Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

4 computers crash including twice by new comp.virus?

Started by luvdacowboys2011 , Apr 20 2011 05:57 PM

  • This topic is locked This topic is locked

#1
luvdacowboys2011
Posted 20 April 2011 - 05:57 PM

luvdacowboys2011

    Member

  • Member
  • PipPip
  • 52 posts
I bought a used comp. from a reputable laptop store in .... and had SERIOUS issues like unknown accts.,admin. stripped from owner,blocked any and all anti-malware,LONG telephone logs,logs period were very suspicious,finally was not the admin. anymore and not to mention comp. company informed me was previously owned by russian comp. here in the states.ended up borrowing family members comp. to do work reports on and upon installing driver software for wireless it started acting CRAZY....until finally freezing up without getting on net.Bought new comp. and second day opened up wi-max to find out 4 accounts at a time were signing in on comp. and must have been 30+ peeps logged in and this is scarry part...wi=fi or wireless wasnt even on!!?here is a OTL log if someone could help id greatly appreciate it.
  • 0

Advertisements

#2
Salagubang
Posted 24 April 2011 - 09:57 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi luvdacowboys2011,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

First, which one of these computers you posted OTL logs from?
Does the 4 computers connecting to the internet using the same router?
  • 0

#3
admin
Posted 25 April 2011 - 08:22 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
email reply:

salagubang,

I go to the link in the email but when i click on the links to answer your questions it goes to some crazy sites.I will answer your questions here...the logs i posted are from the last comp. i bought 2 days earlier.and i have used several ways to connect to internet....my dads computer was infected by installing the driver software from clear!but clear says thats impossible because it cant transfer virus from one computer to anotherAnother thing is i punch in netstat -ano (with nothing else running)and half the ports are NOT LISTENING.thanks sooo much for your help!


  • 0

#4
Salagubang
Posted 25 April 2011 - 08:54 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi luvdacowboys2011,

i have used several ways to connect to internet....


Do you have other connections that doesn't require driver installation, i.e., wired and connected to a router?

+++++++++++++++++++++++++++++++++

Please read carefully and follow these steps.

From a clean computer with a good internet connection

Download the tools needed to a flash drive or other removable media, and transfer them to the Desktop of the infected computer.

On the ailing laptop

Step One

  • Extract TDSSKiller to the desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Two

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

After doing the above steps, check if you can use the laptop to browse this forum.
  • 0

#5
admin
Posted 25 April 2011 - 10:54 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

Salagubang
Thanks for your quick reply!I should tell you last night i plucked prolly 150+ bots,trojans(agen-qbp.ide,keyge-ek.ide,fake-cjr.ide ............) and quarintined them in kaspersky but did not help the situation any!I will do as you requested but i will have to find me a clean machine and internet service via hard wire.I will reply today sometime!again thanks for your help seeing i have wasted alot of money and time using other means!I have surfed this site numerous times trying to find my particular situation but to no avail.I will be GLAD to make a donation for your efforts and time!thanks again ...hope to reply with your request soon!


  • 0

#6
admin
Posted 26 April 2011 - 01:00 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

Salagubang,
I thought you would wanna see the report from TDSS killer even though it found no problems or threats! thank!

2011/04/25 17:05:17.0098 7476 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 17:05:17.0113 7476 ================================================================================
2011/04/25 17:05:17.0113 7476 SystemInfo:
2011/04/25 17:05:17.0113 7476
2011/04/25 17:05:17.0113 7476 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/25 17:05:17.0113 7476 Product type: Workstation
2011/04/25 17:05:17.0113 7476 ComputerName: BILLY-PC
2011/04/25 17:05:17.0113 7476 UserName: Billy
2011/04/25 17:05:17.0113 7476 Windows directory: C:\windows
2011/04/25 17:05:17.0113 7476 System windows directory: C:\windows
2011/04/25 17:05:17.0113 7476 Running under WOW64
2011/04/25 17:05:17.0113 7476 Processor architecture: Intel x64
2011/04/25 17:05:17.0113 7476 Number of processors: 4
2011/04/25 17:05:17.0113 7476 Page size: 0x1000
2011/04/25 17:05:17.0113 7476 Boot type: Normal boot
2011/04/25 17:05:17.0113 7476 ================================================================================
2011/04/25 17:05:17.0410 7476 Initialize success
2011/04/25 17:05:19.0235 5272 ================================================================================
2011/04/25 17:05:19.0235 5272 Scan started
2011/04/25 17:05:19.0235 5272 Mode: Manual;
2011/04/25 17:05:19.0235 5272 ================================================================================
2011/04/25 17:05:19.0734 5272 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
2011/04/25 17:05:19.0781 5272 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
2011/04/25 17:05:19.0828 5272 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
2011/04/25 17:05:19.0875 5272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/04/25 17:05:19.0953 5272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/04/25 17:05:19.0999 5272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/04/25 17:05:20.0093 5272 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\windows\system32\drivers\afd.sys
2011/04/25 17:05:20.0155 5272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
2011/04/25 17:05:20.0233 5272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
2011/04/25 17:05:20.0280 5272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
2011/04/25 17:05:20.0343 5272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/04/25 17:05:20.0405 5272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/04/25 17:05:20.0499 5272 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\windows\system32\drivers\amdsata.sys
2011/04/25 17:05:20.0530 5272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/04/25 17:05:20.0561 5272 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\windows\system32\drivers\amdxata.sys
2011/04/25 17:05:20.0639 5272 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
2011/04/25 17:05:20.0748 5272 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/04/25 17:05:20.0779 5272 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/04/25 17:05:20.0857 5272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/25 17:05:20.0920 5272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
2011/04/25 17:05:21.0029 5272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/04/25 17:05:21.0076 5272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/04/25 17:05:21.0123 5272 bcm (9725c48e5ec9ab239a7e999f1ee7ee0d) C:\windows\system32\DRIVERS\drxvi314_64.sys
2011/04/25 17:05:21.0154 5272 bcmbusctr (34e604e2b7cfed79ac31c4894c5989a6) C:\windows\system32\DRIVERS\BcmBusCtr_64.sys
2011/04/25 17:05:21.0216 5272 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/04/25 17:05:21.0279 5272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/04/25 17:05:21.0357 5272 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
2011/04/25 17:05:21.0419 5272 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
2011/04/25 17:05:21.0466 5272 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
2011/04/25 17:05:21.0497 5272 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
2011/04/25 17:05:21.0544 5272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/04/25 17:05:21.0559 5272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/04/25 17:05:21.0606 5272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/04/25 17:05:21.0637 5272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/04/25 17:05:21.0669 5272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/04/25 17:05:21.0684 5272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/04/25 17:05:21.0715 5272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/04/25 17:05:21.0825 5272 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/04/25 17:05:21.0887 5272 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
2011/04/25 17:05:21.0934 5272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/04/25 17:05:21.0981 5272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/04/25 17:05:22.0074 5272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/04/25 17:05:22.0121 5272 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
2011/04/25 17:05:22.0199 5272 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
2011/04/25 17:05:22.0246 5272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/04/25 17:05:22.0308 5272 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
2011/04/25 17:05:22.0386 5272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/04/25 17:05:22.0480 5272 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
2011/04/25 17:05:22.0527 5272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/04/25 17:05:22.0589 5272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/04/25 17:05:22.0651 5272 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/04/25 17:05:22.0698 5272 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
2011/04/25 17:05:22.0792 5272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/04/25 17:05:22.0932 5272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/04/25 17:05:22.0995 5272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
2011/04/25 17:05:23.0057 5272 ETD (ace57d5012b00971cce04c61cfeefae6) C:\windows\system32\DRIVERS\ETD.sys
2011/04/25 17:05:23.0104 5272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/04/25 17:05:23.0135 5272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/04/25 17:05:23.0182 5272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/04/25 17:05:23.0213 5272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/04/25 17:05:23.0244 5272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/04/25 17:05:23.0260 5272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/25 17:05:23.0322 5272 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
2011/04/25 17:05:23.0353 5272 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/04/25 17:05:23.0416 5272 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\windows\system32\DRIVERS\fssfltr.sys
2011/04/25 17:05:23.0447 5272 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/25 17:05:23.0509 5272 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/04/25 17:05:23.0572 5272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/04/25 17:05:23.0603 5272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/04/25 17:05:23.0650 5272 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
2011/04/25 17:05:23.0697 5272 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
2011/04/25 17:05:23.0759 5272 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/04/25 17:05:23.0790 5272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/04/25 17:05:23.0837 5272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/04/25 17:05:23.0868 5272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/04/25 17:05:23.0946 5272 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
2011/04/25 17:05:24.0024 5272 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
2011/04/25 17:05:24.0071 5272 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
2011/04/25 17:05:24.0102 5272 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
2011/04/25 17:05:24.0196 5272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
2011/04/25 17:05:24.0289 5272 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
2011/04/25 17:05:24.0336 5272 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\windows\system32\drivers\iaStorV.sys
2011/04/25 17:05:24.0586 5272 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/04/25 17:05:24.0851 5272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/04/25 17:05:24.0913 5272 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
2011/04/25 17:05:25.0023 5272 IntcAzAudAddService (bbda43f02a2c642a2df191fa8c0b0052) C:\windows\system32\drivers\RTKVHD64.sys
2011/04/25 17:05:25.0163 5272 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\windows\system32\DRIVERS\IntcDAud.sys
2011/04/25 17:05:25.0225 5272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
2011/04/25 17:05:25.0272 5272 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/25 17:05:25.0335 5272 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 17:05:25.0397 5272 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
2011/04/25 17:05:25.0459 5272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/04/25 17:05:25.0506 5272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/04/25 17:05:25.0537 5272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
2011/04/25 17:05:25.0584 5272 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
2011/04/25 17:05:25.0600 5272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
2011/04/25 17:05:25.0631 5272 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
2011/04/25 17:05:25.0693 5272 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
2011/04/25 17:05:25.0740 5272 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
2011/04/25 17:05:25.0803 5272 klif (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys
2011/04/25 17:05:25.0834 5272 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
2011/04/25 17:05:25.0881 5272 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
2011/04/25 17:05:25.0927 5272 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
2011/04/25 17:05:25.0974 5272 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
2011/04/25 17:05:26.0021 5272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/04/25 17:05:26.0083 5272 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/04/25 17:05:26.0146 5272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/04/25 17:05:26.0161 5272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/04/25 17:05:26.0193 5272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/04/25 17:05:26.0208 5272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/04/25 17:05:26.0255 5272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/04/25 17:05:26.0317 5272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/04/25 17:05:26.0333 5272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/04/25 17:05:26.0364 5272 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/04/25 17:05:26.0458 5272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/04/25 17:05:26.0489 5272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
2011/04/25 17:05:26.0567 5272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/25 17:05:26.0614 5272 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
2011/04/25 17:05:26.0661 5272 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
2011/04/25 17:05:26.0707 5272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/04/25 17:05:26.0754 5272 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
2011/04/25 17:05:26.0801 5272 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 17:05:26.0848 5272 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 17:05:26.0863 5272 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 17:05:26.0910 5272 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
2011/04/25 17:05:26.0957 5272 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
2011/04/25 17:05:26.0988 5272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/04/25 17:05:27.0019 5272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/04/25 17:05:27.0035 5272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
2011/04/25 17:05:27.0144 5272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/25 17:05:27.0191 5272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/25 17:05:27.0207 5272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/04/25 17:05:27.0253 5272 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
2011/04/25 17:05:27.0300 5272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
2011/04/25 17:05:27.0331 5272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/04/25 17:05:27.0347 5272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/04/25 17:05:27.0378 5272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/04/25 17:05:27.0472 5272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/04/25 17:05:27.0565 5272 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
2011/04/25 17:05:27.0643 5272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/04/25 17:05:27.0690 5272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/25 17:05:27.0737 5272 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/25 17:05:27.0846 5272 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/25 17:05:27.0893 5272 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
2011/04/25 17:05:27.0971 5272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/04/25 17:05:28.0065 5272 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
2011/04/25 17:05:28.0330 5272 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\windows\system32\DRIVERS\NETw5s64.sys
2011/04/25 17:05:28.0579 5272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/04/25 17:05:28.0657 5272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/04/25 17:05:28.0704 5272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/04/25 17:05:28.0798 5272 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\windows\system32\drivers\Ntfs.sys
2011/04/25 17:05:28.0845 5272 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/04/25 17:05:29.0141 5272 nvlddmkm (dbc4fe23aa4ef8f58e94daa59b079f52) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/04/25 17:05:29.0469 5272 nvpciflt (de27d72bea190cafe571f0cc6d396465) C:\windows\system32\DRIVERS\nvpciflt.sys
2011/04/25 17:05:29.0547 5272 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\windows\system32\drivers\nvraid.sys
2011/04/25 17:05:29.0578 5272 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\windows\system32\drivers\nvstor.sys
2011/04/25 17:05:29.0625 5272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
2011/04/25 17:05:29.0640 5272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
2011/04/25 17:05:29.0671 5272 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/04/25 17:05:29.0718 5272 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
2011/04/25 17:05:29.0781 5272 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
2011/04/25 17:05:29.0812 5272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
2011/04/25 17:05:29.0827 5272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/04/25 17:05:29.0874 5272 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\windows\system32\PCTINDIS5X64.SYS
2011/04/25 17:05:29.0921 5272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/04/25 17:05:29.0968 5272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/04/25 17:05:30.0077 5272 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/25 17:05:30.0108 5272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/04/25 17:05:30.0233 5272 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
2011/04/25 17:05:30.0311 5272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/04/25 17:05:30.0373 5272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/04/25 17:05:30.0405 5272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/04/25 17:05:30.0436 5272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/25 17:05:30.0483 5272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/04/25 17:05:30.0529 5272 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 17:05:30.0576 5272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/25 17:05:30.0607 5272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/04/25 17:05:30.0670 5272 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/25 17:05:30.0701 5272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/04/25 17:05:30.0748 5272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 17:05:30.0763 5272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/04/25 17:05:30.0795 5272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/04/25 17:05:30.0826 5272 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
2011/04/25 17:05:30.0873 5272 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
2011/04/25 17:05:30.0951 5272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/04/25 17:05:30.0997 5272 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/04/25 17:05:31.0029 5272 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
2011/04/25 17:05:31.0091 5272 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
2011/04/25 17:05:31.0153 5272 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
2011/04/25 17:05:31.0200 5272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/04/25 17:05:31.0263 5272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/04/25 17:05:31.0309 5272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/04/25 17:05:31.0372 5272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/04/25 17:05:31.0434 5272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/04/25 17:05:31.0450 5272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/04/25 17:05:31.0465 5272 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
2011/04/25 17:05:31.0497 5272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/04/25 17:05:31.0543 5272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/04/25 17:05:31.0575 5272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/04/25 17:05:31.0637 5272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/04/25 17:05:31.0731 5272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/04/25 17:05:31.0793 5272 srv (65bbf4920148c2ee279055da7228fc7b) C:\windows\system32\DRIVERS\srv.sys
2011/04/25 17:05:31.0809 5272 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\windows\system32\DRIVERS\srv2.sys
2011/04/25 17:05:31.0840 5272 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\windows\system32\DRIVERS\srvnet.sys
2011/04/25 17:05:31.0902 5272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/04/25 17:05:31.0980 5272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
2011/04/25 17:05:32.0043 5272 Tcpip (509383e505c973ed7534a06b3d19688d) C:\windows\system32\drivers\tcpip.sys
2011/04/25 17:05:32.0089 5272 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/25 17:05:32.0136 5272 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
2011/04/25 17:05:32.0167 5272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/04/25 17:05:32.0199 5272 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/04/25 17:05:32.0245 5272 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
2011/04/25 17:05:32.0323 5272 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
2011/04/25 17:05:32.0417 5272 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 17:05:32.0495 5272 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
2011/04/25 17:05:32.0557 5272 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
2011/04/25 17:05:32.0620 5272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/04/25 17:05:32.0682 5272 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
2011/04/25 17:05:32.0729 5272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
2011/04/25 17:05:32.0791 5272 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
2011/04/25 17:05:32.0838 5272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/04/25 17:05:32.0869 5272 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\windows\system32\DRIVERS\usbccgp.sys
2011/04/25 17:05:32.0947 5272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
2011/04/25 17:05:32.0963 5272 usbehci (74ee782b1d9c241efe425565854c661c) C:\windows\system32\DRIVERS\usbehci.sys
2011/04/25 17:05:33.0010 5272 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\windows\system32\drivers\usbhub.sys
2011/04/25 17:05:33.0057 5272 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2011/04/25 17:05:33.0088 5272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/25 17:05:33.0119 5272 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2011/04/25 17:05:33.0135 5272 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/04/25 17:05:33.0166 5272 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/04/25 17:05:33.0213 5272 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
2011/04/25 17:05:33.0244 5272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
2011/04/25 17:05:33.0291 5272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/04/25 17:05:33.0306 5272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/04/25 17:05:33.0353 5272 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
2011/04/25 17:05:33.0384 5272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
2011/04/25 17:05:33.0400 5272 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
2011/04/25 17:05:33.0462 5272 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
2011/04/25 17:05:33.0509 5272 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
2011/04/25 17:05:33.0556 5272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/04/25 17:05:33.0603 5272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/04/25 17:05:33.0634 5272 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/04/25 17:05:33.0681 5272 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/04/25 17:05:33.0712 5272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/04/25 17:05:33.0759 5272 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/25 17:05:33.0759 5272 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/25 17:05:33.0805 5272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/04/25 17:05:33.0852 5272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/04/25 17:05:33.0899 5272 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\windows\system32\DRIVERS\WDKMD.sys
2011/04/25 17:05:34.0008 5272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/04/25 17:05:34.0071 5272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/04/25 17:05:34.0164 5272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
2011/04/25 17:05:34.0211 5272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/04/25 17:05:34.0258 5272 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
2011/04/25 17:05:34.0305 5272 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 17:05:34.0383 5272 yukonw7 (918cfcdbb6c297c53788b926954da907) C:\windows\system32\DRIVERS\yk62x64.sys
2011/04/25 17:05:34.0648 5272 ================================================================================
2011/04/25 17:05:34.0648 5272 Scan finished
2011/04/25 17:05:34.0648 5272 ================================================================================

I see the problem with this comp. (she must have liked games and him ......) but i thought these problems were linked because they had the same exact symptoms and unknown accounts........!This is the comp. that even though the wi-fi was off and no internet connection had at least 30+ people sighned in on it.....!?And the other comp. that was just wiped and has not even been on the net since has some suspicious files and such.....I want to fix and find the problem before using the other 3!I have requested another package from clear even though they said 100% guarantee that is NOT an issue because there products CANT spread a virus and also say it is a roaming I.P. address.The first time i had the suspected comp. "wiped" and reloaded windows defender showed the UNKNOWN account passing thru when it was still at the comp. store.


  • 0

#7
Salagubang
Posted 27 April 2011 - 08:39 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi luvdacowboys2011,

Please proceed with Step Two (Combofix) of my last instruction.

:)
  • 0

#8
admin
Posted 27 April 2011 - 03:09 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
They are still unable to post:


OTL logfile created on: 4/27/2011 11:26:48 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233.00 Gb Total Space | 207.20 Gb Free Space | 88.93% Space Free | Partition Type: NTFS
Drive D: | 347.24 Gb Total Space | 346.76 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.89% Space Free | Partition Type: FAT32

Computer Name: BILLY-PC | User Name: billy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 15:41:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/08/26 18:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/15 18:24:30 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/08/11 00:34:40 | 004,384,560 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/08/09 02:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/30 01:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/05/22 22:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
PRC - [2010/02/10 07:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/02/03 15:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/02/03 15:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/09 12:00:32 | 000,107,856 | ---- | M] () -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
PRC - [2009/06/03 04:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 07:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (SafeList) ==========

MOD - [2011/04/25 15:41:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/06 23:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/06 23:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/03/04 18:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/04 18:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/04 18:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/15 18:24:30 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/31 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/22 22:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe -- (NIS)
SRV - [2010/02/03 15:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/02/03 15:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/11/09 12:02:48 | 000,120,144 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2009/11/09 12:00:32 | 000,107,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2009/11/09 12:00:20 | 000,124,240 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe -- (CACLEARWIRE)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/30 18:13:02 | 000,118,664 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/08/30 07:45:48 | 000,394,016 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/08/30 05:17:36 | 000,289,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/25 13:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/16 11:46:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/06/17 18:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/30 20:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/05/16 01:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 01:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 01:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/04/27 16:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 00:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/02/26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/09 11:47:26 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2009/11/03 07:24:36 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2009/11/03 06:01:04 | 000,318,336 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 23:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-3685146816-85811682-3049726123-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKU\S-1-5-21-3685146816-85811682-3049726123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010/09/28 20:55:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/28 20:55:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/28 20:55:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/27 11:19:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3685146816-85811682-3049726123-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3685146816-85811682-3049726123-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3685146816-85811682-3049726123-1000..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3685146816-85811682-3049726123-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3685146816-85811682-3049726123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3685146816-85811682-3049726123-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3685146816-85811682-3049726123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.13.74.12 64.13.115.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/25 15:58:14 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 11:23:23 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/04/27 11:13:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/04/27 11:13:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/04/27 11:13:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/04/27 11:12:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/04/27 11:12:46 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/27 10:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skyhook Wireless
[2011/04/27 10:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clearwire
[2011/04/27 08:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/27 08:26:30 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\InstallShield
[2011/04/27 08:26:16 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2011/04/27 08:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2011/04/27 08:22:45 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
[2011/04/27 00:39:06 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Sierra Wireless
[2011/04/27 00:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
[2011/04/27 00:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Clearwire
[2011/04/26 23:46:46 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Yahoo!
[2011/04/26 23:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/04/26 23:46:35 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Yahoo!
[2011/04/26 23:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/04/26 23:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/04/26 20:22:06 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Adobe
[2011/04/26 20:11:16 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Canon
[2011/04/26 19:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/04/26 19:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/04/26 19:46:54 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/04/26 19:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/04/26 19:25:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/04/26 15:35:16 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/26 15:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/04/26 13:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/04/26 11:39:23 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Malwarebytes
[2011/04/26 11:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/26 11:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/26 11:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/26 09:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/26 09:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/26 08:29:03 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/04/26 08:28:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/26 08:19:24 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Macromedia
[2011/04/26 08:19:20 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Adobe
[2011/04/26 08:18:12 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Clearwire
[2011/04/26 08:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clearwire
[2011/04/26 07:10:25 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Best Buy pc app
[2011/04/25 23:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2011/04/25 23:36:50 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\SRS Labs
[2011/04/25 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Intel
[2011/04/25 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Apps
[2011/04/25 23:36:20 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Deployment
[2011/04/25 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Power2Go
[2011/04/25 23:35:06 | 000,000,000 | R--D | C] -- C:\Users\billy\Searches
[2011/04/25 23:35:06 | 000,000,000 | R--D | C] -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/25 23:35:06 | 000,000,000 | -H-D | C] -- C:\Users\billy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/04/25 23:34:58 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Identities
[2011/04/25 23:34:57 | 000,000,000 | R--D | C] -- C:\Users\billy\Contacts
[2011/04/25 23:34:54 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\VirtualStore
[2011/04/25 23:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/04/25 23:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2011/04/25 23:31:52 | 000,000,000 | --SD | C] -- C:\Users\billy\AppData\Roaming\Microsoft
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Videos
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Saved Games
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Pictures
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Music
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Links
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Favorites
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Downloads
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\My Documents
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\Desktop
[2011/04/25 23:31:52 | 000,000,000 | R--D | C] -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/25 23:31:52 | 000,000,000 | -HSD | C] -- C:\Users\billy\AppData\Local\Temporary Internet Files
[2011/04/25 23:31:52 | 000,000,000 | -HSD | C] -- C:\Users\billy\Local Settings
[2011/04/25 23:31:52 | 000,000,000 | -HSD | C] -- C:\Users\billy\AppData\Local\History
[2011/04/25 23:31:52 | 000,000,000 | -HSD | C] -- C:\Users\billy\Application Data
[2011/04/25 23:31:52 | 000,000,000 | -HSD | C] -- C:\Users\billy\AppData\Local\Application Data
[2011/04/25 23:31:52 | 000,000,000 | -H-D | C] -- C:\Users\billy\AppData
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\Templates
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Temp
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\Start Menu
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\SendTo
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\Recent
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\PrintHood
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\NetHood
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\Documents\My Videos
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\Documents\My Pictures
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\Documents\My Music
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\My Documents
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Local\Microsoft
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Media Center Programs
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2011/04/25 23:31:52 | 000,000,000 | ---D | C] -- C:\Users\billy\Cookies
[2011/04/25 23:31:39 | 000,000,000 | ---D | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/04/27 11:28:31 | 001,048,576 | -HS- | M] () -- C:\Users\billy\ntuser.dat
[2011/04/27 11:26:52 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 11:26:52 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 11:23:51 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/04/27 11:23:51 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/04/27 11:23:51 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/04/27 11:20:04 | 000,000,215 | ---- | M] () -- C:\windows\system.ini
[2011/04/27 11:19:53 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/04/27 11:19:38 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2011/04/27 11:19:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/27 11:19:21 | 4070,748,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 11:18:46 | 002,982,113 | -H-- | M] () -- C:\Users\billy\AppData\Local\IconCache.db
[2011/04/27 10:58:53 | 000,001,437 | ---- | M] () -- C:\Users\billy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/27 10:57:20 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2011/04/27 08:47:35 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 08:38:51 | 000,524,288 | -HS- | M] () -- C:\Users\billy\ntuser.dat{ba9bad8f-70e1-11e0-9afe-002454e4ce36}.TMContainer00000000000000000002.regtrans-ms
[2011/04/27 08:38:51 | 000,524,288 | -HS- | M] () -- C:\Users\billy\ntuser.dat{ba9bad8f-70e1-11e0-9afe-002454e4ce36}.TMContainer00000000000000000001.regtrans-ms
[2011/04/27 08:38:51 | 000,065,536 | -HS- | M] () -- C:\Users\billy\ntuser.dat{ba9bad8f-70e1-11e0-9afe-002454e4ce36}.TM.blf
[2011/04/27 08:33:13 | 000,004,222 | ---- | M] () -- C:\windows\HotFixList.ini
[2011/04/27 08:30:22 | 000,345,600 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\windows\SetLCDStretchMode.exe
[2011/04/27 08:29:17 | 000,406,528 | ---- | M] (Samsung Electronics) -- C:\windows\HotfixChecker.exe
[2011/04/27 08:22:45 | 000,000,398 | ---- | M] () -- C:\Users\billy\Desktop\pc app.appref-ms
[2011/04/27 08:21:21 | 000,001,076 | ---- | M] () -- C:\Users\billy\Desktop\Your Feedback is Important.lnk
[2011/04/26 06:46:35 | 000,524,288 | -HS- | M] () -- C:\Users\billy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/04/26 06:46:35 | 000,524,288 | -HS- | M] () -- C:\Users\billy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/04/26 06:46:35 | 000,065,536 | -HS- | M] () -- C:\Users\billy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/04/25 23:36:17 | 000,062,648 | ---- | M] () -- C:\Users\billy\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/04/25 23:32:46 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\MultimediaPOP.lnk
[2011/04/25 23:32:29 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\ChargeableUSB.lnk
[2011/04/25 23:32:05 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_QX310_03MX.mrk
[2011/04/25 23:31:52 | 000,000,020 | -HS- | M] () -- C:\Users\billy\ntuser.ini
[2011/04/25 07:31:05 | 000,039,219 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/04/25 07:31:05 | 000,039,219 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2011/04/27 11:13:53 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/04/27 11:13:53 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/04/27 11:13:53 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/04/27 11:13:53 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/04/27 11:13:53 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/04/27 10:58:53 | 000,001,437 | ---- | C] () -- C:\Users\billy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/27 10:57:25 | 000,000,144 | ---- | C] () -- C:\windows\SysNative\drivers\macxvi.cfg
[2011/04/27 10:57:20 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2011/04/27 08:47:35 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/27 08:22:45 | 000,000,398 | ---- | C] () -- C:\Users\billy\Desktop\pc app.appref-ms
[2011/04/27 08:21:58 | 000,001,409 | ---- | C] () -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/04/27 08:21:52 | 000,001,443 | ---- | C] () -- C:\Users\billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/27 08:21:21 | 000,001,076 | ---- | C] () -- C:\Users\billy\Desktop\Your Feedback is Important.lnk
[2011/04/27 08:20:33 | 000,524,288 | -HS- | C] () -- C:\Users\billy\ntuser.dat{ba9bad8f-70e1-11e0-9afe-002454e4ce36}.TMContainer00000000000000000002.regtrans-ms
[2011/04/27 08:20:33 | 000,524,288 | -HS- | C] () -- C:\Users\billy\ntuser.dat{ba9bad8f-70e1-11e0-9afe-002454e4ce36}.TMContainer00000000000000000001.regtrans-ms
[2011/04/27 08:20:32 | 000,065,536 | -HS- | C] () -- C:\Users\billy\ntuser.dat{ba9bad8f-70e1-11e0-9afe-002454e4ce36}.TM.blf
[2011/04/26 06:46:31 | 002,982,113 | -H-- | C] () -- C:\Users\billy\AppData\Local\IconCache.db
[2011/04/25 23:36:17 | 000,062,648 | ---- | C] () -- C:\Users\billy\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/04/25 23:32:46 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\MultimediaPOP.lnk
[2011/04/25 23:32:29 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\ChargeableUSB.lnk
[2011/04/25 23:32:05 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_QX310_03MX.mrk
[2011/04/25 23:31:52 | 001,048,576 | -HS- | C] () -- C:\Users\billy\ntuser.dat
[2011/04/25 23:31:52 | 000,524,288 | -HS- | C] () -- C:\Users\billy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011/04/25 23:31:52 | 000,524,288 | -HS- | C] () -- C:\Users\billy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/04/25 23:31:52 | 000,065,536 | -HS- | C] () -- C:\Users\billy\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/04/25 23:31:52 | 000,000,290 | ---- | C] () -- C:\Users\billy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/25 23:31:52 | 000,000,272 | ---- | C] () -- C:\Users\billy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/04/25 23:31:52 | 000,000,020 | -HS- | C] () -- C:\Users\billy\ntuser.ini
[2010/09/29 12:16:02 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/09/29 12:16:02 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/09/29 12:16:02 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/09/29 12:16:01 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/09/29 12:15:59 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/09/28 20:53:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/09/28 20:13:28 | 000,004,222 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:35:42 | 000,001,405 | ---- | C] () -- C:\windows\msdfmap.ini
[2009/07/13 19:34:57 | 000,000,403 | ---- | C] () -- C:\windows\win.ini
[2009/07/13 19:34:57 | 000,000,215 | ---- | C] () -- C:\windows\system.ini
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/27 09:05:43 | 000,000,000 | ---D | M] -- C:\Users\billy\AppData\Roaming\Canon
[2011/04/27 00:39:06 | 000,000,000 | ---D | M] -- C:\Users\billy\AppData\Roaming\Sierra Wireless
[2009/07/13 22:08:49 | 000,003,876 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#9
admin
Posted 27 April 2011 - 03:10 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Combofix:


ComboFix 11-04-25.01 - billy 04/27/2011 11:14:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3882.2290 [GMT -7:00]
Running from: F:\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\billy\AppData\Local\Temp\1279.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 18:18 . 2011-04-27 18:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-04-27 18:18 . 2011-04-27 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-27 18:12 . 2011-04-27 18:13 -------- d-----w- C:\32788R22FWJFW
2011-04-27 17:57 . 2011-04-27 17:57 -------- d-----w- c:\program files (x86)\Skyhook Wireless
2011-04-27 07:38 . 2011-04-27 17:57 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
2011-04-27 07:38 . 2011-04-27 07:38 -------- d-----w- c:\programdata\Clearwire
2011-04-27 06:46 . 2011-04-27 16:05 -------- d-----w- c:\programdata\Yahoo! Companion
2011-04-27 06:45 . 2011-04-27 16:05 -------- d-----w- c:\programdata\Yahoo!
2011-04-27 06:43 . 2011-04-27 16:05 -------- d-----w- c:\program files (x86)\Yahoo!
2011-04-27 02:50 . 2011-04-27 02:50 -------- d-----w- c:\program files\Common Files\CANON
2011-04-27 02:49 . 2011-04-27 02:49 -------- d-----w- c:\program files\Canon
2011-04-27 02:46 . 2011-04-27 16:05 -------- d-----w- c:\program files (x86)\Canon
2011-04-27 02:25 . 2011-04-27 02:25 -------- d--h--w- c:\programdata\CanonBJ
2011-04-26 22:35 . 2011-04-26 22:35 -------- d-----w- c:\programdata\!SASCORE
2011-04-26 20:03 . 2011-04-26 20:03 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-26 18:39 . 2011-04-26 18:39 -------- d-----w- c:\programdata\Malwarebytes
2011-04-26 18:39 . 2011-04-27 16:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-26 16:23 . 2011-04-26 16:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-26 16:23 . 2011-04-27 15:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-26 15:18 . 2011-04-26 15:18 -------- d-----w- c:\program files (x86)\Clearwire
2011-04-26 06:58 . 2011-04-26 06:58 -------- d-----w- c:\programdata\Geek Squad
2011-04-26 06:33 . 2011-04-26 06:33 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-04-26 06:32 . 2011-04-26 06:32 -------- d-----w- c:\program files\Elantech
2011-04-26 06:31 . 2011-04-27 15:20 -------- d-----w- c:\users\billy
2011-04-26 06:31 . 2011-04-26 06:31 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 15:30 . 2010-09-29 03:28 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2011-04-27 15:29 . 2010-09-29 03:28 406528 ----a-w- c:\windows\HotfixChecker.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2988488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-9-28 156952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2009-11-09 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2009-11-09 120144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-05-23 126904]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-16 1620584]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2009-11-09 107856]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-17 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-17 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-17 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2011-04-27 11:23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-27 18:23
ComboFix2.txt 2011-04-27 11:33
ComboFix3.txt 2011-04-26 18:34
ComboFix4.txt 2011-04-26 16:17
ComboFix5.txt 2011-04-27 18:13
.
Pre-Run: 223,065,608,192 bytes free
Post-Run: 222,621,712,384 bytes free
.
- - End Of File - - 786015BDC2C383DA4F3BDC67CE9E315E
  • 0

#10
Salagubang
Posted 27 April 2011 - 06:39 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

++++++++++++++++++++

Please post this file on your next reply:

C:\Qoobox\ComboFix5.txt

+++++++++++++++++++++

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

Advertisements

#11
luvdacowboys2011
Posted 28 April 2011 - 02:08 PM

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
[attachment=49590:avptool_sysinfo.zip][attachment=49591:ComboFix5.txt]salagubang,
Did you get the info. you requested(report logs from avp tool and combofix#5)?Because the sys. info i read kinda worries me to say the least along with gov. site in favorites that goes stiaght to social sec. card......?
  • 0

#12
Salagubang
Posted 28 April 2011 - 04:58 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi luvdacowboys2011,

Thank you for posting the logs I requested. Did AVP detected malware during its run, do you have the report?

Also, can you confirm if you are posting from the ailing machine? Does clicking the links brings you to correct sites?
  • 0

#13
luvdacowboys2011
Posted 28 April 2011 - 06:53 PM

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Salagubang
Here is the log from the AVP tool (kaspersky scan tool)!I am posting from same machine from the logs .....seems since the system recovery it does alot better.Well while waiting and trying to get that file to upload and finally says no file has been selected....but i know its the right one because i opened it to make sure!I did a search thinking MAYBE im not picking the right one and a bunch of FORBIDDEN 's come up in search!I click on them and they are from same file name,Dated last night but modified 2 years ago!??I hope your reading the same logs im reading because the system info. (from avp tool)says i have numerous security issues including 2 administrators and so on!Now im stressing......
  • 0

#14
Salagubang
Posted 28 April 2011 - 07:00 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

I hope your reading the same logs im reading because the system info. (from avp tool)says i have numerous security issues including 2 administrators and so on!Now im stressing......


Can you lead me to it and post what part of the sys info are you referring?
  • 0

#15
luvdacowboys2011
Posted 28 April 2011 - 07:02 PM

luvdacowboys2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Salagubang,
After furthur thought you should have recieved all 3 of them logs last night because when they were finished i sent them!I sent the system information 2 because first time i saved it just like a combofix or otl log so i re-did it and sent it again!?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP