Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to a blank page or doesnt load


  • This topic is locked This topic is locked
35 replies to this topic

#1 tomjoram

tomjoram

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 11 March 2012 - 07:26 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Administrator at 3:07:36 on 2012-03-11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.391 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\USBAntiVirus\USBAntiVirus.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
D:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/support/chrome/bin/request.py?hl=en-US&contact_type=uninstall&crversion=2.0.172.28&os=5.1.2600
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [uTorrent] "d:\program files\uTorrent.exe" /MINIMIZED
uRun: [Facebook Update] "c:\documents and settings\administrator\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [USBAntiVirus.exe] c:\program files\usbantivirus\USBAntiVirus.exe -Hide
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Malwarebytes' Anti-Malware] "d:\malwarebytes' anti-malware\mbamgui.exe" /starttray
uPolicies-explorer: HideSCABattery = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.2
TCP: Interfaces\{3F2740D9-20BD-4B3C-90DA-52755103A603} : DhcpNameServer = 192.168.1.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-3-9 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-9 20464]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
.
=============== Created Last 30 ================
.
2012-03-10 15:23:54 -------- d-----w- c:\program files\CCleaner
2012-03-10 15:23:27 -------- dc----w- c:\documents and settings\administrator\local settings\application data\Apple
2012-03-09 13:54:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 00:27:10 -------- dc----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-03-07 00:27:02 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-06 15:15:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-06 15:15:35 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-23 13:18:11 -------- d-----r- c:\program files\Skype
2012-02-19 20:52:22 -------- dc----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2012-02-12 18:25:44 -------- d-----w- c:\windows\vbSkinner
2012-02-12 17:29:42 -------- d---a-w- c:\program files\TCPView v2.33
2012-02-11 15:23:49 -------- dc----w- c:\documents and settings\administrator\local settings\application data\Facebook
2012-02-10 18:46:29 -------- dc----w- c:\documents and settings\administrator\local settings\application data\APN
2012-02-10 16:08:46 -------- dc----w- c:\documents and settings\administrator\application data\uTorrent
.
==================== Find3M ====================
.
2012-01-28 23:26:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-28 23:26:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-25 08:36:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 06:02:30 58 -c--a-w- c:\documents and settings\administrator\application data\svighost.dll
.
============= FINISH: 3:08:06.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 12 March 2012 - 02:23 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 13 March 2012 - 12:07 AM

ComboFix 12-03-12.02 - Administrator 03/13/2012 8:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.589 [GMT 8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-12 09:49 . 2012-03-12 09:49 -------- dc----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-03-12 09:48 . 2012-03-12 09:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-12 09:48 . 2012-03-12 09:48 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-10 19:48 . 2012-03-10 19:48 -------- dc----w- c:\documents and settings\Administrator\Application Data\IDM
2012-03-10 19:44 . 2012-03-10 19:44 -------- d-----w- c:\program files\CCleaner
2012-03-10 15:23 . 2012-03-10 15:23 -------- d-----w- c:\program files\Common Files\Skype
2012-03-10 15:23 . 2012-03-10 15:23 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2012-03-10 15:23 . 2012-03-10 15:23 -------- dc----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2012-03-09 13:54 . 2011-12-10 07:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 00:27 . 2012-03-07 00:27 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-07 00:27 . 2012-03-07 00:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-06 15:15 . 2012-03-06 15:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-23 13:18 . 2012-03-10 15:23 -------- d-----r- c:\program files\Skype
2012-02-19 20:52 . 2012-02-19 20:52 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-02-12 18:25 . 2012-02-12 18:30 -------- d-----w- c:\windows\vbSkinner
2012-02-12 17:29 . 2012-03-10 15:46 -------- d---a-w- c:\program files\TCPView v2.33
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-28 23:26 . 2012-01-28 23:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-28 23:26 . 2012-01-28 23:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-25 08:36 . 2012-01-20 06:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-20 06:02 . 2012-01-20 06:02 58 -c--a-w- c:\documents and settings\Administrator\Application Data\svighost.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-02-11 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBAntiVirus.exe"="c:\program files\USBAntiVirus\USBAntiVirus.exe" [2012-01-20 488448]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 04:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2009-06-11 06:51 1855488 ----a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 16:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 06:53 460872 -c--a-w- d:\malwarebytes' anti-malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-06-20 10:53 1056768 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-03-08 03:02 17037704 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-08-17 10:39 90112 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 05:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-07 21:27 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-10 16:09 738168 -c--a-w- d:\program files\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-07 19:33 53248 ----a-r- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-03-11 09:33 147456 ----a-r- c:\windows\system32\VTTrayp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Garena LoL\\GameData\\Apps\\LoLPH\\Air\\LolClient.exe"=
"d:\\Games\\Garena LoL\\GameData\\Apps\\LoLPH\\Game\\League of Legends.exe"=
"d:\\Program files\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 9:20 AM 103112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 12:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 5:55 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 7:38 AM 116608]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [3/9/2012 9:54 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2012 9:54 PM 20464]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-11 15:23]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-11 15:23]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 16:13]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-20 16:13]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/support/chrome/bin/request.py?hl=en-US&contact_type=uninstall&crversion=2.0.172.28&os=5.1.2600
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.2
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Easy-PrintToolBox - c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
MSConfigStartUp-IDMan - d:\program files\Internet Download Manager\IDMan.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-VPN4ALL - d:\vpn4all\vpn4all.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 08:51
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-573735546-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E7CA67B-DDA8-F253-29D4-081DB090D413}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abifaimhccabbhihejidjjkbkefbfailcl"=hex:61,62,6b,65,6a,63,66,6b,63,67,65,61,
68,67,6f,62,6c,68,63,6b,69,67,61,6a,68,67,6b,66,6a,6f,62,61,65,6c,00,77
"bbifaimhccabbhihejldckkkajagdmpdhfam"=hex:61,62,6e,65,66,69,64,6a,65,69,6f,6b,
70,6e,6e,6a,63,67,67,6b,6a,65,64,6b,69,62,65,68,67,63,68,66,67,6a,00,77
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Plugins\01000001\Profiles\@My profile]
@Denied: (2) (LocalSystem)
"selfdefense"=dword:00000001
"filteringMode"=dword:00000018
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(496)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2012-03-13 08:53:14
ComboFix-quarantined-files.txt 2012-03-13 00:53
.
Pre-Run: 5,712,416,768 bytes free
Post-Run: 5,679,063,040 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4C4CD68777052C4C0E9B330DB501603A


Nothing unusual during running the combofix,

But still the problem is not fixed, i cant browse the internet :(

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 13 March 2012 - 12:41 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 13 March 2012 - 09:02 PM

23:33:58.0437 2508 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
23:34:00.0437 2508 ============================================================
23:34:00.0437 2508 Current date / time: 2012/03/13 23:34:00.0437
23:34:00.0437 2508 SystemInfo:
23:34:00.0437 2508
23:34:00.0437 2508 OS Version: 5.1.2600 ServicePack: 2.0
23:34:00.0437 2508 Product type: Workstation
23:34:00.0437 2508 ComputerName: VITOR
23:34:00.0437 2508 UserName: Administrator
23:34:00.0437 2508 Windows directory: C:\WINDOWS
23:34:00.0437 2508 System windows directory: C:\WINDOWS
23:34:00.0437 2508 Processor architecture: Intel x86
23:34:00.0437 2508 Number of processors: 2
23:34:00.0437 2508 Page size: 0x1000
23:34:00.0437 2508 Boot type: Normal boot
23:34:00.0437 2508 ============================================================
23:34:02.0125 2508 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:34:02.0125 2508 Drive \Device\Harddisk1\DR3 - Size: 0x75900000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:34:02.0125 2508 \Device\Harddisk0\DR0:
23:34:02.0125 2508 MBR used
23:34:02.0125 2508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1770D3B
23:34:02.0140 2508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770DB9, BlocksNum 0x7DA934B
23:34:02.0140 2508 \Device\Harddisk1\DR3:
23:34:02.0140 2508 MBR used
23:34:02.0140 2508 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x6, StartLBA 0x1E0, BlocksNum 0x3AC620
23:34:02.0218 2508 Initialize success
23:34:02.0218 2508 ============================================================
23:34:15.0109 2596 ============================================================
23:34:15.0109 2596 Scan started
23:34:15.0109 2596 Mode: Manual;
23:34:15.0109 2596 ============================================================
23:34:15.0437 2596 Abiosdsk - ok
23:34:15.0484 2596 abp480n5 - ok
23:34:15.0578 2596 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:34:15.0593 2596 ACPI - ok
23:34:15.0671 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:34:15.0671 2596 ACPIEC - ok
23:34:15.0734 2596 adpu160m - ok
23:34:15.0828 2596 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:34:15.0843 2596 aec - ok
23:34:15.0921 2596 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
23:34:15.0937 2596 AFD - ok
23:34:15.0984 2596 Aha154x - ok
23:34:16.0046 2596 aic78u2 - ok
23:34:16.0109 2596 aic78xx - ok
23:34:16.0312 2596 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:34:16.0406 2596 ALCXWDM - ok
23:34:16.0468 2596 AliIde - ok
23:34:16.0531 2596 amsint - ok
23:34:16.0609 2596 asc - ok
23:34:16.0671 2596 asc3350p - ok
23:34:16.0734 2596 asc3550 - ok
23:34:16.0828 2596 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:34:16.0828 2596 AsyncMac - ok
23:34:16.0937 2596 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:34:16.0937 2596 atapi - ok
23:34:16.0984 2596 Atdisk - ok
23:34:17.0078 2596 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:34:17.0078 2596 Atmarpc - ok
23:34:17.0171 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:34:17.0171 2596 audstub - ok
23:34:17.0250 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:34:17.0250 2596 Beep - ok
23:34:17.0328 2596 catchme - ok
23:34:17.0515 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:34:17.0515 2596 cbidf2k - ok
23:34:17.0593 2596 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:34:17.0593 2596 CCDECODE - ok
23:34:17.0671 2596 cd20xrnt - ok
23:34:17.0750 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:34:17.0750 2596 Cdaudio - ok
23:34:17.0828 2596 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:34:17.0828 2596 Cdfs - ok
23:34:17.0906 2596 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:34:17.0906 2596 Cdrom - ok
23:34:17.0953 2596 Changer - ok
23:34:18.0031 2596 CmdIde - ok
23:34:18.0140 2596 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
23:34:18.0156 2596 cmpci - ok
23:34:18.0218 2596 Cpqarray - ok
23:34:18.0296 2596 dac2w2k - ok
23:34:18.0359 2596 dac960nt - ok
23:34:18.0421 2596 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:18.0421 2596 Disk - ok
23:34:18.0531 2596 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:34:18.0562 2596 dmboot - ok
23:34:18.0656 2596 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:34:18.0656 2596 dmio - ok
23:34:18.0750 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:34:18.0750 2596 dmload - ok
23:34:18.0828 2596 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:34:18.0828 2596 DMusic - ok
23:34:18.0890 2596 dpti2o - ok
23:34:18.0984 2596 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:34:18.0984 2596 drmkaud - ok
23:34:19.0093 2596 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
23:34:19.0093 2596 eamon - ok
23:34:19.0187 2596 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:34:19.0187 2596 ehdrv - ok
23:34:19.0281 2596 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:34:19.0281 2596 epfwtdir - ok
23:34:19.0390 2596 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:19.0421 2596 Fastfat - ok
23:34:19.0531 2596 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:34:19.0531 2596 Fdc - ok
23:34:19.0687 2596 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:34:19.0687 2596 Fips - ok
23:34:19.0828 2596 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:34:19.0828 2596 Flpydisk - ok
23:34:19.0906 2596 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:34:19.0921 2596 FltMgr - ok
23:34:20.0000 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:20.0000 2596 Fs_Rec - ok
23:34:20.0078 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:20.0078 2596 Ftdisk - ok
23:34:20.0078 2596 FXDRV - ok
23:34:20.0171 2596 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:34:20.0171 2596 gameenum - ok
23:34:20.0250 2596 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:20.0250 2596 Gpc - ok
23:34:20.0296 2596 hpn - ok
23:34:20.0406 2596 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:20.0421 2596 HTTP - ok
23:34:20.0500 2596 i2omgmt - ok
23:34:20.0546 2596 i2omp - ok
23:34:20.0640 2596 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:34:20.0640 2596 i8042prt - ok
23:34:20.0718 2596 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:34:20.0718 2596 Imapi - ok
23:34:20.0796 2596 ini910u - ok
23:34:20.0875 2596 IntelIde - ok
23:34:20.0968 2596 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:34:20.0968 2596 intelppm - ok
23:34:21.0046 2596 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:34:21.0046 2596 Ip6Fw - ok
23:34:21.0125 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:34:21.0125 2596 IpFilterDriver - ok
23:34:21.0218 2596 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:34:21.0218 2596 IpInIp - ok
23:34:21.0296 2596 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:34:21.0296 2596 IpNat - ok
23:34:21.0375 2596 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:34:21.0390 2596 IPSec - ok
23:34:21.0468 2596 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:34:21.0468 2596 IRENUM - ok
23:34:21.0562 2596 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:34:21.0562 2596 isapnp - ok
23:34:21.0640 2596 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:34:21.0656 2596 Kbdclass - ok
23:34:21.0734 2596 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:34:21.0750 2596 kmixer - ok
23:34:21.0843 2596 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:34:21.0859 2596 KSecDD - ok
23:34:21.0937 2596 lbrtfdc - ok
23:34:22.0031 2596 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:34:22.0046 2596 MBAMProtector - ok
23:34:22.0171 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:34:22.0171 2596 mnmdd - ok
23:34:22.0546 2596 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:34:22.0546 2596 Modem - ok
23:34:22.0843 2596 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:34:22.0859 2596 Mouclass - ok
23:34:23.0343 2596 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:34:23.0359 2596 MountMgr - ok
23:34:23.0812 2596 mraid35x - ok
23:34:24.0046 2596 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:34:24.0046 2596 MRxDAV - ok
23:34:24.0140 2596 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:34:24.0156 2596 MRxSmb - ok
23:34:24.0250 2596 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:34:24.0250 2596 Msfs - ok
23:34:24.0328 2596 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:34:24.0328 2596 MSKSSRV - ok
23:34:24.0406 2596 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:34:24.0406 2596 MSPCLOCK - ok
23:34:24.0484 2596 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:34:24.0500 2596 MSPQM - ok
23:34:24.0578 2596 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:34:24.0593 2596 mssmbios - ok
23:34:24.0656 2596 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:34:24.0656 2596 MSTEE - ok
23:34:24.0765 2596 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:34:24.0765 2596 Mup - ok
23:34:24.0828 2596 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:34:24.0843 2596 NABTSFEC - ok
23:34:24.0921 2596 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:34:24.0937 2596 NDIS - ok
23:34:25.0031 2596 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:34:25.0031 2596 NdisIP - ok
23:34:25.0109 2596 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:34:25.0109 2596 NdisTapi - ok
23:34:25.0203 2596 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:34:25.0203 2596 Ndisuio - ok
23:34:25.0281 2596 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:34:25.0281 2596 NdisWan - ok
23:34:25.0359 2596 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:34:25.0359 2596 NDProxy - ok
23:34:25.0437 2596 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:34:25.0437 2596 NetBIOS - ok
23:34:25.0515 2596 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:34:25.0515 2596 NetBT - ok
23:34:25.0625 2596 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:34:25.0625 2596 Npfs - ok
23:34:25.0718 2596 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:34:25.0734 2596 Ntfs - ok
23:34:25.0828 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:34:25.0828 2596 Null - ok
23:34:25.0921 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:34:25.0921 2596 NwlnkFlt - ok
23:34:26.0000 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:34:26.0015 2596 NwlnkFwd - ok
23:34:26.0109 2596 PAC7302 (14191c739f2af6f9efeb58697535498f) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
23:34:26.0125 2596 PAC7302 - ok
23:34:26.0218 2596 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:34:26.0218 2596 Parport - ok
23:34:26.0296 2596 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:34:26.0296 2596 PartMgr - ok
23:34:26.0375 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:34:26.0375 2596 ParVdm - ok
23:34:26.0453 2596 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:34:26.0453 2596 PCI - ok
23:34:26.0515 2596 PCIDump - ok
23:34:26.0609 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:34:26.0609 2596 PCIIde - ok
23:34:26.0703 2596 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:34:26.0703 2596 Pcmcia - ok
23:34:26.0765 2596 PDCOMP - ok
23:34:26.0828 2596 PDFRAME - ok
23:34:26.0906 2596 PDRELI - ok
23:34:26.0968 2596 PDRFRAME - ok
23:34:27.0031 2596 perc2 - ok
23:34:27.0093 2596 perc2hib - ok
23:34:27.0203 2596 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:34:27.0203 2596 PptpMiniport - ok
23:34:27.0296 2596 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:34:27.0296 2596 PSched - ok
23:34:27.0375 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:34:27.0375 2596 Ptilink - ok
23:34:27.0453 2596 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:34:27.0453 2596 PxHelp20 - ok
23:34:27.0515 2596 ql1080 - ok
23:34:27.0578 2596 Ql10wnt - ok
23:34:27.0656 2596 ql12160 - ok
23:34:27.0718 2596 ql1240 - ok
23:34:27.0781 2596 ql1280 - ok
23:34:27.0875 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:34:27.0875 2596 RasAcd - ok
23:34:27.0953 2596 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:34:27.0968 2596 Rasl2tp - ok
23:34:28.0031 2596 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:34:28.0031 2596 RasPppoe - ok
23:34:28.0109 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:34:28.0109 2596 Raspti - ok
23:34:28.0203 2596 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:34:28.0218 2596 Rdbss - ok
23:34:28.0296 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:34:28.0296 2596 RDPCDD - ok
23:34:28.0390 2596 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:34:28.0390 2596 rdpdr - ok
23:34:28.0468 2596 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:34:28.0484 2596 RDPWD - ok
23:34:28.0578 2596 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:34:28.0593 2596 redbook - ok
23:34:28.0687 2596 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:34:28.0687 2596 RTL8023xp - ok
23:34:28.0781 2596 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:34:28.0781 2596 rtl8139 - ok
23:34:28.0843 2596 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:34:28.0843 2596 SASDIFSV - ok
23:34:28.0875 2596 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:34:28.0875 2596 SASKUTIL - ok
23:34:28.0968 2596 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:34:28.0968 2596 Secdrv - ok
23:34:29.0078 2596 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:34:29.0078 2596 serenum - ok
23:34:29.0171 2596 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
23:34:29.0171 2596 Serial - ok
23:34:29.0250 2596 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:34:29.0250 2596 Sfloppy - ok
23:34:29.0312 2596 Simbad - ok
23:34:29.0406 2596 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:34:29.0406 2596 SLIP - ok
23:34:29.0468 2596 Sparrow - ok
23:34:29.0562 2596 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:34:29.0562 2596 splitter - ok
23:34:29.0640 2596 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:34:29.0640 2596 sr - ok
23:34:29.0734 2596 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
23:34:29.0750 2596 Srv - ok
23:34:29.0828 2596 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:34:29.0828 2596 streamip - ok
23:34:29.0906 2596 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:34:29.0906 2596 swenum - ok
23:34:30.0000 2596 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:34:30.0000 2596 swmidi - ok
23:34:30.0062 2596 symc810 - ok
23:34:30.0125 2596 symc8xx - ok
23:34:30.0203 2596 sym_hi - ok
23:34:30.0265 2596 sym_u3 - ok
23:34:30.0359 2596 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:34:30.0359 2596 sysaudio - ok
23:34:30.0437 2596 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
23:34:30.0437 2596 tap0901 - ok
23:34:30.0546 2596 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:34:30.0562 2596 Tcpip - ok
23:34:30.0640 2596 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:34:30.0640 2596 TDPIPE - ok
23:34:30.0734 2596 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:34:30.0734 2596 TDTCP - ok
23:34:30.0828 2596 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:34:30.0828 2596 TermDD - ok
23:34:30.0890 2596 TosIde - ok
23:34:30.0984 2596 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:34:31.0000 2596 uagp35 - ok
23:34:31.0078 2596 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:34:31.0078 2596 Udfs - ok
23:34:31.0140 2596 ultra - ok
23:34:31.0250 2596 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:34:31.0265 2596 Update - ok
23:34:31.0343 2596 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
23:34:31.0343 2596 usbaudio - ok
23:34:31.0421 2596 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:34:31.0437 2596 usbccgp - ok
23:34:31.0515 2596 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:34:31.0515 2596 usbehci - ok
23:34:31.0593 2596 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:34:31.0593 2596 usbhub - ok
23:34:31.0687 2596 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:34:31.0687 2596 usbprint - ok
23:34:31.0765 2596 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:34:31.0765 2596 USBSTOR - ok
23:34:31.0843 2596 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:34:31.0843 2596 usbuhci - ok
23:34:31.0921 2596 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:34:31.0937 2596 VgaSave - ok
23:34:32.0031 2596 viagfx (7eeaa347d9731390775ed0a34917c751) C:\WINDOWS\system32\DRIVERS\vtmini.sys
23:34:32.0046 2596 viagfx - ok
23:34:32.0125 2596 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:34:32.0125 2596 ViaIde - ok
23:34:32.0203 2596 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
23:34:32.0203 2596 viamraid - ok
23:34:32.0312 2596 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:34:32.0328 2596 VolSnap - ok
23:34:32.0453 2596 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:34:32.0453 2596 Wanarp - ok
23:34:32.0531 2596 WDICA - ok
23:34:32.0625 2596 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:34:32.0625 2596 wdmaud - ok
23:34:32.0734 2596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:34:32.0734 2596 WS2IFSL - ok
23:34:32.0828 2596 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:34:32.0828 2596 WSTCODEC - ok
23:34:32.0890 2596 XDva391 - ok
23:34:32.0921 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:34:33.0093 2596 \Device\Harddisk0\DR0 - ok
23:34:33.0109 2596 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3
23:34:33.0109 2596 \Device\Harddisk1\DR3 - ok
23:34:33.0125 2596 Boot (0x1200) (f63b75748046f2de5e4cce0d37bf2f28) \Device\Harddisk0\DR0\Partition0
23:34:33.0125 2596 \Device\Harddisk0\DR0\Partition0 - ok
23:34:33.0125 2596 Boot (0x1200) (89c9ade065b449c4b630e7e4fb10e07f) \Device\Harddisk0\DR0\Partition1
23:34:33.0140 2596 \Device\Harddisk0\DR0\Partition1 - ok
23:34:33.0140 2596 Boot (0x1200) (e0cb290c95f9535a84a2678dd9f61bb1) \Device\Harddisk1\DR3\Partition0
23:34:33.0140 2596 \Device\Harddisk1\DR3\Partition0 - ok
23:34:33.0140 2596 ============================================================
23:34:33.0140 2596 Scan finished
23:34:33.0140 2596 ============================================================
23:34:33.0156 2560 Detected object count: 0
23:34:33.0156 2560 Actual detected object count: 0
23:34:52.0125 2620 ============================================================
23:34:52.0125 2620 Scan started
23:34:52.0125 2620 Mode: Manual;
23:34:52.0125 2620 ============================================================
23:34:52.0265 2620 Abiosdsk - ok
23:34:52.0328 2620 abp480n5 - ok
23:34:52.0421 2620 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:34:52.0421 2620 ACPI - ok
23:34:52.0500 2620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:34:52.0500 2620 ACPIEC - ok
23:34:52.0562 2620 adpu160m - ok
23:34:52.0656 2620 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:34:52.0656 2620 aec - ok
23:34:52.0750 2620 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
23:34:52.0750 2620 AFD - ok
23:34:52.0812 2620 Aha154x - ok
23:34:52.0875 2620 aic78u2 - ok
23:34:52.0953 2620 aic78xx - ok
23:34:53.0140 2620 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:34:53.0171 2620 ALCXWDM - ok
23:34:53.0281 2620 AliIde - ok
23:34:53.0343 2620 amsint - ok
23:34:53.0406 2620 asc - ok
23:34:53.0484 2620 asc3350p - ok
23:34:53.0546 2620 asc3550 - ok
23:34:53.0640 2620 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:34:53.0640 2620 AsyncMac - ok
23:34:53.0734 2620 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:34:53.0734 2620 atapi - ok
23:34:53.0781 2620 Atdisk - ok
23:34:53.0875 2620 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:34:53.0875 2620 Atmarpc - ok
23:34:53.0968 2620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:34:53.0968 2620 audstub - ok
23:34:54.0046 2620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:34:54.0046 2620 Beep - ok
23:34:54.0187 2620 catchme - ok
23:34:54.0437 2620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:34:54.0437 2620 cbidf2k - ok
23:34:54.0718 2620 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:34:54.0718 2620 CCDECODE - ok
23:34:54.0906 2620 cd20xrnt - ok
23:34:55.0281 2620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:34:55.0281 2620 Cdaudio - ok
23:34:55.0875 2620 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:34:55.0875 2620 Cdfs - ok
23:34:56.0156 2620 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:34:56.0156 2620 Cdrom - ok
23:34:56.0250 2620 Changer - ok
23:34:56.0296 2620 CmdIde - ok
23:34:56.0390 2620 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
23:34:56.0390 2620 cmpci - ok
23:34:56.0468 2620 Cpqarray - ok
23:34:56.0546 2620 dac2w2k - ok
23:34:56.0609 2620 dac960nt - ok
23:34:56.0703 2620 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:34:56.0718 2620 Disk - ok
23:34:56.0828 2620 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:34:56.0843 2620 dmboot - ok
23:34:56.0937 2620 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:34:56.0937 2620 dmio - ok
23:34:57.0015 2620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:34:57.0031 2620 dmload - ok
23:34:57.0109 2620 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:34:57.0109 2620 DMusic - ok
23:34:57.0171 2620 dpti2o - ok
23:34:57.0265 2620 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:34:57.0265 2620 drmkaud - ok
23:34:57.0343 2620 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
23:34:57.0343 2620 eamon - ok
23:34:57.0421 2620 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:34:57.0437 2620 ehdrv - ok
23:34:57.0531 2620 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:34:57.0531 2620 epfwtdir - ok
23:34:57.0625 2620 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:34:57.0625 2620 Fastfat - ok
23:34:57.0703 2620 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:34:57.0703 2620 Fdc - ok
23:34:57.0781 2620 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:34:57.0781 2620 Fips - ok
23:34:57.0859 2620 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:34:57.0859 2620 Flpydisk - ok
23:34:57.0937 2620 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:34:57.0937 2620 FltMgr - ok
23:34:58.0015 2620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:34:58.0015 2620 Fs_Rec - ok
23:34:58.0093 2620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:34:58.0093 2620 Ftdisk - ok
23:34:58.0093 2620 FXDRV - ok
23:34:58.0187 2620 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:34:58.0187 2620 gameenum - ok
23:34:58.0265 2620 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:34:58.0265 2620 Gpc - ok
23:34:58.0328 2620 hpn - ok
23:34:58.0421 2620 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
23:34:58.0421 2620 HTTP - ok
23:34:58.0500 2620 i2omgmt - ok
23:34:58.0562 2620 i2omp - ok
23:34:58.0656 2620 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:34:58.0656 2620 i8042prt - ok
23:34:58.0734 2620 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:34:58.0734 2620 Imapi - ok
23:34:58.0796 2620 ini910u - ok
23:34:58.0859 2620 IntelIde - ok
23:34:58.0953 2620 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:34:58.0953 2620 intelppm - ok
23:34:59.0031 2620 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:34:59.0031 2620 Ip6Fw - ok
23:34:59.0109 2620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:34:59.0109 2620 IpFilterDriver - ok
23:34:59.0203 2620 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:34:59.0203 2620 IpInIp - ok
23:34:59.0265 2620 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:34:59.0281 2620 IpNat - ok
23:34:59.0359 2620 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:34:59.0359 2620 IPSec - ok
23:34:59.0437 2620 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:34:59.0437 2620 IRENUM - ok
23:34:59.0531 2620 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:34:59.0531 2620 isapnp - ok
23:34:59.0625 2620 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:34:59.0625 2620 Kbdclass - ok
23:34:59.0703 2620 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:34:59.0718 2620 kmixer - ok
23:34:59.0812 2620 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:34:59.0812 2620 KSecDD - ok
23:34:59.0890 2620 lbrtfdc - ok
23:34:59.0984 2620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:34:59.0984 2620 MBAMProtector - ok
23:35:00.0062 2620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:00.0062 2620 mnmdd - ok
23:35:00.0156 2620 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:35:00.0156 2620 Modem - ok
23:35:00.0234 2620 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:00.0234 2620 Mouclass - ok
23:35:00.0328 2620 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:00.0328 2620 MountMgr - ok
23:35:00.0390 2620 mraid35x - ok
23:35:00.0484 2620 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:00.0500 2620 MRxDAV - ok
23:35:00.0578 2620 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:00.0578 2620 MRxSmb - ok
23:35:00.0671 2620 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:35:00.0687 2620 Msfs - ok
23:35:00.0750 2620 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:00.0750 2620 MSKSSRV - ok
23:35:00.0843 2620 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:00.0843 2620 MSPCLOCK - ok
23:35:00.0921 2620 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:00.0921 2620 MSPQM - ok
23:35:01.0015 2620 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:01.0015 2620 mssmbios - ok
23:35:01.0093 2620 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:35:01.0093 2620 MSTEE - ok
23:35:01.0203 2620 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:35:01.0203 2620 Mup - ok
23:35:01.0281 2620 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:35:01.0281 2620 NABTSFEC - ok
23:35:01.0375 2620 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:01.0375 2620 NDIS - ok
23:35:01.0468 2620 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:35:01.0468 2620 NdisIP - ok
23:35:01.0546 2620 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:01.0546 2620 NdisTapi - ok
23:35:01.0640 2620 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:01.0640 2620 Ndisuio - ok
23:35:01.0718 2620 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:01.0718 2620 NdisWan - ok
23:35:01.0796 2620 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:01.0796 2620 NDProxy - ok
23:35:01.0875 2620 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:01.0875 2620 NetBIOS - ok
23:35:01.0953 2620 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:01.0968 2620 NetBT - ok
23:35:02.0062 2620 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:02.0062 2620 Npfs - ok
23:35:02.0156 2620 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:02.0171 2620 Ntfs - ok
23:35:02.0234 2620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:02.0234 2620 Null - ok
23:35:02.0328 2620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:02.0328 2620 NwlnkFlt - ok
23:35:02.0453 2620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:02.0453 2620 NwlnkFwd - ok
23:35:02.0578 2620 PAC7302 (14191c739f2af6f9efeb58697535498f) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
23:35:02.0578 2620 PAC7302 - ok
23:35:02.0671 2620 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:35:02.0671 2620 Parport - ok
23:35:02.0765 2620 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:02.0765 2620 PartMgr - ok
23:35:02.0828 2620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:02.0828 2620 ParVdm - ok
23:35:02.0906 2620 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:02.0906 2620 PCI - ok
23:35:02.0968 2620 PCIDump - ok
23:35:03.0062 2620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:35:03.0062 2620 PCIIde - ok
23:35:03.0156 2620 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:35:03.0156 2620 Pcmcia - ok
23:35:03.0218 2620 PDCOMP - ok
23:35:03.0296 2620 PDFRAME - ok
23:35:03.0359 2620 PDRELI - ok
23:35:03.0421 2620 PDRFRAME - ok
23:35:03.0484 2620 perc2 - ok
23:35:03.0562 2620 perc2hib - ok
23:35:03.0640 2620 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:03.0640 2620 PptpMiniport - ok
23:35:03.0734 2620 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:03.0734 2620 PSched - ok
23:35:03.0812 2620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:03.0812 2620 Ptilink - ok
23:35:03.0906 2620 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:35:03.0906 2620 PxHelp20 - ok
23:35:03.0968 2620 ql1080 - ok
23:35:04.0031 2620 Ql10wnt - ok
23:35:04.0093 2620 ql12160 - ok
23:35:04.0156 2620 ql1240 - ok
23:35:04.0234 2620 ql1280 - ok
23:35:04.0312 2620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:04.0312 2620 RasAcd - ok
23:35:04.0406 2620 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:04.0406 2620 Rasl2tp - ok
23:35:04.0500 2620 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:04.0500 2620 RasPppoe - ok
23:35:04.0578 2620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:04.0578 2620 Raspti - ok
23:35:04.0671 2620 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:04.0671 2620 Rdbss - ok
23:35:04.0750 2620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:04.0750 2620 RDPCDD - ok
23:35:04.0859 2620 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:35:04.0859 2620 rdpdr - ok
23:35:04.0937 2620 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:04.0953 2620 RDPWD - ok
23:35:05.0046 2620 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:05.0046 2620 redbook - ok
23:35:05.0140 2620 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:35:05.0156 2620 RTL8023xp - ok
23:35:05.0218 2620 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:35:05.0218 2620 rtl8139 - ok
23:35:05.0296 2620 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:35:05.0296 2620 SASDIFSV - ok
23:35:05.0296 2620 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:35:05.0296 2620 SASKUTIL - ok
23:35:05.0406 2620 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:05.0406 2620 Secdrv - ok
23:35:05.0484 2620 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:05.0484 2620 serenum - ok
23:35:05.0562 2620 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:05.0562 2620 Serial - ok
23:35:05.0625 2620 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:05.0625 2620 Sfloppy - ok
23:35:05.0703 2620 Simbad - ok
23:35:05.0781 2620 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:35:05.0781 2620 SLIP - ok
23:35:05.0843 2620 Sparrow - ok
23:35:05.0937 2620 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:35:05.0937 2620 splitter - ok
23:35:06.0015 2620 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:06.0015 2620 sr - ok
23:35:06.0109 2620 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:06.0109 2620 Srv - ok
23:35:06.0203 2620 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:35:06.0203 2620 streamip - ok
23:35:06.0296 2620 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:06.0296 2620 swenum - ok
23:35:06.0375 2620 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:35:06.0375 2620 swmidi - ok
23:35:06.0437 2620 symc810 - ok
23:35:06.0515 2620 symc8xx - ok
23:35:06.0578 2620 sym_hi - ok
23:35:06.0640 2620 sym_u3 - ok
23:35:06.0734 2620 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:06.0734 2620 sysaudio - ok
23:35:06.0828 2620 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
23:35:06.0828 2620 tap0901 - ok
23:35:06.0921 2620 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:06.0921 2620 Tcpip - ok
23:35:07.0000 2620 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:07.0000 2620 TDPIPE - ok
23:35:07.0093 2620 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:07.0093 2620 TDTCP - ok
23:35:07.0187 2620 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:07.0187 2620 TermDD - ok
23:35:07.0265 2620 TosIde - ok
23:35:07.0328 2620 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
23:35:07.0328 2620 uagp35 - ok
23:35:07.0453 2620 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:35:07.0453 2620 Udfs - ok
23:35:07.0531 2620 ultra - ok
23:35:07.0625 2620 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:35:07.0625 2620 Update - ok
23:35:07.0718 2620 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
23:35:07.0718 2620 usbaudio - ok
23:35:07.0812 2620 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:35:07.0812 2620 usbccgp - ok
23:35:07.0875 2620 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:35:07.0890 2620 usbehci - ok
23:35:07.0968 2620 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:07.0968 2620 usbhub - ok
23:35:08.0046 2620 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:08.0062 2620 usbprint - ok
23:35:08.0140 2620 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:08.0140 2620 USBSTOR - ok
23:35:08.0218 2620 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:35:08.0218 2620 usbuhci - ok
23:35:08.0296 2620 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:35:08.0296 2620 VgaSave - ok
23:35:08.0390 2620 viagfx (7eeaa347d9731390775ed0a34917c751) C:\WINDOWS\system32\DRIVERS\vtmini.sys
23:35:08.0406 2620 viagfx - ok
23:35:08.0484 2620 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:35:08.0484 2620 ViaIde - ok
23:35:08.0562 2620 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
23:35:08.0562 2620 viamraid - ok
23:35:08.0656 2620 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:08.0656 2620 VolSnap - ok
23:35:08.0765 2620 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:08.0765 2620 Wanarp - ok
23:35:08.0812 2620 WDICA - ok
23:35:08.0906 2620 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:35:08.0906 2620 wdmaud - ok
23:35:09.0031 2620 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:35:09.0031 2620 WS2IFSL - ok
23:35:09.0109 2620 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:35:09.0109 2620 WSTCODEC - ok
23:35:09.0171 2620 XDva391 - ok
23:35:09.0218 2620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:35:09.0375 2620 \Device\Harddisk0\DR0 - ok
23:35:09.0390 2620 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR3
23:35:09.0390 2620 \Device\Harddisk1\DR3 - ok
23:35:09.0406 2620 Boot (0x1200) (f63b75748046f2de5e4cce0d37bf2f28) \Device\Harddisk0\DR0\Partition0
23:35:09.0406 2620 \Device\Harddisk0\DR0\Partition0 - ok
23:35:09.0421 2620 Boot (0x1200) (89c9ade065b449c4b630e7e4fb10e07f) \Device\Harddisk0\DR0\Partition1
23:35:09.0421 2620 \Device\Harddisk0\DR0\Partition1 - ok
23:35:09.0421 2620 Boot (0x1200) (e0cb290c95f9535a84a2678dd9f61bb1) \Device\Harddisk1\DR3\Partition0
23:35:09.0437 2620 \Device\Harddisk1\DR3\Partition0 - ok
23:35:09.0437 2620 ============================================================
23:35:09.0437 2620 Scan finished
23:35:09.0437 2620 ============================================================
23:35:09.0453 2616 Detected object count: 0
23:35:09.0453 2616 Actual detected object count: 0

#6 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 13 March 2012 - 09:05 PM

i had some difficulties running the scan in this because the updating and downloading of database stops for an instance,maybe the malware is stopping the update of database, but after a few tries, i manage to finish the update and able to scan, here is the log


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-14 00:12:17
-----------------------------
00:12:17.593 OS Version: Windows 5.1.2600 Service Pack 2
00:12:17.593 Number of processors: 2 586 0x409
00:12:17.593 ComputerName: VITOR UserName:
00:12:17.718 Initialize success
00:16:14.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
00:16:14.593 Disk 0 Vendor: SAMSUNG_SP0822N WA100-34 Size: 76351MB BusType: 3
00:16:14.609 Disk 0 MBR read successfully
00:16:14.609 Disk 0 MBR scan
00:16:14.609 Disk 0 Windows XP default MBR code
00:16:14.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 12001 MB offset 63
00:16:14.609 Disk 0 Partition - 00 0F Extended LBA 64338 MB offset 24579450
00:16:14.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 64338 MB offset 24579513
00:16:14.625 Disk 0 scanning sectors +156344580
00:16:14.687 Disk 0 scanning C:\WINDOWS\system32\drivers
00:16:23.453 Service scanning
00:16:25.265 Service FXDRV E:\Fxdrv.sys **LOCKED** 21
00:16:30.796 Modules scanning
00:16:34.281 Disk 0 trace - called modules:
00:16:34.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
00:16:34.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859e2670]
00:16:34.296 3 CLASSPNP.SYS[f75c105b] -> nt!IofCallDriver -> \Device\00000060[0x85927510]
00:16:34.296 5 ACPI.sys[f7447620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x85926d98]
00:16:34.296 Scan finished successfully
00:16:42.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
00:16:42.156 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 13 March 2012 - 09:28 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 14 March 2012 - 10:24 AM

OTL logfile created on: 3/14/2012 11:04:53 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 642.51 Mb Available Physical Memory | 67.04% Memory free
2.26 Gb Paging File | 2.04 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.72 Gb Total Space | 5.30 Gb Free Space | 45.21% Space Free | Partition Type: NTFS
Drive D: | 62.83 Gb Total Space | 7.51 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.55 Gb Free Space | 30.15% Space Free | Partition Type: FAT

Computer Name: VITOR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program files\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
PRC - D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)


========== Driver Services (SafeList) ==========

DRV - (XDva391) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FXDRV) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/23 00:32:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2012/03/11 20:19:47 | 000,000,000 | ---D | M]

[2012/02/28 22:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99

#9 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 14 March 2012 - 10:27 AM

OTL logfile created on: 3/14/2012 11:04:53 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 642.51 Mb Available Physical Memory | 67.04% Memory free
2.26 Gb Paging File | 2.04 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.72 Gb Total Space | 5.30 Gb Free Space | 45.21% Space Free | Partition Type: NTFS
Drive D: | 62.83 Gb Total Space | 7.51 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.55 Gb Free Space | 30.15% Space Free | Partition Type: FAT

Computer Name: VITOR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program files\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
PRC - D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)


========== Driver Services (SafeList) ==========

DRV - (XDva391) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FXDRV) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/23 00:32:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2012/03/11 20:19:47 | 000,000,000 | ---D | M]

[2012/02/28 22:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: Proxy SwitchySharp = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.38_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: busuu.com = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo\2.0_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Troll Emoticons = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.6_0\
CHR - Extension: HyperTranslate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kecaejkkcpijbbnnmnkpcpgiifdplcia\10.2.0_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Webcam Toy = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Lamborghini Poison = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meodlhpipcpiedkkmbbechgigmkfhnbl\2.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/03/14 00:08:46 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [USBAntiVirus.exe] C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [Facebook Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [uTorrent] D:\Program files\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\W

OTL logfile created on: 3/14/2012 11:04:53 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 642.51 Mb Available Physical Memory | 67.04% Memory free
2.26 Gb Paging File | 2.04 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.72 Gb Total Space | 5.30 Gb Free Space | 45.21% Space Free | Partition Type: NTFS
Drive D: | 62.83 Gb Total Space | 7.51 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.55 Gb Free Space | 30.15% Space Free | Partition Type: FAT

Computer Name: VITOR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program files\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
PRC - D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)


========== Driver Services (SafeList) ==========

DRV - (XDva391) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FXDRV) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVer

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 14 March 2012 - 02:58 PM

That is only about half of the report can you send me the complete report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 14 March 2012 - 06:34 PM

OMG cant sorry cant post properly because after i paste it, the page keeps redirecting and posts become incomplete. here is the half of the post.



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/23 00:32:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2012/03/11 20:19:47 | 000,000,000 | ---D | M]

[2012/02/28 22:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: Proxy SwitchySharp = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.38_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: busuu.com = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo\2.0_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Troll Emoticons = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.6_0\
CHR - Extension: HyperTranslate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kecaejkkcpijbbnnmnkpcpgiifdplcia\10.2.0_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Webcam Toy = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Lamborghini Poison = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meodlhpipcpiedkkmbbechgigmkfhnbl\2.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/03/14 00:08:46 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [USBAntiVirus.exe] C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [Facebook Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [uTorrent] D:\Program files\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.

#12 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 14 March 2012 - 06:36 PM

sorry about the incomplete post, because when i post the browser keeps redirecting, :(

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/23 00:32:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2012/03/11 20:19:47 | 000,000,000 | ---D | M]

[2012/02/28 22:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: Proxy SwitchySharp = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.38_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: busuu.com = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo\2.0_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Troll Emoticons = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.6_0\
CHR - Extension: HyperTranslate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kecaejkkcpijbbnnmnkpcpgiifdplcia\10.2.0_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Webcam Toy = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Lamborghini Poison = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meodlhpipcpiedkkmbbechgigmkfhnbl\2.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/03/14 00:08:46 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [USBAntiVirus.exe] C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [Facebook Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [uTorrent] D:\Program files\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDC

sorry about the incomplete post, because when i post the browser keeps redirecting, :(

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/23 00:32:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2012/03/11 20:19:47 | 000,000,000 | ---D | M]

[2012/02/28 22:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\A

#13 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 14 March 2012 - 06:39 PM

i will just post the logs using a different computer, maybe a few hours from now. :( cant use any other PC here.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 14 March 2012 - 09:45 PM

Or you can upload it to mediafire.com and send me the link here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tomjoram

tomjoram
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 14 March 2012 - 09:50 PM

here is the complete log!

OTL logfile created on: 3/14/2012 11:04:53 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 642.51 Mb Available Physical Memory | 67.04% Memory free
2.26 Gb Paging File | 2.04 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.72 Gb Total Space | 5.30 Gb Free Space | 45.21% Space Free | Partition Type: NTFS
Drive D: | 62.83 Gb Total Space | 7.51 Gb Free Space | 11.95% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.55 Gb Free Space | 30.15% Space Free | Partition Type: FAT

Computer Name: VITOR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program files\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
PRC - D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)


========== Driver Services (SafeList) ==========

DRV - (XDva391) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FXDRV) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/23 00:32:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2012/03/11 20:19:47 | 000,000,000 | ---D | M]

[2012/02/28 22:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: Proxy SwitchySharp = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.38_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: busuu.com = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo\2.0_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Troll Emoticons = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.6_0\
CHR - Extension: HyperTranslate = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kecaejkkcpijbbnnmnkpcpgiifdplcia\10.2.0_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Webcam Toy = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.2.2_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Lamborghini Poison = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meodlhpipcpiedkkmbbechgigmkfhnbl\2.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/03/14 00:08:46 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [USBAntiVirus.exe] C:\Program Files\USBAntiVirus\USBAntiVirus.exe ()
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [Facebook Update] C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1060284298-573735546-1801674531-500..\Run: [uTorrent] D:\Program files\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-573735546-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F2740D9-20BD-4B3C-90DA-52755103A603}: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/20 12:54:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 23:03:08 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/14 00:18:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Desktop\REPAIR TOOLS
[2012/03/14 00:02:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/13 23:53:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/13 08:47:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/13 08:43:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/13 08:43:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/13 08:43:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/13 08:43:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/13 08:43:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/13 08:43:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/12 17:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012/03/12 17:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/12 17:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/12 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/12 17:48:38 | 015,211,272 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2012/03/11 20:00:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/03/11 03:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IDM
[2012/03/11 03:44:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/03/11 03:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/11 03:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/11 03:07:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/11 03:07:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/03/11 03:07:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/03/11 03:07:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/03/11 03:07:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/03/10 23:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/10 23:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/10 23:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2012/03/10 23:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2012/03/10 23:22:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/09 21:54:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/08 11:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/07 08:27:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/03/07 08:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/28 22:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/02/23 21:18:11 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/02/20 04:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 23:02:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/14 22:24:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500UA.job
[2012/03/14 20:29:17 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500UA.job
[2012/03/14 11:36:46 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/14 00:20:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/14 00:08:46 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/13 23:29:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500Core.job
[2012/03/13 23:24:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-573735546-1801674531-500Core.job
[2012/03/13 08:47:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/12 10:14:16 | 015,211,272 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2012/03/11 20:12:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/11 15:45:40 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/11 15:45:39 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/11 03:05:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/03/10 22:58:11 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/10 22:54:20 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/10 22:54:20 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/10 22:43:07 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/08 11:41:36 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/06 23:16:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/13 08:47:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/13 08:47:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/13 08:43:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/13 08:43:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/13 08:43:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/13 08:43:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/13 08:43:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/11 20:02:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/11 03:05:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/03/10 22:58:11 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/03/08 11:41:36 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/02/23 21:18:17 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/02/06 00:37:07 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2012/02/06 00:37:03 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2012/01/25 11:44:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/01/24 16:06:02 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/20 20:41:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/20 20:38:51 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/20 14:02:30 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\svighost.dll
[2012/01/20 13:58:14 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/01/20 13:58:12 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/01/20 13:58:12 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/01/20 13:58:12 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/01/20 13:49:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2012/01/20 13:42:08 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS76.DLL
[2012/01/20 13:31:55 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2012/01/20 13:31:47 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/01/20 13:31:47 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/01/20 12:57:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/20 12:51:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/29 18:21:43 | 000,303,616 | ---- | C] ( ) -- C:\WINDOWS\SetACL.exe
[2010/06/24 14:58:03 | 000,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2010/06/24 14:58:03 | 000,023,041 | ---- | C] () -- C:\WINDOWS\cmaudio.dat

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users