Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirects OTM Not An Option

Started by defazken , Mar 25 2011 04:42 PM

  • This topic is locked This topic is locked

#1
defazken
Posted 25 March 2011 - 04:42 PM

defazken

    Member

  • Member
  • PipPip
  • 14 posts
Hello,

I've recently been the victim of the Google Redirect issue. I have attempted to resolve the issue following the work stream in the first link, http://www.geekstogo...gle-redirects/. Unfortunately, OTM never finishes executing and I'm not able to continue. I have tried a couple of other solution threads with no resolution realized. I'm hoping I will have better luck posting my log for any of you with a larger brain than I possess.

Thank you in advance.

OTL logfile created on: 3/25/2011 6:34:23 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 56.74 Gb Free Space | 47.62% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 184.43 Gb Free Space | 79.19% Space Free | Partition Type: NTFS
Drive F: | 493.27 Mb Total Space | 302.40 Mb Free Space | 61.30% Space Free | Partition Type: FAT

Computer Name: KEN-PC | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 18:28:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL(1).exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/17 08:57:38 | 023,889,760 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2011/01/28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/24 13:40:16 | 001,298,432 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/11/15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/11/03 06:42:32 | 000,909,440 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe
PRC - [2010/10/28 19:09:06 | 000,592,000 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
PRC - [2010/10/28 16:34:18 | 000,330,368 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/10/27 23:40:12 | 000,917,120 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/10/21 20:57:58 | 001,419,904 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
PRC - [2010/10/20 13:47:58 | 001,096,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010/10/12 19:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2010/10/04 20:20:12 | 001,205,376 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010/09/28 09:47:10 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
PRC - [2010/09/25 00:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010/04/26 22:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2009/07/27 14:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 18:28:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL(1).exe
MOD - [2010/12/31 09:36:32 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/25 08:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/03 06:42:32 | 000,909,440 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/27 23:40:12 | 000,917,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe -- (asComSvc)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/21 05:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/27 14:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/25 18:20:43 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011/03/18 08:51:39 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011/01/17 09:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/12/31 09:36:44 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2010/12/31 09:36:42 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/12/31 09:36:40 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/12/16 08:46:10 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/10/28 07:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/09/21 12:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/08 04:08:54 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/17 13:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel® Watchdog Timer Driver (Intel® WDT)
DRV:64bit: - [2010/08/03 15:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/03 15:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/04/26 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/02/22 18:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/17 21:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [1999/12/31 20:00:00 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300

FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011/03/25 15:49:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/03/25 17:03:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/03/25 17:03:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 14:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/25 16:08:38 | 000,000,000 | ---D | M]

[2011/03/18 10:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2011/03/25 13:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\g2izktqn.default\extensions
[2011/03/22 19:04:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\g2izktqn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/25 16:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/25 16:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\KEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G2IZKTQN.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/03/25 16:08:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{77645bda-5225-11e0-ba55-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{77645bda-5225-11e0-ba55-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 18:29:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL(1).exe
[2011/03/25 18:16:23 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/03/25 18:15:35 | 000,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Users\Ken\Desktop\KillBox.exe
[2011/03/25 18:14:58 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\backups
[2011/03/25 18:09:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken\Desktop\HijackThis.exe
[2011/03/25 17:53:29 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTM.exe
[2011/03/25 17:49:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Ken\Desktop\GooredFix.exe
[2011/03/25 17:39:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/25 17:24:49 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/03/25 17:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/03/25 17:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/03/25 17:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/25 17:04:43 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\AVG10
[2011/03/25 17:03:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/03/25 17:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/03/25 17:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/03/25 17:03:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/03/25 17:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/03/25 17:03:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/03/25 17:02:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/03/25 16:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/25 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Secunia PSI
[2011/03/25 16:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2011/03/25 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Registry Mechanic
[2011/03/25 15:54:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/25 15:49:20 | 000,074,824 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/03/25 15:49:20 | 000,065,072 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/03/25 15:49:20 | 000,041,888 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/03/25 15:44:04 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011/03/25 15:44:04 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011/03/25 15:44:04 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011/03/25 15:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/03/25 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2011/03/25 15:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/03/25 15:38:33 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\PC Tools
[2011/03/25 14:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/25 14:08:23 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Malwarebytes
[2011/03/25 14:08:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/25 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/25 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/25 14:08:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/25 14:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/25 13:49:29 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Threat Expert
[2011/03/22 22:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/03/22 19:47:02 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0340.old
[2011/03/22 19:47:02 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0319.old
[2011/03/22 19:47:02 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/03/22 19:47:02 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/03/22 19:47:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0340.old
[2011/03/22 19:47:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0319.old
[2011/03/22 19:47:02 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/03/22 19:42:22 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/03/22 19:42:22 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/03/22 19:42:22 | 000,334,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/03/22 19:42:22 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/03/22 19:42:22 | 000,137,704 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/03/22 19:42:21 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/03/22 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/03/22 19:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/03/22 19:35:23 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/03/22 19:35:23 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/03/22 19:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/22 19:22:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/21 18:02:23 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\RAWR Characters
[2011/03/21 16:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/21 16:17:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Ventrilo
[2011/03/20 15:21:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/03/20 15:21:28 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/03/20 15:21:28 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/03/20 15:21:28 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2011/03/20 15:21:28 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/03/20 15:21:28 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/03/20 15:21:28 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/03/20 15:21:28 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2011/03/20 15:21:28 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2011/03/20 15:21:28 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011/03/20 15:21:27 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/03/20 15:21:27 | 001,943,616 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/03/20 15:21:27 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011/03/20 15:21:27 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011/03/20 15:21:27 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/03/20 15:21:27 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/03/20 15:21:27 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/03/20 15:21:27 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/03/20 15:21:27 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/03/20 15:21:27 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/03/20 15:21:27 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011/03/20 15:21:27 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/03/20 15:21:27 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011/03/20 15:21:27 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011/03/20 15:21:27 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/03/20 15:21:27 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/03/20 15:21:27 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/03/20 15:21:27 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/03/20 15:21:27 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/03/20 15:21:27 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/03/20 15:21:27 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/03/20 15:21:27 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011/03/20 15:21:27 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/03/20 15:21:27 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/03/20 15:21:27 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/03/20 15:21:27 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011/03/20 15:21:27 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/03/20 15:21:27 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/03/20 15:21:27 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011/03/20 15:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/03/20 15:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp
[2011/03/20 15:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/03/20 15:05:49 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\SlimWare Utilities Inc
[2011/03/20 15:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2011/03/20 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2011/03/20 15:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installers
[2011/03/20 13:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/03/20 13:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Adobe
[2011/03/20 13:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/03/20 13:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/03/20 13:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/03/20 00:59:18 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Apple Computer
[2011/03/20 00:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Apple Computer
[2011/03/20 00:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/03/20 00:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/20 00:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/03/20 00:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/03/20 00:57:44 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Apple
[2011/03/20 00:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/03/20 00:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/03/20 00:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/03/19 09:35:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/03/19 09:15:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Google
[2011/03/19 09:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/03/19 08:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/03/19 08:36:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/03/19 08:36:12 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/03/19 05:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SkyGolf
[2011/03/19 03:00:52 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/03/19 02:49:17 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/03/19 02:35:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/03/19 02:35:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/03/18 10:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/03/18 10:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/03/18 10:09:25 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Mozilla
[2011/03/18 10:09:25 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Mozilla
[2011/03/18 10:06:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\cache
[2011/03/18 10:05:50 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\FullTiltPoker
[2011/03/18 10:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2011/03/18 09:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011/03/18 09:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/03/18 09:44:05 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Linksys_LLC_-_A_Division_
[2011/03/18 09:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Linksys
[2011/03/18 09:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/03/18 09:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/18 09:43:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/03/18 09:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2011/03/18 09:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linksys
[2011/03/18 09:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/03/18 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Macromedia
[2011/03/18 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Adobe
[2011/03/18 09:27:43 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Diagnostics
[2011/03/18 09:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2011/03/18 09:17:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/03/18 09:16:17 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2011/03/18 09:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2011/03/18 09:15:19 | 000,028,672 | R--- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2011/03/18 09:13:43 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm
[2011/03/18 09:13:11 | 000,000,000 | ---D | C] -- C:\RaidTool
[2011/03/18 09:13:07 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2011/03/18 09:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2011/03/18 09:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2011/03/18 09:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2011/03/18 09:12:00 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011/03/18 09:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/03/18 09:11:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011/03/18 09:11:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011/03/18 09:10:41 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\InstallShield
[2011/03/18 09:10:05 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011/03/18 09:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/03/18 09:09:54 | 000,000,000 | ---D | C] -- C:\Intel
[2011/03/18 08:54:12 | 000,023,680 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2011/03/18 08:54:02 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\ASUS
[2011/03/18 08:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/03/18 08:51:39 | 000,016,384 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys
[2011/03/18 08:51:39 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
[2011/03/18 08:51:22 | 002,212,864 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\Windows\SysNative\ATKDispCPL.dll
[2011/03/18 08:51:22 | 001,354,240 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atklumdispx.dll
[2011/03/18 08:51:22 | 000,150,528 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\atkdx10dispx.dll
[2011/03/18 08:51:22 | 000,039,424 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys
[2011/03/18 08:51:22 | 000,017,792 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\asusgsb.sys
[2011/03/18 08:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011/03/18 08:51:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/03/18 08:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011/03/18 08:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/03/18 08:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/03/18 08:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/03/18 08:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/03/18 08:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/03/18 08:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/03/18 08:49:17 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/03/18 08:43:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/03/18 08:42:37 | 000,000,000 | R--D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/03/18 08:42:37 | 000,000,000 | R--D | C] -- C:\Users\Ken\Searches
[2011/03/18 08:42:37 | 000,000,000 | R--D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/03/18 08:42:37 | 000,000,000 | -H-D | C] -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/03/18 08:42:32 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Identities
[2011/03/18 08:42:31 | 000,000,000 | R--D | C] -- C:\Users\Ken\Contacts
[2011/03/18 08:42:30 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\VirtualStore
[2011/03/18 08:42:28 | 000,000,000 | --SD | C] -- C:\Users\Ken\AppData\Roaming\Microsoft
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Videos
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Saved Games
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Pictures
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Music
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Links
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Favorites
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Downloads
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\My Documents
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\Desktop
[2011/03/18 08:42:28 | 000,000,000 | R--D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\AppData\Local\Temporary Internet Files
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Templates
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Start Menu
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\SendTo
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Recent
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\PrintHood
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\NetHood
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Documents\My Videos
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Documents\My Pictures
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Documents\My Music
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\My Documents
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Local Settings
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\AppData\Local\History
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Cookies
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\Application Data
[2011/03/18 08:42:28 | 000,000,000 | -HSD | C] -- C:\Users\Ken\AppData\Local\Application Data
[2011/03/18 08:42:28 | 000,000,000 | -H-D | C] -- C:\Users\Ken\AppData
[2011/03/18 08:42:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Temp
[2011/03/18 08:42:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Microsoft
[2011/03/18 08:42:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Media Center Programs
[2011/03/18 08:42:25 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/03/25 18:28:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL(1).exe
[2011/03/25 18:27:52 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 18:27:52 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 18:25:00 | 000,975,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/25 18:25:00 | 000,227,812 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/25 18:25:00 | 000,006,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/25 18:20:51 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2011/03/25 18:20:43 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/03/25 18:20:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/25 18:20:41 | 000,000,294 | -HS- | M] () -- C:\Windows\tasks\HHNBAGWXS.job
[2011/03/25 18:20:40 | 2131,865,599 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/25 18:07:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken\Desktop\HijackThis.exe
[2011/03/25 17:53:16 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTM.exe
[2011/03/25 17:50:06 | 001,263,721 | ---- | M] () -- C:\Users\Ken\Desktop\tdsskiller.zip
[2011/03/25 17:48:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Ken\Desktop\GooredFix.exe
[2011/03/25 17:29:08 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/25 17:24:49 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/03/25 17:05:04 | 109,876,193 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/25 17:03:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/03/25 17:03:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/03/25 16:06:04 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/25 15:54:41 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011/03/25 15:54:40 | 494,354,816 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/25 15:44:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/03/25 14:46:24 | 000,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Users\Ken\Desktop\KillBox.exe
[2011/03/25 13:47:30 | 000,149,504 | RHS- | M] () -- C:\Windows\SysWow64\ro-ROP.dll
[2011/03/23 22:53:59 | 001,471,860 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/03/23 17:01:38 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/20 15:26:59 | 000,006,144 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/19 08:37:56 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/03/19 08:37:56 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/03/19 03:50:07 | 001,067,536 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2011/03/19 03:49:27 | 001,098,048 | ---- | M] () -- C:\Windows\PE_File.dll
[2011/03/19 03:40:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/03/19 03:15:29 | 000,003,349 | ---- | M] () -- C:\Windows\MB.idx
[2011/03/19 03:15:26 | 000,000,462 | ---- | M] () -- C:\Windows\Path.idx
[2011/03/19 02:46:56 | 000,000,041 | ---- | M] () -- C:\Windows\SysWow64\@ÛZ
[2011/03/18 09:28:07 | 000,026,583 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2011/03/18 09:28:04 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011/03/18 09:17:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2011/03/18 09:13:49 | 000,001,437 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/18 09:12:00 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011/03/18 08:51:39 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\EIO64.sys

========== Files Created - No Company Name ==========

[2011/03/25 17:50:20 | 001,263,721 | ---- | C] () -- C:\Users\Ken\Desktop\tdsskiller.zip
[2011/03/25 17:12:55 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/03/25 17:05:04 | 109,876,193 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/25 17:03:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/03/25 17:03:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/03/25 16:06:04 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/03/25 16:06:04 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/03/25 15:54:40 | 494,354,816 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/25 15:44:25 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2011/03/25 15:44:04 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2011/03/25 15:44:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/03/25 13:47:30 | 000,149,504 | RHS- | C] () -- C:\Windows\SysWow64\ro-ROP.dll
[2011/03/25 13:47:30 | 000,000,294 | -HS- | C] () -- C:\Windows\tasks\HHNBAGWXS.job
[2011/03/24 14:13:43 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/22 19:47:02 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0340.old
[2011/03/22 19:47:02 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0319.old
[2011/03/22 19:47:02 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/03/22 19:47:02 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2011/03/22 19:47:02 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/03/22 19:47:02 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/03/22 19:47:02 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/03/22 19:42:23 | 001,471,860 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/03/20 15:05:51 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2011/03/20 15:05:49 | 000,015,672 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/03/20 13:41:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/20 00:57:43 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/03/19 08:57:15 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/19 08:37:51 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/03/19 08:37:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/03/19 08:36:12 | 2131,865,599 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/19 03:40:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/03/19 03:21:54 | 001,098,048 | ---- | C] () -- C:\Windows\PE_File.dll
[2011/03/19 03:12:24 | 000,003,349 | ---- | C] () -- C:\Windows\MB.idx
[2011/03/19 03:11:23 | 000,000,462 | ---- | C] () -- C:\Windows\Path.idx
[2011/03/19 03:03:43 | 001,067,536 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2011/03/19 02:46:56 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\@ÛZ
[2011/03/18 09:30:27 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2011/03/18 09:29:35 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2011/03/18 09:17:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2011/03/18 09:17:23 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011/03/18 09:15:18 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/03/18 09:15:09 | 000,011,832 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/03/18 09:13:49 | 000,001,437 | ---- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/18 09:11:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/03/18 09:11:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2011/03/18 09:08:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/18 09:08:46 | 000,026,583 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/18 08:49:56 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011/03/18 08:42:28 | 000,000,290 | ---- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/03/18 08:42:28 | 000,000,272 | ---- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/03 01:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/07/27 14:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/04 01:34:42 | 000,010,216 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

========== LOP Check ==========

[2011/03/25 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\AVG10
[2011/03/25 16:00:18 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Registry Mechanic
[2011/03/25 18:20:51 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\DriverUpdate Startup.job
[2011/03/25 18:20:41 | 000,000,294 | -HS- | M] () -- C:\Windows\Tasks\HHNBAGWXS.job
[2011/03/25 15:54:41 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2009/07/14 01:08:49 | 000,009,876 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
  • 0

Advertisements

#2
Blottedisk
Posted 26 March 2011 - 08:35 AM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi defazken,

Welcome to Geeks to go! My name is Blottedisk and I will be helping you with your malware issues.

  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification). If the button says Stop Watching Topic, then you are already subscribed.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.


Please follow these steps in order:


Step 1 | Please post the contents of TDSSKiller log. This report can be found in your C:\ folder in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step 2 | Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
    Vista and Windows 7 users right click the icon and choose "Run as administrator".
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Posted Image
Click the image to enlarge it

Step 3 | Please download GMER from one of the following locations and save it to your desktop:

Main Mirror - This version will download a randomly named file (Recommended)
Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

--------------------------------------------------------------------

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Right-click on the randomly named GMER file (i.e. n7gmo46c.exe) and choose "Run as administrator" to run it. Allow the gmer.sys driver to load if asked.

Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then right-click on gmer.exe and choose "Run as administrator".

Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Make sure these options are all checked:
  • Services
  • Registry
  • Files
  • Systemdrive drive/partition, which is typically C:\
  • ADS

Posted Image
Click the image to enlarge it

  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


Step 4 | Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

  • 0

#3
defazken
Posted 26 March 2011 - 12:39 PM

defazken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you for your very fast response AND your assistance. Please find the output from the program runs you requested. Thanks again.



TDSKiller Log as requested.

2011/03/25 17:50:34.0767 4836 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/25 17:50:34.0978 4836 ================================================================================
2011/03/25 17:50:34.0978 4836 SystemInfo:
2011/03/25 17:50:34.0978 4836
2011/03/25 17:50:34.0979 4836 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/25 17:50:34.0979 4836 Product type: Workstation
2011/03/25 17:50:34.0979 4836 ComputerName: KEN-PC
2011/03/25 17:50:34.0979 4836 UserName: Ken
2011/03/25 17:50:34.0979 4836 Windows directory: C:\Windows
2011/03/25 17:50:34.0979 4836 System windows directory: C:\Windows
2011/03/25 17:50:34.0979 4836 Running under WOW64
2011/03/25 17:50:34.0979 4836 Processor architecture: Intel x64
2011/03/25 17:50:34.0979 4836 Number of processors: 8
2011/03/25 17:50:34.0979 4836 Page size: 0x1000
2011/03/25 17:50:34.0979 4836 Boot type: Normal boot
2011/03/25 17:50:34.0980 4836 ================================================================================
2011/03/25 17:50:35.0184 4836 Initialize success
2011/03/25 17:50:54.0368 5992 ================================================================================
2011/03/25 17:50:54.0368 5992 Scan started
2011/03/25 17:50:54.0368 5992 Mode: Manual;
2011/03/25 17:50:54.0368 5992 ================================================================================
2011/03/25 17:50:56.0517 5992 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/25 17:50:56.0529 5992 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/25 17:50:56.0539 5992 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/25 17:50:56.0552 5992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/25 17:50:56.0567 5992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/25 17:50:56.0581 5992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/25 17:50:56.0599 5992 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/25 17:50:56.0611 5992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/25 17:50:56.0622 5992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/25 17:50:56.0631 5992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/25 17:50:56.0640 5992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/25 17:50:56.0650 5992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/25 17:50:56.0659 5992 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/25 17:50:56.0670 5992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/25 17:50:56.0680 5992 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/25 17:50:56.0689 5992 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/25 17:50:56.0702 5992 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/25 17:50:56.0712 5992 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/25 17:50:56.0743 5992 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
2011/03/25 17:50:56.0756 5992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/25 17:50:56.0765 5992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/25 17:50:56.0784 5992 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/25 17:50:56.0793 5992 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/03/25 17:50:56.0802 5992 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/25 17:50:56.0813 5992 Avgldx64 (91be0147bc27059aba6d0a478adeb1ee) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/03/25 17:50:56.0823 5992 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/03/25 17:50:56.0832 5992 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/03/25 17:50:56.0843 5992 Avgtdia (9140455490a9298f5a43500f1c886afe) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/03/25 17:50:56.0859 5992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/25 17:50:56.0874 5992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/25 17:50:56.0890 5992 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/25 17:50:56.0903 5992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/25 17:50:56.0913 5992 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/25 17:50:56.0922 5992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/25 17:50:56.0931 5992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/25 17:50:56.0946 5992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/25 17:50:56.0957 5992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/25 17:50:56.0966 5992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/25 17:50:56.0975 5992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/25 17:50:56.0985 5992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/25 17:50:56.0998 5992 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/25 17:50:57.0008 5992 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/25 17:50:57.0020 5992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/25 17:50:57.0031 5992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/25 17:50:57.0048 5992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/25 17:50:57.0057 5992 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/25 17:50:57.0070 5992 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/25 17:50:57.0081 5992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/25 17:50:57.0090 5992 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/25 17:50:57.0101 5992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/25 17:50:57.0119 5992 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/25 17:50:57.0130 5992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/25 17:50:57.0140 5992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/25 17:50:57.0154 5992 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/25 17:50:57.0170 5992 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/25 17:50:57.0184 5992 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
2011/03/25 17:50:57.0218 5992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/25 17:50:57.0254 5992 EIO64 (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
2011/03/25 17:50:57.0266 5992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/25 17:50:57.0279 5992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/25 17:50:57.0296 5992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/25 17:50:57.0308 5992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/25 17:50:57.0319 5992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/25 17:50:57.0333 5992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/25 17:50:57.0342 5992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/25 17:50:57.0351 5992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/25 17:50:57.0363 5992 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/25 17:50:57.0379 5992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/25 17:50:57.0388 5992 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/25 17:50:57.0399 5992 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/25 17:50:57.0408 5992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/25 17:50:57.0418 5992 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/25 17:50:57.0429 5992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/25 17:50:57.0441 5992 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/25 17:50:57.0453 5992 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/25 17:50:57.0462 5992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/25 17:50:57.0472 5992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/25 17:50:57.0481 5992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/25 17:50:57.0493 5992 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/25 17:50:57.0508 5992 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/25 17:50:57.0521 5992 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/25 17:50:57.0534 5992 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/25 17:50:57.0544 5992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/25 17:50:57.0556 5992 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/25 17:50:57.0567 5992 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
2011/03/25 17:50:57.0580 5992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/25 17:50:57.0616 5992 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/25 17:50:57.0634 5992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/25 17:50:57.0643 5992 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/25 17:50:57.0653 5992 IOMap (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
2011/03/25 17:50:57.0665 5992 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/25 17:50:57.0677 5992 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/25 17:50:57.0687 5992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/25 17:50:57.0696 5992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/25 17:50:57.0705 5992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/25 17:50:57.0715 5992 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/25 17:50:57.0726 5992 JRAID (e86d4e8663efebd7c4e2a43f80cb1339) C:\Windows\system32\DRIVERS\jraid.sys
2011/03/25 17:50:57.0735 5992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/25 17:50:57.0744 5992 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/25 17:50:57.0755 5992 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/25 17:50:57.0764 5992 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/25 17:50:57.0773 5992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/25 17:50:57.0790 5992 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/25 17:50:57.0805 5992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/25 17:50:57.0816 5992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/25 17:50:57.0826 5992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/25 17:50:57.0836 5992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/25 17:50:57.0847 5992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/25 17:50:57.0858 5992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/25 17:50:57.0869 5992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/25 17:50:57.0880 5992 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/03/25 17:50:57.0892 5992 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/25 17:50:57.0901 5992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/25 17:50:57.0911 5992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/25 17:50:57.0919 5992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/25 17:50:57.0929 5992 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/25 17:50:57.0939 5992 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/25 17:50:57.0949 5992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/25 17:50:57.0961 5992 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/25 17:50:57.0971 5992 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/25 17:50:57.0981 5992 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/25 17:50:57.0991 5992 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/25 17:50:58.0000 5992 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/25 17:50:58.0010 5992 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/25 17:50:58.0025 5992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/25 17:50:58.0034 5992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/25 17:50:58.0043 5992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/25 17:50:58.0056 5992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/25 17:50:58.0066 5992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/25 17:50:58.0077 5992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/25 17:50:58.0089 5992 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/25 17:50:58.0102 5992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/25 17:50:58.0111 5992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/25 17:50:58.0120 5992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/25 17:50:58.0130 5992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/25 17:50:58.0143 5992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/25 17:50:58.0163 5992 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/25 17:50:58.0178 5992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/25 17:50:58.0187 5992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/25 17:50:58.0197 5992 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/25 17:50:58.0208 5992 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/25 17:50:58.0219 5992 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/25 17:50:58.0229 5992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/25 17:50:58.0240 5992 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/25 17:50:58.0263 5992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/25 17:50:58.0274 5992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/25 17:50:58.0285 5992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/25 17:50:58.0309 5992 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/25 17:50:58.0329 5992 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/25 17:50:58.0339 5992 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/03/25 17:50:58.0355 5992 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/03/25 17:50:58.0369 5992 NVHDA (ed9380f201c8126425c09bed96dbe1e5) C:\Windows\system32\drivers\nvhda64v.sys
2011/03/25 17:50:58.0476 5992 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/25 17:50:58.0519 5992 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/25 17:50:58.0530 5992 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/25 17:50:58.0543 5992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/25 17:50:58.0552 5992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/25 17:50:58.0566 5992 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/25 17:50:58.0577 5992 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/25 17:50:58.0589 5992 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/25 17:50:58.0600 5992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/25 17:50:58.0611 5992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/25 17:50:58.0625 5992 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
2011/03/25 17:50:58.0639 5992 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
2011/03/25 17:50:58.0656 5992 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
2011/03/25 17:50:58.0673 5992 pctgntdi (24b8461b247824e0a8af9671e81a5553) C:\Windows\System32\drivers\pctgntdi64.sys
2011/03/25 17:50:58.0687 5992 pctplsg (db7a3311c4ede70f3115308533ae9fb9) C:\Windows\System32\drivers\pctplsg64.sys
2011/03/25 17:50:58.0697 5992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/25 17:50:58.0710 5992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/25 17:50:58.0744 5992 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/25 17:50:58.0754 5992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/25 17:50:58.0768 5992 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/25 17:50:58.0777 5992 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/03/25 17:50:58.0797 5992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/25 17:50:58.0816 5992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/25 17:50:58.0827 5992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/25 17:50:58.0836 5992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/25 17:50:58.0846 5992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/25 17:50:58.0859 5992 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/25 17:50:58.0872 5992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/25 17:50:58.0883 5992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/25 17:50:58.0896 5992 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/25 17:50:58.0908 5992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/25 17:50:58.0917 5992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/25 17:50:58.0930 5992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/25 17:50:58.0941 5992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/25 17:50:58.0952 5992 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/25 17:50:58.0966 5992 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/25 17:50:58.0985 5992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/25 17:50:58.0996 5992 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/25 17:50:59.0008 5992 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/25 17:50:59.0026 5992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/25 17:50:59.0044 5992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/25 17:50:59.0054 5992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/25 17:50:59.0065 5992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/25 17:50:59.0081 5992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/25 17:50:59.0091 5992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/25 17:50:59.0101 5992 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/25 17:50:59.0111 5992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/25 17:50:59.0125 5992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/25 17:50:59.0135 5992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/25 17:50:59.0145 5992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/25 17:50:59.0160 5992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/25 17:50:59.0178 5992 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/25 17:50:59.0192 5992 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/25 17:50:59.0204 5992 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/25 17:50:59.0219 5992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/25 17:50:59.0230 5992 SWDUMon (d68abdf283cb1d4e3bd6a5ced9070c1c) C:\Windows\system32\DRIVERS\SWDUMon.sys
2011/03/25 17:50:59.0242 5992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/25 17:50:59.0274 5992 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/25 17:50:59.0309 5992 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/25 17:50:59.0325 5992 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/25 17:50:59.0337 5992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/25 17:50:59.0346 5992 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/25 17:50:59.0357 5992 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/25 17:50:59.0369 5992 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/25 17:50:59.0381 5992 TfFsMon (a0e9ff68460a30517283e75fdd3576d8) C:\Windows\system32\drivers\TfFsMon.sys
2011/03/25 17:50:59.0392 5992 TfNetMon (974285b8fa8cf2f70ae868422ba05218) C:\Windows\system32\drivers\TfNetMon.sys
2011/03/25 17:50:59.0403 5992 TFSysMon (f9a30737390516f4448682bd1888a038) C:\Windows\system32\drivers\TfSysMon.sys
2011/03/25 17:50:59.0425 5992 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/25 17:50:59.0436 5992 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/25 17:50:59.0447 5992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/25 17:50:59.0458 5992 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/25 17:50:59.0475 5992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/25 17:50:59.0486 5992 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/25 17:50:59.0497 5992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/25 17:50:59.0508 5992 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/25 17:50:59.0520 5992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/25 17:50:59.0530 5992 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/25 17:50:59.0541 5992 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/25 17:50:59.0553 5992 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/25 17:50:59.0563 5992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/25 17:50:59.0574 5992 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/25 17:50:59.0584 5992 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/25 17:50:59.0599 5992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/25 17:50:59.0612 5992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/25 17:50:59.0621 5992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/25 17:50:59.0632 5992 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/25 17:50:59.0642 5992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/25 17:50:59.0652 5992 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/25 17:50:59.0663 5992 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/25 17:50:59.0676 5992 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/25 17:50:59.0687 5992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/25 17:50:59.0699 5992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/25 17:50:59.0714 5992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/25 17:50:59.0724 5992 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/25 17:50:59.0730 5992 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/25 17:50:59.0747 5992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/25 17:50:59.0761 5992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/25 17:50:59.0784 5992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/25 17:50:59.0794 5992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/25 17:50:59.0820 5992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/25 17:50:59.0838 5992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/25 17:50:59.0855 5992 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/25 17:50:59.0866 5992 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/25 17:50:59.0929 5992 ================================================================================
2011/03/25 17:50:59.0929 5992 Scan finished
2011/03/25 17:50:59.0929 5992 ================================================================================
2011/03/25 17:51:33.0417 3816 Deinitialize success


aswMBR Log

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-26 14:40:10
-----------------------------
14:40:10.657 OS Version: Windows x64 6.1.7600
14:40:10.657 Number of processors: 8 586 0x2A07
14:40:10.657 ComputerName: KEN-PC UserName: Ken
14:40:17.623 Initialize success
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-26 14:40:10
-----------------------------
14:40:10.657 OS Version: Windows x64 6.1.7600
14:40:10.657 Number of processors: 8 586 0x2A07
14:40:10.657 ComputerName: KEN-PC UserName: Ken
14:40:17.623 Initialize success
14:41:20.693 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:41:20.695 Disk 0 Vendor: ST3250410AS 3.AAF Size: 238475MB BusType: 11
14:41:20.698 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4
14:41:20.700 Disk 1 Vendor: C300-CTFDDAC128MAG 0006 Size: 122104MB BusType: 11
14:41:22.704 Disk 1 MBR read successfully
14:41:22.707 Disk 1 MBR scan
14:41:22.710 Service scanning
14:41:24.241 Disk 1 trace - called modules:
14:41:24.247 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:41:24.250 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007879060]
14:41:24.254 3 CLASSPNP.SYS[fffff88001b8a43f] -> nt!IofCallDriver -> [0xfffffa80076a3cf0]
14:41:24.258 5 PCTCore64.sys[fffff880011cf094] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa80075ac680]
14:41:24.262 Scan finished successfully



GMER Log File

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-26 15:11:13
Windows 6.1.7600
Running: go94eyzg.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\avg-2242503c-4a32-473d-aea1-7c61ec8fdd26.tmp 0 bytes

---- EOF - GMER 1.0.15 ----


MBRcheck Log File

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 173):
0x03059000 \SystemRoot\system32\ntoskrnl.exe
0x03010000 \SystemRoot\system32\hal.dll
0x00BA9000 \SystemRoot\system32\kdcom.dll
0x00CD5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D19000 \SystemRoot\system32\PSHED.dll
0x00D2D000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E52000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F05000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F5C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F65000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FB1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FBB000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FEE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D8B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E2A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E31000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010F6000 \SystemRoot\system32\DRIVERS\jraid.sys
0x01117000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x01146000 \SystemRoot\System32\drivers\mountmgr.sys
0x01160000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01169000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01193000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0119E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x011A9000 \SystemRoot\system32\drivers\fileinfo.sys
0x011BD000 \SystemRoot\system32\drivers\PCTCore64.sys
0x01000000 \SystemRoot\system32\drivers\pctDS64.sys
0x01216000 \SystemRoot\system32\drivers\pctEFA64.sys
0x012E2000 \SystemRoot\system32\drivers\TfFsMon.sys
0x012F6000 \SystemRoot\system32\drivers\TfSysMon.sys
0x01452000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0130B000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01369000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016DA000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01071000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017CC000 \SystemRoot\System32\Drivers\spldr.sys
0x01AE4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B1E000 \SystemRoot\System32\Drivers\mup.sys
0x01B30000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B39000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B73000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B89000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01BB9000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01BC3000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x01A13000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01A3D000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x01A4C000 \SystemRoot\System32\Drivers\Null.SYS
0x01A55000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A5C000 \SystemRoot\System32\drivers\vga.sys
0x01A6A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A8F000 \SystemRoot\System32\drivers\watchdog.sys
0x01A9F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01AA8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01AB1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01ABA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01AC5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x017D4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01AD6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02EA2000 \??\C:\Windows\System32\drivers\pctgntdi64.sys
0x02EF9000 \Device\Harddisk1\Partition2\Windows\system32\drivers\PctWfpFilter64.sys
0x02F1E000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x02F7F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E00000 \SystemRoot\system32\drivers\afd.sys
0x02E8A000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02E95000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02FC4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02FEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01435000 \SystemRoot\system32\DRIVERS\serial.sys
0x013DC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01200000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EE0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F31000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F3D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03F48000 \SystemRoot\system32\DRIVERS\EIO64.sys
0x03F51000 \SystemRoot\System32\drivers\discache.sys
0x03F60000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F7E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F8F000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03FDF000 \SystemRoot\SysWow64\drivers\AsUpIO.sys
0x03FE6000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x03E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A26000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04A00000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04400000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x044F4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0453A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0455E000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0456F000 \SystemRoot\system32\DRIVERS\e1c62x64.sys
0x045BF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E26000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045D0000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x04A02000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E7C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04A04000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03EBA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03EC9000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03FEC000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x01BF2000 \SystemRoot\system32\DRIVERS\ICCWDT.sys
0x03ED5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x010BD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x010D3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05AC1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05AE5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05AF1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05B20000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05B3B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05B5C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05B76000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05B85000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05B87000 \SystemRoot\system32\DRIVERS\ks.sys
0x05BCA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05A5A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x05A72000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A87000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05EA7000 \SystemRoot\system32\drivers\portcls.sys
0x05EE4000 \SystemRoot\system32\drivers\drmk.sys
0x05F06000 \SystemRoot\system32\drivers\ksthunk.sys
0x060A0000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x06339000 \SystemRoot\System32\drivers\Dxapi.sys
0x06345000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06353000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0635F000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0636A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0637D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0638B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00530000 \SystemRoot\System32\TSDDD.dll
0x007C0000 \SystemRoot\System32\cdd.dll
0x063A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x063B4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x063CD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x063D6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06000000 \SystemRoot\system32\drivers\luafv.sys
0x06023000 \SystemRoot\system32\drivers\WudfPf.sys
0x06044000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06059000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05F0C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05614000 \SystemRoot\system32\drivers\HTTP.sys
0x056DC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x056FA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05712000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0573F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0578D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x057B0000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x05F42000 \SystemRoot\system32\drivers\peauth.sys
0x057BC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x057C7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05600000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05E00000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x05E34000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A092000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A128000 \??\C:\Program Files (x86)\PC Tools Security\PCTSDInj64.sys
0x0A14E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0A17F000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0x0A188000 \??\C:\Windows\system32\drivers\IOMap64.sys
0x0A191000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0x0A071000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0A07C000 \??\C:\Users\Ken\AppData\Local\Temp\aswMBR.sys
0x77270000 \Windows\System32\ntdll.dll
0x47AC0000 \Windows\System32\smss.exe
0xFF590000 \Windows\System32\apisetschema.dll

Processes (total 79):
0 System Idle Process
4 System
356 C:\Windows\System32\smss.exe
496 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
784 csrss.exe
868 C:\Windows\System32\wininit.exe
888 csrss.exe
924 C:\Windows\System32\services.exe
952 C:\Windows\System32\lsass.exe
960 C:\Windows\System32\lsm.exe
480 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\winlogon.exe
488 C:\Windows\System32\nvvsvc.exe
1052 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\svchost.exe
1544 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1564 C:\Windows\System32\nvvsvc.exe
1784 C:\Windows\System32\taskeng.exe
1808 C:\Windows\System32\spoolsv.exe
1868 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\taskhost.exe
2216 C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
2228 C:\Windows\System32\dwm.exe
2344 C:\Windows\explorer.exe
2356 C:\Windows\System32\rundll32.exe
2364 C:\Windows\SysWOW64\rundll32.exe
2472 C:\Windows\System32\taskeng.exe
2544 C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
2572 C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
2652 C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
2732 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2820 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2920 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3040 C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
3052 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
2108 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
3020 C:\Windows\SysWOW64\ASDR.exe
3116 C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe
3152 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
3180 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
3296 C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
3736 C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
3800 C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
3420 C:\Program Files (x86)\Secunia\PSI\psia.exe
3500 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3540 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3760 C:\Program Files (x86)\AVG\AVG10\avgam.exe
3948 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
3992 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
4032 C:\Windows\System32\conhost.exe
2176 C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
4836 C:\Windows\System32\SearchIndexer.exe
4728 WUDFHost.exe
5236 C:\Windows\System32\svchost.exe
5332 C:\Program Files\Windows Media Player\wmpnetwk.exe
5492 C:\Windows\System32\svchost.exe
5640 C:\Windows\System32\svchost.exe
6060 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
6400 C:\Program Files (x86)\Secunia\PSI\sua.exe
6384 C:\Windows\System32\svchost.exe
1552 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
6628 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
2024 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5964 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6844 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
6868 C:\Windows\System32\conhost.exe
3496 C:\Windows\System32\audiodg.exe
2712 C:\Windows\System32\SearchProtocolHost.exe
748 C:\Windows\System32\SearchFilterHost.exe
6460 C:\Windows\explorer.exe
6608 dllhost.exe
3308 dllhost.exe
6168 C:\Users\Ken\Desktop\MBRCheck.exe
2388 C:\Windows\System32\conhost.exe
6860 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: C300-CTFDDAC128MAG, Rev: 0006
PhysicalDrive0 Model Number: ST3250410AS, Rev: 3.AAF

Size Device Name MBR Status
--------------------------------------------
119 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Edited by defazken, 26 March 2011 - 01:15 PM.

  • 0

#4
Blottedisk
Posted 26 March 2011 - 07:19 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi defazken,


We are going to run Combofix. However... AVG incorrectly targets ComboFix's embedded files. ComboFix will not run with AVG installed. Please uninstall AVG before continuing. You can reinstall it, or another antivirus such as Avira or avast!, after we've used ComboFix to clear the infection.

After uninstalling AVG from the Control Panel, also run the AVG remover tool from their site (download AVG Remover 32bit).

http://www.avg.com/u.../download-tools

You may also use this AppRemover to uninstall AVG:
http://www.appremover.com

AppRemover tutorial:
http://www.appremove...appremover.html


Once you have uninstalled AVG, please download Combofix from either of the links below but rename it to landscape.exe before saving it to your desktop.

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**


  • Right-click and choose "Run as administrator" on the renamed Combofix.exe & follow the prompts. When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image



  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you need help, see this link:
http://www.bleepingc...to-use-combofix
  • 0

#5
defazken
Posted 28 March 2011 - 03:21 PM

defazken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Blottedisk,

I ran Comofix under the "landscape" name and it also recognized my PC Tools, Spyware Doctor and Spyware Doctor w/ AntiVirus. So uninstalled the programs, but yet even after doing that and rebooting Windows, it still seemed to think it was installed. I'm hoping this did not interfere with the diagnostic process.

Thank you.

Log below...

ComboFix 11-03-28.01 - Ken 03/28/2011 17:01:02.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8172.6852 [GMT -4:00]
Running from: c:\users\Ken\Desktop\landscape.exe
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Downloaded Installers\{F1448F1F-F8ED-47A7-B53A-902D94214AE7}\setup.msi
c:\windows\SysWow64\local.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 21:11 . 2011-03-28 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-27 14:10 . 2011-03-27 14:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-03-26 20:28 . 2011-03-26 21:25 -------- d-----w- c:\program files (x86)\Rawr 4.1.0 (Proper)
2011-03-26 14:58 . 2011-03-26 14:58 20 ----a-w- c:\windows\SysWow64\drivers\HITMANPRO35.SYS
2011-03-25 22:16 . 2011-03-25 22:16 -------- d-----w- C:\!KillBox
2011-03-25 21:39 . 2011-03-25 21:39 -------- d-----w- C:\_OTM
2011-03-25 21:24 . 2011-03-25 21:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-25 21:12 . 2011-03-26 14:58 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-25 21:12 . 2011-03-25 21:12 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-03-25 21:12 . 2011-03-25 21:24 -------- d-----w- c:\programdata\Hitman Pro
2011-03-25 21:03 . 2011-03-25 21:03 -------- d--h--w- c:\programdata\Common Files
2011-03-25 21:03 . 2011-03-28 20:53 -------- d-----w- c:\programdata\AVG10
2011-03-25 18:08 . 2011-03-25 18:08 -------- d-----w- c:\programdata\Malwarebytes
2011-03-25 18:08 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-25 18:08 . 2011-03-25 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-25 18:08 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-25 17:47 . 2011-03-25 17:47 149504 --sha-r- c:\windows\SysWow64\ro-ROP.dll
2011-03-23 02:55 . 2011-03-25 21:00 -------- d-----w- c:\program files (x86)\Google
2011-03-22 23:47 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll0340.old
2011-03-22 23:47 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll0319.old
2011-03-22 23:47 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll0340.old
2011-03-22 23:47 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll0319.old
2011-03-22 23:47 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll0340.old
2011-03-22 23:47 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll0319.old
2011-03-22 23:42 . 2011-03-28 20:59 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-03-22 23:42 . 2011-03-28 20:59 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-03-22 23:26 . 2011-03-28 20:58 -------- d-----w- c:\programdata\PC Tools
2011-03-22 21:51 . 2011-02-23 17:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84E200F6-2FCC-45EC-A9BA-2AB16F6F1E64}\mpengine.dll
2011-03-22 21:46 . 2010-10-17 06:55 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-03-22 21:46 . 2010-10-17 06:55 12788840 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-03-20 21:02 . 2010-10-17 06:55 386152 ----a-w- c:\windows\system32\nvdecodemft.dll
2011-03-20 21:02 . 2010-10-17 06:55 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2011-03-20 21:02 . 2010-10-17 06:55 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll
2011-03-20 21:02 . 2010-10-17 06:55 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll
2011-03-20 19:27 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-20 19:21 . 2011-03-20 19:21 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-03-20 19:19 . 2011-03-20 19:19 -------- d-----w- c:\program files (x86)\Realtek
2011-03-20 19:18 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difx4855.rra
2011-03-20 19:18 . 2000-01-01 00:00 1976920 ----a-w- c:\windows\SysWow64\xRaidSetup.exe
2011-03-20 19:18 . 2000-01-01 00:00 162392 ----a-w- c:\windows\SysWow64\xRaidAPI.dll
2011-03-20 19:18 . 2000-01-01 00:00 121432 ----a-w- c:\windows\system32\drivers\jraid.sys
2011-03-20 19:18 . 2010-10-25 12:42 164008 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-20 19:17 . 2011-03-20 19:17 -------- d-----w- c:\program files\Intel
2011-03-20 19:05 . 2011-03-28 20:59 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-03-20 19:05 . 2011-03-20 19:12 -------- d-----w- c:\program files (x86)\DriverUpdate
2011-03-20 17:41 . 2011-03-25 20:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-03-20 17:41 . 2011-03-20 17:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-03-20 04:58 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 04:58 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-03-20 04:58 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-03-20 04:58 . 2011-03-20 04:58 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-20 04:57 . 2011-03-24 18:17 -------- d-----w- c:\programdata\Apple Computer
2011-03-20 04:57 . 2011-03-20 04:57 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-20 04:57 . 2011-03-20 04:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-20 04:57 . 2011-03-24 18:17 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-20 04:57 . 2011-03-20 04:57 -------- d-----w- c:\programdata\Apple
2011-03-19 13:35 . 2011-03-18 12:42 -------- d-----w- c:\windows\Panther
2011-03-19 12:55 . 2011-03-19 12:55 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-03-19 09:59 . 2011-03-19 09:59 -------- d-----w- c:\program files (x86)\SkyGolf
2011-03-19 07:21 . 2011-03-19 07:49 1098048 ----a-w- c:\windows\PE_File.dll
2011-03-19 07:03 . 2011-03-19 07:50 1067536 ----a-w- c:\windows\PE_Rom.dll
2011-03-19 07:01 . 2011-01-08 03:27 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-03-19 07:01 . 2011-01-08 03:27 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-03-19 07:01 . 2010-12-02 09:12 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll
2011-03-19 07:00 . 2011-03-19 07:00 -------- d-----w- C:\NVIDIA
2011-03-19 06:49 . 2011-03-19 06:49 -------- d-----w- C:\New Folder
2011-03-19 06:35 . 2011-03-19 06:35 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-19 06:35 . 2011-03-19 06:35 -------- d-----w- c:\windows\system32\Wat
2011-03-18 19:17 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-18 19:17 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-03-18 19:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-18 19:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-03-18 19:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-18 19:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-03-18 19:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-18 19:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-03-18 19:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-18 19:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-03-18 19:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-18 19:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-18 14:32 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-18 14:31 . 2010-02-27 07:52 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-03-18 14:30 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-18 14:30 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-03-18 14:30 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-18 14:30 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-18 14:30 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-18 14:28 . 2011-03-18 14:28 -------- d-----w- c:\programdata\McAfee
2011-03-18 14:26 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-03-18 14:26 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-03-18 14:26 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-03-18 14:26 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-03-18 14:01 . 2011-03-26 02:36 -------- d-----w- c:\program files (x86)\Full Tilt Poker
2011-03-18 13:47 . 2011-03-18 13:47 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-03-18 13:47 . 2011-03-18 13:47 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-03-18 13:43 . 2011-03-18 13:44 -------- d-----w- c:\programdata\Linksys
2011-03-18 13:43 . 2011-03-25 20:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-18 13:43 . 2011-03-25 20:08 -------- d-----w- c:\program files (x86)\Java
2011-03-18 13:43 . 2011-03-22 23:22 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-18 13:42 . 2011-03-22 23:22 -------- d-----w- c:\programdata\Pure Networks
2011-03-18 13:42 . 2011-03-22 23:22 -------- d-----w- c:\program files (x86)\Linksys
2011-03-18 13:40 . 2011-03-18 13:40 -------- d-----w- c:\program files (x86)\Trend Micro
2011-03-18 13:38 . 2011-02-03 01:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 13:30 . 2010-05-07 20:41 314568 ----a-w- c:\windows\system32\PROUnstl.exe
2011-03-18 13:29 . 2010-07-30 16:56 68264 ----a-w- c:\windows\system32\e1cmsg.dll
2011-03-18 13:29 . 2009-05-26 02:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2011-03-18 13:20 . 2011-03-18 13:20 -------- d-----w- c:\programdata\ASUS OC Profiles
2011-03-18 13:17 . 2009-07-14 06:21 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-03-18 13:17 . 2010-06-24 13:50 94208 ------w- c:\windows\SysWow64\IccLibDll.dll
2011-03-18 13:17 . 2011-03-18 13:17 -------- d-----w- c:\windows\SysWow64\Macromed
2011-03-18 13:16 . 2008-12-03 03:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2011-03-18 13:15 . 2011-03-18 13:15 -------- d-----w- c:\programdata\ASUS
2011-03-18 13:15 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2011-03-18 13:15 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2011-03-18 13:15 . 2008-01-04 05:34 11832 ------r- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-03-18 13:13 . 2010-11-23 10:33 -------- d-----w- c:\windows\AsDmiHtm
2011-03-18 13:13 . 2011-03-18 13:13 -------- d-----w- C:\RaidTool
2011-03-18 13:13 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxe649.rra
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 00:49 . 2011-01-08 00:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2000-01-01 43608]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
.
c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-3-27 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe [2010-11-03 909440]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2011-03-17 12:57]
.
2011-03-28 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-26 17:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11775592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\g2izktqn.default\
FF - prefs.js: browser.startup.homepage - comcast.net
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-28 17:12:42
ComboFix-quarantined-files.txt 2011-03-28 21:12
.
Pre-Run: 58,208,002,048 bytes free
Post-Run: 57,840,439,296 bytes free
.
- - End Of File - - 46DAF4E0C300F75BF7CBE1E8F03BE354
  • 0

#6
Blottedisk
Posted 28 March 2011 - 06:48 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi defazken,


If you uninstalled those programs, then it's fine.


Please go to the following site to scan some files: Virus Total

  • Click on Browse, and upload the following files for analysis:

    • c:\windows\SysWow64\ro-ROP.dll
      c:\windows\SysWow64\Difx4855.rra
      c:\windows\SysWow64\xRaidSetup.exe
      c:\windows\SysWow64\xRaidAPI.dll
      c:\windows\system32\drivers\jraid.sys
      c:\windows\system32\IPROSetMonitor.exe
  • Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
  • If it says already scanned -- click "reanalyze now"
  • Please post the results in your next reply.

  • 0

#7
defazken
Posted 29 March 2011 - 03:39 PM

defazken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
HI Blottedisk,

This process is certainly compelling evidence in an argument to be careful in managing one's security. Thank you.

Strangely, only 2 of the files were present in the paths stated for uploads

c:\windows\SysWow64\ro-ROP.dll ...........NOT PRESENT
c:\windows\SysWow64\Difx4855.rra .........PRESENT SEE LOG BELOW
c:\windows\SysWow64\xRaidSetup.exe .......PRESENT SEE LOG BELOW
c:\windows\SysWow64\xRaidAPI.dll .........NOT PRESENT
c:\windows\system32\drivers\jraid.sys ....NOT PRESENT
c:\windows\system32\IPROSetMonitor.exe ....NOT PRESENT





File name:
xRaidSetup.exe
Submission date:
2011-03-29 21:26:24 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2011.03.30.00 2011.03.29 -
AntiVir 7.11.5.114 2011.03.29 -
Antiy-AVL 2.0.3.7 2011.03.29 -
Avast 4.8.1351.0 2011.03.29 -
Avast5 5.0.677.0 2011.03.29 -
AVG 10.0.0.1190 2011.03.29 -
BitDefender 7.2 2011.03.29 -
CAT-QuickHeal 11.00 2011.03.29 -
ClamAV 0.96.4.0 2011.03.29 -
Commtouch 5.2.11.5 2011.03.24 -
Comodo 8148 2011.03.29 -
DrWeb 5.0.2.03300 2011.03.29 -
Emsisoft 5.1.0.4 2011.03.29 -
eSafe 7.0.17.0 2011.03.27 -
eTrust-Vet 36.1.8242 2011.03.29 -
F-Prot 4.6.2.117 2011.03.29 -
F-Secure 9.0.16440.0 2011.03.23 -
Fortinet 4.2.254.0 2011.03.29 -
GData 22 2011.03.29 -
Ikarus T3.1.1.97.0 2011.03.29 -
Jiangmin 13.0.900 2011.03.29 -
K7AntiVirus 9.94.4241 2011.03.29 -
Kaspersky 7.0.0.125 2011.03.29 -
McAfee 5.400.0.1158 2011.03.29 -
McAfee-GW-Edition 2010.1C 2011.03.29 -
Microsoft 1.6702 2011.03.29 -
NOD32 5998 2011.03.29 -
Norman 6.07.03 2011.03.29 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.29 -
PCTools 7.0.3.5 2011.03.26 -
Prevx 3.0 2011.03.29 -
Rising 23.51.01.06 2011.03.29 -
Sophos 4.64.0 2011.03.29 -
SUPERAntiSpyware 4.40.0.1006 2011.03.29 -
Symantec 20101.3.0.103 2011.03.29 -
TheHacker 6.7.0.1.160 2011.03.29 -
TrendMicro 9.200.0.1012 2011.03.29 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.29 -
VBA32 3.12.14.3 2011.03.29 -
VIPRE 8860 2011.03.29 -
ViRobot 2011.3.30.4382 2011.03.29 -
VirusBuster 13.6.276.0 2011.03.29 -
Additional information
MD5 : 65b605e4d50e1da3f7a1c819336cc824
SHA1 : 1161cec5976f5d55f7bd2b7473871a4b35826e45
SHA256: 0f995084936bb35383a957ab5547bda069a5069e81c9336ee054a6abf99cdd86
ssdeep: 12288:10AIOfIW7ezsOft9e57HwDrtXF37wqLHgNNgNNNNNTPTpfQCsEDS3O81elGMvDS3:JjfI
W7ezsOV94Mx1rrodN3y2jhR
File size : 1976920 bytes
First seen: 2010-10-05 04:54:30
Last seen : 2011-03-29 21:26:24
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: JMicron Technology Corp.
copyright....: Copyright © JMicron 2005 - 2008
product......: JMicron JMB36X RAID Configurer
description..: JMicron JMB36X RAID Configurer
original name: xRaidSetup.exe
internal name: xRaidSetup
file version.: 1.17.30.01
comments.....:
signers......: JMicron Technology Corp.
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 11:40 AM 9/7/2010
verified.....: -
PEiD: Armadillo v1.71
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1C1BD
timedatestamp....: 0x4BBEBD1E (Fri Apr 09 05:37:34 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3453E, 0x35000, 6.42, 7972fc8088da47983308024f0fa43e8d
.rdata, 0x36000, 0xB144, 0xC000, 4.38, 6a231fa8876d6c9782c59232b6eb09f0
.data, 0x42000, 0x214768, 0x5000, 4.72, 77de798962645e40a9d12c85e6025863
.rsrc, 0x257000, 0x199858, 0x19A000, 5.11, 2958d3c40e107628327800803c51eaf2

[[ 7 import(s) ]]
KERNEL32.dll: VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, SetUnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, HeapCreate, IsBadReadPtr, IsBadCodePtr, SetStdHandle, HeapDestroy, GetProfileStringA, GetACP, HeapSize, HeapReAlloc, TerminateProcess, RaiseException, ExitProcess, GetCommandLineA, GetStartupInfoA, HeapFree, HeapAlloc, RtlUnwind, FlushFileBuffers, SetFilePointer, WriteFile, SetErrorMode, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GetProcessVersion, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalAlloc, SizeofResource, GlobalFlags, VirtualProtect, LocalFree, CloseHandle, GlobalAlloc, lstrcmpA, GetWindowsDirectoryA, GetCurrentThread, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedIncrement, SetLastError, InterlockedDecrement, GetModuleFileNameA, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GlobalLock, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, GetVersionExA, MulDiv, lstrcpynA, GetModuleHandleA, CreateThread, Sleep, GetCurrentProcess, GetLastError, FreeLibrary, GetProcAddress, LoadLibraryA, GetSystemDirectoryA, GetStringTypeW
USER32.dll: IsDialogMessageA, SetWindowTextA, MoveWindow, ShowWindow, CheckMenuItem, SetMenuItemBitmaps, ModifyMenuA, GetMenuState, GetMenuCheckMarkDimensions, ClientToScreen, GetWindowDC, BeginPaint, EndPaint, PostQuitMessage, ValidateRect, TranslateMessage, GetMessageA, WindowFromPoint, DestroyMenu, GetAsyncKeyState, MapDialogRect, LoadStringA, GetClassNameA, LoadCursorA, SendDlgItemMessageA, MapWindowPoints, PeekMessageA, DispatchMessageA, GetFocus, AdjustWindowRectEx, GetScrollInfo, GetScrollPos, GetTopWindow, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemID, TrackPopupMenu, GetWindowTextLengthA, GetWindowTextA, GetKeyState, DefWindowProcA, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, IntersectRect, GetWindowPlacement, GetNextDlgTabItem, EndDialog, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, GetDlgItem, IsWindowEnabled, MessageBoxA, SystemParametersInfoA, SetWindowPos, ScreenToClient, ReleaseCapture, SetCapture, PtInRect, IsWindowVisible, GrayStringA, TabbedTextOutA, GetDC, FrameRect, GetSysColorBrush, ReleaseDC, SetCursor, InflateRect, DrawFocusRect, GetSysColor, DrawTextA, GetWindowLongA, CopyRect, DestroyWindow, OffsetRect, IsRectEmpty, SetRectEmpty, GetWindow, SetRect, SetFocus, FillRect, GetParent, DestroyIcon, IsWindow, RegisterWindowMessageA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, EqualRect, SetWindowLongA, SetTimer, KillTimer, RedrawWindow, SetMenuItemInfoA, GetCursorPos, LoadMenuA, GetSubMenu, GetMenuItemCount, EnableMenuItem, GetWindowRect, GetDlgCtrlID, InvalidateRect, UpdateWindow, IsIconic, DrawIcon, LoadImageA, LoadIconA, ExitWindowsEx, FindWindowA, EnableWindow, PostMessageA, SendMessageA, GetClientRect, SetWindowRgn, GetSystemMetrics, LoadBitmapA, wsprintfA, IsWindowUnicode, CharNextA, UnhookWindowsHookEx
GDI32.dll: SetViewportOrgEx, GetViewportOrgEx, Rectangle, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, CreateRectRgnIndirect, GetDCOrgEx, GetClipBox, SetBkColor, SetMapMode, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, ExcludeClipRect, IntersectClipRect, CreateFontIndirectA, SetTextAlign, PatBlt, DPtoLP, GetTextMetricsA, GetTextExtentPoint32A, GetStockObject, SaveDC, RestoreDC, GetTextColor, SetBkMode, SetTextColor, StretchBlt, CreateCompatibleBitmap, GetDeviceCaps, CreateBitmap, SetRectRgn, CreateFontA, CreateSolidBrush, DeleteObject, SelectObject, BitBlt, DeleteDC, GetObjectA, CreateCompatibleDC, CreateRectRgn, GetPixel, CreateDIBitmap, GetTextExtentPointA, CombineRgn
WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA
SHELL32.dll: ShellExecuteA, Shell_NotifyIconA
COMCTL32.dll: -, _TrackMouseEvent, ImageList_Destroy, ImageList_Create, PropertySheetA, DestroyPropertySheetPage, ImageList_ReplaceIcon, CreatePropertySheetPageA
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 217088
Comments:
CompanyName: JMicron Technology Corp.
EntryPoint: 0x1c1bd
FileDescription: JMicron JMB36X RAID Configurer
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 1931 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1.17.30.01
FileVersionNumber: 1.17.30.1
ImageVersion: 0.0
InitializedDataSize: 3911680
InternalName: xRaidSetup
LanguageCode: Chinese (Traditional)
LegalCopyright: Copyright © JMicron 2005 - 2008
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: xRaidSetup.exe
PEType: PE32
PrivateBuild:
ProductName: JMicron JMB36X RAID Configurer
ProductVersion: 1.17.30.01
ProductVersionNumber: 1.17.30.1
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:04:09 07:37:34+02:00
UninitializedDataSize: 0




File name:
Difx4855.rra
Submission date:
2011-03-29 21:15:13 (UTC)
Current status:
finished
Result:
0/ 41 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2011.03.30.00 2011.03.29 -
AntiVir 7.11.5.114 2011.03.29 -
Antiy-AVL 2.0.3.7 2011.03.29 -
Avast 4.8.1351.0 2011.03.29 -
Avast5 5.0.677.0 2011.03.29 -
AVG 10.0.0.1190 2011.03.29 -
BitDefender 7.2 2011.03.29 -
CAT-QuickHeal 11.00 2011.03.29 -
ClamAV 0.96.4.0 2011.03.29 -
Commtouch 5.2.11.5 2011.03.24 -
Comodo 8148 2011.03.29 -
DrWeb 5.0.2.03300 2011.03.29 -
eSafe 7.0.17.0 2011.03.27 -
eTrust-Vet 36.1.8242 2011.03.29 -
F-Prot 4.6.2.117 2011.03.29 -
F-Secure 9.0.16440.0 2011.03.23 -
Fortinet 4.2.254.0 2011.03.29 -
GData 22 2011.03.29 -
Ikarus T3.1.1.97.0 2011.03.29 -
Jiangmin 13.0.900 2011.03.29 -
K7AntiVirus 9.94.4241 2011.03.29 -
McAfee 5.400.0.1158 2011.03.29 -
McAfee-GW-Edition 2010.1C 2011.03.29 -
Microsoft 1.6702 2011.03.29 -
NOD32 5998 2011.03.29 -
Norman 6.07.03 2011.03.29 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.29 -
PCTools 7.0.3.5 2011.03.26 -
Prevx 3.0 2011.03.29 -
Rising 23.51.01.06 2011.03.29 -
Sophos 4.64.0 2011.03.29 -
SUPERAntiSpyware 4.40.0.1006 2011.03.29 -
Symantec 20101.3.0.103 2011.03.29 -
TheHacker 6.7.0.1.160 2011.03.29 -
TrendMicro 9.200.0.1012 2011.03.29 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.29 -
VBA32 3.12.14.3 2011.03.29 -
VIPRE 8860 2011.03.29 -
ViRobot 2011.3.30.4382 2011.03.29 -
VirusBuster 13.6.276.0 2011.03.29 -
Additional information
MD5 : 070c5b9d3006602a07757179d9b56f5d
SHA1 : 10134383c61a105f33f7ea485819f8ae65677188
SHA256: 7b24e38addeedd9168d0c87275ac0936d0a4f1195810f9736118076589bc18ba
ssdeep: 6144:dctJro/q4iFSMpGtFuzOWCROIAQtf8kQWyqjVR:dctJroFMpGzWO1AI8jWjVR
File size : 315904 bytes
First seen: 2009-07-17 13:14:59
Last seen : 2011-03-29 21:15:13
TrID:
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Driver Install Frameworks API (DIFxAPI)
description..: Driver Install Frameworks for API library module
original name: DIFxAPI.dll
internal name: DIFxAPI
file version.: 2.1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2AD46
timedatestamp....: 0x4A5BD9BE (Tue Jul 14 01:05:02 2009)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x4695C, 0x46A00, 6.36, 344ce957d1f08b15e02c69c6aa2b99d2
.data, 0x48000, 0x34A4, 0x1600, 3.58, c5086ef6cf280692f5a5bb0ff426a2b2
.rsrc, 0x4C000, 0x6C8, 0x800, 4.00, d0fc30968527c1daf017d558e96f0ef1
.reloc, 0x4D000, 0x45B6, 0x4600, 4.94, 7e9d4f14747814e5272f927d2634a233

[[ 8 import(s) ]]
ntdll.dll: RtlNtStatusToDosError, VerSetConditionMask, RtlUnwind
KERNEL32.dll: VerifyVersionInfoW, GetVersionExW, lstrlenW, FreeLibrary, GetProcAddress, LoadLibraryW, DeleteFileW, SetFileAttributesW, GetEnvironmentVariableW, CompareStringW, GetFileAttributesW, MoveFileExW, GetTempFileNameW, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetFileSize, CreateFileW, GetSystemWindowsDirectoryW, MultiByteToWideChar, WideCharToMultiByte, GetSystemDirectoryW, GetFullPathNameW, CopyFileW, LocalFree, RemoveDirectoryW, FindClose, FindNextFileW, lstrcmpW, FindFirstFileW, CreateDirectoryW, LocalReAlloc, LocalAlloc, GetProcessHeap, ReleaseMutex, DeviceIoControl, WaitForSingleObject, CreateMutexW, GetSystemTimeAsFileTime, Sleep, RaiseException, GetVersionExA, HeapSize, GetCommandLineA, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetModuleHandleA, ExitProcess, TlsGetValue, SetLastError, TlsSetValue, TlsFree, GetCurrentThreadId, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, WriteFile, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, LoadLibraryExA, SetFilePointer, GetConsoleCP, GetConsoleMode, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, GetThreadLocale, WaitForMultipleObjectsEx, InterlockedCompareExchange, WaitForSingleObjectEx, SetEvent, CreateEventW, SetEndOfFile, InterlockedExchange, lstrcmpiW, GetLastError, InterlockedIncrement, InterlockedDecrement, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, HeapFree, HeapReAlloc, EnterCriticalSection, HeapAlloc, LeaveCriticalSection, HeapDestroy, GetModuleHandleW, DeleteCriticalSection, GetModuleFileNameA, OutputDebugStringA, HeapCreate, InitializeCriticalSection, TlsAlloc, CreateFileA
USER32.dll: UnregisterClassA, CharLowerW
SETUPAPI.dll: SetupDiSetDeviceRegistryPropertyW, SetupQueueCopyIndirectW, SetupDiCallClassInstaller, SetupDiBuildDriverInfoList, SetupDiSetDeviceInstallParamsW, SetupDiGetDeviceInstallParamsW, SetupDiSetSelectedDevice, SetupDiOpenDeviceInfoW, SetupDiOpenDevRegKey, SetupDiGetDeviceInstanceIdW, SetupDiCreateDeviceInfoList, SetupDiGetDriverInfoDetailW, SetupDiGetSelectedDriverW, SetupDiSetClassInstallParamsW, SetupDiClassNameFromGuidW, SetupDiEnumDeviceInfo, SetupDiGetDeviceRegistryPropertyW, CM_Get_Device_IDW, CM_Get_Device_ID_ListW, CM_Get_Device_ID_List_SizeW, CM_Locate_DevNodeW, CM_Get_DevNode_Status, CM_Query_And_Remove_SubTreeW, SetupDiOpenClassRegKey, SetupGetTargetPathW, SetupInstallFilesFromInfSectionW, SetupPromptReboot, SetupInstallFromInfSectionW, SetupInstallServicesFromInfSectionW, SetupDiGetActualSectionToInstallW, SetupFindNextLine, SetupFindNextMatchLineW, SetupOpenInfFileW, SetupOpenFileQueue, SetupCommitFileQueueW, SetupQueueCopyW, SetupCloseFileQueue, SetupFindFirstLineW, SetupCopyOEMInfW, SetupCloseInfFile, SetupGetLineCountW, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsW, SetupOpenAppendInfFileW, CM_Enumerate_Classes, CM_Setup_DevNode, SetupGetIntField, SetupGetFieldCount, pSetupGetGlobalFlags, pSetupSetGlobalFlags, SetupTermDefaultQueueCallback, SetupInitDefaultQueueCallbackEx, SetupDefaultQueueCallbackW, SetupGetStringFieldW
ADVAPI32.dll: RegCloseKey, CheckTokenMembership, AllocateAndInitializeSid, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegOpenKeyExW, RegDeleteValueW, RegQueryValueExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, SetEntriesInAclW, QueryServiceStatus, DeleteService, ControlService, CloseServiceHandle, OpenServiceW, OpenSCManagerW, StartServiceW, FreeSid
ole32.dll: StringFromCLSID, CoTaskMemFree, CoInitialize, CoUninitialize, CoCreateInstance
WINTRUST.dll: WinVerifyTrust, CryptCATAdminCalcHashFromFileHandle
CRYPT32.dll: CertFreeCertificateContext, CertGetCTLContextProperty, CryptQueryObject, CertFreeCTLContext

[[ 12 export(s) ]]
DIFXAPISetLogCallbackA, DIFXAPISetLogCallbackW, DriverPackageGetPathA, DriverPackageGetPathW, DriverPackageInstallA, DriverPackageInstallW, DriverPackagePreinstallA, DriverPackagePreinstallW, DriverPackageUninstallA, DriverPackageUninstallW, SetDifxLogCallbackA, SetDifxLogCallbackW

Edited by defazken, 29 March 2011 - 03:42 PM.

  • 0

#8
Blottedisk
Posted 29 March 2011 - 04:59 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi defazken,

This process is certainly compelling evidence in an argument to be careful in managing one's security. Thank you.


:D


Please do the following:

WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

File::
c:\windows\SysWow64\ro-ROP.dll
C:\Windows\SysWow64\@ÛZ
C:\Windows\PE_Rom.dll
C:\Windows\PE_File.dll
C:\Windows\Tasks\HHNBAGWXS.job
c:\windows\SysWow64\Difxe649.rra
  • Save it to your desktop as CFScript.txt
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

    Posted Image

    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  • Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **ing in both Firefox and Internet Explorer?
  • 0

#9
defazken
Posted 29 March 2011 - 11:33 PM

defazken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Although most of this was transparent to me and I'm an IT project manager, whatever you scripted seemed to remedy my issue. Attached is the log you requested. With that said, if you would be kind enough to summarize your approach and process for a lay person, I would greatly appreciate it .. and once again THANK YOU for your help and time.

ComboFix 11-03-29.03 - Ken 03/30/2011 1:19.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8172.6854 [GMT -4:00]
Running from: c:\users\Ken\Desktop\landscape.exe
Command switches used :: c:\users\Ken\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\PE_File.dll"
"c:\windows\PE_Rom.dll"
"c:\windows\SysWow64\@ÛZ"
"c:\windows\SysWow64\Difxe649.rra"
"c:\windows\SysWow64\ro-ROP.dll"
"c:\windows\Tasks\HHNBAGWXS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PE_File.dll
c:\windows\PE_Rom.dll
c:\windows\SysWow64\Difxe649.rra
c:\windows\SysWow64\ro-ROP.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-30 05:21 . 2011-03-30 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-28 21:27 . 2011-03-28 21:27 -------- d-----w- c:\program files (x86)\Common Files\Brother
2011-03-28 21:27 . 2011-03-28 21:41 -------- d-----w- c:\program files (x86)\Brother
2011-03-27 14:10 . 2011-03-27 14:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-03-26 20:28 . 2011-03-26 21:25 -------- d-----w- c:\program files (x86)\Rawr 4.1.0 (Proper)
2011-03-26 14:58 . 2011-03-26 14:58 20 ----a-w- c:\windows\SysWow64\drivers\HITMANPRO35.SYS
2011-03-25 22:16 . 2011-03-25 22:16 -------- d-----w- C:\!KillBox
2011-03-25 21:39 . 2011-03-25 21:39 -------- d-----w- C:\_OTM
2011-03-25 21:24 . 2011-03-25 21:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-03-25 21:12 . 2011-03-26 14:58 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-25 21:12 . 2011-03-25 21:12 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-03-25 21:12 . 2011-03-25 21:24 -------- d-----w- c:\programdata\Hitman Pro
2011-03-25 21:03 . 2011-03-25 21:03 -------- d--h--w- c:\programdata\Common Files
2011-03-25 21:03 . 2011-03-28 20:53 -------- d-----w- c:\programdata\AVG10
2011-03-25 18:08 . 2011-03-25 18:08 -------- d-----w- c:\programdata\Malwarebytes
2011-03-25 18:08 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-25 18:08 . 2011-03-25 18:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-25 18:08 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 02:55 . 2011-03-25 21:00 -------- d-----w- c:\program files (x86)\Google
2011-03-22 23:47 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll0340.old
2011-03-22 23:47 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll0319.old
2011-03-22 23:47 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll0340.old
2011-03-22 23:47 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll0319.old
2011-03-22 23:47 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll0340.old
2011-03-22 23:47 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll0319.old
2011-03-22 23:42 . 2011-03-28 20:59 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-03-22 23:42 . 2011-03-28 20:59 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-03-22 23:26 . 2011-03-28 20:58 -------- d-----w- c:\programdata\PC Tools
2011-03-22 21:51 . 2011-02-23 17:34 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84E200F6-2FCC-45EC-A9BA-2AB16F6F1E64}\mpengine.dll
2011-03-22 21:46 . 2010-10-17 06:55 1719912 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-03-22 21:46 . 2010-10-17 06:55 12788840 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-03-20 21:02 . 2010-10-17 06:55 386152 ----a-w- c:\windows\system32\nvdecodemft.dll
2011-03-20 21:02 . 2010-10-17 06:55 319080 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2011-03-20 21:02 . 2010-10-17 06:55 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll
2011-03-20 21:02 . 2010-10-17 06:55 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll
2011-03-20 19:27 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-20 19:21 . 2011-03-20 19:21 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-03-20 19:19 . 2011-03-20 19:19 -------- d-----w- c:\program files (x86)\Realtek
2011-03-20 19:18 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difx4855.rra
2011-03-20 19:18 . 2000-01-01 00:00 1976920 ----a-w- c:\windows\SysWow64\xRaidSetup.exe
2011-03-20 19:18 . 2000-01-01 00:00 162392 ----a-w- c:\windows\SysWow64\xRaidAPI.dll
2011-03-20 19:18 . 2000-01-01 00:00 121432 ----a-w- c:\windows\system32\drivers\jraid.sys
2011-03-20 19:18 . 2010-10-25 12:42 164008 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-20 19:17 . 2011-03-20 19:17 -------- d-----w- c:\program files\Intel
2011-03-20 19:05 . 2011-03-30 05:22 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-03-20 19:05 . 2011-03-20 19:12 -------- d-----w- c:\program files (x86)\DriverUpdate
2011-03-20 17:41 . 2011-03-25 20:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-03-20 17:41 . 2011-03-20 17:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-03-20 04:58 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 04:58 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-03-20 04:58 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-03-20 04:58 . 2011-03-20 04:58 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-20 04:57 . 2011-03-20 04:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-20 04:57 . 2011-03-24 18:17 -------- d-----w- c:\programdata\Apple Computer
2011-03-20 04:57 . 2011-03-20 04:57 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-20 04:57 . 2011-03-20 04:57 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-20 04:57 . 2011-03-24 18:17 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-20 04:57 . 2011-03-20 04:57 -------- d-----w- c:\programdata\Apple
2011-03-19 13:35 . 2011-03-18 12:42 -------- d-----w- c:\windows\Panther
2011-03-19 12:55 . 2011-03-19 12:55 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-03-19 09:59 . 2011-03-19 09:59 -------- d-----w- c:\program files (x86)\SkyGolf
2011-03-19 07:01 . 2011-01-08 03:27 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-03-19 07:01 . 2011-01-08 03:27 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-03-19 07:01 . 2010-12-02 09:12 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll
2011-03-19 07:00 . 2011-03-19 07:00 -------- d-----w- C:\NVIDIA
2011-03-19 06:49 . 2011-03-19 06:49 -------- d-----w- C:\New Folder
2011-03-19 06:35 . 2011-03-19 06:35 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-19 06:35 . 2011-03-19 06:35 -------- d-----w- c:\windows\system32\Wat
2011-03-18 19:17 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-18 19:17 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-03-18 19:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-18 19:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-03-18 19:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-18 19:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-03-18 19:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-18 19:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-03-18 19:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-18 19:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-03-18 19:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-18 19:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-18 14:32 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-18 14:31 . 2010-02-27 07:52 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-03-18 14:30 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-18 14:30 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-03-18 14:30 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-18 14:30 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-18 14:30 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-18 14:28 . 2011-03-18 14:28 -------- d-----w- c:\programdata\McAfee
2011-03-18 14:26 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-03-18 14:26 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-03-18 14:26 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-03-18 14:26 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-03-18 14:01 . 2011-03-30 05:14 -------- d-----w- c:\program files (x86)\Full Tilt Poker
2011-03-18 13:47 . 2011-03-18 13:47 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-03-18 13:47 . 2011-03-18 13:47 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-03-18 13:43 . 2011-03-18 13:44 -------- d-----w- c:\programdata\Linksys
2011-03-18 13:43 . 2011-03-25 20:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-18 13:43 . 2011-03-25 20:08 -------- d-----w- c:\program files (x86)\Java
2011-03-18 13:43 . 2011-03-22 23:22 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-18 13:42 . 2011-03-22 23:22 -------- d-----w- c:\programdata\Pure Networks
2011-03-18 13:42 . 2011-03-22 23:22 -------- d-----w- c:\program files (x86)\Linksys
2011-03-18 13:40 . 2011-03-18 13:40 -------- d-----w- c:\program files (x86)\Trend Micro
2011-03-18 13:38 . 2011-02-03 01:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 13:30 . 2010-05-07 20:41 314568 ----a-w- c:\windows\system32\PROUnstl.exe
2011-03-18 13:29 . 2010-07-30 16:56 68264 ----a-w- c:\windows\system32\e1cmsg.dll
2011-03-18 13:29 . 2009-05-26 02:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2011-03-18 13:20 . 2011-03-18 13:20 -------- d-----w- c:\programdata\ASUS OC Profiles
2011-03-18 13:17 . 2009-07-14 06:21 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-03-18 13:17 . 2010-06-24 13:50 94208 ------w- c:\windows\SysWow64\IccLibDll.dll
2011-03-18 13:17 . 2011-03-18 13:17 -------- d-----w- c:\windows\SysWow64\Macromed
2011-03-18 13:16 . 2008-12-03 03:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2011-03-18 13:15 . 2011-03-18 13:15 -------- d-----w- c:\programdata\ASUS
2011-03-18 13:15 . 2010-06-29 07:41 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2011-03-18 13:15 . 2010-08-24 07:16 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2011-03-18 13:15 . 2008-01-04 05:34 11832 ------r- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-03-18 13:13 . 2010-11-23 10:33 -------- d-----w- c:\windows\AsDmiHtm
2011-03-18 13:13 . 2011-03-18 13:13 -------- d-----w- C:\RaidTool
2011-03-18 13:13 . 2011-03-20 19:18 -------- d-----w- c:\windows\RaidTool
2011-03-18 13:12 . 2011-03-18 13:12 -------- d-----w- c:\program files (x86)\Marvell
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 00:49 . 2011-01-08 00:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-28_21.11.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-02-04 06:43 . 2002-02-04 06:43 82432 c:\windows\SysWOW64\msxml4r.dll
+ 2009-07-14 04:54 . 2011-03-30 05:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-28 20:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-28 20:59 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-30 05:22 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-30 05:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-28 20:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-26 22:45 . 2010-01-26 22:45 61440 c:\windows\SysWOW64\AddinPtouch50_Icon.dll
+ 2009-07-14 04:46 . 2011-03-29 21:19 79056 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-03-18 13:36 . 2011-03-28 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-18 13:36 . 2011-03-30 05:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-18 13:36 . 2011-03-28 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-18 13:36 . 2011-03-30 05:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-28 21:32 . 2011-03-28 21:32 69879 c:\windows\Installer\{E1EC4731-9EF1-47E1-9889-A4445C0CC974}\_BBA60BB78705AFE76CE5B9.exe
+ 2011-03-28 21:32 . 2011-03-28 21:32 69879 c:\windows\Installer\{E1EC4731-9EF1-47E1-9889-A4445C0CC974}\_AA97F64B792765A37CEC66.exe
+ 2011-03-28 21:32 . 2011-03-28 21:32 69879 c:\windows\Installer\{E1EC4731-9EF1-47E1-9889-A4445C0CC974}\_6FEFF9B68218417F98F549.exe
+ 2011-03-28 21:32 . 2011-03-28 21:32 69879 c:\windows\Installer\{E1EC4731-9EF1-47E1-9889-A4445C0CC974}\_0FD7E428426A368B1AD7AD.exe
+ 2011-03-28 21:36 . 2011-03-28 21:36 49152 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut5_4B119EDAEBD24B9F9DA85DC59C33B629.exe
+ 2011-03-28 21:36 . 2011-03-28 21:36 61440 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut41_897A220591CA407D8A3DE8EBD4806E8A.exe
+ 2011-03-28 21:36 . 2011-03-28 21:36 61440 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut4_475DFF90987947DDA7524B0D88E6517C.exe
- 2011-03-28 20:59 . 2011-03-28 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-30 05:22 . 2011-03-30 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-20 20:57 . 2011-03-29 21:08 124204 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2011-03-28 21:30 257114 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2011-03-30 05:22 300632 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2011-03-30 05:21 236368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-22 01:03 . 2011-03-30 05:21 236368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-539957044-157237279-4051680887-1000-12288.dat
+ 2011-03-02 04:40 . 2011-03-02 04:40 928768 c:\windows\Installer\195fd5.msi
+ 2011-03-28 21:36 . 2011-03-28 21:36 110592 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut3_7D90BDC8D55A47DAACAED78580AF12D5.exe
+ 2011-03-28 21:36 . 2011-03-28 21:36 110592 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\NewShortcut2_5FF7E82144C24C158313BE043B12A9E5.exe
+ 2011-03-28 21:36 . 2011-03-28 21:36 110592 c:\windows\Installer\{DF9A6075-9308-4572-8932-A4316243C4D9}\ARPPRODUCTICON.exe
+ 2002-02-04 06:52 . 2002-02-04 06:52 1230336 c:\windows\SysWOW64\msxml4.dll
+ 2009-07-14 02:36 . 2011-03-28 21:30 1061990 c:\windows\system32\perfh009.dat
+ 2009-07-14 04:45 . 2011-03-29 21:18 3847826 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-03-25 21:46 3847826 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-02-04 13:44 . 2011-02-04 13:44 1072128 c:\windows\Installer\1961a4.msi
+ 2008-08-19 08:30 . 2008-08-19 08:30 1403972 c:\windows\Installer\195fcf.msi
- 2009-07-14 02:34 . 2011-03-27 23:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-29 21:28 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2000-01-01 43608]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
.
c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-3-27 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe [2010-11-03 909440]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2011-03-17 12:57]
.
2011-03-29 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-26 17:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11775592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\g2izktqn.default\
FF - prefs.js: browser.startup.homepage - comcast.net
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2011-03-30 01:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-30 05:23
ComboFix2.txt 2011-03-28 21:12
.
Pre-Run: 58,085,613,568 bytes free
Post-Run: 58,005,639,168 bytes free
.
- - End Of File - - 38B83CE4A898B03D1F28F8504848B863
  • 0

#10
Blottedisk
Posted 30 March 2011 - 11:00 AM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi defazken,

At first the tools we used (TDSSKiller, Combofix) weren't detecting/removing any threats. So we have just manually removed some files that apparently were the culprit of the problems you were experiencing. We are now running two more scans that will help us determine if there are any remnants there.

Step 1 | Please download CCleaner (freeware)

  • Run the installer.
  • Once installed, run CCleaner click the Windows [tab]
  • The following should be selected by default, if not, please select:

    Posted Image


  • Next: click Options (in the left panel) and click the Advanced button.
  • Uncheck: "Only delete files in Windows Temp folders older than 24 hours."
  • Go back to Cleaner (in the left panel) and click the Run Cleaner button (bottom right). Then exit CCleaner.


Step 2 | Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


Step 3 | Let's perform an ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image (Selecting Uninstall application on close if you so wish)

  • 0

Advertisements

#11
defazken
Posted 30 March 2011 - 04:00 PM

defazken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Blottedisk,

It looks like Malwarebyte found a registry entry it removed. Everything else looks ok. Thank you again for your time and help.

Please let me know if I can make a donation to a site/group of your choice.

Thank you.


Malwarebyte's Log below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6220

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/30/2011 5:19:33 PM
mbam-log-2011-03-30 (17-19-33).txt

Scan type: Quick scan
Objects scanned: 167081
Time elapsed: 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BSRURUF55J (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESEt Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=9645b4f5a0d0e846b97cc00a612116a3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-30 09:57:36
# local_time=2011-03-30 05:57:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 143777 143777 0 0
# compatibility_mode=1024 16777215 100 0 347648 347648 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 603915 53064455 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=127711
# found=0
# cleaned=0
# scan_time=1251
  • 0

#12
Blottedisk
Posted 30 March 2011 - 04:20 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi defazken,


I don't receive any donations myself, but if you would like to donate directly to GeeksToGo, please check the following thread:


http://www.geekstogo...on-information/


How's the machine running? Are you experiencing any redirects?
  • 0

#13
defazken
Posted 31 March 2011 - 08:59 AM

defazken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
HI Blottedisk,

Thanks for the link.

No more redirects. Functionality is back to normal.

Thank you again for your valued help.
  • 0

#14
Blottedisk
Posted 31 March 2011 - 09:45 AM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
You are welcome :D


We are done. Please follow this last procedure:


Step 1 | Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points. Click Start > Run and copy/paste the following underlined text into the Run box and click OK:

ComboFix /Uninstall

Please advise if this step is missed for any reason as it performs some important actions.


Step 2 | Clean up with OTL

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Now, from the desktop, delete any logs that you have left over. Also delete aswMBR, MBRCheck.exe and their logs.


Step 3 | If you haven't installed AVG again yet, choose, download and install only ONE of the following applications:



Last Step | Now, in order to avoid future infections, please take time to read the following article:

How did I get infected in the first place?

Thank you for your patience, and performing all of the procedures requested. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed :D
  • 0

#15
defazken
Posted 31 March 2011 - 04:18 PM

defazken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Blottedisk,

When I attempt to run ComboFix /Uninstall I get a warning from Spyware Doctor that NirCmd (C:\32788R22FWJFW\N.PIF) is attempting to add itself to my registry's Windows Startup list. I terminated the process till you confirm. Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP