000000 ____D C:\Users\Alex\Downloads\Driver Tool
2011-09-13 02:31 - 2011-09-13 02:31 - 0000000 ____D C:\Users\All Users\UAB
2011-09-13 02:31 - 2011-09-13 02:31 - 0000000 ____D C:\Users\All Users\Application Data\UAB
2011-09-13 02:31 - 2011-09-13 02:31 - 0000000 ____D C:\ProgramData\UAB
2011-09-13 02:30 - 2011-09-13 02:30 - 0000000 ____D C:\Users\Alex\Local Settings\PC_Drivers_Headquarters
2011-09-13 02:30 - 2011-09-13 02:30 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\PC_Drivers_Headquarters
2011-09-13 02:30 - 2011-09-13 02:30 - 0000000 ____D C:\Users\Alex\AppData\Local\PC_Drivers_Headquarters
2011-09-13 02:29 - 2011-09-13 02:29 - 0000000 ____D C:\Users\All Users\Driver Tool
2011-09-13 02:29 - 2011-09-13 02:29 - 0000000 ____D C:\Users\All Users\Application Data\Driver Tool
2011-09-13 02:29 - 2011-09-13 02:29 - 0000000 ____D C:\ProgramData\Driver Tool
2011-09-13 02:27 - 2011-09-13 02:28 - 100271992 ____A (Microsoft Corporation) C:\Users\Alex\Downloads\directx_Jun2010_redist.exe
2011-09-13 02:26 - 2011-09-13 02:26 - 0000000 ____D C:\Program Files\Driver Tool
2011-09-13 02:24 - 2011-09-13 02:24 - 1190672 ____A (Driver Tool ) C:\Users\Alex\Downloads\DriverTool.exe
2011-09-12 15:57 - 2011-09-12 18:20 - 1156726661 ____A C:\Users\Alex\Downloads\Sonic Adventure 2 - Battle.rar
2011-09-11 15:07 - 2011-09-11 15:07 - 0184004 ____A C:\Users\Alex\Downloads\sumotori102.zip
2011-09-11 12:02 - 2011-09-11 12:02 - 0012673 ____A C:\Users\Alex\My Documents\hs_err_pid4340.log
2011-09-11 12:02 - 2011-09-11 12:02 - 0012673 ____A C:\Users\Alex\Documents\hs_err_pid4340.log
2011-09-11 07:10 - 2011-09-11 07:10 - 0012840 ____A C:\Users\Alex\My Documents\hs_err_pid6844.log
2011-09-11 07:10 - 2011-09-11 07:10 - 0012840 ____A C:\Users\Alex\Documents\hs_err_pid6844.log
2011-09-11 03:11 - 2011-09-11 03:11 - 1893151 ____A C:\Users\Alex\Downloads\minecraft.jar
2011-09-10 15:46 - 2011-09-10 15:46 - 0012873 ____A C:\Users\Alex\My Documents\hs_err_pid2392.log
2011-09-10 15:46 - 2011-09-10 15:46 - 0012873 ____A C:\Users\Alex\Documents\hs_err_pid2392.log
2011-09-10 14:57 - 2011-09-10 14:57 - 0012596 ____A C:\Users\Alex\My Documents\hs_err_pid6944.log
2011-09-10 14:57 - 2011-09-10 14:57 - 0012596 ____A C:\Users\Alex\Documents\hs_err_pid6944.log
2011-09-06 15:19 - 2011-10-03 12:10 - 0000000 ____D C:\Users\Alex\Application Data\Skype
2011-09-06 15:19 - 2011-10-03 12:10 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2011-09-06 15:18 - 2011-09-06 15:19 - 0000000 ___RD C:\Program Files\Skype
2011-09-06 15:18 - 2011-09-06 15:18 - 0001878 ____A C:\Users\Public\Desktop\Skype.lnk
2011-09-06 15:18 - 2011-09-06 15:18 - 0001878 ____A C:\Users\All Users\Desktop\Skype.lnk
2011-09-06 15:18 - 2011-09-06 15:18 - 0000000 ____D C:\Users\All Users\Skype
2011-09-06 15:18 - 2011-09-06 15:18 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2011-09-06 15:18 - 2011-09-06 15:18 - 0000000 ____D C:\ProgramData\Skype
2011-09-06 15:10 - 2011-09-06 15:10 - 1081480 ____A (Skype Technologies S.A.) C:\Users\Alex\Downloads\SkypeSetup.exe


============ 3 Months Modified Files and Folders ===============

2011-10-05 15:09 - 2011-10-05 15:09 - 0000000 ____D C:\FRST
2011-10-05 10:56 - 2011-01-08 10:28 - 0000000 ____D C:\Users\Alex\Local Settings\TSVNCache
2011-10-05 10:56 - 2011-01-08 10:28 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\TSVNCache
2011-10-05 10:56 - 2011-01-08 10:28 - 0000000 ____D C:\Users\Alex\AppData\Local\TSVNCache
2011-10-05 10:56 - 2010-10-12 15:08 - 0055509 ____A C:\Users\All Users\nvModes.001
2011-10-05 10:56 - 2010-10-12 15:08 - 0055509 ____A C:\Users\All Users\Application Data\nvModes.001
2011-10-05 10:56 - 2010-10-12 15:08 - 0055509 ____A C:\ProgramData\nvModes.001
2011-10-05 10:56 - 2008-10-09 06:28 - 1300176 ____A C:\Windows\WindowsUpdate.log
2011-10-05 10:56 - 2006-11-02 05:01 - 0032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-05 10:56 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-10-05 10:56 - 2006-11-02 04:47 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-10-05 10:56 - 2006-11-02 04:47 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-10-05 09:05 - 2009-06-21 08:45 - 0000412 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{6BCE3385-2AE3-4C19-B5CE-CEEB79B28D40}.job
2011-10-05 09:05 - 2009-06-02 04:31 - 0000416 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{E3601854-F1C9-46B2-B447-AB4D7CC5C161}.job
2011-10-05 02:27 - 2009-05-03 08:56 - 0000000 ____D C:\Program Files\Steam
2011-10-05 02:26 - 2010-12-25 09:09 - 0000000 ____D C:\Users\Alex\Application Data\WTablet
2011-10-05 02:26 - 2010-12-25 09:09 - 0000000 ____D C:\Users\Alex\AppData\Roaming\WTablet
2011-10-05 02:26 - 2010-10-12 15:08 - 0055509 ____A C:\Users\All Users\nvModes.dat
2011-10-05 02:26 - 2010-10-12 15:08 - 0055509 ____A C:\Users\All Users\Application Data\nvModes.dat
2011-10-05 02:26 - 2010-10-12 15:08 - 0055509 ____A C:\ProgramData\nvModes.dat
2011-10-05 02:19 - 2011-10-01 13:27 - 3220414464 __ASH C:\hiberfil.sys
2011-10-05 02:19 - 2011-05-28 02:59 - 0004778 ____A C:\Windows\PFRO.log
2011-10-05 02:12 - 2010-11-11 12:07 - 0002984 ____A C:\Windows\TMFilter.log
2011-10-04 15:28 - 2011-10-04 15:31 - 0000009 ____A C:\Users\Alex\Desktop\CFScript.txt
2011-10-04 11:17 - 2011-10-04 11:17 - 0018119 ____A C:\ComboFix.txt
2011-10-04 11:17 - 2011-10-04 10:55 - 0000000 ____D C:\ComboFix
2011-10-04 11:17 - 2011-10-02 10:48 - 0000000 ____D C:\Qoobox
2011-10-04 11:14 - 2011-10-04 11:14 - 0000000 __SHD C:\$RECYCLE.BIN
2011-10-04 11:12 - 2006-11-02 02:23 - 0000215 ____A C:\Windows\system.ini
2011-10-04 02:44 - 2011-10-04 02:33 - 0000512 ____A C:\Backup_MBR_0.bin
2011-10-04 02:25 - 2011-10-04 02:22 - 0077616 ____A C:\TDSSKiller.2.6.4.0_04.10.2011_06.22.46_log.txt
2011-10-03 13:38 - 2011-10-04 02:21 - 1548080 ____A (Kaspersky Lab ZAO) C:\Users\Alex\Desktop\TDSSKiller.exe
2011-10-03 13:14 - 2011-10-03 13:42 - 1916416 ____A (AVAST Software) C:\Users\Alex\Desktop\aswMBR.exe
2011-10-03 12:10 - 2011-09-06 15:19 - 0000000 ____D C:\Users\Alex\Application Data\Skype
2011-10-03 12:10 - 2011-09-06 15:19 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2011-10-03 10:57 - 2011-10-03 10:57 - 0000000 ____D C:\_OTL
2011-10-03 10:57 - 2011-10-02 11:16 - 0000098 ____A C:\Windows\System32\Drivers\etc\Hosts
2011-10-03 10:52 - 2011-10-03 10:56 - 0582656 ____A (OldTimer Tools) C:\Users\Alex\Desktop\OTL.exe
2011-10-03 02:13 - 2011-10-03 02:09 - 0000000 ____D C:\Users\Alex\Application Data\uTorrent
2011-10-03 02:13 - 2011-10-03 02:09 - 0000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2011-10-03 02:13 - 2008-09-26 04:14 - 0000000 ____D C:\Program Files\Java
2011-10-03 02:13 - 2008-09-26 04:14 - 0000000 ____D C:\Program Files\Common Files\Java
2011-10-02 11:29 - 2006-11-02 03:18 - 0000000 __RHD C:\users\Default
2011-10-02 11:29 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Public
2011-10-02 11:27 - 2011-10-02 10:48 - 0000000 ____D C:\Windows\ERDNT
2011-10-02 11:17 - 2011-10-02 10:54 - 0262144 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG1
2011-10-02 11:17 - 2011-10-02 10:54 - 0262144 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2011-10-02 11:17 - 2006-11-02 02:22 - 77332480 ____A C:\Windows\System32\config\SYSTEM.bak
2011-10-02 11:17 - 2006-11-02 02:22 - 66125824 ____A C:\Windows\System32\config\SOFTWARE.bak
2011-10-02 11:17 - 2006-11-02 02:22 - 37253120 ____A C:\Windows\System32\config\COMPON~1.bak
2011-10-02 11:17 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\DEFAULT.bak
2011-10-02 11:17 - 2006-11-02 02:22 - 0131072 ____A C:\Windows\System32\config\SAM.bak
2011-10-02 11:17 - 2006-11-02 02:22 - 0028672 ____A C:\Windows\System32\config\SECURITY.bak
2011-10-02 11:14 - 2008-12-26 14:42 - 0000000 ____D C:\users\Alex
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG1
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\COMPON~1.tmp.LOG2
2011-10-02 10:54 - 2011-10-02 10:54 - 0000000 ___AH C:\Windows\System32\config\COMPON~1.tmp.LOG1
2011-10-02 10:47 - 2011-05-30 15:46 - 0000000 ____D C:\Users\Alex\Application Data\Xfire
2011-10-02 10:47 - 2011-05-30 15:46 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Xfire
2011-10-02 10:40 - 2011-10-04 15:31 - 4240388 ____A (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2011-10-02 09:17 - 2010-03-20 08:15 - 0000000 ____D C:\Users\Alex\Application Data\Audacity
2011-10-02 09:17 - 2010-03-20 08:15 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2011-10-02 08:50 - 2011-10-02 08:50 - 0000000 ____D C:\MGADiagToolOutput
2011-10-02 08:47 - 2011-10-02 08:47 - 0000000 ____D C:\Users\All Users\Office Genuine Advantage
2011-10-02 08:47 - 2011-10-02 08:47 - 0000000 ____D C:\Users\All Users\Application Data\Office Genuine Advantage
2011-10-02 08:47 - 2011-10-02 08:47 - 0000000 ____D C:\ProgramData\Office Genuine Advantage
2011-10-02 08:06 - 2011-10-02 08:46 - 2031992 ____A (Microsoft Corporation) C:\Users\Alex\Desktop\MGADiag.exe
2011-10-02 08:06 - 2011-10-02 08:46 - 0459264 ____A () C:\Users\Alex\Desktop\CKScanner.exe
2011-10-02 05:48 - 2009-01-04 06:44 - 0000052 ____A C:\Windows\System32\DOErrors.log
2011-10-01 13:32 - 2011-10-01 13:32 - 0001889 ____A C:\Users\Public\Desktop\Adobe Reader 8.lnk
2011-10-01 13:32 - 2011-10-01 13:32 - 0001889 ____A C:\Users\All Users\Desktop\Adobe Reader 8.lnk
2011-10-01 13:32 - 2008-12-26 11:46 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-10-01 13:31 - 2008-12-26 11:46 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2011-10-01 13:31 - 2008-12-26 11:46 - 0000000 ____D C:\Users\All Users\Adobe
2011-10-01 13:31 - 2008-12-26 11:46 - 0000000 ____D C:\ProgramData\Adobe
2011-10-01 13:31 - 2008-12-26 11:46 - 0000000 ____D C:\Program Files\Adobe
2011-10-01 13:24 - 2011-10-01 13:23 - 0146044 ____A C:\Windows\ntbtlog.txt
2011-10-01 11:21 - 2010-10-07 15:26 - 31524011 ____A C:\Windows\TmComm.log
2011-10-01 08:19 - 2011-05-30 15:46 - 0000000 ____D C:\Users\All Users\Xfire
2011-10-01 08:19 - 2011-05-30 15:46 - 0000000 ____D C:\Users\All Users\Application Data\Xfire
2011-10-01 08:19 - 2011-05-30 15:46 - 0000000 ____D C:\ProgramData\Xfire
2011-10-01 06:07 - 2009-04-21 16:56 - 0002032 ____A C:\Users\Alex\Local Settings\d3d9caps.dat
2011-10-01 06:07 - 2009-04-21 16:56 - 0002032 ____A C:\Users\Alex\Local Settings\Application Data\d3d9caps.dat
2011-10-01 06:07 - 2009-04-21 16:56 - 0002032 ____A C:\Users\Alex\AppData\Local\d3d9caps.dat
2011-10-01 04:15 - 2010-11-05 14:41 - 0000000 ____D C:\Users\Alex\Application Data\.minecraft
2011-10-01 04:15 - 2010-11-05 14:41 - 0000000 ____D C:\Users\Alex\AppData\Roaming\.minecraft
2011-09-30 17:10 - 2009-01-04 12:52 - 0000000 ____D C:\Users\Alex\.gimp-2.6
2011-09-30 16:34 - 2011-09-30 16:34 - 0043641 ____A C:\Users\Alex\.recently-used.xbel
2011-09-30 16:34 - 2009-01-04 12:53 - 0000000 ____D C:\Users\Alex\Application Data\gtk-2.0
2011-09-30 16:34 - 2009-01-04 12:53 - 0000000 ____D C:\Users\Alex\AppData\Roaming\gtk-2.0
2011-09-30 09:25 - 2011-09-30 09:25 - 0002028 ____A C:\Users\Alex\Desktop\PaintTool SAI.lnk
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\All Users\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\All Users\Application Data\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\Local Settings\Zame
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\Zame
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\Application Data\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\AppData\Roaming\SYSTEMAX Software Development
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\Users\Alex\AppData\Local\Zame
2011-09-30 09:25 - 2011-09-30 09:25 - 0000000 ____D C:\ProgramData\SYSTEMAX Software Development
2011-09-30 07:44 - 2011-09-30 07:44 - 0351864 ____A C:\Users\Alex\Downloads\ragdolled_mediguns.zip
2011-09-30 05:47 - 2009-05-03 08:56 - 0000000 ____D C:\Program Files\Common Files\Steam
2011-09-30 05:24 - 2011-09-30 05:24 - 0000000 ____D C:\Windows\Sun
2011-09-30 03:40 - 2011-09-30 03:32 - 0102400 ____A C:\Windows\RegBootClean.exe
2011-09-29 18:51 - 2011-09-29 18:51 - 2114015 ____A C:\Users\Alex\Downloads\sai-eng-pack-1.1.0-f1.exe
2011-09-29 13:08 - 2008-12-26 10:37 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-09-28 23:00 - 2006-11-02 02:24 - 47369160 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-09-28 13:08 - 2011-09-28 13:07 - 0753910 ____A C:\Users\Alex\Downloads\Ultimate Main Plaza View.png
2011-09-28 13:08 - 2011-09-28 13:07 - 0493266 ____A C:\Users\Alex\Downloads\Map of Ponyville - Reference - Nice - v2.png
2011-09-26 16:27 - 2011-09-26 16:27 - 0153745 ____A C:\Users\Alex\Downloads\MLP - Friendship is Magic - 2x02 - Return of Harmony Part 2.mp4_snapshot_20.39_[2011.09.25_05.42.11].jpg
2011-09-26 16:25 - 2011-09-26 16:25 - 0228956 ____A C:\Users\Alex\Downloads\MLP - Friendship is Magic - 2x02 - Return of Harmony Part 2.mp4_snapshot_20.49_[2011.09.25_05.46.08].jpg
2011-09-26 14:17 - 2011-09-26 14:17 - 0772186 ____A C:\Users\Alex\Downloads\IMG_26092011_161753.png
2011-09-26 10:48 - 2011-06-28 15:45 - 0000000 ____D C:\Users\Alex\Application Data\Celemony Software GmbH
2011-09-26 10:48 - 2011-06-28 15:45 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Celemony Software GmbH
2011-09-24 17:00 - 2008-12-26 14:42 - 0000000 ____D C:\Users\Alex\AppData\LocalLow
2011-09-24 10:27 - 2011-09-24 10:27 - 0125227 ____A C:\Users\Alex\Downloads\MCModelPack3-adventure.zip
2011-09-24 10:24 - 2011-09-24 10:24 - 1330020 ____A C:\Users\Alex\Downloads\mcmodelpack3.zip
2011-09-24 10:24 - 2011-09-24 10:24 - 0003259 ____A C:\Users\Alex\Downloads\doorstool.zip
2011-09-23 17:59 - 2009-11-10 18:29 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\3DVIA
2011-09-23 17:59 - 2009-11-10 18:29 - 0000000 ____D C:\Users\Alex\Local Settings\3DVIA
2011-09-23 17:59 - 2009-11-10 18:29 - 0000000 ____D C:\Users\Alex\AppData\Local\3DVIA
2011-09-22 02:44 - 2011-09-21 13:16 - 4201472 ____A C:\Users\Alex\Downloads\Post-Impressionism P2 Alex Marihew.ppt
2011-09-21 17:42 - 2011-09-21 17:40 - 0000110 ___AH C:\Users\Alex\Downloads\.~lock.post-impressionism p2 alex marihew(2).ppt#
2011-09-21 17:35 - 2011-09-21 17:35 - 1092608 ____A C:\Users\Alex\Downloads\post-impressionism p2 alex marihew(2).ppt
2011-09-21 13:16 - 2011-09-21 13:16 - 1270966 ____A C:\Users\Alex\Downloads\Post-Impressionism P2 Alex Marihew.pptx
2011-09-18 08:23 - 2011-09-18 08:23 - 0224156 ____A C:\Users\Alex\Downloads\My Little Pony_ Friendship is Magic Season 2 Episode 1 - The.mp4_snapshot_02.12_[2011.09.18_06.17.54] Marked ON.jpg
2011-09-17 09:51 - 2008-09-26 04:29 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-09-16 16:53 - 2011-09-16 16:53 - 0012115 ____A C:\Users\Alex\My Documents\hs_err_pid9676.log
2011-09-16 16:53 - 2011-09-16 16:53 - 0012115 ____A C:\Users\Alex\Documents\hs_err_pid9676.log
2011-09-16 10:20 - 2011-09-16 10:20 - 2986028 ____A C:\Users\Alex\Downloads\MLP Theme Gladosified.wav
2011-09-14 23:16 - 2009-02-05 04:38 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-09-14 23:16 - 2009-02-05 04:38 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2011-09-14 23:16 - 2009-02-05 04:38 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-09-14 14:14 - 2009-01-26 16:59 - 0000000 ____D C:\Users\Alex\My Documents\VSTiplugins
2011-09-14 14:14 - 2009-01-26 16:59 - 0000000 ____D C:\Users\Alex\Documents\VSTiplugins
2011-09-14 14:10 - 2011-09-14 14:10 - 0915327 ____A C:\Users\Alex\Downloads\the_fish_fillets_v1_1.zip
2011-09-13 05:30 - 2011-09-13 05:29 - 0000000 ____D C:\Users\Alex\Local Settings\Tific
2011-09-13 05:30 - 2011-09-13 05:29 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\Tific
2011-09-13 05:30 - 2011-09-13 05:29 - 0000000 ____D C:\Users\Alex\AppData\Local\Tific
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Windows\System32\Drivers\NortonPCCheckup
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\NortonInstaller
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\Norton
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\All Users\Application Data\Norton
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\Alex\Application Data\Tific
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Tific
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\ProgramData\NortonInstaller
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\ProgramData\Norton
2011-09-13 05:29 - 2011-09-13 05:29 - 0000000 ____D C:\Program Files\Norton PC Checkup
2011-09-13 02:32 - 2011-09-13 02:32 - 0000000 ____D C:\Users\Alex\Downloads\Driver Tool
2011-09-13 02:31 - 2011-09-13 02:31 - 0000000 ____D C:\Users\All Users\UAB
2011-09-13 02:31 - 2011-09-13 02:31 - 0000000 ____D C:\Users\All Users\Application Data\UAB
2011-09-13 02:31 - 2011-09-13 02:31 - 0000000 ____D C:\ProgramData\UAB
2011-09-13 02:30 - 2011-09-13 02:30 - 0000000 ____D C:\Users\Alex\Local Settings\PC_Drivers_Headquarters
2011-09-13 02:30 - 2011-09-13 02:30 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\PC_Drivers_Headquarters
2011-09-13 02:30 - 2011-09-13 02:30 - 0000000 ____D C:\Users\Alex\AppData\Local\PC_Drivers_Headquarters
2011-09-13 02:29 - 2011-09-13 02:29 - 0000000 ____D C:\Users\All Users\Driver Tool
2011-09-13 02:29 - 2011-09-13 02:29 - 0000000 ____D C:\Users\All Users\Application Data\Driver Tool
2011-09-13 02:29 - 2011-09-13 02:29 - 0000000 ____D C:\ProgramData\Driver Tool
2011-09-13 02:28 - 2011-09-13 02:27 - 100271992 ____A (Microsoft Corporation) C:\Users\Alex\Downloads\directx_Jun2010_redist.exe
2011-09-13 02:26 - 2011-09-13 02:26 - 0000000 ____D C:\Program Files\Driver Tool
2011-09-13 02:24 - 2011-09-13 02:24 - 1190672 ____A (Driver Tool ) C:\Users\Alex\Downloads\DriverTool.exe
2011-09-12 18:20 - 2011-09-12 15:57 - 1156726661 ____A C:\Users\Alex\Downloads\Sonic Adventure 2 - Battle.rar
2011-09-11 15:07 - 2011-09-11 15:07 - 0184004 ____A C:\Users\Alex\Downloads\sumotori102.zip
2011-09-11 12:02 - 2011-09-11 12:02 - 0012673 ____A C:\Users\Alex\My Documents\hs_err_pid4340.log
2011-09-11 12:02 - 2011-09-11 12:02 - 0012673 ____A C:\Users\Alex\Documents\hs_err_pid4340.log
2011-09-11 07:10 - 2011-09-11 07:10 - 0012840 ____A C:\Users\Alex\My Documents\hs_err_pid6844.log
2011-09-11 07:10 - 2011-09-11 07:10 - 0012840 ____A C:\Users\Alex\Documents\hs_err_pid6844.log
2011-09-11 03:11 - 2011-09-11 03:11 - 1893151 ____A C:\Users\Alex\Downloads\minecraft.jar
2011-09-10 15:46 - 2011-09-10 15:46 - 0012873 ____A C:\Users\Alex\My Documents\hs_err_pid2392.log
2011-09-10 15:46 - 2011-09-10 15:46 - 0012873 ____A C:\Users\Alex\Documents\hs_err_pid2392.log
2011-09-10 14:57 - 2011-09-10 14:57 - 0012596 ____A C:\Users\Alex\My Documents\hs_err_pid6944.log
2011-09-10 14:57 - 2011-09-10 14:57 - 0012596 ____A C:\Users\Alex\Documents\hs_err_pid6944.log
2011-09-06 15:19 - 2011-09-06 15:18 - 0000000 ___RD C:\Program Files\Skype
2011-09-06 15:18 - 2011-09-06 15:18 - 0001878 ____A C:\Users\Public\Desktop\Skype.lnk
2011-09-06 15:18 - 2011-09-06 15:18 - 0001878 ____A C:\Users\All Users\Desktop\Skype.lnk
2011-09-06 15:18 - 2011-09-06 15:18 - 0000000 ____D C:\Users\All Users\Skype
2011-09-06 15:18 - 2011-09-06 15:18 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2011-09-06 15:18 - 2011-09-06 15:18 - 0000000 ____D C:\ProgramData\Skype
2011-09-06 15:10 - 2011-09-06 15:10 - 1081480 ____A (Skype Technologies S.A.) C:\Users\Alex\Downloads\SkypeSetup.exe
2011-09-05 09:18 - 2011-05-30 15:46 - 0000000 ____D C:\Program Files\Xfire
2011-09-03 05:46 - 2011-08-25 18:22 - 0351400 ____A C:\Users\Alex\My Documents\wheats.blend
2011-09-03 05:46 - 2011-08-25 18:22 - 0351400 ____A C:\Users\Alex\Documents\wheats.blend
2011-09-03 05:12 - 2011-08-25 18:22 - 0346872 ____A C:\Users\Alex\My Documents\wheats.blend1
2011-09-03 05:12 - 2011-08-25 18:22 - 0346872 ____A C:\Users\Alex\Documents\wheats.blend1
2011-09-03 05:01 - 2011-08-25 18:22 - 0344340 ____A C:\Users\Alex\My Documents\wheats.blend2
2011-09-03 05:01 - 2011-08-25 18:22 - 0344340 ____A C:\Users\Alex\Documents\wheats.blend2
2011-09-01 12:05 - 2011-09-01 12:05 - 0000215 ____A C:\Users\Alex\Desktop\TrackMania Nations Forever.url
2011-08-30 11:54 - 2011-08-30 11:54 - 0024064 ____A C:\Users\Alex\Downloads\Adjetivos_de_nacionalidad.doc
2011-08-30 11:49 - 2011-08-30 11:49 - 0012062 ____A C:\Users\Alex\Downloads\Adjetivos de nacionalidad.docx
2011-08-28 12:15 - 2011-08-28 12:14 - 4955036 ____A C:\Users\Alex\Downloads\henrysanimationtoolsb4.zip
2011-08-27 13:27 - 2011-08-27 13:24 - 5716010 ____A C:\Users\Alex\Downloads\18. Decree of The Prosecutor Instrumental.mp3
2011-08-27 10:07 - 2011-08-27 10:05 - 4031634 ____A C:\Users\Alex\Downloads\16. The Secret of Global Studios Instrumental.mp3
2011-08-26 14:21 - 2011-08-26 14:21 - 0042392 ____A C:\Windows\System32\xfcodec.dll
2011-08-24 17:39 - 2011-08-24 17:38 - 1267052 ____A C:\Users\Alex\Downloads\Shot 0.png
2011-08-24 10:58 - 2011-08-24 10:58 - 3804264 ____A C:\Users\Alex\Downloads\14. The Samurai Always Wins Instrumental.mp3
2011-08-24 10:48 - 2011-08-24 10:48 - 3128842 ____A C:\Users\Alex\Downloads\02. August Day Instrumental.mp3
2011-08-23 13:55 - 2011-08-23 03:06 - 0762548 ____A C:\Users\Alex\Downloads\generic_filly_v2.4 UV test.blend
2011-08-23 13:19 - 2011-08-23 03:06 - 0762548 ____A C:\Users\Alex\Downloads\generic_filly_v2.4 UV test.blend1
2011-08-23 13:16 - 2011-08-23 03:06 - 0762548 ____A C:\Users\Alex\Downloads\generic_filly_v2.4 UV test.blend2
2011-08-23 08:43 - 2011-08-04 18:40 - 0761116 ____A C:\Users\Alex\Downloads\generic_filly_v2.3 UV test.blend
2011-08-23 03:06 - 2011-08-04 18:40 - 0761116 ____A C:\Users\Alex\Downloads\generic_filly_v2.3 UV test.blend1
2011-08-22 20:41 - 2011-08-04 18:40 - 0761116 ____A C:\Users\Alex\Downloads\generic_filly_v2.3 UV test.blend2
2011-08-21 07:19 - 2011-08-21 07:18 - 10978919 ____A C:\Users\Alex\Downloads\Odyssey & The DNA Team - Art of the Dress -Euro Fashion Mix-.mp3
2011-08-20 17:04 - 2011-08-20 17:04 - 0000343 ____A C:\Users\Alex\Downloads\doubleportal.cfg
2011-08-20 17:04 - 2011-08-20 17:04 - 0000134 ____A C:\Users\Alex\Downloads\doubleportal_disable.cfg
2011-08-18 08:44 - 2011-08-18 08:43 - 1763579 ____A C:\Users\Alex\Downloads\PathToGloryLyrics.mp3
2011-08-17 14:26 - 2011-08-17 14:26 - 0000212 ____A C:\Users\Alex\Desktop\Half-Life.url
2011-08-16 14:32 - 2011-06-13 08:08 - 0000035 ____A C:\Users\Alex\My Documents\MC Servers.txt
2011-08-16 14:32 - 2011-06-13 08:08 - 0000035 ____A C:\Users\Alex\Documents\MC Servers.txt
2011-08-16 12:57 - 2011-08-16 12:57 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2011-08-16 12:57 - 2011-08-16 12:57 - 0000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
2011-08-16 12:57 - 2011-08-16 12:57 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2011-08-16 12:57 - 2008-12-27 07:10 - 0000000 ____D C:\Users\Alex\Application Data\Adobe
2011-08-16 12:57 - 2008-12-27 07:10 - 0000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2011-08-15 07:00 - 2010-10-28 12:31 - 0001569 ____A C:\Windows\setupact.log
2011-08-14 13:24 - 2011-01-03 13:03 - 0000000 ____D C:\Users\Alex\My Documents\XFire Videos
2011-08-14 13:24 - 2011-01-03 13:03 - 0000000 ____D C:\Users\Alex\Documents\XFire Videos
2011-08-14 12:36 - 2011-08-14 12:36 - 0143161 ____A C:\Users\Alex\Downloads\wirecraft.zip
2011-08-04 18:38 - 2011-07-24 17:25 - 0717252 ____A C:\Users\Alex\Downloads\generic_filly_v2.1 UV test.blend
2011-08-04 18:35 - 2011-07-24 17:25 - 0717252 ____A C:\Users\Alex\Downloads\generic_filly_v2.1 UV test.blend1
2011-08-04 18:33 - 2011-07-24 17:25 - 0717252 ____A C:\Users\Alex\Downloads\generic_filly_v2.1 UV test.blend2
2011-08-04 09:24 - 2011-08-04 09:24 - 0012815 ____A C:\Users\Alex\My Documents\hs_err_pid5216.log
2011-08-04 09:24 - 2011-08-04 09:24 - 0012815 ____A C:\Users\Alex\Documents\hs_err_pid5216.log
2011-08-04 06:32 - 2011-08-04 06:32 - 0000716 ____A C:\Users\Alex\Desktop\SimPE.lnk
2011-08-04 06:32 - 2011-08-04 06:32 - 0000000 ____D C:\Program Files\SimPE
2011-08-04 06:30 - 2011-08-04 06:29 - 7174401 ____A ( ) C:\Users\Alex\Downloads\SimPE_0_72_01c_Setup.exe
2011-08-04 03:27 - 2011-08-04 03:38 - 0404993 ____A C:\Users\Alex\Desktop\N001_User00577.package
2011-08-03 14:24 - 2009-07-25 14:20 - 0000000 ____D C:\Users\Alex\Local Settings\ApplicationHistory
2011-08-03 14:24 - 2009-07-25 14:20 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\ApplicationHistory
2011-08-03 14:24 - 2009-07-25 14:20 - 0000000 ____D C:\Users\Alex\AppData\Local\ApplicationHistory
2011-08-02 12:26 - 2011-08-02 12:26 - 0054487 ____A C:\Users\Alex\Downloads\Live___Learn.mid
2011-08-02 04:53 - 2011-08-02 04:53 - 0000000 ____D C:\Users\All Users\InstallShield
2011-08-02 04:53 - 2011-08-02 04:53 - 0000000 ____D C:\Users\All Users\Application Data\InstallShield
2011-08-02 04:53 - 2011-08-02 04:53 - 0000000 ____D C:\ProgramData\InstallShield
2011-08-02 04:51 - 2011-08-02 04:48 - 0105265 ____A C:\Windows\DirectX.log
2011-08-02 04:48 - 2011-08-02 04:48 - 0278728 ____A C:\Windows\System32\Drivers\atksgt.sys
2011-08-02 04:48 - 2011-08-02 04:48 - 0025416 ____A C:\Windows\System32\Drivers\lirsgt.sys
2011-08-02 04:48 - 2011-08-02 04:48 - 0002275 ____A C:\Users\Public\Desktop\Play Sherlock Holmes Nemesis DEMO.lnk
2011-08-02 04:48 - 2011-08-02 04:48 - 0002275 ____A C:\Users\All Users\Desktop\Play Sherlock Holmes Nemesis DEMO.lnk
2011-08-02 04:48 - 2011-07-23 04:39 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2011-08-02 04:40 - 2011-08-02 04:40 - 0000000 ____D C:\Program Files\The Adventure Company
2011-08-02 04:40 - 2008-09-26 03:55 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-08-02 04:40 - 2008-09-26 03:55 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2011-08-02 04:40 - 2006-11-02 03:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2011-08-01 16:29 - 2011-08-01 15:24 - 676019308 ____A (Macrovision Corporation) C:\Users\Alex\Downloads\sh-nemesis-demo.exe
2011-08-01 13:39 - 2011-07-26 09:23 - 0000000 ____D C:\Windows\System32\aesfe
2011-08-01 08:11 - 2009-12-27 06:27 - 0000000 ____D C:\Users\Alex\Local Settings\Microsoft Games
2011-08-01 08:11 - 2009-12-27 06:27 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\Microsoft Games
2011-08-01 08:11 - 2009-12-27 06:27 - 0000000 ____D C:\Users\Alex\AppData\Local\Microsoft Games
2011-07-30 04:44 - 2011-07-30 04:43 - 25787185 ____A C:\Users\Alex\Downloads\LanceBattleLoop_HQ2.mp3
2011-07-26 06:25 - 2011-07-25 07:23 - 0000000 ____D C:\Users\Alex\My Documents\Generic Filly
2011-07-26 06:25 - 2011-07-25 07:23 - 0000000 ____D C:\Users\Alex\Documents\Generic Filly
2011-07-25 08:17 - 2011-07-25 08:15 - 0711744 ____A C:\Users\Alex\Downloads\generic_filly_v2.2.blend
2011-07-25 08:15 - 2011-07-25 08:15 - 0711744 ____A C:\Users\Alex\Downloads\generic_filly_v2.2.blend1
2011-07-25 07:26 - 2011-07-18 12:45 - 0678388 ____A C:\Users\Alex\Downloads\generic_filly_v2.1.blend
2011-07-25 07:24 - 2011-07-25 06:59 - 0721398 ____A C:\Users\Alex\Downloads\torso.001.smd
2011-07-25 07:24 - 2011-07-25 06:59 - 0243642 ____A C:\Users\Alex\Downloads\Sphere.001.smd
2011-07-25 07:24 - 2011-07-25 06:59 - 0243610 ____A C:\Users\Alex\Downloads\Sphere.smd
2011-07-25 07:24 - 2011-07-18 12:45 - 0676848 ____A C:\Users\Alex\Downloads\generic_filly_v2.1.blend2
2011-07-25 07:24 - 2011-07-18 12:45 - 0676848 ____A C:\Users\Alex\Downloads\generic_filly_v2.1.blend1
2011-07-25 07:17 - 2011-07-25 07:17 - 0123385 ____A C:\Users\Alex\Downloads\generic_filly_v2.1.obj
2011-07-25 07:17 - 2011-07-25 07:17 - 0000498 ____A C:\Users\Alex\Downloads\generic_filly_v2.1.mtl
2011-07-25 07:04 - 2011-07-25 07:04 - 0000997 ____A C:\Users\Alex\Desktop\XSI - Shortcut.lnk
2011-07-24 13:00 - 2011-07-24 13:00 - 0023043 ____A C:\Users\Alex\Downloads\34110_Freakazoid.mid
2011-07-24 08:13 - 2011-07-24 08:12 - 1770475 ____A C:\Users\Alex\Downloads\12. Path To Glory (The Steel Samurai Theme Song) Instrumental.mp3
2011-07-24 06:54 - 2011-07-24 06:54 - 0002067 ____A C:\Windows\ie8_main.log
2011-07-24 06:53 - 2011-07-24 06:53 - 0000111 ____A C:\Users\Alex\My Documents\rainbowstuff.txt
2011-07-24 06:53 - 2011-07-24 06:53 - 0000111 ____A C:\Users\Alex\Documents\rainbowstuff.txt
2011-07-23 23:51 - 2011-07-23 23:51 - 0005830 __ASH C:\Users\All Users\untfs32.dll
2011-07-23 23:51 - 2011-07-23 23:51 - 0005830 __ASH C:\Users\All Users\Application Data\untfs32.dll
2011-07-23 23:51 - 2011-07-23 23:51 - 0005830 __ASH C:\ProgramData\untfs32.dll
2011-07-23 23:51 - 2011-07-23 11:50 - 0000086 ____A C:\Windows\System32\948520938
2011-07-23 22:51 - 2011-07-23 22:51 - 0005830 __ASH C:\Users\All Users\XAudio2_332.dll
2011-07-23 22:51 - 2011-07-23 22:51 - 0005830 __ASH C:\Users\All Users\Application Data\XAudio2_332.dll
2011-07-23 22:51 - 2011-07-23 22:51 - 0005830 __ASH C:\ProgramData\XAudio2_332.dll
2011-07-23 20:51 - 2011-07-23 20:51 - 0005830 __ASH C:\Users\All Users\mssprxy32.dll
2011-07-23 20:51 - 2011-07-23 20:51 - 0005830 __ASH C:\Users\All Users\Application Data\mssprxy32.dll
2011-07-23 20:51 - 2011-07-23 20:51 - 0005830 __ASH C:\ProgramData\mssprxy32.dll
2011-07-23 19:51 - 2011-07-23 19:51 - 0005830 __ASH C:\Users\All Users\KBDFO32.dll
2011-07-23 19:51 - 2011-07-23 19:51 - 0005830 __ASH C:\Users\All Users\Application Data\KBDFO32.dll
2011-07-23 19:51 - 2011-07-23 19:51 - 0005830 __ASH C:\ProgramData\KBDFO32.dll
2011-07-23 18:51 - 2011-07-23 18:51 - 0005830 __ASH C:\Users\All Users\pmspl32.dll
2011-07-23 18:51 - 2011-07-23 18:51 - 0005830 __ASH C:\Users\All Users\Application Data\pmspl32.dll
2011-07-23 18:51 - 2011-07-23 18:51 - 0005830 __ASH C:\ProgramData\pmspl32.dll
2011-07-23 17:51 - 2011-07-23 17:51 - 0005830 __ASH C:\Users\All Users\tvratings32.dll
2011-07-23 17:51 - 2011-07-23 17:51 - 0005830 __ASH C:\Users\All Users\Application Data\tvratings32.dll
2011-07-23 17:51 - 2011-07-23 17:51 - 0005830 __ASH C:\ProgramData\tvratings32.dll
2011-07-23 16:51 - 2011-07-23 16:51 - 0005830 __ASH C:\Users\All Users\dwmredir32.dll
2011-07-23 16:51 - 2011-07-23 16:51 - 0005830 __ASH C:\Users\All Users\Application Data\dwmredir32.dll
2011-07-23 16:51 - 2011-07-23 16:51 - 0005830 __ASH C:\ProgramData\dwmredir32.dll
2011-07-23 15:51 - 2011-07-23 15:51 - 0005830 __ASH C:\Users\All Users\netprofm32.dll
2011-07-23 15:51 - 2011-07-23 15:51 - 0005830 __ASH C:\Users\All Users\Application Data\netprofm32.dll
2011-07-23 15:51 - 2011-07-23 15:51 - 0005830 __ASH C:\ProgramData\netprofm32.dll
2011-07-23 14:51 - 2011-07-23 14:51 - 0005830 __ASH C:\Users\All Users\cfgmgr3232.dll
2011-07-23 14:51 - 2011-07-23 14:51 - 0005830 __ASH C:\Users\All Users\Application Data\cfgmgr3232.dll
2011-07-23 14:51 - 2011-07-23 14:51 - 0005830 __ASH C:\ProgramData\cfgmgr3232.dll
2011-07-23 13:51 - 2011-07-23 13:51 - 0005830 __ASH C:\Users\All Users\mtxlegih32.dll
2011-07-23 13:51 - 2011-07-23 13:51 - 0005830 __ASH C:\Users\All Users\Application Data\mtxlegih32.dll
2011-07-23 13:51 - 2011-07-23 13:51 - 0005830 __ASH C:\ProgramData\mtxlegih32.dll
2011-07-23 07:27 - 2011-07-23 07:27 - 0000112 ____A C:\Users\Alex\My Documents\Moonbase Alpha Texts.txt
2011-07-23 07:27 - 2011-07-23 07:27 - 0000112 ____A C:\Users\Alex\Documents\Moonbase Alpha Texts.txt
2011-07-23 07:11 - 2011-07-11 07:26 - 0000060 ____A C:\Users\Alex\My Documents\best portal and portal 2 times.txt
2011-07-23 07:11 - 2011-07-11 07:26 - 0000060 ____A C:\Users\Alex\Documents\best portal and portal 2 times.txt
2011-07-23 04:44 - 2010-04-29 13:05 - 0000000 ____D C:\Users\Alex\My Documents\My Games
2011-07-23 04:44 - 2010-04-29 13:05 - 0000000 ____D C:\Users\Alex\Documents\My Games
2011-07-23 04:41 - 2011-07-23 04:41 - 0000000 ____D C:\Windows\System32\AGEIA
2011-07-23 04:41 - 2011-07-23 04:41 - 0000000 ____D C:\Users\Alex\Local Settings\Downloaded Installations
2011-07-23 04:41 - 2011-07-23 04:41 - 0000000 ____D C:\Users\Alex\Local Settings\Application Data\Downloaded Installations
2011-07-23 04:41 - 2011-07-23 04:41 - 0000000 ____D C:\Users\Alex\AppData\Local\Downloaded Installations
2011-07-23 04:41 - 2011-07-23 04:41 - 0000000 ____D C:\Program Files\AMD
2011-07-23 04:41 - 2011-07-23 04:41 - 0000000 ____D C:\Program Files\AGEIA Technologies
2011-07-23 03:43 - 2011-07-23 03:43 - 0000215 ____A C:\Users\Alex\Desktop\Moonbase Alpha.url
2011-07-22 18:16 - 2009-11-04 13:05 - 0000000 ____D C:\tmp
2011-07-18 12:45 - 2011-06-16 10:08 - 0663116 ____A C:\Users\Alex\My Documents\portal gun boot.blend
2011-07-18 12:45 - 2011-06-16 10:08 - 0663116 ____A C:\Users\Alex\Documents\portal gun boot.blend
2011-07-17 08:00 - 2011-03-06 15:04 - 0000000 ____D C:\Users\Alex\Desktop\Sims 2 Projects and Stuff
2011-07-16 06:58 - 2011-06-16 10:08 - 0663116 ____A C:\Users\Alex\My Documents\portal gun boot.blend1
2011-07-16 06:58 - 2011-06-16 10:08 - 0663116 ____A C:\Users\Alex\Documents\portal gun boot.blend1
2011-07-16 06:57 - 2011-06-16 10:08 - 0663116 ____A C:\Users\Alex\My Documents\portal gun boot.blend2
2011-07-16 06:57 - 2011-06-16 10:08 - 0663116 ____A C:\Users\Alex\Documents\portal gun boot.blend2
2011-07-15 11:09 - 2011-06-08 08:04 - 0001443 ____A C:\Users\Alex\My Documents\RD vs AJ.txt
2011-07-15 11:09 - 2011-06-08 08:04 - 0001443 ____A C:\Users\Alex\Documents\RD vs AJ.txt
2011-07-15 07:18 - 2008-12-26 19:36 - 0207872 ____A C:\Users\Alex\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-15 07:18 - 2008-12-26 19:36 - 0207872 ____A C:\Users\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-15 07:18 - 2008-12-26 19:36 - 0207872 ____A C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-13 23:22 - 2006-11-02 04:47 - 2400112 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-12 16:13 - 2011-07-12 16:13 - 0013499 ____A C:\Users\Alex\Downloads\Rainbow Tylenol5.mid
2011-07-12 02:44 - 2011-09-18 00:26 - 0262416 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmxpflt.sys
2011-07-12 02:43 - 2011-09-18 00:26 - 0036624 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmpreflt.sys
2011-07-12 02:09 - 2011-09-18 00:26 - 1405720 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\vsapint.sys
2011-07-11 16:29 - 2010-09-06 14:33 - 0000000 ____D C:\Users\Alex\Desktop\After Effects Projects
2011-07-10 06:32 - 2011-07-10 06:32 - 0342045 ____A ( ) C:\Users\Alex\Downloads\vst-bridge-1.1.exe
2011-07-10 06:18 - 2011-07-10 06:18 - 0000943 ____A C:\Users\Alex\Desktop\Audacity 1.3 Beta (Unicode).lnk
2011-07-10 06:18 - 2011-07-10 06:18 - 0000000 ____D C:\Program Files\Audacity 1.3 Beta (Unicode)
2011-07-10 06:18 - 2011-07-10 06:17 - 14521008 ____A (Audacity Team ) C:\Users\Alex\Downloads\audacity-win-unicode-1.3.13.exe
2011-07-10 05:54 - 2011-07-10 05:54 - 8302572 ____A C:\Users\Alex\Downloads\Audacity Ring Modulator.zip
2011-07-09 17:06 - 2011-06-29 07:44 - 10299842 ____A C:\Users\Alex\Downloads\Odyssey & The DNA Team - Luna (DREAM MODE).mp3
2011-07-09 17:05 - 2011-07-09 17:05 - 0007916 ___SH C:\Users\Alex\Downloads\AlbumArt_{DE68C3F7-8C2D-4E0E-A0D4-DF1D030A5447}_Large.jpg
2011-07-09 17:05 - 2011-07-09 17:05 - 0002110 ___SH C:\Users\Alex\Downloads\AlbumArt_{DE68C3F7-8C2D-4E0E-A0D4-DF1D030A5447}_Small.jpg
2011-07-09 17:05 - 2009-05-27 12:39 - 0007916 ___SH C:\Users\Alex\Downloads\Folder.jpg
2011-07-09 17:05 - 2009-05-27 12:39 - 0002110 ___SH C:\Users\Alex\Downloads\AlbumArtSmall.jpg
2011-07-09 12:57 - 2011-07-09 12:57 - 0003209 ____A C:\Users\Alex\Downloads\nyan cat.mid
2011-07-09 10:00 - 2011-07-09 10:00 - 0556648 ____A C:\Users\Alex\Downloads\generic_filly_v2(2).blend
2011-07-09 04:52 - 2011-01-19 03:11 - 0000000 ____D C:\Users\Dad\Local Settings\TSVNCache
2011-07-09 04:52 - 2011-01-19 03:11 - 0000000 ____D C:\Users\Dad\Local Settings\Application Data\TSVNCache
2011-07-09 04:52 - 2011-01-19 03:11 - 0000000 ____D C:\Users\Dad\AppData\Local\TSVNCache
2011-07-09 04:23 - 2011-01-19 03:11 - 0000000 ____D C:\Users\Dad\Application Data\WTablet
2011-07-09 04:23 - 2011-01-19 03:11 - 0000000 ____D C:\Users\Dad\AppData\Roaming\WTablet

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2008-12-26 14:50] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\System32\winlogon.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 0314880 ____A (Microsoft Corporation) C2610B6BDBEFC053BBDAB4F1B965CB24

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9


========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3070.52 MB
Available physical RAM: 2463.81 MB
Total Pagefile: 2749.44 MB
Available Pagefile: 2584.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.14 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:221.39 GB) (Free:26.79 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.5 GB) (Free:1.58 GB) NTFS
3 Drive e: (Sims2EP8) (CDROM) (Total:0.98 GB) (Free:0 GB) UDF
4 Drive f: (AL'S FLASH) (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT
8 Drive j: () (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-10-05 02:31

======================= End Of Log ==========================
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 5th, 2011, 6:24 pm

I can't see any sign of active infection in your log, and since Windows was not running for this scan, we can be sure the results are not being corrupted and are therefore reliable.

There is a driver I'd like to remove found by the FRST scan (looks like an orphaned entry) .....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Services
swprv32

:Files
C:\Windows\system32\wmdrmdev32.exe


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Now we know that it's not an infection blocking the script for Combofix, let's see if we can get it to run by doing the following ......

Reboot your computer into Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Note: if you cannot boot into safe mode using this method, DO NOT attempt to do so by using MSConfig, this could result in your computer becoming unbootable. Just let me know.

  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
FixCSet::

  • Click Format and ensure Wordwrap is unchecked.
  • Save as CFScript.txt to your Desktop.

Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Combofix will now process that file.

When finished, it will produce a log for you. Post that log in your next reply please. (it can also be found at C:\Combofix.txt)
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 6th, 2011, 6:38 am

I ran the script in OTL and these were the results.

========== SERVICES/DRIVERS ==========
Service swprv32 stopped successfully!
Service swprv32 deleted successfully!
========== FILES ==========
File\Folder C:\Windows\system32\wmdrmdev32.exe not found.

OTL by OldTimer - Version 3.2.29.1 log created on 10062011_061108


I then tried to process the other file in ComboFix, and ComboFix did run, but it said that I needed administrator privileges to perform the action. It then went on to a normal scan. How can I get ComboFix to run but still have administrator privileges?
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 6th, 2011, 8:27 am

Try the following ....

In normal mode.

  • Right click on Combofix.exe and select Properties.
  • Click the Compatibility tab.
    • In the Privilege panel select Run this program as an Administrator
  • Click OK.

This should set Combofix to be run as Administrator every time it is run.

Reboot into Safe Mode.

Now try running the CFScript as directed in my last post.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 6th, 2011, 3:45 pm

I tried this, but it still did not work. I checked ComboFix's properties in Safe Mode to make sure I did it right and the "Run as Administrator" box was checked. It's as though I can't run anything as an administrator in Safe Mode...
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm

Re: Re-Post: Assistance is Requested.

Unread postby Gary R » October 6th, 2011, 7:26 pm

Unfortunately we don't have another tool that can fix your Control Sets issue, and it's not really something we can do manually.

Every time you boot your computer, it creates a Control Set (this is normal), and if that boot is successful, it stores the successful boot settings as "Last Known Good Configuration", so that if there's ever a problem booting, Windows has a fall back set of successful setting to rely on.

When it stores the new "Last Known Good Configuration" Windows should delete the existing LKGC, unfortunately because something is damaged in your computer, the old LKGC Control Sets are not getting deleted by Windows, and so you've got a build up of them.

Current=1 Default=1 Failed=0 LastKnownGood=54 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54
- - End Of File - - 25B5B3DE66CB9A8E30F04DBB5CBB34CC


Your C: drive is already overful because of this, and some of the problems we're having are very likely related to the fact that there is insufficient free space on your drive to give Windows the overhead it needs to operate properly.

Because we can't get Combofix to run a script, and because of your unresolved connection issues, I feel the best course of action for you at this point is to back up your personal files and folders to an external device, then reformat your hard drive and re-install Windows.

Since your machine appears to be an OEM machine, this will probably be done by means of a recovery partition on your hard drive. Your computer manual will give directions for how to "reset to factory condition".

I'm sorry it has come to this, but considering the infection "Zero Access" you had, it is likely to resolve things much more quickly than if we continue the way we are.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21870
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Re-Post: Assistance is Requested.

Unread postby neonal18 » October 6th, 2011, 9:15 pm

Wait! I tried running the script one more time through ComboFix and it worked! Here is the resulting log.


ComboFix 11-10-02.01 - Alex 10/06/2011 20:25:32.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.2313 [GMT -4:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
Command switches used :: c:\users\Alex\Desktop\CFScript.txt
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))
.
.
2011-10-07 00:43 . 2011-10-07 00:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEC591B3-1455-4647-80A5-DA5809614E96}\offreg.dll
2011-10-07 00:41 . 2011-10-07 00:45 -------- d-----w- c:\users\Alex\AppData\Local\temp
2011-10-07 00:41 . 2011-10-07 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-07 00:41 . 2011-10-07 00:41 -------- d-----w- c:\users\Dad\AppData\Local\temp
2011-10-07 00:41 . 2011-10-07 00:41 -------- d-----w- c:\users\CJ\AppData\Local\temp
2011-10-05 23:09 . 2011-10-05 23:11 -------- d-----w- C:\FRST
2011-10-04 10:33 . 2011-10-04 10:44 512 ----a-w- C:\Backup_MBR_0.bin
2011-10-04 10:27 . 2009-08-06 01:55 123904 ----a-w- C:\MbrFix.exe
2011-10-03 18:57 . 2011-10-03 18:57 -------- d-----w- C:\_OTL
2011-10-03 10:09 . 2011-10-03 10:13 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
2011-10-02 18:54 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-02 16:50 . 2011-10-02 16:50 -------- d-----w- C:\MGADiagToolOutput
2011-10-02 16:47 . 2011-10-02 16:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\users\Alex\AppData\Roaming\SYSTEMAX Software Development
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2011-09-30 17:25 . 2011-09-30 17:25 -------- d-----w- c:\users\Alex\AppData\Local\Zame
2011-09-30 13:24 . 2011-09-30 13:24 -------- d-----w- c:\windows\Sun
2011-09-30 11:32 . 2011-09-30 11:40 102400 ----a-w- c:\windows\RegBootClean.exe
2011-09-30 05:56 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AEC591B3-1455-4647-80A5-DA5809614E96}\mpengine.dll
2011-09-18 08:26 . 2011-07-12 10:44 262416 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-09-18 08:26 . 2011-07-12 10:09 1405720 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-09-18 08:26 . 2011-07-12 10:43 36624 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-09-13 13:29 . 2011-09-13 13:30 -------- d-----w- c:\users\Alex\AppData\Local\Tific
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\users\Alex\AppData\Roaming\Tific
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\programdata\Norton
2011-09-13 13:29 . 2011-09-13 13:29 -------- d-----w- c:\program files\Norton PC Checkup
2011-09-13 10:31 . 2011-09-13 10:31 -------- d-----w- c:\programdata\UAB
2011-09-13 10:30 . 2011-09-13 10:30 -------- d-----w- c:\users\Alex\AppData\Local\PC_Drivers_Headquarters
2011-09-13 10:29 . 2011-09-13 10:29 -------- d-----w- c:\programdata\Driver Tool
2011-09-13 10:26 . 2011-09-13 10:26 -------- d-----w- c:\program files\Driver Tool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-02 12:48 . 2011-08-02 12:48 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-02 12:48 . 2011-08-02 12:48 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-24 07:51 . 2011-07-24 07:51 5830 --sha-w- c:\programdata\untfs32.dll
2011-07-24 06:51 . 2011-07-24 06:51 5830 --sha-w- c:\programdata\XAudio2_332.dll
2011-07-24 04:51 . 2011-07-24 04:51 5830 --sha-w- c:\programdata\mssprxy32.dll
2011-07-24 03:51 . 2011-07-24 03:51 5830 --sha-w- c:\programdata\KBDFO32.dll
2011-07-24 02:51 . 2011-07-24 02:51 5830 --sha-w- c:\programdata\pmspl32.dll
2011-07-24 01:51 . 2011-07-24 01:51 5830 --sha-w- c:\programdata\tvratings32.dll
2011-07-24 00:51 . 2011-07-24 00:51 5830 --sha-w- c:\programdata\dwmredir32.dll
2011-07-23 23:51 . 2011-07-23 23:51 5830 --sha-w- c:\programdata\netprofm32.dll
2011-07-23 22:51 . 2011-07-23 22:51 5830 --sha-w- c:\programdata\cfgmgr3232.dll
2011-07-23 21:51 . 2011-07-23 21:51 5830 --sha-w- c:\programdata\mtxlegih32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-14 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-26 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\users\Alex\QT Lite\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [2010-10-15 62856]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-8-26 3510680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
2;2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-24 3461116]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-17 721904]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-03 145424]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-24 4497704]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-05 50256]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-03 497008]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 36624]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-03 677128]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-03 256528]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 113448]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\User_Feed_Synchronization-{6BCE3385-2AE3-4C19-B5CE-CEEB79B28D40}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
2011-10-07 c:\windows\Tasks\User_Feed_Synchronization-{E3601854-F1C9-46B2-B447-AB4D7CC5C161}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\6f6pknu3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1c,10,d1,3b,9d,05,cd,f2,aa,3f,0f,df,13,d7,ff,d9,ce,0b,fb,ad,2e,55,16,
f6,15,cb,a2,10,c4,46,0d,56,ac,02,c2,f4,2c,56,13,b2,6a,f1,cf,a0,2c,70,8e,61,\
"??"=hex:aa,06,ba,37,1f,bb,9e,c2,1a,37,22,8e,f0,4b,61,9b
.
[HKEY_USERS\S-1-5-21-1480268344-322766123-2448355078-1001\Software\SecuROM\License information*]
"datasecu"=hex:80,a7,cf,e6,f4,aa,bd,a1,c0,f2,a4,dc,4e,90,c8,fa,34,23,05,46,aa,
80,4e,69,7d,66,13,c1,81,e9,b8,0d,d9,d2,e6,9c,48,0a,e7,c4,74,06,bc,a7,10,5a,\
"rkeysecu"=hex:ca,d0,af,ef,8a,d7,ff,0c,4a,8f,38,83,be,e3,62,ca
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2372)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-10-06 20:51:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-07 00:50
ComboFix2.txt 2011-10-04 19:17
ComboFix3.txt 2011-10-02 19:29
.
Pre-Run: 28,521,066,496 bytes free
Post-Run: 28,330,348,544 bytes free
.
- - End Of File - - 2122C5E93D1382A042B949A3B9820ECB


Now that that is done, what should I do next?
neonal18
Regular Member
 
Posts: 21
Joined: October 1st, 2011, 5:43 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware