Solved Rootkit issue

J

jalba

Posts: 221   +1
Hi I got this rookit agent that refuses to go away...

c:\windows\system32\drivers\str.sys (Rootkit.Agent)

Tried deleting with MalwareBytes...didn't work.

Any suggestions please?

Thanks in advance.
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
ummm...having a lil issue running DDS. When i click on it to run, notepad instead opens and shows a lot of gibberish.

Advice?
 
after the 8-step

So I have uploaded two of the three result sheets after performing above. As I mentioned in my earlier post, DDS was not running for me.

Once again, thanks in advance.
 

Attachments

  • gmer.log
    2.9 KB · Views: 2
  • mbam-log-2011-04-27 (00-13-43).txt
    951 bytes · Views: 1
OK, help me out here, how do i run the DDS program (which, by the way, is a .scr file). Double clicking on it does not help; it opens under notepad.
 
Don't worry about DDS for now.\
I want you to paste (NOT attach) logs you attached to your reply #8
 
oohhh...now i understand...lol

ok, from gamr....


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-27 00:20:13
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD3200AAJS-55B4A0 rev.01.03A01
Running: pdz1tsxo.exe; Driver: C:\Users\JASONB~1\AppData\Local\Temp\awtdquog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-0 865C3292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 865C3292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 865C3292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 865C3292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 865C3292

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Device\Ide\IdeDeviceP2T0L0-3 -> \??\IDE#DiskWDC_WD3200AAJS-55B4A0___________________01.03A01#5&140203f4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Threads - GMER 1.0.15 ----

Thread System [4:192] 864AA86B
Thread System [4:196] 864AA9A9

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\jrorgpnasazq.sys (*** hidden *** ) [BOOT] mmcjduzx <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----



from malwarebytes..........

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6454

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/04/2011 12:13:43 AM
mbam-log-2011-04-27 (00-13-43).txt

Scan type: Quick scan
Objects scanned: 167610
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
 
You're infected with a rootkit.
That's the reason for your problems with DDS.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
ok, ran tds killer, and got the following after reboot.......

2011/04/27 19:47:25.0155 0304 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/27 19:47:26.0153 0304 ================================================================================
2011/04/27 19:47:26.0153 0304 SystemInfo:
2011/04/27 19:47:26.0153 0304
2011/04/27 19:47:26.0153 0304 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/27 19:47:26.0153 0304 Product type: Workstation
2011/04/27 19:47:26.0153 0304 ComputerName: JASONBOOS-PC
2011/04/27 19:47:26.0153 0304 UserName: Jason Boos
2011/04/27 19:47:26.0153 0304 Windows directory: C:\Windows
2011/04/27 19:47:26.0153 0304 System windows directory: C:\Windows
2011/04/27 19:47:26.0153 0304 Processor architecture: Intel x86
2011/04/27 19:47:26.0153 0304 Number of processors: 3
2011/04/27 19:47:26.0153 0304 Page size: 0x1000
2011/04/27 19:47:26.0153 0304 Boot type: Normal boot
2011/04/27 19:47:26.0153 0304 ================================================================================
2011/04/27 19:47:26.0528 0304 Initialize success
2011/04/27 19:47:40.0536 3840 ================================================================================
2011/04/27 19:47:40.0536 3840 Scan started
2011/04/27 19:47:40.0536 3840 Mode: Manual;
2011/04/27 19:47:40.0536 3840 ================================================================================
2011/04/27 19:47:43.0937 3840 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/27 19:47:43.0968 3840 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/27 19:47:44.0015 3840 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/27 19:47:44.0062 3840 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2011/04/27 19:47:44.0140 3840 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/27 19:47:44.0156 3840 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/27 19:47:44.0187 3840 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/27 19:47:44.0249 3840 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/27 19:47:44.0280 3840 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/27 19:47:44.0421 3840 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/27 19:47:44.0483 3840 aiptektp (975b29679dec2286506aa16cfb859c03) C:\Windows\system32\DRIVERS\aiptektp.sys
2011/04/27 19:47:44.0546 3840 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/27 19:47:44.0561 3840 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/27 19:47:44.0577 3840 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/27 19:47:44.0624 3840 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/27 19:47:44.0686 3840 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2011/04/27 19:47:44.0733 3840 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/27 19:47:44.0764 3840 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/27 19:47:44.0811 3840 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/27 19:47:44.0826 3840 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/27 19:47:44.0873 3840 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/27 19:47:44.0998 3840 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/27 19:47:45.0014 3840 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/27 19:47:45.0076 3840 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\Windows\system32\DRIVERS\aswFsBlk.sys
2011/04/27 19:47:45.0092 3840 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\Windows\system32\DRIVERS\aswMonFlt.sys
2011/04/27 19:47:45.0123 3840 aswRdr (18109a3c47efd20f47d7f2ddf82aa282) C:\Windows\system32\drivers\aswRdr.sys
2011/04/27 19:47:45.0170 3840 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\Windows\system32\drivers\aswSP.sys
2011/04/27 19:47:45.0201 3840 aswTdi (86f2d76038c4f0c5e0b85717db596d7c) C:\Windows\system32\drivers\aswTdi.sys
2011/04/27 19:47:45.0248 3840 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/27 19:47:45.0263 3840 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/27 19:47:45.0341 3840 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/27 19:47:45.0372 3840 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/27 19:47:45.0419 3840 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/27 19:47:45.0466 3840 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/27 19:47:45.0513 3840 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/27 19:47:45.0528 3840 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/27 19:47:45.0560 3840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/27 19:47:45.0591 3840 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/27 19:47:45.0606 3840 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/27 19:47:45.0622 3840 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/27 19:47:45.0638 3840 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/27 19:47:45.0653 3840 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/27 19:47:45.0716 3840 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/27 19:47:45.0762 3840 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/27 19:47:45.0809 3840 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/27 19:47:45.0840 3840 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/27 19:47:45.0950 3840 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/27 19:47:45.0965 3840 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/27 19:47:45.0981 3840 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/27 19:47:46.0012 3840 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/27 19:47:46.0043 3840 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/27 19:47:46.0074 3840 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/27 19:47:46.0152 3840 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/27 19:47:46.0184 3840 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/27 19:47:46.0215 3840 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/27 19:47:46.0277 3840 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/27 19:47:46.0355 3840 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/27 19:47:46.0402 3840 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/27 19:47:46.0511 3840 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/27 19:47:46.0652 3840 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/27 19:47:46.0683 3840 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/27 19:47:46.0745 3840 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/27 19:47:46.0761 3840 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/27 19:47:46.0808 3840 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/27 19:47:46.0839 3840 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/27 19:47:46.0854 3840 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/27 19:47:46.0917 3840 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/27 19:47:46.0948 3840 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/27 19:47:46.0979 3840 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/27 19:47:47.0042 3840 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/27 19:47:47.0073 3840 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/27 19:47:47.0135 3840 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/27 19:47:47.0182 3840 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/27 19:47:47.0213 3840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/27 19:47:47.0229 3840 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/27 19:47:47.0291 3840 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/27 19:47:47.0338 3840 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/27 19:47:47.0354 3840 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/27 19:47:47.0369 3840 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/27 19:47:47.0416 3840 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/27 19:47:47.0478 3840 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/27 19:47:47.0541 3840 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/27 19:47:47.0588 3840 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/27 19:47:47.0634 3840 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/27 19:47:47.0666 3840 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/27 19:47:47.0712 3840 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/27 19:47:47.0744 3840 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/27 19:47:47.0759 3840 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/27 19:47:47.0806 3840 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/27 19:47:47.0837 3840 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/27 19:47:47.0868 3840 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/27 19:47:47.0884 3840 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/27 19:47:47.0946 3840 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/27 19:47:47.0962 3840 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/27 19:47:47.0993 3840 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/27 19:47:48.0024 3840 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/27 19:47:48.0071 3840 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/27 19:47:48.0118 3840 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/27 19:47:48.0149 3840 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/27 19:47:48.0212 3840 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/27 19:47:48.0274 3840 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/27 19:47:48.0305 3840 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/27 19:47:48.0336 3840 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/27 19:47:48.0352 3840 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/27 19:47:48.0399 3840 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/27 19:47:48.0446 3840 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/04/27 19:47:48.0492 3840 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/27 19:47:48.0555 3840 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/27 19:47:48.0602 3840 Suspicious service (Hidden): mmcjduzx
2011/04/27 19:47:48.0633 3840 mmcjduzx (f4e9b57a260952d048fd24e724955fbb) C:\Windows\system32\drivers\jrorgpnasazq.sys
2011/04/27 19:47:48.0648 3840 Suspicious file (Hidden): C:\Windows\system32\drivers\jrorgpnasazq.sys. md5: f4e9b57a260952d048fd24e724955fbb
2011/04/27 19:47:48.0648 3840 mmcjduzx - detected Hidden service (1)
2011/04/27 19:47:48.0680 3840 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/27 19:47:48.0726 3840 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/27 19:47:48.0758 3840 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/27 19:47:48.0789 3840 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/27 19:47:48.0836 3840 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/27 19:47:48.0851 3840 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/27 19:47:48.0882 3840 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/27 19:47:48.0914 3840 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/27 19:47:48.0945 3840 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/27 19:47:48.0976 3840 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/27 19:47:49.0007 3840 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/27 19:47:49.0054 3840 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/27 19:47:49.0070 3840 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/27 19:47:49.0116 3840 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/27 19:47:49.0148 3840 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/27 19:47:49.0163 3840 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/27 19:47:49.0210 3840 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/27 19:47:49.0226 3840 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/27 19:47:49.0257 3840 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/27 19:47:49.0272 3840 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/27 19:47:49.0304 3840 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/27 19:47:49.0319 3840 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/27 19:47:49.0335 3840 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/27 19:47:49.0382 3840 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/27 19:47:49.0397 3840 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/27 19:47:49.0460 3840 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/27 19:47:49.0522 3840 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/27 19:47:49.0584 3840 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/27 19:47:49.0616 3840 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/27 19:47:49.0662 3840 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/27 19:47:49.0678 3840 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/27 19:47:49.0694 3840 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/27 19:47:49.0740 3840 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/27 19:47:49.0756 3840 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/27 19:47:49.0834 3840 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/27 19:47:49.0865 3840 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/27 19:47:49.0912 3840 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/27 19:47:49.0959 3840 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/27 19:47:50.0006 3840 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/27 19:47:50.0052 3840 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/04/27 19:47:50.0255 3840 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/27 19:47:50.0364 3840 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/27 19:47:50.0380 3840 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/27 19:47:50.0442 3840 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/27 19:47:50.0474 3840 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/27 19:47:50.0536 3840 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/27 19:47:50.0567 3840 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/27 19:47:50.0583 3840 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/27 19:47:50.0614 3840 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/27 19:47:50.0630 3840 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/27 19:47:50.0661 3840 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/27 19:47:50.0723 3840 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/27 19:47:50.0754 3840 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/27 19:47:50.0786 3840 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/27 19:47:50.0926 3840 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/27 19:47:50.0942 3840 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/27 19:47:51.0004 3840 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/27 19:47:51.0051 3840 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/27 19:47:51.0098 3840 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/27 19:47:51.0129 3840 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/27 19:47:51.0144 3840 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/27 19:47:51.0207 3840 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/27 19:47:51.0238 3840 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/27 19:47:51.0285 3840 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/27 19:47:51.0316 3840 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/27 19:47:51.0347 3840 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/27 19:47:51.0363 3840 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/27 19:47:51.0378 3840 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/27 19:47:51.0441 3840 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/27 19:47:51.0472 3840 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/27 19:47:51.0503 3840 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/27 19:47:51.0534 3840 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/27 19:47:51.0581 3840 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/27 19:47:51.0644 3840 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/27 19:47:51.0706 3840 rt61x86 (6de7a483204ca5a57b672dcb25716361) C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
2011/04/27 19:47:51.0753 3840 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/27 19:47:51.0800 3840 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/27 19:47:51.0831 3840 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/27 19:47:51.0878 3840 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/27 19:47:51.0924 3840 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/27 19:47:51.0940 3840 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/27 19:47:51.0971 3840 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/27 19:47:52.0002 3840 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/27 19:47:52.0018 3840 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/27 19:47:52.0049 3840 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/27 19:47:52.0065 3840 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/27 19:47:52.0127 3840 SIS163u (15e6a5a0650b500f63f33c5c0fd021ed) C:\Windows\system32\DRIVERS\sis163u.sys
2011/04/27 19:47:52.0158 3840 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/27 19:47:52.0190 3840 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/27 19:47:52.0221 3840 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/27 19:47:52.0252 3840 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/27 19:47:52.0502 3840 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/04/27 19:47:52.0673 3840 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/27 19:47:52.0736 3840 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/27 19:47:52.0767 3840 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/27 19:47:52.0798 3840 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/27 19:47:52.0860 3840 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/27 19:47:52.0923 3840 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/27 19:47:52.0938 3840 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/27 19:47:52.0954 3840 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/27 19:47:53.0032 3840 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/27 19:47:53.0110 3840 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/27 19:47:53.0141 3840 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/27 19:47:53.0172 3840 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/27 19:47:53.0188 3840 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/27 19:47:53.0204 3840 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/27 19:47:53.0235 3840 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/27 19:47:53.0297 3840 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/27 19:47:53.0360 3840 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/27 19:47:53.0375 3840 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/27 19:47:53.0406 3840 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/27 19:47:53.0469 3840 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/27 19:47:53.0516 3840 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/27 19:47:53.0547 3840 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/27 19:47:53.0594 3840 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/27 19:47:53.0625 3840 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/27 19:47:53.0640 3840 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/27 19:47:53.0656 3840 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/27 19:47:53.0718 3840 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/27 19:47:53.0734 3840 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/27 19:47:53.0765 3840 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/27 19:47:53.0812 3840 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/27 19:47:53.0843 3840 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/27 19:47:53.0859 3840 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/27 19:47:53.0890 3840 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
2011/04/27 19:47:53.0937 3840 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/27 19:47:53.0968 3840 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/27 19:47:53.0984 3840 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/27 19:47:54.0015 3840 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/27 19:47:54.0062 3840 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/27 19:47:54.0077 3840 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/27 19:47:54.0093 3840 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/27 19:47:54.0140 3840 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/27 19:47:54.0171 3840 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/27 19:47:54.0186 3840 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/27 19:47:54.0218 3840 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/27 19:47:54.0249 3840 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/27 19:47:54.0296 3840 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/27 19:47:54.0342 3840 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/27 19:47:54.0389 3840 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/27 19:47:54.0436 3840 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/27 19:47:54.0452 3840 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/27 19:47:54.0514 3840 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/27 19:47:54.0545 3840 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/27 19:47:54.0623 3840 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/27 19:47:54.0654 3840 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/27 19:47:54.0764 3840 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/27 19:47:54.0826 3840 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/27 19:47:54.0857 3840 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/27 19:47:54.0920 3840 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/27 19:47:55.0091 3840 ================================================================================
2011/04/27 19:47:55.0091 3840 Scan finished
2011/04/27 19:47:55.0091 3840 ================================================================================
2011/04/27 19:47:55.0107 3200 Detected object count: 1



I notice that C:\Windows\system32\drivers\jrorgpnasazq.sys (*** hidden *** ) [BOOT] mmcjduz is still hanging around.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ok, so here's the combofix report..


ComboFix 11-04-27.02 - Jason Boos 28/04/2011 4:25.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2184 [GMT -4.5:30]
Running from: c:\users\Jason Boos\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jason Boos\AppData\Roaming\inst.exe
c:\windows\keys.ini
c:\windows\system32\drivers\jrorgpnasazq.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\tmp.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mmcjduzx
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 10:03 . 2011-04-28 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 07:34 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A41C9472-9329-4329-AC49-BA7362ACA81E}\mpengine.dll
2011-04-17 06:22 . 2011-04-17 06:22 -------- d-----w- c:\users\Jason Boos\AppData\Local\Activision
2011-04-17 04:59 . 2011-04-22 16:40 -------- d-sh--r- c:\program files\Media
2011-04-09 22:43 . 2011-04-09 22:43 -------- d-----w- c:\users\Jason Boos\AppData\Roaming\cYo
2011-04-09 22:43 . 2011-04-09 22:43 -------- d-----w- c:\users\Jason Boos\AppData\Local\cYo
2011-04-09 22:32 . 2011-04-12 05:46 -------- d-----w- c:\program files\ComicRack
2011-04-06 06:46 . 2011-04-06 06:46 -------- d-----w- c:\users\Jason Boos\AppData\Roaming\AMPSoft
2011-04-06 06:46 . 2011-04-08 05:18 -------- d-----w- c:\program files\AMP Font Viewer
2011-04-06 05:15 . 2011-04-06 05:15 -------- d-----w- c:\program files\Google
2011-04-02 19:28 . 2011-04-02 19:28 -------- d-----w- c:\users\Jason Boos\AppData\Roaming\bizarre creations
2011-04-02 19:21 . 2010-02-04 14:31 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-04-02 19:21 . 2010-02-04 14:31 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-04-02 19:21 . 2010-02-04 14:31 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-04-02 19:21 . 2010-02-04 14:31 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-30 19:17 . 2011-04-02 19:03 -------- d-----w- c:\program files\CDisplay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 04:48 . 2010-06-24 16:03 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 22:41 . 2009-12-11 23:21 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 542168]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"="atwtusb.exe beta" [X]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\users\Jason Boos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-29 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 09:12 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:17 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-03-06 00:46 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:03 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 03:38 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R1 zebghxmtijxi3;zebghxmtijxi3;c:\windows\system32\drivers\zebghxmtijxi3.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2010-05-02 217600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aiptektp;Pen Pad;c:\windows\system32\DRIVERS\aiptektp.sys [2005-12-23 22656]
S1 aswSP;avast! Self Protection; [x]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257196180-1364586872-4245516868-1001Core.job
- c:\users\Jason Boos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 21:17]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257196180-1364586872-4245516868-1001UA.job
- c:\users\Jason Boos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 21:17]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jason Boos\AppData\Roaming\Mozilla\Firefox\Profiles\jajzdzpw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{207A1422-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32D8DBD4-B955-25F6-FF2FD67811A2C9DA}\{94CF5F21-4368-969C-99FE195940743E13}\{15E9DC49-AD27-6FBF-ADF6ADCA641CD874}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ec,35,a7,8d,b1,c5,3d,f8,ab,f5,6c,2e,76,b6,3c,1b,bb,3e,30,50,7a,
bd,40,d6,04,25,62,13,1a,1c,35,29,12,11,53,79,d8,26,2a,d6,d4,36,27,89,56,ac,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ec,35,a7,8d,b1,c5,3d,f8,ab,f5,6c,2e,76,b6,3c,1b,bb,3e,30,50,7a,
bd,40,d6,04,25,62,13,1a,1c,35,29,12,11,53,79,d8,26,2a,d6,d4,36,27,89,56,ac,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-04-28 05:45:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-28 10:15
.
Pre-Run: 96,944,562,176 bytes free
Post-Run: 97,545,162,752 bytes free
.
- - End Of File - - 0A516608BA22F6F43EFB108CFA172290


Note: Disk defragmenter able to open again ...yay.
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6462

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/04/2011 06:22:13 AM
mbam-log-2011-04-28 (06-22-13).txt

Scan type: Quick scan
Objects scanned: 170260
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Good :)

Please, don't format logs in red.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\drivers\zebghxmtijxi3.sys


RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{207A1422-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32D8DBD4-B955-25F6-FF2FD67811A2C9DA}\{94CF5F21-4368-969C-99FE195940743E13}\{15E9DC49-AD27-6FBF-ADF6ADCA641CD874}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}*]


Driver::
zebghxmtijxi3


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here's the latest log from combofix (btw...the reason i highlighted in red is so that it could stand out better):


ComboFix 11-04-28.01 - Jason Boos 28/04/2011 20:16:29.2.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2028 [GMT -4.5:30]
Running from: c:\users\Jason Boos\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason Boos\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\zebghxmtijxi3.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_zebghxmtijxi3
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-29 )))))))))))))))))))))))))))))))
.
.
2011-04-29 00:52 . 2011-04-29 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 07:34 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A41C9472-9329-4329-AC49-BA7362ACA81E}\mpengine.dll
2011-04-17 06:22 . 2011-04-17 06:22 -------- d-----w- c:\users\Jason Boos\AppData\Local\Activision
2011-04-17 04:59 . 2011-04-22 16:40 -------- d-sh--r- c:\program files\Media
2011-04-09 22:43 . 2011-04-09 22:43 -------- d-----w- c:\users\Jason Boos\AppData\Roaming\cYo
2011-04-09 22:43 . 2011-04-09 22:43 -------- d-----w- c:\users\Jason Boos\AppData\Local\cYo
2011-04-09 22:32 . 2011-04-12 05:46 -------- d-----w- c:\program files\ComicRack
2011-04-06 06:46 . 2011-04-06 06:46 -------- d-----w- c:\users\Jason Boos\AppData\Roaming\AMPSoft
2011-04-06 06:46 . 2011-04-08 05:18 -------- d-----w- c:\program files\AMP Font Viewer
2011-04-06 05:15 . 2011-04-06 05:15 -------- d-----w- c:\program files\Google
2011-04-02 19:28 . 2011-04-02 19:28 -------- d-----w- c:\users\Jason Boos\AppData\Roaming\bizarre creations
2011-04-02 19:21 . 2010-02-04 14:31 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-04-02 19:21 . 2010-02-04 14:31 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-04-02 19:21 . 2010-02-04 14:31 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-04-02 19:21 . 2010-02-04 14:31 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-30 19:17 . 2011-04-02 19:03 -------- d-----w- c:\program files\CDisplay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 04:48 . 2010-06-24 16:03 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 22:41 . 2009-12-11 23:21 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 542168]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atwtusb"="atwtusb.exe beta" [X]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\users\Jason Boos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-29 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 09:12 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:17 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-03-06 00:46 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:03 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 03:38 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2010-05-02 217600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aiptektp;Pen Pad;c:\windows\system32\DRIVERS\aiptektp.sys [2005-12-23 22656]
S1 aswSP;avast! Self Protection; [x]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257196180-1364586872-4245516868-1001Core.job
- c:\users\Jason Boos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 21:17]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4257196180-1364586872-4245516868-1001UA.job
- c:\users\Jason Boos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-11 21:17]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jason Boos\AppData\Roaming\Mozilla\Firefox\Profiles\jajzdzpw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ec,35,a7,8d,b1,c5,3d,f8,ab,f5,6c,2e,76,b6,3c,1b,bb,3e,30,50,7a,
bd,40,d6,04,25,62,13,1a,1c,35,29,12,11,53,79,d8,26,2a,d6,d4,36,27,89,56,ac,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ec,35,a7,8d,b1,c5,3d,f8,ab,f5,6c,2e,76,b6,3c,1b,bb,3e,30,50,7a,
bd,40,d6,04,25,62,13,1a,1c,35,29,12,11,53,79,d8,26,2a,d6,d4,36,27,89,56,ac,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\TBLMOUSE.EXE
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-04-28 20:27:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-29 00:57
ComboFix2.txt 2011-04-28 10:15
.
Pre-Run: 97,221,603,328 bytes free
Post-Run: 96,968,376,320 bytes free
.
- - End Of File - - 90901F0F63B82BFB3D2A7D478804DB7F
 
Looks good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.txt


OTL logfile created on: 4/29/2011 11:11:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jason Boos\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Trinidad and Tobago | Language: ENT | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 185.55 Gb Total Space | 91.78 Gb Free Space | 49.46% Space Free | Partition Type: NTFS
Drive E: | 112.53 Gb Total Space | 69.37 Gb Free Space | 61.65% Space Free | Partition Type: NTFS

Computer Name: JASONBOOS-PC | User Name: Jason Boos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 23:09:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason Boos\Downloads\OTL.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/15 06:26:48 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 06:26:43 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 06:26:28 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 06:24:13 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 06:19:40 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/03 01:05:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/05/19 12:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2006/01/17 16:57:26 | 000,294,912 | ---- | M] () -- C:\Windows\System32\ATWTUSB.EXE
PRC - [2005/06/17 19:09:08 | 000,061,440 | ---- | M] (WALTOP International Corp.) -- C:\Windows\System32\TBLMOUSE.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/29 23:09:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jason Boos\Downloads\OTL.exe
MOD - [2010/08/21 00:51:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/24 23:48:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/12 13:10:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/15 06:26:43 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 06:26:28 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 06:24:13 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 06:19:40 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/13 20:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/05/19 12:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV)


========== Driver Services (SafeList) ==========

DRV - [2010/05/01 20:41:28 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/15 06:25:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 06:25:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 06:25:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/09/15 06:24:30 | 000,052,368 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/09/15 06:24:21 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/07/13 20:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:24:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/07/13 18:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:32:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/26 09:45:12 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WMP54Gv41x86.sys -- (rt61x86)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/12/23 12:13:54 | 000,022,656 | ---- | M] (Pen Pad) [Kernel | System | Running] -- C:\Windows\System32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-tt
IE - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 2E 1C CA A8 83 CB 01 [binary data]
IE - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 23:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 23:09:14 | 000,000,000 | ---D | M]

[2010/08/02 18:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason Boos\AppData\Roaming\Mozilla\Extensions
[2010/08/02 18:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason Boos\AppData\Roaming\Mozilla\Firefox\Profiles\jajzdzpw.default\extensions
[2011/04/22 16:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/15 10:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/28 20:23:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\ATWTUSB.EXE ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Jason Boos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4257196180-1364586872-4245516868-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.1.104.36 200.1.104.35
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/04 23:18:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.tscc - C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll File not found
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)


========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 20:23:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/04/28 20:14:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/28 05:33:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/28 04:23:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/28 04:23:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/28 04:23:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/28 04:23:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/28 04:21:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/28 03:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/04/27 19:43:43 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jason Boos\Desktop\TDSSKiller.exe
[2011/04/22 22:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/04/17 01:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jason Boos\Documents\Activision
[2011/04/17 01:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jason Boos\AppData\Local\Activision
[2011/04/17 00:29:45 | 000,000,000 | RHSD | C] -- C:\Program Files\Media
[2011/04/09 18:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jason Boos\AppData\Roaming\cYo
[2011/04/09 18:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jason Boos\AppData\Local\cYo
[2011/04/09 18:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\ComicRack
[2011/04/06 02:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jason Boos\AppData\Roaming\AMPSoft
[2011/04/06 02:16:03 | 000,000,000 | ---D | C] -- C:\Users\Jason Boos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMP Font Viewer
[2011/04/06 02:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP Font Viewer
[2011/04/06 02:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\AMP Font Viewer
[2011/04/06 00:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/04/02 14:58:39 | 000,000,000 | ---D | C] -- C:\Users\Jason Boos\AppData\Roaming\bizarre creations
[2011/04/02 14:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blur(TM)
[2009/12/12 10:58:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Jason Boos\AppData\Roaming\pcouffin.sys
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 23:03:41 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 23:03:41 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 23:02:03 | 000,003,811 | ---- | M] () -- C:\Windows\aiptbl.ini
[2011/04/29 23:00:40 | 000,630,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/29 23:00:40 | 000,111,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/29 22:56:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/29 22:56:15 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 06:19:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257196180-1364586872-4245516868-1001UA.job
[2011/04/29 04:19:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4257196180-1364586872-4245516868-1001Core.job
[2011/04/28 20:23:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/28 20:13:52 | 004,332,535 | R--- | M] () -- C:\Users\Jason Boos\Desktop\ComboFix.exe
[2011/04/27 19:40:48 | 297,488,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/26 22:59:59 | 000,001,745 | ---- | M] () -- C:\Users\Jason Boos\Desktop\Japan-flag.png
[2011/04/25 21:42:24 | 000,000,017 | ---- | M] () -- C:\Users\Jason Boos\Desktop\stinger10101535.opt
[2011/04/22 08:57:32 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/22 08:57:32 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/06 00:18:20 | 000,001,095 | ---- | M] () -- C:\Users\Jason Boos\Desktop\Adobe Photoshop CS4.lnk
[2011/04/03 14:20:57 | 000,002,430 | ---- | M] () -- C:\Users\Jason Boos\Desktop\Google Chrome.lnk
[2011/04/02 14:50:59 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Blur(TM).lnk
[2011/04/01 00:32:18 | 000,087,968 | ---- | M] () -- C:\Users\Jason Boos\Documents\Darren 31-3-11.dwg
[2011/04/01 00:21:31 | 000,087,456 | ---- | M] () -- C:\Users\Jason Boos\Documents\Darren 31-3-11.bak
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 04:23:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/28 04:23:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/28 04:23:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/28 04:23:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/28 04:23:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 04:20:31 | 004,332,535 | R--- | C] () -- C:\Users\Jason Boos\Desktop\ComboFix.exe
[2011/04/27 19:40:48 | 297,488,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/26 23:00:04 | 000,001,745 | ---- | C] () -- C:\Users\Jason Boos\Desktop\Japan-flag.png
[2011/04/25 21:42:24 | 000,000,017 | ---- | C] () -- C:\Users\Jason Boos\Desktop\stinger10101535.opt
[2011/04/22 08:48:03 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/04/22 08:48:03 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/04/06 00:18:20 | 000,001,095 | ---- | C] () -- C:\Users\Jason Boos\Desktop\Adobe Photoshop CS4.lnk
[2011/04/02 14:50:59 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Blur(TM).lnk
[2011/03/31 21:47:33 | 000,087,968 | ---- | C] () -- C:\Users\Jason Boos\Documents\Darren 31-3-11.dwg
[2011/03/31 21:47:33 | 000,087,456 | ---- | C] () -- C:\Users\Jason Boos\Documents\Darren 31-3-11.bak
[2011/01/18 04:53:23 | 000,052,992 | ---- | C] () -- C:\Windows\System32\drivers\gvmeaey.sys
[2011/01/02 19:54:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
[2011/01/02 19:54:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\hge5hyelujwwm76663v8i2ylkaf914xp.ini
[2010/11/09 18:26:57 | 000,002,694 | ---- | C] () -- C:\Windows\CD_SearchHistory.INI
[2010/11/09 18:26:57 | 000,000,049 | ---- | C] () -- C:\Windows\SW_Win3112X32.DLL
[2010/10/19 03:44:04 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/10/19 03:44:04 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/10/19 03:44:04 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/07/15 12:48:55 | 000,004,608 | ---- | C] () -- C:\Users\Jason Boos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/08 22:33:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/07/08 22:33:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/07/08 22:33:12 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/07/08 22:33:12 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/07/08 22:33:12 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/07/08 22:33:12 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/06/17 17:11:37 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/06/07 17:57:24 | 000,052,864 | R--- | C] () -- C:\Windows\System32\SetupWizard.exe
[2010/05/09 15:50:25 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2010/04/21 18:29:40 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/03/22 20:48:11 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/03/22 20:48:11 | 000,000,008 | RHS- | C] () -- C:\ProgramData\420CCA7691.sys
[2010/02/08 22:43:47 | 000,234,760 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/24 16:28:53 | 000,000,433 | ---- | C] () -- C:\Windows\crackpdf.INI
[2010/01/16 23:11:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/01/05 10:20:31 | 000,720,896 | ---- | C] () -- C:\Windows\EAInstall.dll
[2009/12/31 18:05:59 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATWTUSB.EXE
[2009/12/31 18:05:59 | 000,090,112 | ---- | C] () -- C:\Windows\RmTablet.exe
[2009/12/31 18:05:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\Funckey.dll
[2009/12/31 18:05:58 | 000,003,811 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/12/22 00:58:04 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/12/22 00:58:04 | 000,022,328 | ---- | C] () -- C:\Users\Jason Boos\AppData\Roaming\PnkBstrK.sys
[2009/12/22 00:57:40 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/12/22 00:57:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/12/14 21:33:23 | 000,000,671 | ---- | C] () -- C:\Users\Jason Boos\AppData\Roaming\vso_ts_preview.xml
[2009/12/13 18:49:31 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2009/12/12 23:55:01 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/12 23:55:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/12 10:58:24 | 000,007,887 | ---- | C] () -- C:\Users\Jason Boos\AppData\Roaming\pcouffin.cat
[2009/12/12 10:58:24 | 000,001,144 | ---- | C] () -- C:\Users\Jason Boos\AppData\Roaming\pcouffin.inf
[2009/12/11 19:16:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 00:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:03:53 | 002,439,224 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:35:48 | 000,630,928 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:35:48 | 000,111,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:49:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/10 16:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/12 10:55:54 | 000,000,920 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2005/01/06 14:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== LOP Check ==========

[2009/12/22 07:10:50 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\Alien Skin
[2011/04/06 02:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\AMPSoft
[2011/03/26 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\Autodesk
[2011/04/02 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\bizarre creations
[2011/04/09 18:13:23 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\cYo
[2010/01/12 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\HatchKit Demo 2.7
[2009/12/31 00:06:44 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\Leadertech
[2010/06/06 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\MAXON
[2010/01/31 00:13:24 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\SharePod
[2010/08/17 23:58:59 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\Softland
[2010/04/21 18:07:18 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\SoundSpectrum
[2010/07/15 12:36:34 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\TigerPlayer
[2010/03/18 23:44:25 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\UClick
[2010/11/09 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\Unity
[2011/04/27 23:09:17 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\uTorrent
[2011/02/09 21:53:19 | 000,000,000 | ---D | M] -- C:\Users\Jason Boos\AppData\Roaming\Vso
[2011/04/02 11:05:14 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:12:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/02 06:22:15 | 000,000,232 | -H-- | M] () -- C:\Boot.BAK
[2009/12/11 21:42:10 | 000,000,376 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/13 21:08:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/11 21:42:11 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/04/28 20:27:51 | 000,012,251 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:12:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/12/06 13:34:42 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2009/12/11 18:29:25 | 000,203,836 | RHS- | M] () -- C:\grldr
[2011/04/29 22:56:15 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/03 21:09:10 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2009/12/03 21:09:10 | 000,091,358 | ---- | M] () -- C:\hpfr3425.log
[2009/12/01 18:01:10 | 000,001,292 | -H-- | M] () -- C:\hpothb07.dat
[2009/12/01 18:01:10 | 000,002,473 | -H-- | M] () -- C:\hpothb07.tif
[2010/01/16 23:19:56 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/01/16 23:36:29 | 000,230,424 | ---- | M] () -- C:\img2-002.raw
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/02/18 19:49:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/31 10:34:23 | 003,058,216 | ---- | M] () -- C:\ituneslib.itl
[2009/05/11 17:43:36 | 000,000,477 | ---- | M] () -- C:\LOG3C.log
[2009/05/11 18:11:07 | 000,000,477 | ---- | M] () -- C:\LOG77.log
[2009/02/18 19:49:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/03/20 13:02:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/03/20 14:53:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/29 22:56:23 | 3220,496,384 | -HS- | M] () -- C:\pagefile.sys
[2011/04/27 18:56:36 | 000,066,956 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.04.2011_18.56.02_log.txt
[2011/04/27 19:44:53 | 000,067,706 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.04.2011_19.43.49_log.txt
[2011/04/27 19:53:35 | 000,067,066 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.04.2011_19.47.25_log.txt
[2009/11/17 22:46:08 | 000,000,216 | ---- | M] () -- C:\temp.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/12/11 18:29:25 | 000,000,000 | RHS- | M] () -- C:\winx.ld

< %systemroot%\Fonts\*.com >
[2009/07/14 00:22:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:22:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:22:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:22:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:01:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:45:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL
[2009/06/22 18:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 20:45:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 20:46:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:11:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/11 19:05:33 | 000,000,221 | -HS- | M] () -- C:\Users\Jason Boos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/28 20:13:52 | 004,332,535 | R--- | M] () -- C:\Users\Jason Boos\Desktop\ComboFix.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jason Boos\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/02/27 16:36:18 | 000,013,023 | ---- | M] () -- C:\Windows\snpstd3.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:50:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 20:12:09 | 000,000,402 | -HS- | M] () -- C:\Users\Jason Boos\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/22 20:48:11 | 000,000,008 | RHS- | M] () -- C:\ProgramData\420CCA7691.sys
[2011/01/02 19:54:29 | 000,000,000 | ---- | M] () -- C:\ProgramData\hge5hyelujwwm76663v8i2ylkaf914xp.ini
[2010/01/05 13:11:41 | 000,000,202 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/01/02 19:54:29 | 000,000,032 | ---- | M] () -- C:\ProgramData\io.ini
[2010/08/14 11:46:48 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D4BB0AD6

< End of report >
 

Similar threads

D
Administrator Password Reset Issue on Windows 11 (Access Denied)
Replies
3
Views
748
learninmypc
learninmypc
gubarrr
New build PC - seems to run mostly very well - but not shutting down cleanly
Replies
2
Views
637
theupsstorelosan
T
Useful Troglodyt
RTX 3090 TDP drops during stress test causing low FPS in games
Replies
0
Views
741
Useful Troglodyt
Useful Troglodyt

Latest posts

Back