Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ammyy.com scam victim


  • Please log in to reply

#1
gabybaby

gabybaby

    Member

  • Member
  • PipPip
  • 62 posts
Dear G2G,

Let me thank all of you a G2G in advance for any help you could give me. I have my friend's laptop over here with me right now - she has fallen victim of the ammyy.com scam: Someone called her and told her that her system was infected with a virus and that the computer would shut down momentarily unless she went to the ammyy website and logged on. She did what they asked (I wasn't there at the time) and I think that by doing so something was installed on this machine - I googled the topic and over there it said that they install a keylogger.

Anyway, her laptop was messed up - upon start-up the bug did not allow her laptop to start properly, so she brought it to me to see if I could do anything. In safe mode, I looked to see if there was any software installed by these people but was not able to find anything. Then I did a system restore to a configuration that was saved before this happened. This seemed to allow the computer to start up normally. The anti-virus software said it was corrupted, but I was able to sort that out. I applied the windows updates (win. 7 32 bit) to the most current ones.

I don't really know, however, if I got rid of this thing, because I don't know how to check. So I'm including an OTL log file below in the hopes that one of you could review it, and advise what I should do, if anything. I don't know if you need the Extras log file too, but I've included it the bottom.

Once again thanks so much for you help.



----------------------------------------------------------------



OTL logfile created on: 11/8/2011 5:40:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mojdeh\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 33.83% Memory free
4.00 Gb Paging File | 2.44 Gb Available in Paging File | 60.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 68.22 Gb Free Space | 61.08% Space Free | Partition Type: NTFS

Computer Name: MOJDEH-PC | User Name: Mojdeh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 17:38:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mojdeh\Desktop\OTL.exe
PRC - [2011/10/28 16:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 16:52:02 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/03 13:20:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 22:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/16 07:18:28 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/03/16 07:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/13 17:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 13:20:15 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/29 07:31:40 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/20 21:35:00 | 000,247,400 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/05/04 23:04:04 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/28 16:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/14 12:42:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 10:01:34 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/16 07:18:28 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/28 16:52:04 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/10/28 16:52:02 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/12 09:40:46 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/05/20 22:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 13:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 13:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 13:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 13:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 13:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 13:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 13:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/22 15:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/06/09 15:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 15:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/04/22 17:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 18:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 5F FA 3E 73 8B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/06/12 10:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/06/12 10:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 13:20:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/25 11:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mojdeh\AppData\Roaming\Mozilla\Extensions
[2011/07/29 17:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mojdeh\AppData\Roaming\Mozilla\Firefox\Profiles\vof5o1hi.default\extensions
[2011/11/08 17:33:15 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Mojdeh\AppData\Roaming\Mozilla\Firefox\Profiles\vof5o1hi.default\extensions\[email protected]
[2011/06/25 11:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/12 09:41:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/10/03 13:20:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 13:20:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2855FC9A-13A2-4F7F-8B05-97597BEE2C8C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96EB7AA4-7F43-400B-97E1-C10059B082B2}: DhcpNameServer = 66.51.205.100 156.154.71.16 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 17:38:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mojdeh\Desktop\OTL.exe
[2011/11/08 17:12:50 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{D6583192-9722-4131-BF6D-581D8C063830}
[2011/11/08 17:12:36 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{A59BBC12-5201-427E-A84A-D237E39A9C81}
[2011/11/08 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{CF51DAAD-4347-41E8-AA2F-CBAB55BE0A5F}
[2011/11/08 14:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY
[2011/11/08 08:05:16 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{39A3B953-3380-4D08-9F5D-F8E971D819C8}
[2011/11/08 08:05:02 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{55BD4FA1-0E7B-4F7A-B40D-AED84BC16AD8}
[2011/11/07 09:32:01 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{28AAE0A8-F959-4CDC-A589-3E043201D57C}
[2011/11/07 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{05E48152-46B9-4D0E-998A-D509ADBFD942}
[2011/11/06 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{73994FF7-DA02-49BC-AFFE-9A718E980249}
[2011/11/06 15:48:10 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{9AE822C9-817F-45ED-9180-21563EDCFE28}
[2011/11/04 09:48:29 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{EEFCDBFD-C7D0-4D1E-90D9-0572D6A7F898}
[2011/11/04 09:48:18 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{027055D4-2263-4598-A977-A304037E61A1}
[2011/11/03 21:47:51 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{B953B13A-F23F-4625-94BC-6AB5F5A6E655}
[2011/11/03 07:24:11 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{3FCF34BA-3C81-4AD4-BB83-F2BDBF90755B}
[2011/11/03 07:23:58 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{B64A4CB6-490D-417B-9291-4ED7C8A90D3A}
[2011/11/02 10:10:32 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{CBF10105-4442-459F-BDA0-E45D94D28DB1}
[2011/11/02 10:10:14 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{AABCBCD2-EC29-4410-B359-4ED272B57B71}
[2011/11/01 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{DAD3BD09-08C2-43AA-A9D0-F519E70871BD}
[2011/11/01 07:54:28 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{D328A664-2BAA-4D2F-9EE1-A4267041BE68}
[2011/11/01 07:54:17 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{6C21B123-FCCC-4481-8912-B61D8B299051}
[2011/10/31 13:43:13 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{78D3054B-C4D2-4A09-9528-69682A844962}
[2011/10/31 13:43:02 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{1EC084EA-5C27-4720-B2C7-57C384528E63}
[2011/10/30 23:08:01 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{3696A40B-0674-4BBB-B23F-91D1D5A3C5B3}
[2011/10/30 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{63F71A45-C16A-4E20-9E0A-2EACA76D75BF}
[2011/10/30 10:19:06 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{9E833C5D-96E7-459D-9774-9BE549C0D11E}
[2011/10/29 12:30:10 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{466FC4DA-4625-4184-86B4-F46E9756B0AE}
[2011/10/29 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{7D4E2702-C225-432B-812D-76D1F6BBAB56}
[2011/10/28 16:38:49 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{4522C0BA-B7E7-4DE0-9FF2-12D621492702}
[2011/10/27 09:13:16 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{BC5AD501-F8E8-4F46-8EF1-1299D70BD5A4}
[2011/10/27 09:13:05 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{20C7845F-E2F6-46EC-A7CC-B31DAE37A27D}
[2011/10/26 21:10:17 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{A46986B9-E09E-4A47-A8F6-3BF9366FAF6E}
[2011/10/26 02:29:35 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{BDCE266E-C936-4C25-BC4E-3C7BD2DC0F29}
[2011/10/25 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{E81FD64F-B259-4ED0-9F6E-DDDF29E0106C}
[2011/10/25 09:23:05 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{2ED975AD-2E73-4AE0-B1BF-C3161D11C820}
[2011/10/24 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{DE534265-BC74-4524-BA39-B275BE53C78F}
[2011/10/24 07:54:08 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{2DC864C4-BBA8-420A-81D4-7714630A690A}
[2011/10/24 07:53:54 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{6F10E344-A05A-411E-A026-F638F15E1ECE}
[2011/10/23 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{4FEBF950-0293-4904-BCCE-FC807069745F}
[2011/10/23 11:13:50 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{6B5CA8C4-11B8-4A34-8DCA-057BC58077A9}
[2011/10/22 23:13:32 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{05E8D2EE-E2E3-4F82-BFE0-9606B689E99B}
[2011/10/22 11:12:43 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{05B36241-EFB8-417B-B459-1D071B373057}
[2011/10/22 11:12:29 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{F0B838D3-B586-4DCC-92A5-C066AA2ACDD1}
[2011/10/21 08:16:51 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{CBCB2741-5C2A-4B2B-8FA3-C9A5B1A4A882}
[2011/10/21 08:16:39 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{2543FC17-89AB-4B5C-9395-C5A412CD04B6}
[2011/10/20 07:44:02 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{D1E1D79C-787C-4C27-89AF-DB0384C54B70}
[2011/10/20 07:43:45 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{C625219D-BD0D-4A5D-90FC-C4D9BA3578FD}
[2011/10/19 11:22:12 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{E4706314-1EA1-4E2E-99D6-7BDEE8EABB62}
[2011/10/19 11:22:00 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{81BA0D5D-1962-4E7C-809D-58401B054D65}
[2011/10/18 21:14:44 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{19F50D72-D783-492F-A52C-6F27047EE52E}
[2011/10/18 07:17:06 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{890E2CD8-7FF3-46F4-B505-1501E646CBB2}
[2011/10/18 07:16:55 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{435AC377-208E-4993-A973-C977683BC063}
[2011/10/17 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{9D61F90F-D160-4FF8-B9D8-C6F2CBA3C4AE}
[2011/10/17 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{2D88EE8D-FE5D-4E36-8AED-6F3F3351161F}
[2011/10/17 07:28:30 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{8082F523-0335-4E94-9829-963063B47559}
[2011/10/16 10:15:36 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{6460B93C-2DBC-4703-BFCA-56DD6017851E}
[2011/10/16 10:15:21 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{E7D3A116-6A1D-464F-8FA3-348EF58AC47A}
[2011/10/15 11:46:54 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{38EF8308-3D5C-4CAB-99CC-EF7CFE9760E0}
[2011/10/15 11:44:33 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{62EDD850-BFE5-44B1-89AF-ABE931713340}
[2011/10/15 11:22:42 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{05E17EA0-7EF4-4659-AA2A-0F6FB8154F41}
[2011/10/14 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\Diagnostics
[2011/10/14 09:55:56 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{7CD68FEC-ED68-408E-A926-CD9C8538CE27}
[2011/10/14 09:55:43 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{F7EF55C2-5ABF-4A1E-AC99-46A512B716D3}
[2011/10/13 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{C984C3CB-99F7-4BB5-BD84-AF6A69EB6FE7}
[2011/10/13 09:51:47 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{058E9E76-1D8F-49E5-89D1-F47D02190201}
[2011/10/12 21:26:07 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{9BEAACA9-EBBB-4436-97C6-1181362641F8}
[2011/10/12 09:25:43 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{CCBDB404-25BA-4EE4-A2A4-6D6817CF2548}
[2011/10/12 09:25:32 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{C863E3B4-EE61-411A-A149-943597241091}
[2011/10/11 21:25:03 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{79D7244E-118B-4084-AC62-5F0682DD231D}
[2011/10/11 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{00F6F272-4352-4D52-A4EB-6E964771E931}
[2011/10/11 08:37:20 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{5423BF2D-C18E-4AC4-A772-61E9B12EBAF1}
[2011/10/10 20:36:54 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{5C9C20CE-E69E-41FA-8A1F-8365504FBA62}
[2011/10/10 07:51:38 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{39D76E7B-C538-4531-A857-A9832A665C30}
[2011/10/10 07:51:26 | 000,000,000 | ---D | C] -- C:\Users\Mojdeh\AppData\Local\{C8D3E938-4657-4DD3-AFCE-27CC44970195}
[2 C:\Users\Mojdeh\Documents\*.tmp files -> C:\Users\Mojdeh\Documents\*.tmp -> ]
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 17:38:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mojdeh\Desktop\OTL.exe
[2011/11/08 17:26:17 | 000,020,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 17:26:17 | 000,020,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 17:24:57 | 000,624,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/08 17:24:57 | 000,106,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/08 17:18:58 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/08 17:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 17:18:34 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 17:11:28 | 000,339,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/03 22:04:53 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/02 11:27:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/11/02 11:27:55 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/29 12:20:13 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/10/28 16:52:04 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/10/10 14:41:45 | 000,072,014 | ---- | M] () -- C:\Users\Mojdeh\Documents\image1.jpg
[2 C:\Users\Mojdeh\Documents\*.tmp files -> C:\Users\Mojdeh\Documents\*.tmp -> ]
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 17:11:41 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/03 22:04:53 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/10/10 14:41:40 | 000,072,014 | ---- | C] () -- C:\Users\Mojdeh\Documents\image1.jpg
[2011/10/05 20:23:51 | 000,037,843 | ---- | C] () -- C:\Users\Mojdeh\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/10/05 16:05:36 | 000,021,209 | ---- | C] () -- C:\Users\Mojdeh\AppData\Roaming\Comma Separated Values (DOS).EML
[2011/07/29 17:04:59 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/06/19 22:05:29 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/06/15 12:34:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/15 12:34:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/12 12:01:48 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2011/06/12 10:25:39 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/06/12 09:41:39 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/06/12 09:41:39 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010/11/20 13:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/09 17:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,339,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,624,622 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,106,708 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/06/12 10:11:49 | 000,000,000 | ---D | M] -- C:\Users\Mojdeh\AppData\Roaming\Autodesk
[2011/06/12 13:37:42 | 000,000,000 | ---D | M] -- C:\Users\Mojdeh\AppData\Roaming\CrashPlan
[2011/11/08 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\Mojdeh\AppData\Roaming\SoftGrid Client
[2011/06/13 13:57:16 | 000,000,000 | ---D | M] -- C:\Users\Mojdeh\AppData\Roaming\TP
[2011/10/09 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Mojdeh\AppData\Roaming\uTorrent
[2011/11/08 17:18:58 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/11/08 17:18:48 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 11/8/2011 5:40:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mojdeh\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 33.83% Memory free
4.00 Gb Paging File | 2.44 Gb Available in Paging File | 60.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 68.22 Gb Free Space | 61.08% Space Free | Partition Type: NTFS

Computer Name: MOJDEH-PC | User Name: Mojdeh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2149FA24-7AD5-4412-89A5-034C9A9710BB}" = CrashPlan
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685DEA21-3622-455A-A41B-89557A168DFD}" = Ad-Aware
"{815EDA37-52EE-4C05-B038-620F3C147854}" = Site Planning and Design
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON Printer and Utilities" = EPSON Printer Software
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2011 8:34:13 PM | Computer Name = Mojdeh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2011 8:34:39 PM | Computer Name = Mojdeh-PC | Source = VSS | ID = 8193
Description =

Error - 11/8/2011 8:34:39 PM | Computer Name = Mojdeh-PC | Source = VSS | ID = 12293
Description =

Error - 11/8/2011 8:44:34 PM | Computer Name = Mojdeh-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 11/8/2011 9:11:40 PM | Computer Name = Mojdeh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2011 9:11:50 PM | Computer Name = Mojdeh-PC | Source = VSS | ID = 8193
Description =

Error - 11/8/2011 9:11:50 PM | Computer Name = Mojdeh-PC | Source = VSS | ID = 12293
Description =

Error - 11/8/2011 9:18:58 PM | Computer Name = Mojdeh-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2011 9:19:12 PM | Computer Name = Mojdeh-PC | Source = VSS | ID = 8193
Description =

Error - 11/8/2011 9:19:12 PM | Computer Name = Mojdeh-PC | Source = VSS | ID = 12293
Description =

[ System Events ]
Error - 11/8/2011 9:25:43 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:25:43 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:25:43 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:25:43 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:25:43 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:25:43 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:26:58 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:27:52 PM | Computer Name = Mojdeh-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/8/2011 9:29:32 PM | Computer Name = Mojdeh-PC | Source = DCOM | ID = 10005
Description =

Error - 11/8/2011 9:07:51 PM | Computer Name = Mojdeh-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Definition Update for Windows Defender - KB915597 (Definition
1.115.1462.0).


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
OTL is showing C:\ProgramData\AMMYY installed 2011/11/08 14:02:28 but nothing else. I'll use OTL to remove it and then we will run some scans to make sure there is nothing hidden.


Uninstall
Ask Toolbar



Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
[2011/11/08 14:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
  
:Commands
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Dear Ron,

First off, let me thank you for your response and for the instructions on what to do. I have followed your advice to the best of my ability and what follows are the results:

- I removed the Ask toolbar.

- I ran OTL (run fix) with the script you included - I got a OTL dialog box which read: "Cannot create file C:\users\Mojdeh\Desktop\cmd.bat". Then OTL seemed to hang with all processes stopped, and there never was a reboot. I had to restart to be able to do anything - C:\ProgramData\AMMYY doesn't seem to be there anymore though.

I think I have to send everything in multiple posts because it doesn't seem to upload when I send it all at once.

-Gabriel
  • 0

#4
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
- Malwarebytes created this log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8122

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/9/2011 1:19:08 AM
mbam-log-2011-11-09 (01-19-08).txt

Scan type: Quick scan
Objects scanned: 153891
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-Combofix created this log:

ComboFix 11-11-08.02 - Mojdeh 11/09/2011 1:26.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.1126 [GMT -8:00]
Running from: c:\users\Mojdeh\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mojdeh\Documents\~WRL0001.tmp
c:\users\Mojdeh\Documents\~WRL0005.tmp
C:\xcrashdump.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-09 09:32 . 2011-11-09 09:32 -------- d-----w- c:\users\Mojdeh\AppData\Local\temp
2011-11-09 09:32 . 2011-11-09 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 09:14 . 2011-11-09 09:14 -------- d-----w- c:\users\Mojdeh\AppData\Roaming\Malwarebytes
2011-11-09 09:14 . 2011-11-09 09:14 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 09:14 . 2011-11-09 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 09:14 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 08:40 . 2011-11-09 09:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79501408-9021-4BE8-BD8A-86CFCB23EA74}\offreg.dll
2011-11-09 07:44 . 2011-11-09 07:44 -------- d-----w- C:\_OTL
2011-11-09 01:07 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 01:07 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 01:07 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 00:36 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79501408-9021-4BE8-BD8A-86CFCB23EA74}\mpengine.dll
2011-10-18 04:59 . 2011-10-18 04:59 0 ----a-w- c:\windows\system32\shoC41B.tmp
2011-10-17 15:34 . 2011-10-17 15:34 0 ----a-w- c:\windows\system32\shoCBC.tmp
2011-10-17 04:58 . 2011-10-17 04:58 0 ----a-w- c:\windows\system32\shoEA0C.tmp
2011-10-15 04:13 . 2011-10-15 04:13 -------- d-----w- c:\users\Mojdeh\AppData\Local\Diagnostics
2011-10-14 18:09 . 2011-10-14 18:09 0 ----a-w- c:\windows\system32\sho5F20.tmp
2011-10-11 20:23 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 20:23 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 20:23 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 20:23 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 01:01 . 2011-06-12 21:13 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-29 00:52 . 2011-06-12 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-01 17:13 . 2011-10-01 17:13 17 ----a-w- c:\windows\system32\shoE929.tmp
2011-09-29 15:31 . 2011-06-16 20:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 17:12 . 2011-09-23 17:12 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-21 00:38 . 2011-09-21 00:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-21 00:38 . 2011-09-21 00:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-21 00:38 . 2011-09-21 00:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-21 00:38 . 2011-09-21 00:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-21 00:38 . 2011-09-21 00:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-21 00:38 . 2011-09-21 00:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-21 00:38 . 2011-09-21 00:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-21 00:38 . 2011-09-21 00:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-21 00:38 . 2011-09-21 00:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-21 00:38 . 2011-09-21 00:38 367104 ----a-w- c:\windows\system32\html.iec
2011-09-21 00:38 . 2011-09-21 00:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-21 00:38 . 2011-09-21 00:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-21 00:38 . 2011-09-21 00:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-21 00:38 . 2011-09-21 00:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-21 00:38 . 2011-09-21 00:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-21 00:38 . 2011-09-21 00:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-21 00:38 . 2011-09-21 00:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-21 00:38 . 2011-09-21 00:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-03 21:20 . 2011-06-25 19:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 301672]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-12 110592]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-4 11000]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-29 2152152]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-10-29 15232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1343400]
R3 Wthpiduo;Wthpiduo; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-29 64512]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 152576]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-29 00:52]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mojdeh\AppData\Roaming\Mozilla\Firefox\Profiles\vof5o1hi.default\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-09 01:35:01
ComboFix-quarantined-files.txt 2011-11-09 09:35
.
Pre-Run: 72,972,251,136 bytes free
Post-Run: 72,874,377,216 bytes free
.
- - End Of File - - F90A38649D73B7BB052FC259729975D1
  • 0

#5
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
-TDSSKiller created this log:

01:40:20.0595 6004 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
01:40:21.0032 6004 ============================================================
01:40:21.0032 6004 Current date / time: 2011/11/09 01:40:21.0032
01:40:21.0032 6004 SystemInfo:
01:40:21.0032 6004
01:40:21.0032 6004 OS Version: 6.1.7601 ServicePack: 1.0
01:40:21.0032 6004 Product type: Workstation
01:40:21.0032 6004 ComputerName: MOJDEH-PC
01:40:21.0032 6004 UserName: Mojdeh
01:40:21.0032 6004 Windows directory: C:\Windows
01:40:21.0032 6004 System windows directory: C:\Windows
01:40:21.0032 6004 Processor architecture: Intel x86
01:40:21.0032 6004 Number of processors: 2
01:40:21.0032 6004 Page size: 0x1000
01:40:21.0032 6004 Boot type: Normal boot
01:40:21.0032 6004 ============================================================
01:40:22.0311 6004 Initialize success
01:40:30.0735 3592 ============================================================
01:40:30.0735 3592 Scan started
01:40:30.0735 3592 Mode: Manual;
01:40:30.0735 3592 ============================================================
01:40:31.0796 3592 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
01:40:31.0796 3592 1394ohci - ok
01:40:31.0827 3592 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
01:40:31.0843 3592 ACPI - ok
01:40:31.0859 3592 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
01:40:31.0859 3592 AcpiPmi - ok
01:40:31.0921 3592 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
01:40:31.0921 3592 adp94xx - ok
01:40:31.0937 3592 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
01:40:31.0952 3592 adpahci - ok
01:40:31.0968 3592 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
01:40:31.0968 3592 adpu320 - ok
01:40:32.0030 3592 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
01:40:32.0046 3592 AFD - ok
01:40:32.0139 3592 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
01:40:32.0139 3592 agp440 - ok
01:40:32.0171 3592 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
01:40:32.0171 3592 aic78xx - ok
01:40:32.0217 3592 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
01:40:32.0217 3592 aliide - ok
01:40:32.0233 3592 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
01:40:32.0233 3592 amdagp - ok
01:40:32.0249 3592 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
01:40:32.0249 3592 amdide - ok
01:40:32.0264 3592 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
01:40:32.0264 3592 AmdK8 - ok
01:40:32.0295 3592 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
01:40:32.0311 3592 AmdPPM - ok
01:40:32.0358 3592 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
01:40:32.0358 3592 amdsata - ok
01:40:32.0389 3592 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
01:40:32.0389 3592 amdsbs - ok
01:40:32.0405 3592 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
01:40:32.0405 3592 amdxata - ok
01:40:32.0436 3592 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
01:40:32.0436 3592 AppID - ok
01:40:32.0529 3592 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
01:40:32.0529 3592 arc - ok
01:40:32.0561 3592 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
01:40:32.0561 3592 arcsas - ok
01:40:32.0592 3592 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
01:40:32.0592 3592 AsyncMac - ok
01:40:32.0607 3592 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
01:40:32.0607 3592 atapi - ok
01:40:32.0670 3592 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
01:40:32.0670 3592 b06bdrv - ok
01:40:32.0732 3592 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:40:32.0732 3592 b57nd60x - ok
01:40:32.0763 3592 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
01:40:32.0763 3592 Beep - ok
01:40:32.0795 3592 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
01:40:32.0795 3592 blbdrive - ok
01:40:32.0841 3592 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
01:40:32.0841 3592 bowser - ok
01:40:32.0951 3592 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
01:40:32.0951 3592 BrFiltLo - ok
01:40:32.0966 3592 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
01:40:32.0982 3592 BrFiltUp - ok
01:40:33.0013 3592 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
01:40:33.0013 3592 Brserid - ok
01:40:33.0029 3592 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
01:40:33.0029 3592 BrSerWdm - ok
01:40:33.0060 3592 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:40:33.0060 3592 BrUsbMdm - ok
01:40:33.0075 3592 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
01:40:33.0075 3592 BrUsbSer - ok
01:40:33.0091 3592 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
01:40:33.0091 3592 BTHMODEM - ok
01:40:33.0247 3592 catchme - ok
01:40:33.0387 3592 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
01:40:33.0387 3592 cdfs - ok
01:40:33.0419 3592 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
01:40:33.0419 3592 cdrom - ok
01:40:33.0465 3592 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
01:40:33.0465 3592 circlass - ok
01:40:33.0528 3592 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
01:40:33.0528 3592 CLFS - ok
01:40:33.0575 3592 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
01:40:33.0590 3592 CmBatt - ok
01:40:33.0606 3592 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
01:40:33.0606 3592 cmdide - ok
01:40:33.0637 3592 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
01:40:33.0653 3592 CNG - ok
01:40:33.0668 3592 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
01:40:33.0668 3592 Compbatt - ok
01:40:33.0793 3592 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:40:33.0793 3592 CompositeBus - ok
01:40:33.0840 3592 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
01:40:33.0840 3592 crcdisk - ok
01:40:33.0918 3592 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
01:40:33.0918 3592 CSC - ok
01:40:33.0965 3592 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
01:40:33.0965 3592 DfsC - ok
01:40:33.0980 3592 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
01:40:33.0980 3592 discache - ok
01:40:34.0027 3592 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
01:40:34.0027 3592 Disk - ok
01:40:34.0105 3592 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
01:40:34.0105 3592 dmvsc - ok
01:40:34.0183 3592 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
01:40:34.0183 3592 drmkaud - ok
01:40:34.0245 3592 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
01:40:34.0261 3592 DXGKrnl - ok
01:40:34.0386 3592 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
01:40:34.0433 3592 ebdrv - ok
01:40:34.0495 3592 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
01:40:34.0511 3592 elxstor - ok
01:40:34.0573 3592 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
01:40:34.0573 3592 ErrDev - ok
01:40:34.0620 3592 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
01:40:34.0635 3592 exfat - ok
01:40:34.0651 3592 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
01:40:34.0651 3592 fastfat - ok
01:40:34.0682 3592 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
01:40:34.0682 3592 fdc - ok
01:40:34.0713 3592 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
01:40:34.0713 3592 FileInfo - ok
01:40:34.0745 3592 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
01:40:34.0745 3592 Filetrace - ok
01:40:34.0760 3592 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
01:40:34.0760 3592 flpydisk - ok
01:40:34.0791 3592 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
01:40:34.0791 3592 FltMgr - ok
01:40:34.0869 3592 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
01:40:34.0885 3592 FsDepends - ok
01:40:34.0932 3592 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
01:40:34.0932 3592 Fs_Rec - ok
01:40:34.0963 3592 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
01:40:34.0963 3592 fvevol - ok
01:40:34.0994 3592 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
01:40:34.0994 3592 gagp30kx - ok
01:40:35.0025 3592 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
01:40:35.0025 3592 hcw85cir - ok
01:40:35.0088 3592 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
01:40:35.0088 3592 HdAudAddService - ok
01:40:35.0119 3592 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:40:35.0119 3592 HDAudBus - ok
01:40:35.0150 3592 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
01:40:35.0150 3592 HidBatt - ok
01:40:35.0181 3592 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
01:40:35.0181 3592 HidBth - ok
01:40:35.0259 3592 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
01:40:35.0259 3592 HidIr - ok
01:40:35.0353 3592 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
01:40:35.0353 3592 HidUsb - ok
01:40:35.0415 3592 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
01:40:35.0415 3592 HpSAMD - ok
01:40:35.0462 3592 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
01:40:35.0478 3592 HTTP - ok
01:40:35.0493 3592 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
01:40:35.0509 3592 hwpolicy - ok
01:40:35.0540 3592 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
01:40:35.0540 3592 i8042prt - ok
01:40:35.0571 3592 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
01:40:35.0587 3592 iaStorV - ok
01:40:35.0603 3592 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
01:40:35.0603 3592 iirsp - ok
01:40:35.0618 3592 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
01:40:35.0618 3592 intelide - ok
01:40:35.0649 3592 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
01:40:35.0649 3592 intelppm - ok
01:40:35.0696 3592 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:40:35.0696 3592 IpFilterDriver - ok
01:40:35.0743 3592 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
01:40:35.0743 3592 IPMIDRV - ok
01:40:35.0805 3592 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
01:40:35.0821 3592 IPNAT - ok
01:40:35.0852 3592 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
01:40:35.0852 3592 IRENUM - ok
01:40:35.0868 3592 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
01:40:35.0868 3592 isapnp - ok
01:40:35.0899 3592 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
01:40:35.0899 3592 iScsiPrt - ok
01:40:35.0946 3592 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:40:35.0946 3592 kbdclass - ok
01:40:35.0977 3592 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
01:40:35.0977 3592 kbdhid - ok
01:40:36.0055 3592 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
01:40:36.0055 3592 KL1 - ok
01:40:36.0133 3592 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
01:40:36.0133 3592 kl2 - ok
01:40:36.0258 3592 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
01:40:36.0273 3592 KLIF - ok
01:40:36.0305 3592 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
01:40:36.0305 3592 KLIM6 - ok
01:40:36.0336 3592 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
01:40:36.0336 3592 klmouflt - ok
01:40:36.0383 3592 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
01:40:36.0383 3592 KSecDD - ok
01:40:36.0414 3592 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
01:40:36.0429 3592 KSecPkg - ok
01:40:36.0539 3592 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
01:40:36.0554 3592 Lavasoft Kernexplorer - ok
01:40:36.0648 3592 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
01:40:36.0648 3592 Lbd - ok
01:40:36.0679 3592 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
01:40:36.0695 3592 lltdio - ok
01:40:36.0757 3592 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
01:40:36.0757 3592 LSI_FC - ok
01:40:36.0788 3592 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
01:40:36.0788 3592 LSI_SAS - ok
01:40:36.0804 3592 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
01:40:36.0804 3592 LSI_SAS2 - ok
01:40:36.0819 3592 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
01:40:36.0835 3592 LSI_SCSI - ok
01:40:36.0866 3592 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
01:40:36.0866 3592 luafv - ok
01:40:36.0929 3592 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
01:40:36.0929 3592 MBAMProtector - ok
01:40:37.0038 3592 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
01:40:37.0038 3592 megasas - ok
01:40:37.0100 3592 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
01:40:37.0116 3592 MegaSR - ok
01:40:37.0147 3592 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
01:40:37.0147 3592 Modem - ok
01:40:37.0163 3592 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
01:40:37.0178 3592 monitor - ok
01:40:37.0209 3592 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
01:40:37.0209 3592 mouclass - ok
01:40:37.0241 3592 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
01:40:37.0241 3592 mouhid - ok
01:40:37.0272 3592 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
01:40:37.0272 3592 mountmgr - ok
01:40:37.0287 3592 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
01:40:37.0303 3592 mpio - ok
01:40:37.0319 3592 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
01:40:37.0319 3592 mpsdrv - ok
01:40:37.0350 3592 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
01:40:37.0350 3592 MRxDAV - ok
01:40:37.0459 3592 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:40:37.0459 3592 mrxsmb - ok
01:40:37.0506 3592 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:40:37.0521 3592 mrxsmb10 - ok
01:40:37.0537 3592 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:40:37.0553 3592 mrxsmb20 - ok
01:40:37.0584 3592 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
01:40:37.0584 3592 msahci - ok
01:40:37.0631 3592 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
01:40:37.0631 3592 msdsm - ok
01:40:37.0662 3592 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
01:40:37.0677 3592 Msfs - ok
01:40:37.0693 3592 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
01:40:37.0693 3592 mshidkmdf - ok
01:40:37.0709 3592 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
01:40:37.0709 3592 msisadrv - ok
01:40:37.0740 3592 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
01:40:37.0740 3592 MSKSSRV - ok
01:40:37.0833 3592 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
01:40:37.0833 3592 MSPCLOCK - ok
01:40:37.0849 3592 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
01:40:37.0849 3592 MSPQM - ok
01:40:37.0880 3592 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
01:40:37.0880 3592 MsRPC - ok
01:40:37.0896 3592 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
01:40:37.0896 3592 mssmbios - ok
01:40:37.0943 3592 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
01:40:37.0943 3592 MSTEE - ok
01:40:37.0958 3592 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
01:40:37.0958 3592 MTConfig - ok
01:40:37.0974 3592 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
01:40:37.0974 3592 Mup - ok
01:40:38.0036 3592 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
01:40:38.0036 3592 NativeWifiP - ok
01:40:38.0099 3592 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
01:40:38.0099 3592 NDIS - ok
01:40:38.0192 3592 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
01:40:38.0208 3592 NdisCap - ok
01:40:38.0223 3592 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
01:40:38.0223 3592 NdisTapi - ok
01:40:38.0255 3592 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
01:40:38.0255 3592 Ndisuio - ok
01:40:38.0301 3592 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
01:40:38.0301 3592 NdisWan - ok
01:40:38.0317 3592 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
01:40:38.0317 3592 NDProxy - ok
01:40:38.0379 3592 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
01:40:38.0379 3592 NetBIOS - ok
01:40:38.0395 3592 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
01:40:38.0395 3592 NetBT - ok
01:40:38.0551 3592 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
01:40:38.0598 3592 netw5v32 - ok
01:40:38.0691 3592 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
01:40:38.0707 3592 nfrd960 - ok
01:40:38.0738 3592 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
01:40:38.0738 3592 Npfs - ok
01:40:38.0754 3592 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
01:40:38.0754 3592 nsiproxy - ok
01:40:38.0832 3592 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
01:40:38.0863 3592 Ntfs - ok
01:40:38.0894 3592 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
01:40:38.0894 3592 Null - ok
01:40:39.0237 3592 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:40:39.0503 3592 nvlddmkm - ok
01:40:39.0612 3592 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
01:40:39.0612 3592 nvraid - ok
01:40:39.0643 3592 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
01:40:39.0643 3592 nvstor - ok
01:40:39.0705 3592 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
01:40:39.0705 3592 nv_agp - ok
01:40:39.0737 3592 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
01:40:39.0737 3592 ohci1394 - ok
01:40:39.0768 3592 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
01:40:39.0768 3592 Parport - ok
01:40:39.0799 3592 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
01:40:39.0799 3592 partmgr - ok
01:40:39.0815 3592 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
01:40:39.0815 3592 Parvdm - ok
01:40:39.0846 3592 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
01:40:39.0846 3592 pci - ok
01:40:39.0861 3592 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
01:40:39.0861 3592 pciide - ok
01:40:39.0908 3592 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
01:40:39.0908 3592 pcmcia - ok
01:40:40.0002 3592 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
01:40:40.0002 3592 pcw - ok
01:40:40.0033 3592 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
01:40:40.0049 3592 PEAUTH - ok
01:40:40.0142 3592 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
01:40:40.0158 3592 PptpMiniport - ok
01:40:40.0173 3592 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
01:40:40.0189 3592 Processor - ok
01:40:40.0220 3592 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
01:40:40.0220 3592 Psched - ok
01:40:40.0267 3592 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
01:40:40.0283 3592 ql2300 - ok
01:40:40.0376 3592 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
01:40:40.0376 3592 ql40xx - ok
01:40:40.0407 3592 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
01:40:40.0407 3592 QWAVEdrv - ok
01:40:40.0439 3592 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
01:40:40.0454 3592 RasAcd - ok
01:40:40.0595 3592 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:40:40.0595 3592 RasAgileVpn - ok
01:40:40.0751 3592 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:40:40.0751 3592 Rasl2tp - ok
01:40:40.0797 3592 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
01:40:40.0797 3592 RasPppoe - ok
01:40:40.0829 3592 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
01:40:40.0829 3592 RasSstp - ok
01:40:40.0860 3592 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
01:40:40.0860 3592 rdbss - ok
01:40:40.0891 3592 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
01:40:40.0891 3592 rdpbus - ok
01:40:40.0907 3592 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:40:40.0907 3592 RDPCDD - ok
01:40:41.0016 3592 RDPDISPM (3a3a4c256b91276210d3a2faf019313d) C:\Windows\system32\DRIVERS\rdpdispm.sys
01:40:41.0016 3592 RDPDISPM - ok
01:40:41.0063 3592 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
01:40:41.0063 3592 RDPDR - ok
01:40:41.0109 3592 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
01:40:41.0125 3592 RDPENCDD - ok
01:40:41.0141 3592 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
01:40:41.0141 3592 RDPREFMP - ok
01:40:41.0172 3592 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
01:40:41.0172 3592 RDPWD - ok
01:40:41.0219 3592 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
01:40:41.0219 3592 rdyboost - ok
01:40:41.0281 3592 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
01:40:41.0281 3592 rspndr - ok
01:40:41.0312 3592 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
01:40:41.0312 3592 s3cap - ok
01:40:41.0421 3592 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
01:40:41.0421 3592 sbp2port - ok
01:40:41.0468 3592 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
01:40:41.0468 3592 scfilter - ok
01:40:41.0499 3592 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:40:41.0499 3592 secdrv - ok
01:40:41.0562 3592 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
01:40:41.0562 3592 Serenum - ok
01:40:41.0577 3592 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
01:40:41.0577 3592 Serial - ok
01:40:41.0593 3592 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
01:40:41.0593 3592 sermouse - ok
01:40:41.0624 3592 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
01:40:41.0624 3592 sffdisk - ok
01:40:41.0655 3592 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
01:40:41.0655 3592 sffp_mmc - ok
01:40:41.0671 3592 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
01:40:41.0671 3592 sffp_sd - ok
01:40:41.0687 3592 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
01:40:41.0687 3592 sfloppy - ok
01:40:41.0765 3592 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys
01:40:41.0780 3592 Sftfs - ok
01:40:41.0874 3592 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:40:41.0874 3592 Sftplay - ok
01:40:41.0889 3592 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:40:41.0905 3592 Sftredir - ok
01:40:41.0921 3592 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys
01:40:41.0921 3592 Sftvol - ok
01:40:41.0983 3592 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
01:40:41.0983 3592 sisagp - ok
01:40:42.0030 3592 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
01:40:42.0030 3592 SiSRaid2 - ok
01:40:42.0045 3592 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
01:40:42.0061 3592 SiSRaid4 - ok
01:40:42.0092 3592 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
01:40:42.0092 3592 Smb - ok
01:40:42.0217 3592 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
01:40:42.0217 3592 spldr - ok
01:40:42.0295 3592 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
01:40:42.0295 3592 srv - ok
01:40:42.0326 3592 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
01:40:42.0326 3592 srv2 - ok
01:40:42.0389 3592 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
01:40:42.0404 3592 SrvHsfHDA - ok
01:40:42.0451 3592 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
01:40:42.0467 3592 SrvHsfV92 - ok
01:40:42.0498 3592 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
01:40:42.0513 3592 SrvHsfWinac - ok
01:40:42.0591 3592 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
01:40:42.0591 3592 srvnet - ok
01:40:42.0669 3592 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
01:40:42.0669 3592 stexstor - ok
01:40:42.0716 3592 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
01:40:42.0716 3592 storflt - ok
01:40:42.0747 3592 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
01:40:42.0747 3592 storvsc - ok
01:40:42.0779 3592 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
01:40:42.0779 3592 swenum - ok
01:40:42.0888 3592 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
01:40:42.0903 3592 Tcpip - ok
01:40:43.0013 3592 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
01:40:43.0028 3592 TCPIP6 - ok
01:40:43.0059 3592 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
01:40:43.0059 3592 tcpipreg - ok
01:40:43.0091 3592 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
01:40:43.0106 3592 TDPIPE - ok
01:40:43.0122 3592 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
01:40:43.0122 3592 TDTCP - ok
01:40:43.0137 3592 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
01:40:43.0153 3592 tdx - ok
01:40:43.0169 3592 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
01:40:43.0169 3592 TermDD - ok
01:40:43.0215 3592 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:40:43.0215 3592 tssecsrv - ok
01:40:43.0231 3592 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
01:40:43.0231 3592 TsUsbFlt - ok
01:40:43.0262 3592 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
01:40:43.0262 3592 TsUsbGD - ok
01:40:43.0293 3592 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
01:40:43.0293 3592 tunnel - ok
01:40:43.0325 3592 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
01:40:43.0325 3592 uagp35 - ok
01:40:43.0356 3592 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
01:40:43.0356 3592 udfs - ok
01:40:43.0496 3592 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
01:40:43.0496 3592 uliagpkx - ok
01:40:43.0527 3592 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
01:40:43.0543 3592 umbus - ok
01:40:43.0559 3592 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
01:40:43.0559 3592 UmPass - ok
01:40:43.0605 3592 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
01:40:43.0605 3592 usbccgp - ok
01:40:43.0637 3592 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
01:40:43.0637 3592 usbcir - ok
01:40:43.0683 3592 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
01:40:43.0683 3592 usbehci - ok
01:40:43.0730 3592 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
01:40:43.0730 3592 usbhub - ok
01:40:43.0746 3592 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
01:40:43.0746 3592 usbohci - ok
01:40:43.0777 3592 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
01:40:43.0777 3592 usbprint - ok
01:40:43.0808 3592 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:40:43.0808 3592 USBSTOR - ok
01:40:43.0886 3592 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
01:40:43.0886 3592 usbuhci - ok
01:40:43.0949 3592 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
01:40:43.0949 3592 vdrvroot - ok
01:40:43.0980 3592 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
01:40:43.0980 3592 vga - ok
01:40:43.0995 3592 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
01:40:43.0995 3592 VgaSave - ok
01:40:44.0027 3592 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
01:40:44.0042 3592 vhdmp - ok
01:40:44.0073 3592 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
01:40:44.0073 3592 viaagp - ok
01:40:44.0089 3592 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
01:40:44.0089 3592 ViaC7 - ok
01:40:44.0105 3592 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
01:40:44.0105 3592 viaide - ok
01:40:44.0151 3592 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
01:40:44.0151 3592 vmbus - ok
01:40:44.0167 3592 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
01:40:44.0167 3592 VMBusHID - ok
01:40:44.0198 3592 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
01:40:44.0198 3592 volmgr - ok
01:40:44.0292 3592 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
01:40:44.0307 3592 volmgrx - ok
01:40:44.0354 3592 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
01:40:44.0354 3592 volsnap - ok
01:40:44.0401 3592 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
01:40:44.0401 3592 vsmraid - ok
01:40:44.0417 3592 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
01:40:44.0417 3592 vwifibus - ok
01:40:44.0463 3592 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
01:40:44.0463 3592 WacomPen - ok
01:40:44.0495 3592 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:40:44.0495 3592 WANARP - ok
01:40:44.0510 3592 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:40:44.0510 3592 Wanarpv6 - ok
01:40:44.0541 3592 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
01:40:44.0541 3592 Wd - ok
01:40:44.0557 3592 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:40:44.0573 3592 Wdf01000 - ok
01:40:44.0666 3592 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
01:40:44.0682 3592 WfpLwf - ok
01:40:44.0697 3592 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
01:40:44.0697 3592 WIMMount - ok
01:40:44.0791 3592 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
01:40:44.0791 3592 WinUsb - ok
01:40:44.0869 3592 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:40:44.0885 3592 WmiAcpi - ok
01:40:44.0931 3592 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
01:40:44.0931 3592 ws2ifsl - ok
01:40:45.0041 3592 Wthpiduo - ok
01:40:45.0072 3592 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
01:40:45.0072 3592 WudfPf - ok
01:40:45.0103 3592 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:40:45.0103 3592 WUDFRd - ok
01:40:45.0150 3592 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:40:45.0165 3592 \Device\Harddisk0\DR0 - ok
01:40:45.0165 3592 Boot (0x1200) (04f6bdec88beac0b5821b54a55a8b98d) \Device\Harddisk0\DR0\Partition0
01:40:45.0165 3592 \Device\Harddisk0\DR0\Partition0 - ok
01:40:45.0165 3592 ============================================================
01:40:45.0165 3592 Scan finished
01:40:45.0165 3592 ============================================================
01:40:45.0181 6080 Detected object count: 0
01:40:45.0181 6080 Actual detected object count: 0
01:41:34.0072 1572 Deinitialize success
  • 0

#6
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
-aswMBR - the fix button was disabled. It created this log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-09 09:24:33
-----------------------------
09:24:33.453 OS Version: Windows 6.1.7601 Service Pack 1
09:24:33.453 Number of processors: 2 586 0x1706
09:24:33.455 ComputerName: MOJDEH-PC UserName: Mojdeh
09:24:40.513 Initialize success
09:28:07.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
09:28:07.469 Disk 0 Vendor: TOSHIBA_MK1251GSY LD101D Size: 114473MB BusType: 3
09:28:09.485 Disk 0 MBR read successfully
09:28:09.491 Disk 0 MBR scan
09:28:09.498 Disk 0 Windows 7 default MBR code
09:28:09.508 Disk 0 scanning sectors +234420480
09:28:09.592 Disk 0 scanning C:\Windows\system32\drivers
09:28:15.788 Service scanning
09:28:17.734 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
09:28:17.738 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
09:28:17.744 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
09:28:17.748 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
09:28:18.430 Modules scanning
09:28:25.006 Disk 0 trace - called modules:
09:28:25.026 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
09:28:25.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c8daa0]
09:28:25.037 3 CLASSPNP.SYS[8999f59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85b8a908]
09:28:25.042 Scan finished successfully
09:28:49.745 Disk 0 MBR has been saved successfully to "C:\Users\Mojdeh\Desktop\MBR.dat"
09:28:49.750 The log file has been saved successfully to "C:\Users\Mojdeh\Desktop\aswMBR.txt"
  • 0

#7
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
-GMER ran for quite some time and eventually created this log that is 28.6 MB. I can't seem to upload it. I don't know what to do the log is so big - should I run it again? Please advise.
  • 0

#8
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
-eset said that "No threats found", and created this log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK


-Bitdefender created this log:


QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Wed Nov 09 12:46:36 2011
Machine ID: CC214D7F



No infection found.
-------------------



Processes
---------
Ad-Aware Tray Application 2924 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
CrashPlan Tray 3100 C:\Program Files\CrashPlan\CrashPlanTray.exe
Firefox 4108 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 4332 C:\Program Files\Mozilla Firefox\plugin-container.exe
Firefox 4432 C:\Program Files\Mozilla Firefox\plugin-container.exe
Kaspersky Anti-Virus 4040 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
Malwarebytes' Anti-Malware 2268 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft® Windows® Operating System 2972 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 3460 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 3184 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 3296 C:\Windows\System32\dwm.exe


Network activity
----------------
Process firefox.exe (4108) connected on port 80 (HTTP) --> 74.125.239.7
Process firefox.exe (4108) connected on port 80 (HTTP) --> 74.125.239.25
Process firefox.exe (4108) connected on port 80 (HTTP) --> 74.125.239.25
Process firefox.exe (4108) connected on port 80 (HTTP) --> 50.16.191.57
Process firefox.exe (4108) connected on port 80 (HTTP) --> 66.51.197.169
Process firefox.exe (4108) connected on port 443 (HTTP over SSL) --> 74.125.239.3
Process firefox.exe (4108) connected on port 80 (HTTP) --> 66.235.142.3
Process firefox.exe (4108) connected on port 80 (HTTP) --> 69.171.228.40



Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AutoCAD C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
CrashPlan Tray C:\Program Files\CrashPlan\CrashPlanTray.exe
Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
Kaspersky Anti-Virus C:\Windows\system32\klogon.dll
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
NVIDIA Hotkey Service, Version 275.33 C:\Windows\system32\nvHotkey.dll
nwiz.exe C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
BitDefender QuickScan C:\Users\Mojdeh\AppData\Roaming\Mozilla\Firefox\Profiles\vof5o1hi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
i-drop control C:\Windows\Downloaded Program Files\IDrop.ocx
i-drop control C:\Windows\Downloaded Program Files\IDropENU.dll
Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
Kaspersky Anti-Virus c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
System Requirements Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll
Windows® Internet Explorer C:\Windows\system32\IEFRAME.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 5ddc0a8d2cd60bda593ddaf45821ce08 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
MD5: 8c4ac22616e77925135c221c46dc6307 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 11a52cf7b265631deeb24c6149309eff C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 5cd0cd0ec4dc5df459b3ac016764f5aa C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MD5: f49821b3d4392cf4e9620ff417c6c149 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
MD5: ad61c37e1d1e56fafc5ff7e3cb2d3efa C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
MD5: 9dda4705c610d504167d093783161cdd C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll
MD5: 32a5defddc3562bf89d73586f5915b34 C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
MD5: 344546d11d7e6d9f481e9d3abc6e76cb C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: fb01d4ae207b9efdbabfc55dc95c7e31 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 970d7839b28326d2bbfdf374b02cdc9b C:\Program Files\CrashPlan\CrashPlanService.exe
MD5: 1d0e69aa5bd5c76e443b5b189add049a C:\Program Files\CrashPlan\CrashPlanTray.exe
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files\Internet Explorer\ieproxy.dll
MD5: b2b3fcba37671c853879df7dde8a839a C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
MD5: bc6792a5049b918d3a4d3f6c5b0c147d C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\eka_meta.dll
MD5: dbedcd8340ea21c0e5e925e8386b49b9 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\gadget.dll
MD5: 3936312618a1b4e8b79231dc53c326e7 c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
MD5: 888a8c956207a88036571e8ae2356c46 c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
MD5: 159d4bfda07a9745cf9e2ff267773bc7 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\nfio.ppl
MD5: 5020512b5c77e775863b31d9506d76c6 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\params.ppl
MD5: f8195ed1ae2066dd521ae6f7b55b6bd3 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\prloader.dll
MD5: 6033fda443b52bca899bb89c979f3dd5 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\prremote.dll
MD5: dee8f0f27cd370e4e9c69121625c3583 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\pxstub.ppl
MD5: 10916851e780c12a9ace9b7764ac507a C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\service.dll
MD5: e269c2c2b6277004c18bd8e1cc667e6e C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\shellex.dll
MD5: 64c1833fd671a9e07a25302c19fbd7f4 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\thpimpl.ppl
MD5: 8bb3d1bf424d298ff6a2609b39bd8822 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\winreg.ppl
MD5: ea38136981c61c571d52c380daad46ef C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
MD5: 0830e6ba8463bef96cf69c1993f74a4b C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
MD5: 6c4a3804510ad8e0f0c07b5be3d44ddb C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
MD5: bf4ed9a78f1a299966906cb7de598215 C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MD5: d557e34417045fe1ae75519930f3fa61 C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MD5: d8d95f3867c2c93d012660e59e80db20 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 844c363b47960cafcd81e5285269f280 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 026423673b8563e9975bda97ed6273c7 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 0af0c0c737ee9ba80a1c0b72fe9022c8 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 94e920be59b9ab65d95e582dbaa136ac C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 98856cb70c327adbf51325d10db39137 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
MD5: 146842398fd7855fc98095fce7f5859d C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
MD5: 8a3314f8e2d828c689a1afabaadf1453 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4e5585800b561fbef64b27425365a36f C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 8ea8b096ce1c336e031fc91f50fd2c79 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: d45b94e37b589d44602c8cd23d5846f2 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 201d1419f982e4e99491730800f93f8a C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 6769fa99f14b0a3a076c9b5c37c612ad C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: fa5c3b89009e6eeeb8ce5b5d522c8d86 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: ffdf182c96bd0a9fd3bc63bc7ebd29d9 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: c47e54508c4fd350d5aed0934e5f7ec5 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 95bfebc87318a69daf90a451d8c41d9e C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 8f6e5bf3249385755a27216ba875fe54 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 5bfb3f3f690a279c0487a43a4959c58f C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 8986675ef2d7f77a4ae2ec43e7e14cbb C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 328a247f9fc842e09f271ef53247c0f2 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: e5daea8e7689a547a1edab4768934498 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 83f4ba8b8cda4f063aa2002955a508a9 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 19b4bddd14eda48ec07aace52b56c5c6 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: fb38afc34dfb91c2b589a7bf535f21f9 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 4265870f374c9a2be39d1ca6111200be C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 428013e8625ddc3a220a2cb77c82a448 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 3799b05efbc4f0a4b430ddec09791c88 C:\Program Files\Mozilla Firefox\xul.dll
MD5: cff7b34d91fcc4b05e61a8ebf5987b12 C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 7fea176d89ef2063128e6d906c9e1f11 C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 8699acf27897736db978e5054172ce6a C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MD5: 97dfceeacdbc01883cc026a0e4472d12 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MD5: 6086b60f2e36d06a063cb07ed0524332 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: 169760023f6f8bf377765b0e75242866 C:\Program Files\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
MD5: 4a89420a40b7fa6bbbef86171a3cad16 C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
MD5: 58e99809967ea8988b335fb00cfadfa4 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
MD5: 6067acef367e79914af628fa1e9b5330 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: 3b40d3a61aa8c21b88ae57c58ab3122e C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: dcca4b04af87e52ef9eaa2190e06cbac C:\Program Files\Windows Sidebar\sidebar.exe
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\Mojdeh\AppData\Roaming\Mozilla\Firefox\Profiles\vof5o1hi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 0192fffbc3557139282e887fb61d3295 C:\Windows\Downloaded Program Files\IDrop.ocx
MD5: af6924d1af43947eaccb95bec98a9da8 C:\Windows\Downloaded Program Files\IDropENU.dll
MD5: a8c362018efc87beb013ee28f29c0863 C:\Windows\ehome\ehRecvr.exe
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\explorer.exe
MD5: c521d7eb6497bb1af6afa89e322fb43c C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
MD5: f476ec40033cdb91efbe73eb99b8362d C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
MD5: 2c49b175aee1d4364b91b531417fe583 C:\Windows\servicing\TrustedInstaller.exe
MD5: f29937a86031341fc60ce316d7f88881 C:\Windows\system32\AcSignIcon.dll
MD5: 9a39a2a5f443a756c568c6ed5748afe4 C:\Windows\System32\Actioncenter.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\system32\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\system32\ADVAPI32.dll
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: fb1959012294d6ad43e5304df65e3c26 C:\Windows\System32\appinfo.dll
MD5: 8ec00cccbb3436d534fc8da85ff943bf C:\Windows\System32\appwiz.cpl
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: ce3b4e731638d2ef62fcb419be0d39f0 C:\Windows\System32\Audiosrv.dll
MD5: cdd35c1ce1ebfe80c055691cdc8df443 C:\Windows\system32\authui.dll
MD5: 6e30d02aac9cac84f421622e3a2f6178 C:\Windows\System32\AxInstSV.dll
MD5: 67c1b58706b47eeba4e117ac197289e6 C:\Windows\system32\BatMeter.dll
MD5: 1e2bac209d184bb851e1a187d8a29136 C:\Windows\System32\bfe.dll
MD5: 6e11f33d14d020f58d5e02e4d67dfa19 C:\Windows\System32\browser.dll
MD5: e3d5e244807ad655787fcd25477cc1bc C:\Windows\System32\bthprops.cpl
MD5: 319c6b309773d063541d01df8ac6f55f C:\Windows\System32\certprop.dll
MD5: 3ffaea12666e565ff51bf2fca674f543 C:\Windows\system32\CFGMGR32.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\system32\COMDLG32.dll
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\system32\CRYPT32.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 28ca821606669bb9215ce010767720fa C:\Windows\system32\CRYPTUI.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\CSCAPI.dll
MD5: 57a51217581614de07f30e34d6bb4993 C:\Windows\System32\CSCDLL.dll
MD5: cf4274ceea9f7791fb7fc40a066bc2c7 C:\Windows\System32\cscobj.dll
MD5: 15f93b37f6801943360d9eb42485d5d3 C:\Windows\System32\cscsvc.dll
MD5: 3ec541c196de18ed9a0d0ac82a694d4c C:\Windows\System32\cscui.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 33ef4861f19a0736b11314aad9ae28d0 C:\Windows\System32\dnsrslvr.dll
MD5: 366ba8fb4b7bb7435e3b9eacb3843f67 C:\Windows\System32\dot3svc.dll
MD5: 8ec04ca86f1d68da9e11952eb85973d6 C:\Windows\system32\dps.dll
MD5: 1b133875b8aa8ac48969bd3458afe9f5 C:\Windows\system32\DRIVERS\1394ohci.sys
MD5: cea80c80bed809aa0da6febc04733349 C:\Windows\system32\drivers\ACPI.sys
MD5: 1efbc664abff416d1d07db115dcb264f C:\Windows\system32\drivers\acpipmi.sys
MD5: 9ebbba55060f786f0fcaa3893bfa2806 C:\Windows\system32\drivers\afd.sys
MD5: d320bf87125326f996d4904fe24300fc C:\Windows\system32\drivers\amdsata.sys
MD5: 46387fb17b086d16dea267d5be23a2f2 C:\Windows\system32\drivers\amdxata.sys
MD5: aea177f783e20150ace5383ee368da19 C:\Windows\system32\drivers\appid.sys
MD5: 8f2da3028d5fcbd1a060a3de64cd6506 C:\Windows\system32\DRIVERS\bowser.sys
MD5: be167ed0fdb9c1fa1133953c18d5a6c9 C:\Windows\system32\DRIVERS\cdrom.sys
MD5: cbe8c58a8579cfe5fccf809e6f114e89 C:\Windows\system32\DRIVERS\CompositeBus.sys
MD5: 3c2177a897b4ca2788c6fb0c3fd81d4b C:\Windows\system32\drivers\csc.sys
MD5: f024449c97ec1e464aaffda18593db88 C:\Windows\System32\Drivers\dfsc.sys
MD5: 2a958ef85db1b61ffca65044fa4bce9e C:\Windows\system32\drivers\dmvsc.sys
MD5: 23f5d28378a160352ba8f817bd8c71cb C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 8a73e79089b282100b9393b644cb853b C:\Windows\System32\DRIVERS\fvevol.sys
MD5: 9036377b8a6c15dc2eec53e489d159b5 C:\Windows\system32\DRIVERS\HDAudBus.sys
MD5: a5ef29d5315111c80a5c1abad14c8972 C:\Windows\system32\drivers\HdAudio.sys
MD5: 10c19f8290891af023eaec0832e1eb4d C:\Windows\system32\DRIVERS\hidusb.sys
MD5: 871917b07a141bff43d76d8844d48106 C:\Windows\system32\drivers\HTTP.sys
MD5: 0c4e035c7f105f1299258c90886c64c5 C:\Windows\System32\drivers\hwpolicy.sys
MD5: 5cd5f9a5444e6cdcb0ac89bd62d8b76e C:\Windows\system32\drivers\iaStorV.sys
MD5: 4bd7134618c1d2a27466a099062547bf C:\Windows\system32\drivers\IPMIDrv.sys
MD5: 9e3ced91863e6ee98c24794d05e27a71 C:\Windows\system32\drivers\kbdhid.sys
MD5: 94d67d49bd9503bb1d838405d80f2058 C:\Windows\system32\DRIVERS\kl1.sys
MD5: 713576569667ac9e0f8556076004a96b C:\Windows\system32\DRIVERS\kl2.sys
MD5: 39920d69eaedb51757527aa54fe25216 C:\Windows\system32\DRIVERS\klif.sys
MD5: cf88b4985d957eee45c9939092e87c92 C:\Windows\system32\DRIVERS\klim6.sys
MD5: 3de1771c135328420315e21dde229bba C:\Windows\system32\DRIVERS\klmouflt.sys
MD5: 412cea1aa78cc02a447f5c9e62b32ff1 C:\Windows\System32\Drivers\ksecdd.sys
MD5: 336abe8721cbc3110f1c6426da633417 C:\Windows\system32\DRIVERS\Lbd.sys
MD5: 69a6268d7f81e53d568ab4e7e991caf3 C:\Windows\system32\drivers\mbam.sys
MD5: fc8771f45ecccfd89684e38842539b9b C:\Windows\System32\drivers\mountmgr.sys
MD5: 2d699fb6e89ce0d8da14ecc03b3edfe0 C:\Windows\system32\drivers\mpio.sys
MD5: ceb46ab7c01c9f825f8cc6babc18166a C:\Windows\system32\drivers\mrxdav.sys
MD5: 5d16c921e3671636c0eba3bbaac5fd25 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 6d17a4791aca19328c685d256349fefc C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: b81f204d146000be76651a50670a5e9e C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: 012c5f4e9349e711e11e0f19a8589f0a C:\Windows\system32\drivers\msahci.sys
MD5: 55055f8ad8be27a64c831322a780a228 C:\Windows\system32\drivers\msdsm.sys
MD5: cb7a9abb12b8415bce5d74994c7ba3ae C:\Windows\system32\drivers\msiscsi.sys
MD5: e7c54812a2aaf43316eb6930c1ffa108 C:\Windows\system32\drivers\ndis.sys
MD5: d8a65dafb3eb41cbb622745676fcd072 C:\Windows\system32\DRIVERS\ndisuio.sys
MD5: 38fbe267e7e6983311179230facb1017 C:\Windows\system32\DRIVERS\ndiswan.sys
MD5: 280122ddcf04b378edd1ad54d71c1e54 C:\Windows\System32\DRIVERS\netbt.sys
MD5: 847b1755f7757f825305a1ffe6dac3e9 C:\Windows\system32\DRIVERS\nvlddmkm.sys
MD5: b3e25ee28883877076e0e1ff877d02e0 C:\Windows\system32\drivers\nvraid.sys
MD5: 4380e59a170d88c4f1022eff6719a8a4 C:\Windows\system32\drivers\nvstor.sys
MD5: bf8f6af06da75b336f07e23aef97d93b C:\Windows\System32\drivers\partmgr.sys
MD5: 673e55c3498eb970088e812ea820aa8f C:\Windows\system32\drivers\pci.sys
MD5: d528bc58a489409ba40334ebf96a311b C:\Windows\system32\DRIVERS\rdbss.sys
MD5: 23dae03f29d253ae74c44f99e515f9a1 C:\Windows\System32\DRIVERS\RDPCDD.sys
MD5: 3a3a4c256b91276210d3a2faf019313d C:\Windows\system32\DRIVERS\rdpdispm.sys
MD5: b973fcfc50dc1434e1970a146f7e3885 C:\Windows\System32\drivers\rdpdr.sys
MD5: 518395321dc96fe2c9f0e96ac743b656 C:\Windows\System32\drivers\rdyboost.sys
MD5: 05d860da1040f111503ac416ccef2bca C:\Windows\system32\drivers\sbp2port.sys
MD5: 0693b5ec673e34dc147e195779a4dcf6 C:\Windows\System32\DRIVERS\scfilter.sys
MD5: 6d4ccaedc018f1cf52866bbbaa235982 C:\Windows\system32\drivers\sffp_sd.sys
MD5: 8f00cc8cacf83dce5b35079f615b0f12 C:\Windows\system32\DRIVERS\Sftfslh.sys
MD5: afdb934586c4c8b2be39ae7eea6f52be C:\Windows\system32\DRIVERS\Sftplaylh.sys
MD5: 6b1865d82e0290729ed7496c24275592 C:\Windows\system32\DRIVERS\Sftredirlh.sys
MD5: 621eccb1265a01ce2bdf6f2c5e727e2b C:\Windows\system32\DRIVERS\Sftvollh.sys
MD5: e4c2764065d66ea1d2d3ebc28fe99c46 C:\Windows\System32\DRIVERS\srv.sys
MD5: 03f0545bd8d4c77fa0ae1ceedfcc71ab C:\Windows\System32\DRIVERS\srv2.sys
MD5: be6bd660caa6f291ae06a718a4fa8abc C:\Windows\System32\DRIVERS\srvnet.sys
MD5: dcaffd62259e0bdb433dd67b5bb37619 C:\Windows\system32\drivers\storvsc.sys
MD5: 65d10b191c59c5501a1263fc33f6894b C:\Windows\System32\drivers\tcpip.sys
MD5: cca24162e055c3714ce5a88b100c64ed C:\Windows\System32\drivers\tcpipreg.sys
MD5: 1cb91b2bd8f6dd367dfc2ef26fd751b2 C:\Windows\system32\drivers\tdpipe.sys
MD5: 2c10395baa4847f83042813c515cc289 C:\Windows\system32\drivers\tdtcp.sys
MD5: b459575348c20e8121d6039da063c704 C:\Windows\system32\DRIVERS\tdx.sys
MD5: 04dbf4b01ea4bf25a9a3e84affac9b20 C:\Windows\system32\DRIVERS\termdd.sys
MD5: 254bb140eee3c59d6114c1a86b636877 C:\Windows\System32\DRIVERS\tssecsrv.sys
MD5: fd1d6c73e6333be727cbcc6054247654 C:\Windows\System32\drivers\tsusbflt.sys
MD5: 01246f0baad7b68ec0f472aa41e33282 C:\Windows\system32\drivers\TsUsbGD.sys
MD5: b2fa25d9b17a68bb93d58b0556e8c90d C:\Windows\system32\DRIVERS\tunnel.sys
MD5: ee43346c7e4b5e63e54f927babbb32ff C:\Windows\system32\DRIVERS\udfs.sys
MD5: d295bed4b898f0fd999fcfa9b32b071b C:\Windows\system32\DRIVERS\umbus.sys
MD5: bd9c55d7023c5de374507acc7a14e2ac C:\Windows\system32\drivers\usbccgp.sys
MD5: f92de757e4b7ce9c07c5e65423f3ae3b C:\Windows\system32\DRIVERS\usbehci.sys
MD5: 8dc94aec6a7e644a06135ae7506dc2e9 C:\Windows\system32\DRIVERS\usbhub.sys
MD5: e185d44fac515a18d9deddc23c2cdf44 C:\Windows\system32\drivers\usbohci.sys
MD5: f991ab9cc6b908db552166768176896a C:\Windows\system32\DRIVERS\USBSTOR.SYS
MD5: 68df884cf41cdada664beb01daf67e3d C:\Windows\system32\DRIVERS\usbuhci.sys
MD5: 5461686cca2fda57b024547733ab42e3 C:\Windows\system32\drivers\vhdmp.sys
MD5: c2f2911156fdc7817c52829c86da494e C:\Windows\system32\drivers\vmbus.sys
MD5: d4d77455211e204f370d08f4963063ce C:\Windows\system32\drivers\VMBusHID.sys
MD5: 7fa7f2e249a5dcbb7970630e15e1f482 C:\Windows\system32\drivers\vms3cap.sys
MD5: 472af0311073dceceaa8fa18ba2bdf89 C:\Windows\system32\drivers\vmstorfl.sys
MD5: 4c63e00f2f4b5f86ab48a58cd990f212 C:\Windows\system32\drivers\volmgr.sys
MD5: f497f67932c6fa693d7de2780631cfe7 C:\Windows\system32\drivers\volsnap.sys
MD5: e00fdfaff025e94f9821153750c35a6d C:\Windows\system32\DRIVERS\VSTAZL3.SYS
MD5: bc0c7ea89194c299f051c24119000e17 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
MD5: ceb4e3b6890e1e42dca6694d9e59e1a0 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
MD5: 3c3c78515f5ab448b022bdf5b8ffdd2e C:\Windows\system32\DRIVERS\wanarp.sys
MD5: a67e5f9a400f3bd1be3d80613b45f708 C:\Windows\system32\DRIVERS\WinUSB.sys
MD5: e714a1c0354636837e20ccbf00888ee7 C:\Windows\system32\drivers\WudfPf.sys
MD5: 1023ee888c9b47178c5293ed5336ab69 C:\Windows\system32\DRIVERS\WUDFRd.sys
MD5: 497e59d9f01c6f247e72222a61835119 C:\Windows\system32\dwmcore.dll
MD5: 754afc50022c95da7c86b7020db78136 C:\Windows\system32\dwmredir.dll
MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: addb05c93272a62606599b24730bd645 C:\Windows\system32\dxp.dll
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\EXPLORERFRAME.dll
MD5: b3a5ec6b6b6673db7e87c2bcdbddc074 C:\Windows\system32\FntCache.dll
MD5: d0481fb85beedd30a0884be327880f80 C:\Windows\System32\framedynos.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: 967ea5b213e9984cbe270205df37755b C:\Windows\system32\fxssvc.exe
MD5: 19bc13711ac403feb830522e4831701b C:\Windows\System32\gameux.dll
MD5: e87f5393f7d8ce2facc4dff703531392 C:\Windows\system32\GDI32.dll
MD5: e897eaf5ed6ba41e081060c9b447a673 C:\Windows\System32\gpsvc.dll
MD5: c7952d0a4c43a965a1741916bb134751 C:\Windows\System32\hgcpl.dll
MD5: 7319102526bd11b45fd66335cf90ca12 C:\Windows\System32\HotStartUserAgent.dll
MD5: a081cb6fb9a12668f233eb5414be3a0e C:\Windows\system32\HPZinw12.dll
MD5: 65bc271f337637731d3c71455ae1f476 C:\Windows\system32\HPZipm12.dll
MD5: f0f079a8a947fcfbf8275be7ec1a35ae C:\Windows\system32\IEFRAME.dll
MD5: 217557259182c86a6d3ade11bc42b74a C:\Windows\system32\iertutil.dll
MD5: f95622f161474511b8d80d6b093aa610 C:\Windows\System32\ikeext.dll
MD5: 2d11bc8b460957e62e4420373a0d8bda C:\Windows\system32\imapi2.dll
MD5: 4a8e2f20809cc161107faa94f6cf2685 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL
MD5: 4d65a07b795d6674312f879d09aa7663 C:\Windows\System32\iphlpsvc.dll
MD5: 53946b69ba0836bd95b03759530c81ec C:\Windows\System32\ipsecsvc.dll
MD5: 3be120ba72475250fa6bfcb3bee6a7f7 C:\Windows\System32\jscript9.dll
MD5: e570cbd732848438eac574eb3442a2a8 C:\Windows\system32\kernel32.dll
MD5: a9f8e23c1fc00190376b11ffad9de6c6 C:\Windows\system32\KERNELBASE.dll
MD5: d3ce4ed253a1ea6aa85a5a8b481b836e C:\Windows\system32\klogon.dll
MD5: 196b4e3f4cccc24af836ce58facbb699 C:\Windows\system32\kmsvc.dll
MD5: 6658f4404de03d75fe3ba09f7aba6a30 C:\Windows\system32\ListSvc.dll
MD5: 5ad4e19d583fa285f4b5ccb7784a28c2 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\Windows\system32\MAPI32.dll
MD5: bfb9ee8ee977efe85d1a3105abef6dd1 C:\Windows\system32\Mcx2Svc.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\system32\MMDevAPI.DLL
MD5: 9835584e999d25004e1ee8e5f3e3b881 C:\Windows\system32\mpssvc.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\system32\MSASN1.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: 3a16ea01fcfaab40882db5bfee632322 C:\Windows\system32\MsftEdit.dll
MD5: 04e0cd31a63dfc0d73725a3d1768fb5a C:\Windows\System32\mshtml.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 987323f0247d023ad1ae52195540ece0 C:\Windows\system32\mssvp.dll
MD5: 56ceed370508f69a1ba04939bd1badda C:\Windows\system32\MSUTB.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\System32\netshell.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\Windows\system32\NetworkExplorer.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll
MD5: ed60c95c805dbaee92c90c3ab930085a C:\Windows\SYSTEM32\ntdll.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: 64ffb7acb668a18ba45c645a28c8cd11 C:\Windows\system32\nvapi.dll
MD5: f7899841f24cccaa22ec162a5bee408d C:\Windows\system32\nvHotkey.dll
MD5: 29c2ffb63548cf56e3fa2de159790d76 C:\Windows\system32\nvshext.dll
MD5: 7c732aff202dcd06c3d262966d71604c C:\Windows\system32\nvvsvc.exe
MD5: dbb2dbed63b4ff6a53e79e1461eedb4f C:\Windows\system32\nvwgf2um.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\system32\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\system32\OLEAUT32.dll
MD5: f748f53fe09d21d8ecbb6421e6792024 C:\Windows\system32\OneX.DLL
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 3d6f22551d422f97aacb0bb927e4c846 C:\Windows\System32\pnidui.dll
MD5: e98278865e8daba21cfe5fe4be34210a C:\Windows\system32\PortableDeviceApi.dll
MD5: c8333f1f77a1b2e25f2202e892caf634 C:\Windows\system32\prnfldr.dll
MD5: 43ca4ccc22d52fb58e8988f0198851d0 C:\Windows\system32\profsvc.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\System32\provsvc.dll
MD5: 02530b0b7e048dd5ac8d52daeacaeb2b C:\Windows\System32\QAgent.dll
MD5: 61d57a5d7c6d9afe10e77dae6e1b445e C:\Windows\system32\qagentRT.dll
MD5: e585445d5021971fae10393f0f1c3961 C:\Windows\system32\qmgr.dll
MD5: bd626ef05967d14c772b8096292731a3 C:\Windows\System32\QUtil.dll
MD5: cb9e04dc05eacf5b9a36ca276d475006 C:\Windows\System32\rasmans.dll
MD5: 6400774e903729add0a62a24a334ee56 C:\Windows\system32\RPCRT4.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 7660f01d3b38aca1747e397d21d790af C:\Windows\system32\rpcss.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll
MD5: 135f7ac9be35ab1df727faf2e60e92f8 C:\Windows\system32\schannel.DLL
MD5: a04bb13f8a72f8b6e8b4071723e4e336 C:\Windows\system32\schedsvc.dll
MD5: 08236c4bce5edd0a0318a438af28e0f7 C:\Windows\System32\SDRSVC.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: a8ce0c7f1d37e0b8082608a148b6b976 C:\Windows\System32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\system32\setupapi.dll
MD5: f14a9b1778376d0b1788e402ac1f831a C:\Windows\System32\shacct.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll
MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\Windows\system32\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\system32\SHLWAPI.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 2cfa4569350b7f84f815e9ec34e85766 C:\Windows\system32\SndVolSSO.DLL
MD5: 866a43013535dc8587c258e43579c764 C:\Windows\System32\spoolsv.exe
MD5: cf87a1de791347e75b98885214ced2b8 C:\Windows\system32\sppsvc.exe
MD5: b0180b20b065d89232a78a40fe56eaa6 C:\Windows\system32\sppuinotify.dll
MD5: 674b0c0f6a448eb185caab9c51d44032 C:\Windows\System32\srchadmin.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: d64af876d53eca3668bb97b51b4e70ab C:\Windows\System32\srvsvc.dll
MD5: 331534632d1da3377440493848e4a70e C:\Windows\system32\SSPICLI.DLL
MD5: 912649a1b3f9e6acb3899fbdaba2ed5f C:\Windows\system32\stobject.dll
MD5: 0bf669f0a910beda4a32258d363af2a5 C:\Windows\system32\storsvc.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 2ddea2c345da5bc589efd398f220db0e C:\Windows\System32\SyncCenter.dll
MD5: 20a20a911cd79a6f6839167149a05668 C:\Windows\system32\syncui.dll
MD5: 36650d618ca34c9d357dfd3d89b2c56f C:\Windows\system32\sysmain.dll
MD5: 763fecdc3d30c815fe72dd57936c6cd1 C:\Windows\System32\TabSvc.dll
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 7fa8ba5a780e4757964ac9d4238302b9 C:\Windows\System32\taskhost.exe
MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\system32\taskschd.dll
MD5: 382c804c92811be57829d8e550a900e2 C:\Windows\System32\termsrv.dll
MD5: 672d7c5080acb003343006405da2e621 C:\Windows\system32\thumbcache.dll
MD5: 83c9840cf87a0ca55526327801716d27 C:\Windows\system32\timedate.cpl
MD5: c9708c9f3dba3dbfb1d2fee1e9dabad0 C:\Windows\system32\twext.dll
MD5: ec7bc28d207da09e79b3e9faf8b232ca C:\Windows\system32\umpnpmgr.dll
MD5: f87d30e72e03d579a5199ccb3831d6ea C:\Windows\system32\umpo.dll
MD5: 409994a8eaceee4e328749c0353527a0 C:\Windows\System32\umrdp.dll
MD5: 3bf5881cb3d3402ade70be9e96e18c67 C:\Windows\system32\urlmon.dll
MD5: f1dd3acaee5e6b4bbc69bc6df75cef66 C:\Windows\system32\USER32.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\userenv.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\system32\USP10.dll
MD5: 370349f79315d4db86cd992cacefee61 C:\Windows\system32\van.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\system32\vbscript.dll
MD5: c3cd30495687c2a2f66a65ca6fd89be9 C:\Windows\System32\vds.exe
MD5: 209a3b1901b83aeb8527ed211cce9e4c C:\Windows\system32\vssvc.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 691e3285e53dca558e1a84667f13e15a C:\Windows\system32\wbengine.exe
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\System32\wer.dll
MD5: 1869bd251211fb6275067372a45682d6 C:\Windows\System32\werconcpl.dll
MD5: e1fb3706030fb4578a0d72c2fc3689e4 C:\Windows\System32\wiaservc.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\System32\winhttp.dll
MD5: d3788d91530cfa005bd516189a4c676e C:\Windows\system32\WININET.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\system32\WINTRUST.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 58405e4f68ba8e4057c6e914f326aba2 C:\Windows\System32\wkssvc.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\system32\WLDAP32.dll
MD5: aa53356d60af47eacc85bc617a4f3f66 C:\Windows\system32\wpdbusenum.dll
MD5: 735263da17bf5baf9ccd483843bf9d5a C:\Windows\system32\wpdshserviceobj.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\WS2_32.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\System32\WSCAPI.dll
MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: 3026418a50c5b4761befa632cedb7406 C:\Windows\system32\wuaueng.dll
MD5: 8d1e1e529a2c9e9b6a85b55a345f7629 C:\Windows\System32\WUDFSvc.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\System32\XmlLite.dll
MD5: a3c190d644e88de5872fc7fec7377e35 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80.dll
MD5: 5ff5e12f28725d14caa3b408848adffc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
MD5: db001faea818ae2e14a74e0adc530fc0 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCP90.dll
MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.04 MB sent, 1.50 KB recvd
Scanned 737 files and modules - 32 seconds

==============================================================================

-sfc /scannow said: "Windows Resource Protection did not find any integrity violations".

-sigverif said: "Your files have beed scanned and verified as digitally signed". It didn't say anything about any specific drivers.


-Event Viewer Tool created this log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/11/2011 1:54:11 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/11/2011 8:55:58 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.dslextreme.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 09/11/2011 8:55:14 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&d044095&0&2.

Log: 'System' Date/Time: 09/11/2011 8:55:14 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

I think that's it! Thanks again and I'll be awaiting your response.

-Gabriel
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

File::
c:\windows\system32\shoE929.tmp
c:\windows\system32\shoC41B.tmp
c:\windows\system32\shoCBC.tmp
c:\windows\system32\shoEA0C.tmp
c:\windows\system32\sho5F20.tmp

Driver::
Wthpiduo

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.





Ron
  • 0

#10
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
I was able to get GMER to make a much smaller log file by only selecting the C drive:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-09 23:18:31
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK1251GSY rev.LD101D
Running: 89lpdcyy.exe; Driver: C:\Users\Mojdeh\AppData\Local\Temp\uwdiypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8FA5BDAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8FA5DFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8FA5E262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8FA5E4D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8FA5C6BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8FA5D4F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8FA5DA3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8FA5C99A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8FA5D922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8FA5B998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8FA5D7F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8FA5BB40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8FA5DB5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8FA5C344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8FA5C442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8FA5E722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8FA5D88C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8FA5F24A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8FA5CE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8FA60458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8FA5CC2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8FA5F33C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8FA5FAA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8FA5DAD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8FA5C740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8FA5D9B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8FA5BFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8FA5F83E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8FA5DBF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8FA5BED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8FA5E7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8FA5FDDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8FA5F6D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8FA5A652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8FA5DF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8FA5DE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8FA5EFE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8FA5A9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8FA602FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8FA5A5EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8FA5D238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8FA5C560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8FA5E87E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8FA5F4DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8FA5FF2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8FA60020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8FA6015A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8FA5F16E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8FA5C18E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8FA5C0E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8FA5FC82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8FA5C27A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82A91349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82AD1D8C 4 Bytes [AA, BD, A5, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82AD1DB4 8 Bytes CALL E53CC398
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82AD1DF8 4 Bytes [D8, E4, A5, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82AD1E24 4 Bytes [BE, C6, A5, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82AD1E48 4 Bytes [F2, D4, A5, 8F]
.text ...
PAGE spsys.sys![email protected]@3PADA + 4F90 C7430000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys![email protected]@3PADA + 50B3 C7430123 8 Bytes [B5, 42, C7, FE, 05, 34, B5, ...]
PAGE spsys.sys![email protected]@3PADA + 50BC C743012C 620 Bytes [EB, 18, 83, C9, FF, F0, 0F, ...]
PAGE spsys.sys![email protected]@3PADA + 5329 C7430399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys![email protected]@3PADA + 538F C74303FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] USER32.dll!NotifyWinEvent + 6AE 7745D66C 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] USER32.dll!NotifyWinEvent + 6AE 7745D66C 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 004F0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 004F02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 004F0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 004F0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 779B07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 779B0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 779B09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 005B0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 779B0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005B0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 005B0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 005B0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 779B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 779B0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00500160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 005001D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00500240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00500320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 777507F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77750860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 777508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 005004E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77750940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 777509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00500B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00500B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00500BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00500C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77750E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00500CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77750E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77750EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77750F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 005C0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00500D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00500DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005C0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 005C00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 005C0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 005C01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 005201D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 005202B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 005D0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 005D0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005D04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 005D0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 005D05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005D0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 005208D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00520940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 005209B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 00520A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 77750010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 777500F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 77750160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77750240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 779B0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77750240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 77750160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 77750010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 777500F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 779B01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[1720] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 77750080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00370240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 003702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00370320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00370390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 779B07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 779B0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 779B09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 00580B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 779B0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00580BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00580C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00580CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 779B0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 779B0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00380160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 003801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 00380240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00380320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 777507F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 77750860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 777508D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 003804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77750940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 777509B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00380B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00380B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00380BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00380C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 77750E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00380CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 77750E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 77750EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77750F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00590010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00380D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00380DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00590080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 005900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00590160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 005901D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 003A01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 003A02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 005A0400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 005A0470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 005A04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 005A0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 005A05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 005A0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 003A08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 003A0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 003A09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe[4076] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 003A0A20

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:3336] C743DF2E

---- EOF - GMER 1.0.15 ----
  • 0

#11
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Dear Ron,

Thanks again. :) Here is the log that ComboFix generated:

ComboFix 11-11-10.01 - Mojdeh 11/10/2011 0:09.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.709 [GMT -8:00]
Running from: c:\users\Mojdeh\Desktop\ComboFix.exe
Command switches used :: c:\users\Mojdeh\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\sho5F20.tmp"
"c:\windows\system32\shoC41B.tmp"
"c:\windows\system32\shoCBC.tmp"
"c:\windows\system32\shoE929.tmp"
"c:\windows\system32\shoEA0C.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\sho5F20.tmp
c:\windows\system32\shoC41B.tmp
c:\windows\system32\shoCBC.tmp
c:\windows\system32\shoE929.tmp
c:\windows\system32\shoEA0C.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Wthpiduo
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-10 08:15 . 2011-11-10 08:17 -------- d-----w- c:\users\Mojdeh\AppData\Local\temp
2011-11-10 08:15 . 2011-11-10 08:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-10 05:23 . 2011-11-10 07:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A915496E-0357-49B7-9150-BA857D33D8CF}\offreg.dll
2011-11-09 21:13 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A915496E-0357-49B7-9150-BA857D33D8CF}\mpengine.dll
2011-11-09 20:54 . 2011-11-09 20:54 0 ----a-w- c:\windows\system32\sho9B96.tmp
2011-11-09 20:46 . 2011-11-09 20:46 -------- d-----w- c:\users\Mojdeh\AppData\Roaming\QuickScan
2011-11-09 19:26 . 2011-11-09 19:26 -------- d-----w- c:\program files\ESET
2011-11-09 17:29 . 2011-11-09 17:29 302592 ----a-w- C:\89lpdcyy.exe
2011-11-09 09:14 . 2011-11-09 09:14 -------- d-----w- c:\users\Mojdeh\AppData\Roaming\Malwarebytes
2011-11-09 09:14 . 2011-11-09 09:14 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 09:14 . 2011-11-09 09:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-09 09:14 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 07:44 . 2011-11-09 07:44 -------- d-----w- C:\_OTL
2011-11-09 01:07 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 01:07 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 01:07 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-10-15 04:13 . 2011-10-15 04:13 -------- d-----w- c:\users\Mojdeh\AppData\Local\Diagnostics
2011-10-11 20:23 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 20:23 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 20:23 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 20:23 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 01:01 . 2011-06-12 21:13 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-29 00:52 . 2011-06-12 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-29 15:31 . 2011-06-16 20:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 17:12 . 2011-09-23 17:12 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-21 00:38 . 2011-09-21 00:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-21 00:38 . 2011-09-21 00:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-21 00:38 . 2011-09-21 00:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-21 00:38 . 2011-09-21 00:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-21 00:38 . 2011-09-21 00:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-21 00:38 . 2011-09-21 00:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-21 00:38 . 2011-09-21 00:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-21 00:38 . 2011-09-21 00:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-21 00:38 . 2011-09-21 00:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-21 00:38 . 2011-09-21 00:38 367104 ----a-w- c:\windows\system32\html.iec
2011-09-21 00:38 . 2011-09-21 00:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-21 00:38 . 2011-09-21 00:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-21 00:38 . 2011-09-21 00:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-21 00:38 . 2011-09-21 00:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-21 00:38 . 2011-09-21 00:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-21 00:38 . 2011-09-21 00:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-21 00:38 . 2011-09-21 00:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-21 00:38 . 2011-09-21 00:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-03 21:20 . 2011-06-25 19:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-05-21 301672]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-12 110592]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-4 11000]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-10-29 15232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-29 64512]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 152576]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-29 2152152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-29 00:52]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mojdeh\AppData\Roaming\Mozilla\Firefox\Profiles\vof5o1hi.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-10 00:20:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-10 08:20
.
Pre-Run: 74,123,706,368 bytes free
Post-Run: 74,401,677,312 bytes free
.
- - End Of File - - 7F17414E37A5E7CA236BBA7EC33B393E
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
If everything is running OK I think you are clean so we can do the cleanup routine.


We need to cleanup System Restore:

Copy the following:

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/ The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#13
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Ron,

I cannot thank you enough for cleansing my computer.

I felt stupid and violated after the ammyy scam and if it were not for your help, I would still be feeling the same way.

Please accept my sincere appreciation.

Best,

Mojdeh
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Just glad I could help.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP