BleepingComputer.com: Google Redirect Virus (Possibly not TDS?)

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Google Redirect Virus (Possibly not TDS?) :)

#1 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 25 August 2011 - 06:50 PM

I got a ton of viruses recently due to bad hosting practice and lazy behaviour (turned off firewall instead of opening specific ports for hosting a server), I managed to remove all of them be-it manually or via scanning for viruses, except for one stubborn malware/virus which seems to be a Google Redirect virus. I've run TDSKiller and it found some infected files and it removed them/quarantined and I've scanned with malwarebytes and it found a few more files, however my Google still redirects. My AV blocks every site it redirects to, so as it is a gateway virus, it's not harmful at this point (I think), but it is ridiculously annoying when every Google link I click on I end up having to manually get the link when it continues to redirect. (It does not redirect /every/ time however, often its more like a 50% chance it will redirect.)

It usually redirects to goingonearth.com though it sends me to a bunch of other sites as well.

I'm running Windows 7 and using Firefox

Help? :)

(DDS log incoming)

#2 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,503
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 August 2011 - 02:19 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 29 August 2011 - 09:52 PM

Thanks for the help in advance, hopefully this can be solved, it's getting more and more annoying. On the plus side, it at least doesn't harm my computer directly as far as I know. Though I think I have been getting some memory loss recently, hard to tell since I don't clock my memory usage average.

New Problems: (Not due to scans) It seems sometimes simply even searching something in Google will redirect me to a Microsoft Website explaining that I may have malware on my computer.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x91827000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10670080 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 275.33 )
0x82E03000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82E03000 PnpManager 4268032 bytes
0x82E03000 RAW 4268032 bytes
0x82E03000 WMIxWDM 4268032 bytes
0x92E36000 C:\Windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x82880000 Win32k 2416640 bytes
0x82880000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B615000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B2BD000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92258000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B4CE000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8AF14000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA207E000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x92774000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8AE34000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B039000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90E25000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8B45A000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90C97000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x90F0F000 C:\Windows\system32\DRIVERS\nvm62x32.sys 348160 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x90C0E000 C:\Windows\system32\drivers\SbFw.sys 339968 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall driver)
0xA6468000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA6418000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82B30000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92399000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B167000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B0B8000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8B21D000 C:\Windows\system32\drivers\storport.sys 294912 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x926A9000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8AED2000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90D82000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x9318B000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8B799000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B585000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA64BE000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xA2021000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9230F000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83215000 ACPI_HAL 225280 bytes
0x83215000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x90C61000 C:\Windows\system32\drivers\sbtis.sys 221184 bytes (Sunbelt Software, Inc., Sunbelt TDI Inspection System)
0x8B278000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9265D000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B854000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90CF1000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B75F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x930D2000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x90EE2000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8B80F000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8B41C000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B11C000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B000000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x92635000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8B897000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x92E00000 C:\Windows\System32\Drivers\dump_nvstor.sys 151552 bytes
0x8B5C3000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8AE00000 C:\Windows\system32\drivers\nvstor.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x9315C000 C:\Windows\system32\DRIVERS\SaiK0CC3.sys 151552 bytes (Saitek, Saitek Hid Driver)
0x8AFBF000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8B8BC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x90FA6000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA211F000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90EAF000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B95A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8B909000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91800000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90D2A000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82B10000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8B7E0000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x9271C000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA205C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x92353000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
0x92737000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x92600000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x93101000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90E89000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92377000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x90F83000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90FC8000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B936000 C:\Windows\system32\drivers\SBREDrv.sys 98304 bytes (Sunbelt Software, Anti-Rootkit Engine)
0x90FE0000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90E00000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8B9BE000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x93131000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA64F9000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8B1C7000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x92702000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B447000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x92761000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90D5E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B1DD000 00000144 73728 bytes
0x90F71000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x90ED0000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x92619000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B1DD000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8B886000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92E25000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B2AC000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x926ED000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B146000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8AEB9000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x931ED000 C:\Windows\system32\DRIVERS\sbapifs.sys 69632 bytes (Sunbelt Software, Sunbelt ActiveProtection Filter)
0x90D71000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x92751000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B83C000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8B9E1000 C:\Windows\system32\DRIVERS\SBFWIM.sys 65536 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall NDIS Intermediate driver)
0x8B157000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x923E4000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x90EA1000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x90D49000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B9B0000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B1B9000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B4B7000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x92691000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B0AA000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90F64000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x931CB000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90DED000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x90C00000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA2140000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8B97B000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90DD7000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x9311A000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8B9D5000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8B94E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x92348000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x9314A000 C:\Windows\system32\drivers\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x931E2000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x93126000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8B9A5000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x90F9B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B111000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x931D8000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x93181000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9269F000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x8B265000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x90DCD000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90DC3000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x90DE3000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA2115000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9236D000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9238F000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8B26F000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8B1EF000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA6579000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8B4C5000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90E17000 C:\Windows\system32\drivers\SaiBus.sys 36864 bytes (Saitek, Smart Technology Helpers)
0x82AE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B790000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8B100000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8AECA000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B84C000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA1000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B109000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8B98D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B995000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8B99D000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B7D8000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B92F000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92715000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8B928000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA2077000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8B1B2000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x93155000 C:\Windows\system32\DRIVERS\SaiU0CC3.sys 28672 bytes (Saitek, Saitek Usb Driver)
0x90D23000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x923F3000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x91821000 C:\Windows\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0x90D5A000 C:\Windows\System32\Drivers\Gernuwa.SYS 16384 bytes (Symantec Corporation, pcAnywhere AWUNREG Driver)
0xA64BA000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x92254000 C:\Windows\System32\Drivers\nvBridge.kmd 16384 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 275.33 )
0x926FE000 C:\Windows\system32\DRIVERS\SaiMini.sys 16384 bytes (Saitek, Saitek Magic Mini Driver)
0x8B98A000 C:\Windows\System32\Drivers\awlegacy.sys 12288 bytes (Symantec Corporation, pcAnywhere Legacy Driver Module)
0x90D57000 C:\Windows\system32\drivers\aw_host5.sys 12288 bytes (Symantec Corporation, pcAnywhere Host Driver for Windows 2000/XP)
0x9181F000 C:\Windows\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0x8B988000 C:\Windows\system32\drivers\awechomd.sys 8192 bytes (Symantec Corporation, pcAnywhere Video Miniport Driver)
0x9265B000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x93148000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(


I'm currently running DDS, though last time I ran it, it didn't finish, just froze up and couldn't finish. So if it, god forbid, actually finishes, I'll edit it in. (This is why I never edited it in the OP)

This post has been edited by DavidMarlan: 29 August 2011 - 09:53 PM

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,503
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 August 2011 - 10:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


IF you have problems running it - then I want you to run it like this


  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box

ComboFix /nombr

  • click ok


copy and paste the report into this topic for me to review

Gringo




"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 29 August 2011 - 10:21 PM

ComboFix doesn't run properly. It extracts files then will not proceed. Also, it says my anti-virus is still running and may conflict, though it has been completely disabled to the best of my knowledge (followed your guide then when that didnt seem to work, I exited it and killed the process.)

Edit: Error opening file for writting. swxcalcs.3xe

Sorry my computer isn't taking this very well. If it was easy I wouldn't post here. :)

EDIT2: Okay, got ComboFix running. Hopefully it works better than last time.

ComboFix running, and with my luck, will never finish. I wish it showed progress so I would know if it was frozen or not...
.. CF10808.3XE is responding. 2,392K in memory.
.. rmbr.3XE is responding. 1,052K in memory.
.. I put both to high priority.

Computer CPU usage at ≈0%
Random Access Memory is at 33.3% of 4GB.

.. Meanwhile on my Laptop ..

EDIT3: Yeah, no. It doesn't seem like it's going to finish, it's been almost triple it's estimate for time, but I'll leave it running.

Yeah no, It ain't finishing, been an hour, and this is my third time trying the program. Sorry my computer isn't taking it very nicely.

This post has been edited by DavidMarlan: 29 August 2011 - 11:28 PM

#6 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,503
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 August 2011 - 11:39 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 29 August 2011 - 11:46 PM

I've ran TDSKiller previously. It found some threats and deleted them.

It returned 0 threats this time, though my issue still persists.

REPORT:

2011/08/29 23:51:35.0001 4520	TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 23:51:35.0435 4520	================================================================================
2011/08/29 23:51:35.0435 4520	SystemInfo:
2011/08/29 23:51:35.0435 4520	
2011/08/29 23:51:35.0435 4520	OS Version: 6.1.7601 ServicePack: 1.0
2011/08/29 23:51:35.0435 4520	Product type: Workstation
2011/08/29 23:51:35.0435 4520	ComputerName: CHAD-PC
2011/08/29 23:51:35.0436 4520	UserName: Chad
2011/08/29 23:51:35.0436 4520	Windows directory: C:\Windows
2011/08/29 23:51:35.0436 4520	System windows directory: C:\Windows
2011/08/29 23:51:35.0436 4520	Processor architecture: Intel x86
2011/08/29 23:51:35.0436 4520	Number of processors: 2
2011/08/29 23:51:35.0436 4520	Page size: 0x1000
2011/08/29 23:51:35.0436 4520	Boot type: Normal boot
2011/08/29 23:51:35.0436 4520	================================================================================
2011/08/29 23:51:36.0530 4520	Initialize success
2011/08/29 23:51:37.0890 4712	================================================================================
2011/08/29 23:51:37.0891 4712	Scan started
2011/08/29 23:51:37.0891 4712	Mode: Manual; 
2011/08/29 23:51:37.0891 4712	================================================================================
2011/08/29 23:51:38.0679 4712	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/29 23:51:38.0756 4712	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/29 23:51:38.0831 4712	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/29 23:51:38.0885 4712	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/29 23:51:38.0913 4712	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/29 23:51:38.0942 4712	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/29 23:51:39.0022 4712	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/08/29 23:51:39.0075 4712	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/29 23:51:39.0112 4712	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/29 23:51:39.0148 4712	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/29 23:51:39.0211 4712	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/29 23:51:39.0267 4712	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/29 23:51:39.0296 4712	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/29 23:51:39.0340 4712	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/29 23:51:39.0417 4712	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/29 23:51:39.0472 4712	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/29 23:51:39.0490 4712	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/29 23:51:39.0587 4712	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/29 23:51:39.0695 4712	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/29 23:51:39.0717 4712	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/29 23:51:39.0785 4712	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/29 23:51:39.0858 4712	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/29 23:51:39.0952 4712	awecho          (c7dfd42d1906bb6f3ab7368a638c706a) C:\Windows\system32\drivers\awechomd.sys
2011/08/29 23:51:39.0979 4712	awlegacy        (fcd631b75d01fecb673d52bfe87774ac) C:\Windows\System32\Drivers\awlegacy.sys
2011/08/29 23:51:40.0000 4712	AW_HOST         (be23b51d1af7ab948f883f864454393d) C:\Windows\system32\drivers\aw_host5.sys
2011/08/29 23:51:40.0098 4712	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/29 23:51:40.0161 4712	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/29 23:51:40.0209 4712	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/29 23:51:40.0253 4712	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/29 23:51:40.0324 4712	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/29 23:51:40.0360 4712	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/29 23:51:40.0380 4712	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/29 23:51:40.0438 4712	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/29 23:51:40.0473 4712	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/29 23:51:40.0502 4712	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/29 23:51:40.0527 4712	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/29 23:51:40.0550 4712	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/29 23:51:40.0733 4712	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/29 23:51:40.0793 4712	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/29 23:51:40.0855 4712	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/29 23:51:40.0893 4712	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/29 23:51:40.0937 4712	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/29 23:51:40.0981 4712	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/29 23:51:41.0018 4712	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/29 23:51:41.0044 4712	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/29 23:51:41.0104 4712	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/29 23:51:41.0220 4712	cpudrv          (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/08/29 23:51:41.0304 4712	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/29 23:51:41.0387 4712	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/08/29 23:51:41.0461 4712	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/29 23:51:41.0488 4712	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/29 23:51:41.0536 4712	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/29 23:51:41.0591 4712	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/29 23:51:41.0662 4712	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/08/29 23:51:41.0722 4712	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/29 23:51:41.0852 4712	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/29 23:51:41.0981 4712	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/29 23:51:42.0031 4712	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/29 23:51:42.0077 4712	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/29 23:51:42.0110 4712	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/29 23:51:42.0139 4712	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/29 23:51:42.0167 4712	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/29 23:51:42.0197 4712	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/29 23:51:42.0231 4712	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/29 23:51:42.0256 4712	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/29 23:51:42.0291 4712	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/29 23:51:42.0362 4712	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/29 23:51:42.0626 4712	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/29 23:51:42.0691 4712	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/29 23:51:42.0722 4712	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/29 23:51:42.0771 4712	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/29 23:51:42.0829 4712	Gernuwa         (b390bc5aa09f333c5d95be651c073564) C:\Windows\system32\drivers\Gernuwa.sys
2011/08/29 23:51:42.0873 4712	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/08/29 23:51:42.0924 4712	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/29 23:51:42.0990 4712	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/29 23:51:43.0076 4712	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/29 23:51:43.0106 4712	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/29 23:51:43.0133 4712	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/29 23:51:43.0158 4712	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/29 23:51:43.0216 4712	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/08/29 23:51:43.0263 4712	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/29 23:51:43.0329 4712	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/29 23:51:43.0372 4712	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/29 23:51:43.0428 4712	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/08/29 23:51:43.0487 4712	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/29 23:51:43.0539 4712	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/29 23:51:43.0713 4712	IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/29 23:51:43.0768 4712	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/29 23:51:43.0796 4712	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/29 23:51:43.0831 4712	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/29 23:51:43.0893 4712	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/29 23:51:43.0926 4712	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/29 23:51:43.0973 4712	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/29 23:51:44.0039 4712	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/29 23:51:44.0086 4712	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/29 23:51:44.0152 4712	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/08/29 23:51:44.0213 4712	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/08/29 23:51:44.0265 4712	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/29 23:51:44.0339 4712	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/29 23:51:44.0423 4712	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/29 23:51:44.0490 4712	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/29 23:51:44.0510 4712	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/29 23:51:44.0534 4712	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/29 23:51:44.0562 4712	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/29 23:51:44.0598 4712	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/29 23:51:44.0667 4712	MBAMProtector   (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/29 23:51:44.0741 4712	mcdbus          (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/29 23:51:44.0832 4712	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/29 23:51:44.0861 4712	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/29 23:51:44.0899 4712	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/29 23:51:44.0955 4712	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/29 23:51:45.0002 4712	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/08/29 23:51:45.0049 4712	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/29 23:51:45.0102 4712	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/29 23:51:45.0150 4712	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/29 23:51:45.0183 4712	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/29 23:51:45.0237 4712	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/29 23:51:45.0293 4712	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/29 23:51:45.0346 4712	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/29 23:51:45.0372 4712	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/29 23:51:45.0390 4712	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/29 23:51:45.0496 4712	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/29 23:51:45.0558 4712	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/29 23:51:45.0581 4712	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/29 23:51:45.0628 4712	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/29 23:51:45.0676 4712	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/29 23:51:45.0696 4712	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/29 23:51:45.0717 4712	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/29 23:51:45.0748 4712	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/29 23:51:45.0778 4712	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/29 23:51:45.0810 4712	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/29 23:51:45.0835 4712	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/29 23:51:45.0883 4712	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/08/29 23:51:45.0901 4712	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/29 23:51:45.0960 4712	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/29 23:51:46.0066 4712	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/29 23:51:46.0095 4712	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/29 23:51:46.0136 4712	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/29 23:51:46.0193 4712	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/29 23:51:46.0236 4712	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/29 23:51:46.0269 4712	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/29 23:51:46.0298 4712	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/29 23:51:46.0358 4712	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/29 23:51:46.0466 4712	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/29 23:51:46.0509 4712	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/29 23:51:46.0555 4712	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/29 23:51:46.0629 4712	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/29 23:51:46.0657 4712	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/29 23:51:46.0704 4712	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/08/29 23:51:47.0044 4712	nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/29 23:51:47.0179 4712	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/29 23:51:47.0200 4712	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/29 23:51:47.0288 4712	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/29 23:51:47.0376 4712	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/29 23:51:47.0485 4712	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/29 23:51:47.0541 4712	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/29 23:51:47.0561 4712	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/29 23:51:47.0586 4712	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/29 23:51:47.0606 4712	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/29 23:51:47.0638 4712	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/29 23:51:47.0770 4712	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/29 23:51:47.0804 4712	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/29 23:51:47.0926 4712	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/29 23:51:47.0943 4712	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/29 23:51:47.0993 4712	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/29 23:51:48.0120 4712	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/29 23:51:48.0157 4712	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/29 23:51:48.0209 4712	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/29 23:51:48.0247 4712	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/29 23:51:48.0290 4712	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/29 23:51:48.0313 4712	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/29 23:51:48.0338 4712	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/29 23:51:48.0367 4712	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/29 23:51:48.0424 4712	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/29 23:51:48.0458 4712	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/29 23:51:48.0521 4712	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/29 23:51:48.0579 4712	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/08/29 23:51:48.0676 4712	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/29 23:51:48.0699 4712	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/29 23:51:48.0769 4712	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/29 23:51:48.0814 4712	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/29 23:51:48.0889 4712	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/29 23:51:48.0950 4712	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/29 23:51:48.0995 4712	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/08/29 23:51:49.0063 4712	SaiK0CC3        (830e6e79cea8164d8b43ff7df79e6e40) C:\Windows\system32\DRIVERS\SaiK0CC3.sys
2011/08/29 23:51:49.0117 4712	SaiMini         (646d8be92ecfbfbea9fea7682b0e579a) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/08/29 23:51:49.0150 4712	SaiNtBus        (f47b3689cb50c5ee571da6ed1d2ef3c6) C:\Windows\system32\drivers\SaiBus.sys
2011/08/29 23:51:49.0236 4712	SaiU0CC3        (5fd14d230c3cf39a120dcc43d73cfe25) C:\Windows\system32\DRIVERS\SaiU0CC3.sys
2011/08/29 23:51:49.0326 4712	sbapifs         (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
2011/08/29 23:51:49.0395 4712	SbFw            (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
2011/08/29 23:51:49.0444 4712	SBFWIMCL        (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
2011/08/29 23:51:49.0472 4712	SBFWIMCLMP      (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
2011/08/29 23:51:49.0518 4712	SbHips          (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
2011/08/29 23:51:49.0584 4712	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/29 23:51:49.0650 4712	SBRE            (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREDrv.sys
2011/08/29 23:51:49.0744 4712	SbTis           (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
2011/08/29 23:51:49.0792 4712	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/29 23:51:49.0847 4712	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/29 23:51:49.0951 4712	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/29 23:51:49.0986 4712	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/29 23:51:50.0035 4712	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/29 23:51:50.0100 4712	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/08/29 23:51:50.0135 4712	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/29 23:51:50.0155 4712	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/29 23:51:50.0185 4712	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/29 23:51:50.0250 4712	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/29 23:51:50.0299 4712	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/29 23:51:50.0318 4712	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/29 23:51:50.0399 4712	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/29 23:51:50.0459 4712	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/29 23:51:50.0534 4712	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/08/29 23:51:50.0565 4712	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/29 23:51:50.0593 4712	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/29 23:51:50.0678 4712	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/29 23:51:50.0733 4712	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/29 23:51:50.0761 4712	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/08/29 23:51:50.0832 4712	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/29 23:51:50.0955 4712	Tcpip           (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/08/29 23:51:51.0030 4712	TCPIP6          (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/29 23:51:51.0091 4712	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/29 23:51:51.0143 4712	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/29 23:51:51.0172 4712	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/29 23:51:51.0219 4712	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/29 23:51:51.0241 4712	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/29 23:51:51.0326 4712	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/29 23:51:51.0369 4712	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/29 23:51:51.0634 4712	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/29 23:51:51.0694 4712	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/29 23:51:51.0743 4712	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/29 23:51:51.0813 4712	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/29 23:51:51.0874 4712	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/08/29 23:51:51.0896 4712	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/29 23:51:51.0953 4712	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/29 23:51:51.0992 4712	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/29 23:51:52.0036 4712	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/29 23:51:52.0099 4712	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/29 23:51:52.0163 4712	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/29 23:51:52.0224 4712	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/29 23:51:52.0263 4712	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/29 23:51:52.0294 4712	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/29 23:51:52.0344 4712	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/29 23:51:52.0403 4712	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/29 23:51:52.0465 4712	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/29 23:51:52.0508 4712	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/29 23:51:52.0533 4712	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/29 23:51:52.0579 4712	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/29 23:51:52.0631 4712	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/29 23:51:52.0683 4712	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/29 23:51:52.0754 4712	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/29 23:51:52.0926 4712	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/08/29 23:51:52.0968 4712	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/29 23:51:53.0004 4712	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/29 23:51:53.0041 4712	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/29 23:51:53.0120 4712	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/29 23:51:53.0189 4712	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/29 23:51:53.0228 4712	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/08/29 23:51:53.0266 4712	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/29 23:51:53.0329 4712	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/29 23:51:53.0341 4712	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/29 23:51:53.0403 4712	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/29 23:51:53.0465 4712	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/29 23:51:53.0548 4712	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/29 23:51:53.0578 4712	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/29 23:51:53.0697 4712	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/29 23:51:53.0803 4712	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/29 23:51:53.0856 4712	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/29 23:51:53.0919 4712	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/29 23:51:53.0978 4712	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/29 23:51:54.0042 4712	xusb21          (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
2011/08/29 23:51:54.0092 4712	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/29 23:51:54.0102 4712	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
2011/08/29 23:51:54.0126 4712	MBR (0x1B8)     (0384bac7e0fa127fa7b90dba1ab1454d) \Device\Harddisk2\DR2
2011/08/29 23:51:54.0150 4712	Boot (0x1200)   (c17f261b781a2b60de7c026e6d0a8acf) \Device\Harddisk0\DR0\Partition0
2011/08/29 23:51:54.0192 4712	Boot (0x1200)   (61be161073aba4ef05cdce910eaee2a9) \Device\Harddisk0\DR0\Partition1
2011/08/29 23:51:54.0248 4712	Boot (0x1200)   (fdf7f1ffc739fdbf075d9860eb4aed07) \Device\Harddisk0\DR0\Partition2
2011/08/29 23:51:54.0260 4712	Boot (0x1200)   (e7651572f45505aaf25d67d073d16ef6) \Device\Harddisk1\DR1\Partition0
2011/08/29 23:51:54.0271 4712	Boot (0x1200)   (2595b99cba4f0d6b8939a795a1fc679b) \Device\Harddisk2\DR2\Partition0
2011/08/29 23:51:54.0299 4712	Boot (0x1200)   (94948ece38ec0580fb85e80f1bd5db69) \Device\Harddisk2\DR2\Partition1
2011/08/29 23:51:54.0304 4712	================================================================================
2011/08/29 23:51:54.0304 4712	Scan finished
2011/08/29 23:51:54.0304 4712	================================================================================
2011/08/29 23:51:54.0322 1244	Detected object count: 0
2011/08/29 23:51:54.0322 1244	Actual detected object count: 0

This post has been edited by DavidMarlan: 29 August 2011 - 11:57 PM

#8 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,503
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 29 August 2011 - 11:50 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

  • Please post the contents of OTListIt.txt in your next reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 30 August 2011 - 12:02 AM

She-bam.

OTL logfile created on: 8/29/2011 11:56:07 PM - Run 2
OTL by OldTimer - Version 3.2.26.6     Folder = C:\Users\Chad\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.59% Memory free
6.00 Gb Paging File | 4.59 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 56.45 Gb Free Space | 57.80% Space Free | Partition Type: NTFS
Drive D: | 36.13 Gb Total Space | 34.59 Gb Free Space | 95.72% Space Free | Partition Type: NTFS
Drive E: | 99.09 Gb Total Space | 73.77 Gb Free Space | 74.45% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 26.43 Gb Free Space | 54.13% Space Free | Partition Type: NTFS
Drive G: | 100.21 Gb Total Space | 16.73 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 369.09 Gb Free Space | 79.24% Space Free | Partition Type: NTFS
Drive I: | 314.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Chad\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\ProgramData\Clickfree\HDDV2NUSB3\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\Clickfree\HDDV2NUSB3\Reminder\SacNetAgent.exe (Storage Appliance Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
PRC - D:\Program Files\Symantec\pcAnywhere\awhprobe.exe (Symantec Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - d:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\PMC.dll ()
MOD - C:\Program Files\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (TuneUp.UtilitiesSvc) --  File not found
SRV - (TuneUp.Defrag) --  File not found
SRV - (AutoKMS) --  File not found
SRV - (Apache2.2) --  File not found
SRV - (Hamachi2Svc) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SBAMSvc) -- D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (PinnacleUpdateSvc) -- d:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (CFUACProxy_hddv2nusb3) -- C:\ProgramData\Clickfree\HDDV2NUSB3\UACProxy.exe (Storage Appliance Corp.)
SRV - (SacNetAgentService_C57C4F854F53) -- C:\ProgramData\Clickfree\HDDV2NUSB3\Reminder\SacNetAgent.exe (Storage Appliance Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (awhost32) -- D:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SbHips) -- C:\Windows\System32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\Windows\System32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CC3) -- C:\Windows\System32\drivers\SaiK0CC3.sys (Saitek)
DRV - (SaiU0CC3) -- C:\Windows\System32\drivers\SaiU0CC3.sys (Saitek)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (AW_HOST) -- C:\Windows\System32\drivers\AW_HOST5.sys (Symantec Corporation)
DRV - (awlegacy) -- C:\Windows\System32\Drivers\awlegacy.sys (Symantec Corporation)
DRV - (awecho) -- C:\Windows\System32\drivers\awechomd.sys (Symantec Corporation)
DRV - (Gernuwa) -- C:\Windows\System32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 A1 67 0B F4 58 CA 01  [binary data]
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: d:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: d:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: d:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: h:\Program Files\BYOND\bin\npbyond.dll (BYOND)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}: C:\Users\Chad\AppData\Local\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08} [2011/08/13 17:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}: C:\Users\Chad\AppData\Local\{93B2F59F-022C-4DC2-9A44-4387C722C1CA} [2011/08/16 18:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 16:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/27 22:51:56 | 000,000,000 | ---D | M]
 
[2010/01/24 12:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
[2010/01/24 12:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/08/09 23:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\mug0tnrx.default\extensions
[2011/08/01 22:49:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\mug0tnrx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/05 15:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/13 17:08:58 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHAD\APPDATA\LOCAL\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}
[2011/08/16 18:04:46 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHAD\APPDATA\LOCAL\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}
() (No name found) -- C:\USERS\CHAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MUG0TNRX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/17 16:43:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/07/08 16:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2011/05/31 18:26:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SBAMTray] D:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SBRegRebootCleaner] D:\Program Files\Sunbelt Software\VIPRE\SBRC.exe (Sunbelt Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [RCWxJveOgCSQ] C:\ProgramData\RCWxJveOgCSQ.exe ()
O4 - HKU\S-1-5-18..\Run: [RCWxJveOgCSQ] C:\ProgramData\RCWxJveOgCSQ.exe ()
O4 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001..\Run: [puush] D:\Program Files\puush\puush.exe ()
O4 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1021..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\Windows\System32\PCANotify.dll (Symantec Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09230b5a-d249-11e0-9081-001bfcf1a181}\Shell - "" = AutoRun
O33 - MountPoints2\{09230b5a-d249-11e0-9081-001bfcf1a181}\Shell\AutoRun\command - "" = J:\CitiesXL2011.exe
O33 - MountPoints2\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\Shell - "" = AutoRun
O33 - MountPoints2\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/08/29 22:32:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/29 14:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2011/08/29 14:27:43 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Focus Home Interactive
[2011/08/29 14:19:10 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/08/25 11:27:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\BioWare
[2011/08/25 10:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2011/08/25 10:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2011/08/24 10:38:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/24 10:32:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 16:26:45 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Vitalwerks
[2011/08/22 16:26:27 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2011/08/21 02:36:33 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Nem's Tools
[2011/08/21 02:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
[2011/08/17 20:56:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/17 20:56:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/17 20:56:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/17 20:56:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/17 20:46:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/17 20:43:59 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Malwarebytes
[2011/08/17 20:43:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/17 20:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/17 20:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/17 20:43:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/17 20:38:35 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/16 19:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\dN01602PmDgO01602
[2011/08/16 18:04:46 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}
[2011/08/13 21:41:43 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011/08/13 21:28:57 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\LogMeIn Hamachi
[2011/08/13 21:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/13 17:08:58 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}
[2011/08/11 03:10:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 03:10:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 03:10:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 03:10:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 03:10:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/11 01:21:26 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/11 01:21:24 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/11 01:21:11 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/11 01:21:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/11 01:21:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/11 01:21:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/11 01:21:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/11 01:21:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/11 01:21:09 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/11 01:21:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/11 01:21:09 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/11 01:21:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/11 01:21:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/04 15:14:56 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\puush
[2011/08/04 15:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
[2011/08/04 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Downloaded Installations
[2011/08/01 21:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/08/01 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/08/29 23:45:37 | 000,662,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/29 23:45:37 | 000,122,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/29 23:44:52 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 23:44:52 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 23:39:39 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\axopnmdhsp.job
[2011/08/29 23:39:38 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\FBVZMWWYC.job
[2011/08/29 23:39:38 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/08/29 23:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/29 23:39:28 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/29 21:45:05 | 000,000,156 | ---- | M] () -- C:\Users\Chad\defogger_reenable
[2011/08/29 20:42:51 | 000,007,664 | ---- | M] () -- C:\Users\Chad\AppData\Local\resmon.resmoncfg
[2011/08/29 18:36:00 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011/08/29 14:28:37 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Cities XL 2011.lnk
[2011/08/29 14:19:10 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/08/29 09:13:45 | 000,119,296 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2011/08/23 10:44:28 | 000,113,877 | ---- | M] () -- C:\Users\Chad\Documents\toast1.gif
[2011/08/22 18:29:18 | 000,000,132 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/18 11:21:41 | 000,000,120 | ---- | M] () -- C:\Users\Chad\AppData\Local\Lwokofumut.dat
[2011/08/18 11:21:41 | 000,000,000 | ---- | M] () -- C:\Users\Chad\AppData\Local\Hhonok.bin
[2011/08/17 21:14:32 | 423,198,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/17 20:43:55 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 20:38:35 | 000,002,959 | ---- | M] () -- C:\Users\Chad\Desktop\HiJackThis.lnk
[2011/08/17 16:49:27 | 000,002,007 | ---- | M] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/16 19:17:09 | 000,000,000 | ---- | M] () -- C:\ProgramData\RCWxJveOgCSQ.exe
[2011/08/11 20:16:29 | 000,065,536 | RHS- | M] () -- C:\Windows\System32\tintlgnt4.dll
[2011/08/11 20:16:29 | 000,065,536 | RHS- | M] () -- C:\Windows\System32\cmpbk32S.dll
[2011/08/06 15:51:42 | 003,920,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/04 15:18:16 | 000,084,954 | ---- | M] () -- C:\Users\Chad\Desktop\40gw.png
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/08/29 21:44:55 | 000,000,156 | ---- | C] () -- C:\Users\Chad\defogger_reenable
[2011/08/29 14:28:37 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Cities XL 2011.lnk
[2011/08/23 10:44:23 | 000,113,877 | ---- | C] () -- C:\Users\Chad\Documents\toast1.gif
[2011/08/17 20:56:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/17 20:56:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/17 20:56:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/17 20:56:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/17 20:56:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/17 20:43:55 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 20:38:35 | 000,002,959 | ---- | C] () -- C:\Users\Chad\Desktop\HiJackThis.lnk
[2011/08/16 19:17:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\RCWxJveOgCSQ.exe
[2011/08/13 17:08:59 | 000,000,120 | ---- | C] () -- C:\Users\Chad\AppData\Local\Lwokofumut.dat
[2011/08/13 17:08:59 | 000,000,000 | ---- | C] () -- C:\Users\Chad\AppData\Local\Hhonok.bin
[2011/08/11 20:16:30 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\FBVZMWWYC.job
[2011/08/11 20:16:29 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\axopnmdhsp.job
[2011/08/11 20:16:28 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\tintlgnt4.dll
[2011/08/11 20:16:28 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\cmpbk32S.dll
[2011/08/04 15:18:16 | 000,084,954 | ---- | C] () -- C:\Users\Chad\Desktop\40gw.png
[2011/07/21 11:16:24 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/07/12 23:53:14 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/12 22:51:08 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2011/07/12 22:51:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2011/07/12 22:51:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2011/07/05 01:44:03 | 000,007,664 | ---- | C] () -- C:\Users\Chad\AppData\Local\resmon.resmoncfg
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/01 00:55:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/01 00:54:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/21 12:49:12 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/06 21:35:52 | 000,010,600 | -HS- | C] () -- C:\ProgramData\d370ib50k8d5s35bk41t72fyy28xc84
[2011/03/13 15:30:38 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/03/05 19:34:02 | 000,003,584 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 23:57:09 | 000,308,768 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/10 19:18:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/08/25 10:43:17 | 000,319,354 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\farm.bmp
[2010/08/24 15:56:05 | 000,004,041 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\settings.dat
[2010/06/25 13:19:07 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/05/29 18:41:09 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 11:30:57 | 000,000,694 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\MPQEditor.ini
[2010/03/15 16:38:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\2534066182
[2010/03/10 20:23:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\3110973706
[2010/03/10 20:17:51 | 000,004,922 | ---- | C] () -- C:\ProgramData\rhjklwsb.idg
[2010/03/10 20:17:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\1849987611
[2010/03/10 20:08:37 | 000,004,922 | ---- | C] () -- C:\ProgramData\qhjklwsb.idg
[2009/11/25 21:53:59 | 000,001,249 | ---- | C] () -- C:\Windows\eReg.dat
[2009/11/08 15:15:58 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/08 15:15:57 | 000,022,328 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\PnkBstrK.sys
[2009/11/08 15:15:46 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/08 15:15:44 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/11/08 15:15:44 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/07 15:15:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 00:02:38 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/31 09:26:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/31 09:26:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/10/31 09:26:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/10/30 20:42:18 | 000,045,091 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/10/30 19:45:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,920,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,662,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,122,210 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/01 01:16:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2005/10/22 22:01:04 | 000,067,473 | -H-- | C] () -- C:\Users\Chad\AppData\Roaming\Chadv1.18.0 - Trial versionlog.dat
[2005/09/12 16:57:45 | 000,044,767 | -H-- | C] () -- C:\Users\Chad\AppData\Roaming\Chadlog.dat
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:3D29BF00

< End of report >


Okay, Going to bed. Be back in 8 hours. I don't feel like saving the Extra.txt so here it is.

OTL Extras logfile created on: 8/29/2011 11:56:07 PM - Run 2
OTL by OldTimer - Version 3.2.26.6     Folder = C:\Users\Chad\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.59% Memory free
6.00 Gb Paging File | 4.59 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 56.45 Gb Free Space | 57.80% Space Free | Partition Type: NTFS
Drive D: | 36.13 Gb Total Space | 34.59 Gb Free Space | 95.72% Space Free | Partition Type: NTFS
Drive E: | 99.09 Gb Total Space | 73.77 Gb Free Space | 74.45% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 26.43 Gb Free Space | 54.13% Space Free | Partition Type: NTFS
Drive G: | 100.21 Gb Total Space | 16.73 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 369.09 Gb Free Space | 79.24% Space Free | Partition Type: NTFS
Drive I: | 314.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12118183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{411C5D92-2AE4-436F-A027-1E441EDC05CE}" = VIPRE Antivirus Premium
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53C1E370-CEE2-434B-9ED6-CFAA20CF5509}" = HoldemRadar
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68DD6410-C93E-4BF0-BCEB-17024E27A7AC}" = Smart Technology Programming Software 7.0.0.26
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDD4EA-9D68-11D5-8A28-005004D37F93}" = Wolfenstein 3D
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2010
"{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.EXCEL_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{90140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHER_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PUBLISHER_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.WORD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.EXCEL_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHER_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.EXCEL_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINT_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHER_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.EXCEL_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINT_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHER_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.EXCEL_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PUBLISHER_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.WORD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.EXCEL_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PUBLISHER_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.EXCEL_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PUBLISHER_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2189B1E-9F3A-5778-24E6-44BCCA1B164F}" = D&D 3.5 DM Tools Player Client v0.43.1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus Premium
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C301D681-00D3-4597-8446-3DE54FE20F1A}" = TortoiseSVN 1.6.11.20210 (32 bit)
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC754D8F-1D06-4016-BF57-8D21F97E1F0A}" = JunkFilterPlus
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cities XL 2011" = Cities XL 2011
"cnjckpyqus" = Advanced Performance Platform Cashtitan.
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.andyadamczak.dmtools.PlayerClient.0016F9EC50E12D150BB6A67E4524D4385795DA9D.1" = D&D 3.5 DM Tools Player Client v0.43.1
"D&D 3.5 DM Tools" = D&D 3.5 DM Tools v0.43.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dawntide" = Dawntide (remove only)
"FileZilla Client" = FileZilla Client 3.5.0
"FrostWire" = FrostWire 4.21.3
"GCFScape_is1" = GCFScape 1.8.2
"IncrediMail" = IncrediMail 2.0
"JunkFilterPlus" = IncrediMail JunkFilter Plus
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"MTA:SA" = MTA:SA v1.0.5
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.EXCEL" = Microsoft Excel 2010
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.PUBLISHER" = Microsoft Publisher 2010
"Office14.WORD" = Microsoft Word 2010
"OpenAL" = OpenAL
"PerformanceTest 7_is1" = PerformanceTest v7.0
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Redblade_is1" = Redblade 1.3.0.16 RC 1
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"StarCraft II" = StarCraft II
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 220" = Half-Life 2
"Steam App 22350" = Brink
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 29570" = Guild Wars: Trilogy
"Steam App 300" = Day of Defeat: Source
"Steam App 4000" = Garry's Mod
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"uTorrent" = µTorrent
"vsnfpulgsonzpw" = Performance Maximizer Incrediads.
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"Warcraft III" = Warcraft III: All Products
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 1/2/2009 2:39:55 AM | Computer Name = Chad-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 1/2/2009 2:39:55 AM | Computer Name = Chad-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 1/2/2009 2:39:55 AM | Computer Name = Chad-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 1/2/2009 2:55:44 AM | Computer Name = Chad-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 1/19/2011 9:31:13 PM | Computer Name = Chad-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 1/19/2011 11:13:04 PM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.0.0.240, time
 stamp: 0x4c9808f2  Faulting module name: FalloutNV.exe, version: 1.0.0.240, time 
stamp: 0x4c9808f2  Exception code: 0xc0000005  Fault offset: 0x001df464  Faulting process
 id: 0x1780  Faulting application start time: 0x01cbb84ac39a4870  Faulting application
 path: H:\Program Files\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe  Faulting
 module path: H:\Program Files\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe
Report
 Id: 31e69a40-2443-11e0-a534-001bfcf1a181
 
Error - 1/19/2011 11:34:40 PM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.0.0.240, time
 stamp: 0x4c9808f2  Faulting module name: FalloutNV.exe, version: 1.0.0.240, time 
stamp: 0x4c9808f2  Exception code: 0xc0000005  Fault offset: 0x001a8f66  Faulting process
 id: 0x17f4  Faulting application start time: 0x01cbb8500ad692c0  Faulting application
 path: H:\Program Files\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe  Faulting
 module path: H:\Program Files\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe
Report
 Id: 35e7f6e0-2446-11e0-a534-001bfcf1a181
 
Error - 1/20/2011 6:57:06 PM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7600.16385, time
 stamp: 0x4a5bc3e6  Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
 stamp: 0x4ba9b21e  Exception code: 0xc0000374  Fault offset: 0x000c2913  Faulting process
 id: 0x16e0  Faulting application start time: 0x01cbb8f53df696a0  Faulting application
 path: C:\Windows\system32\MsiExec.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 9a0e0ea0-24e8-11e0-b86f-001bfcf1a181
 
Error - 1/20/2011 8:57:58 PM | Computer Name = Chad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.0.0.240, time
 stamp: 0x4c9808f2  Faulting module name: FalloutNV.exe, version: 1.0.0.240, time 
stamp: 0x4c9808f2  Exception code: 0xc0000005  Fault offset: 0x005fc52b  Faulting process
 id: 0x159c  Faulting application start time: 0x01cbb8f5b1f3e300  Faulting application
 path: H:\Program Files\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe  Faulting
 module path: H:\Program Files\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe
Report
 Id: 7c9ceab0-24f9-11e0-b86f-001bfcf1a181
 
Error - 1/20/2011 9:17:29 PM | Computer Name = Chad-PC | Source = Application Hang | ID = 1002
Description = The program FalloutNV.exe version 1.0.0.240 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2ac    Start
 Time: 01cbb9077ee04e10    Termination Time: 486    Application Path: H:\Program Files\Bethesda
 Softworks\Fallout New Vegas\FalloutNV.exe    Report Id:   
 
[ System Events ]
Error - 8/29/2011 11:36:37 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec pcAnywhere Host Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 8/29/2011 11:36:42 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec pcAnywhere Host Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 8/29/2011 11:36:45 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec pcAnywhere Host Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 8/29/2011 11:37:06 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 8/29/2011 11:56:32 PM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec pcAnywhere Host Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 8/30/2011 12:39:39 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error: 
  %%2
 
Error - 8/30/2011 12:39:41 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000
Description = The AutoKMS service failed to start due to the following error:   %%2
 
Error - 8/30/2011 12:39:51 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000
Description = The TuneUp Utilities Service service failed to start due to the following
 error:   %%2
 
Error - 8/30/2011 12:39:58 AM | Computer Name = Chad-PC | Source = Microsoft-Windows-GroupPolicy | ID = 1096
Description = The processing of Group Policy failed. Windows could not apply the
 registry-based policy settings for the Group Policy object LocalGPO. Group Policy
 settings will not be resolved until this event is resolved. View the event details
 for more information on the file name and path that caused the failure.
 
Error - 8/30/2011 12:39:58 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
 
< End of report >

This post has been edited by DavidMarlan: 30 August 2011 - 12:40 AM

#10 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,503
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 August 2011 - 07:39 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
O3 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk =  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
O33 - MountPoints2\{09230b5a-d249-11e0-9081-001bfcf1a181}\Shell - "" = AutoRun
O33 - MountPoints2\{09230b5a-d249-11e0-9081-001bfcf1a181}\Shell\AutoRun\command - "" = J:\CitiesXL2011.exe
O33 - MountPoints2\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\Shell - "" = AutoRun
O33 - MountPoints2\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\Shell\AutoRun\command - "" = J:\SETUP.EXE
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:3D29BF00 
[2011/08/13 17:08:58 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHAD\APPDATA\LOCAL\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}
[2011/08/16 18:04:46 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHAD\APPDATA\LOCAL\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}
[2011/08/16 19:17:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\RCWxJveOgCSQ.exe
[2011/08/13 17:08:59 | 000,000,120 | ---- | C] () -- C:\Users\Chad\AppData\Local\Lwokofumut.dat
[2011/08/13 17:08:59 | 000,000,000 | ---- | C] () -- C:\Users\Chad\AppData\Local\Hhonok.bin
[2011/08/11 20:16:30 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\FBVZMWWYC.job
[2011/08/11 20:16:29 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\axopnmdhsp.job
[2011/08/11 20:16:28 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\tintlgnt4.dll
[2011/08/11 20:16:28 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\cmpbk32S.dll
[2010/03/10 20:23:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\3110973706
[2010/03/10 20:17:51 | 000,004,922 | ---- | C] () -- C:\ProgramData\rhjklwsb.idg
[2010/03/10 20:17:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\1849987611
[2010/03/10 20:08:37 | 000,004,922 | ---- | C] () -- C:\ProgramData\qhjklwsb.idg
:Files
ipconfig /flushdns /c
:Commands
[PURITY] 
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

This post has been edited by gringo_pr: 30 August 2011 - 07:39 AM

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 30 August 2011 - 09:48 AM

My dad is being a turd and cut my internet, He doesn't know I changed the MAC Address of my Laptop so I'm posting from here, but point being, I can't test if the redirect virus is gone at this time, here is the log from the OTL Report.

Quote

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2337178070-4235178516-1668868826-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2337178070-4235178516-1668868826-1001_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2337178070-4235178516-1668868826-1001_Classes\comfile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2337178070-4235178516-1668868826-1001_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2337178070-4235178516-1668868826-1001_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09230b5a-d249-11e0-9081-001bfcf1a181}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09230b5a-d249-11e0-9081-001bfcf1a181}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09230b5a-d249-11e0-9081-001bfcf1a181}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09230b5a-d249-11e0-9081-001bfcf1a181}\ not found.
File J:\CitiesXL2011.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74ff6dc0-a71a-11e0-a70d-806e6f6e6963}\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74ff7072-a71a-11e0-a70d-001bfcf1a181}\ not found.
File K:\StartClickFreeBackup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c93c0640-7b4c-11e0-9bb2-806e6f6e6963}\ not found.
File J:\SETUP.EXE not found.
ADS C:\Windows\System32\zlib.dll:SummaryInformation deleted successfully.
ADS C:\Windows\System32\zlib.dll:DocumentSummaryInformation deleted successfully.
ADS C:\ProgramData\Temp:3D29BF00 deleted successfully.
C:\USERS\CHAD\APPDATA\LOCAL\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}\chrome\content folder moved successfully.
C:\USERS\CHAD\APPDATA\LOCAL\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}\chrome folder moved successfully.
C:\USERS\CHAD\APPDATA\LOCAL\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08} folder moved successfully.
C:\USERS\CHAD\APPDATA\LOCAL\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}\chrome\content folder moved successfully.
C:\USERS\CHAD\APPDATA\LOCAL\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}\chrome folder moved successfully.
C:\USERS\CHAD\APPDATA\LOCAL\{93B2F59F-022C-4DC2-9A44-4387C722C1CA} folder moved successfully.
C:\ProgramData\RCWxJveOgCSQ.exe moved successfully.
C:\Users\Chad\AppData\Local\Lwokofumut.dat moved successfully.
C:\Users\Chad\AppData\Local\Hhonok.bin moved successfully.
C:\Windows\Tasks\FBVZMWWYC.job moved successfully.
C:\Windows\Tasks\axopnmdhsp.job moved successfully.
C:\Windows\System32\tintlgnt4.dll moved successfully.
C:\Windows\System32\cmpbk32S.dll moved successfully.
C:\ProgramData\3110973706 moved successfully.
C:\ProgramData\rhjklwsb.idg moved successfully.
C:\ProgramData\1849987611 moved successfully.
C:\ProgramData\qhjklwsb.idg moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chad\Downloads\cmd.bat deleted successfully.
C:\Users\Chad\Downloads\cmd.txt deleted successfully.
Error: Unable to interpret <:C> in the current context!
Error: Unable to interpret <ommands> in the current context!
Error: Unable to interpret <[PURITY] > in the current context!
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret <[EMPTYFLASH]> in the current context!

OTL by OldTimer - Version 3.2.26.5 log created on 08302011_094125

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



This post has been edited by DavidMarlan: 30 August 2011 - 09:50 AM

#12 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,503
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 August 2011 - 10:14 AM

Let me have a new OTL scan and when can you test the redirects?




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 30 August 2011 - 10:29 AM

View Postgringo_pr, on 30 August 2011 - 10:14 AM, said:

Let me have a new OTL scan and when can you test the redirects?




gringo


I can probably test tomorrow, he doesn't usually stay mad longer than a day. I may be able to re-route my internet through my laptop's connection, but if not, then I should be able to test by tomorrow. Running OTL scan right now, I'll edit it in, in a couple minutes when it completes.

OTL logfile created on: 8/30/2011 10:29:39 AM - Run 3
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Chad\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 43.11% Memory free
6.00 Gb Paging File | 3.90 Gb Available in Paging File | 65.01% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 56.42 Gb Free Space | 57.77% Space Free | Partition Type: NTFS
Drive D: | 36.13 Gb Total Space | 34.59 Gb Free Space | 95.72% Space Free | Partition Type: NTFS
Drive E: | 99.09 Gb Total Space | 73.77 Gb Free Space | 74.45% Space Free | Partition Type: NTFS
Drive F: | 48.83 Gb Total Space | 26.43 Gb Free Space | 54.13% Space Free | Partition Type: NTFS
Drive G: | 100.21 Gb Total Space | 16.91 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 369.09 Gb Free Space | 79.24% Space Free | Partition Type: NTFS
Drive I: | 314.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Chad\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\ProgramData\Clickfree\HDDV2NUSB3\UACProxy.exe (Storage Appliance Corp.)
PRC - C:\ProgramData\Clickfree\HDDV2NUSB3\Reminder\SacNetAgent.exe (Storage Appliance Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - H:\Program Files\Focus Home Interactive\Cities XL 2011\CitiesXL_2011.exe (Monte Cristo Games)
PRC - D:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
PRC - D:\Program Files\Symantec\pcAnywhere\awhprobe.exe (Symantec Corporation)
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - d:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\rld.dll ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\rldata.dll ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\netlib_bwf.dll ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\mss32.dll ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\mssvoice.asi ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\mssogg.asi ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\mssmp3.asi ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\mssdsp.flt ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\msseax.flt ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\msssrs.flt ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\mssds3d.flt ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\Miles\mssdolby.flt ()
MOD - H:\Program Files\Focus Home Interactive\Cities XL 2011\binkw32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (TuneUp.UtilitiesSvc) --  File not found
SRV - (TuneUp.Defrag) --  File not found
SRV - (AutoKMS) --  File not found
SRV - (Apache2.2) --  File not found
SRV - (Hamachi2Svc) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SBAMSvc) -- D:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- D:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (PinnacleUpdateSvc) -- d:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (CFUACProxy_hddv2nusb3) -- C:\ProgramData\Clickfree\HDDV2NUSB3\UACProxy.exe (Storage Appliance Corp.)
SRV - (SacNetAgentService_C57C4F854F53) -- C:\ProgramData\Clickfree\HDDV2NUSB3\Reminder\SacNetAgent.exe (Storage Appliance Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (awhost32) -- D:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SbHips) -- C:\Windows\System32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\Windows\System32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CC3) -- C:\Windows\System32\drivers\SaiK0CC3.sys (Saitek)
DRV - (SaiU0CC3) -- C:\Windows\System32\drivers\SaiU0CC3.sys (Saitek)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (AW_HOST) -- C:\Windows\System32\drivers\AW_HOST5.sys (Symantec Corporation)
DRV - (awlegacy) -- C:\Windows\System32\Drivers\awlegacy.sys (Symantec Corporation)
DRV - (awecho) -- C:\Windows\System32\drivers\awechomd.sys (Symantec Corporation)
DRV - (Gernuwa) -- C:\Windows\System32\drivers\GERNUWA.sys (Symantec Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 A1 67 0B F4 58 CA 01  [binary data]
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: d:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: d:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: d:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: h:\Program Files\BYOND\bin\npbyond.dll (BYOND)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}: C:\Users\Chad\AppData\Local\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}: C:\Users\Chad\AppData\Local\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 16:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/27 22:51:56 | 000,000,000 | ---D | M]
 
[2010/01/24 12:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions
[2010/01/24 12:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/08/09 23:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\mug0tnrx.default\extensions
[2011/08/01 22:49:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\mug0tnrx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/05 15:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
File not found (No name found) -- C:\USERS\CHAD\APPDATA\LOCAL\{45AA356E-4C0C-4C1D-BEE1-CEB38D683A08}
File not found (No name found) -- C:\USERS\CHAD\APPDATA\LOCAL\{93B2F59F-022C-4DC2-9A44-4387C722C1CA}
() (No name found) -- C:\USERS\CHAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MUG0TNRX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/17 16:43:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/07/08 16:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2011/05/31 18:26:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SBAMTray] D:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SBRegRebootCleaner] D:\Program Files\Sunbelt Software\VIPRE\SBRC.exe (Sunbelt Software)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [RCWxJveOgCSQ]  File not found
O4 - HKU\S-1-5-18..\Run: [RCWxJveOgCSQ]  File not found
O4 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001..\Run: [puush] D:\Program Files\puush\puush.exe ()
O4 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1021..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2337178070-4235178516-1668868826-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\Windows\System32\PCANotify.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/08/29 22:32:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/29 14:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2011/08/29 14:27:43 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Focus Home Interactive
[2011/08/29 14:19:10 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/08/25 11:27:13 | 000,000,000 | ---D | C] -- C:\Users\Chad\Documents\BioWare
[2011/08/25 10:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2011/08/25 10:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2011/08/24 10:38:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/24 10:32:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 16:26:45 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Vitalwerks
[2011/08/22 16:26:27 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2011/08/21 02:36:33 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\Nem's Tools
[2011/08/21 02:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools
[2011/08/17 20:56:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/17 20:56:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/17 20:56:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/17 20:56:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/17 20:46:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/17 20:43:59 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Malwarebytes
[2011/08/17 20:43:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/17 20:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/17 20:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/17 20:43:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/17 20:38:35 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/16 19:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\dN01602PmDgO01602
[2011/08/13 21:41:43 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2011/08/13 21:28:57 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\LogMeIn Hamachi
[2011/08/13 21:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/08/11 03:10:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 03:10:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 03:10:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 03:10:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 03:10:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/11 01:21:26 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/11 01:21:24 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/11 01:21:11 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/11 01:21:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/11 01:21:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/11 01:21:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/11 01:21:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/11 01:21:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/11 01:21:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/11 01:21:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/11 01:21:09 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/11 01:21:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/11 01:21:09 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/11 01:21:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/11 01:21:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/04 15:14:56 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\puush
[2011/08/04 15:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
[2011/08/04 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\Downloaded Installations
[2011/08/01 21:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/08/01 21:46:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/08/30 09:48:05 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 09:48:05 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 09:47:11 | 000,662,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/30 09:47:11 | 000,122,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/30 09:43:01 | 000,119,296 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2011/08/30 09:42:49 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/08/30 09:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 09:42:40 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/29 21:45:05 | 000,000,156 | ---- | M] () -- C:\Users\Chad\defogger_reenable
[2011/08/29 20:42:51 | 000,007,664 | ---- | M] () -- C:\Users\Chad\AppData\Local\resmon.resmoncfg
[2011/08/29 18:36:00 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011/08/29 14:28:37 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Cities XL 2011.lnk
[2011/08/29 14:19:10 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/08/23 10:44:28 | 000,113,877 | ---- | M] () -- C:\Users\Chad\Documents\toast1.gif
[2011/08/22 18:29:18 | 000,000,132 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/17 21:14:32 | 423,198,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/17 20:43:55 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 20:38:35 | 000,002,959 | ---- | M] () -- C:\Users\Chad\Desktop\HiJackThis.lnk
[2011/08/17 16:49:27 | 000,002,007 | ---- | M] () -- C:\Users\Chad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/06 15:51:42 | 003,920,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/04 15:18:16 | 000,084,954 | ---- | M] () -- C:\Users\Chad\Desktop\40gw.png
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/08/29 21:44:55 | 000,000,156 | ---- | C] () -- C:\Users\Chad\defogger_reenable
[2011/08/29 14:28:37 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Cities XL 2011.lnk
[2011/08/23 10:44:23 | 000,113,877 | ---- | C] () -- C:\Users\Chad\Documents\toast1.gif
[2011/08/17 20:56:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/17 20:56:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/17 20:56:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/17 20:56:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/17 20:56:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/17 20:43:55 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 20:38:35 | 000,002,959 | ---- | C] () -- C:\Users\Chad\Desktop\HiJackThis.lnk
[2011/08/08 14:10:45 | 000,001,021 | ---- | C] () -- C:\Users\Chad\Desktop\Start Minecraft Beta Cracked.lnk
[2011/08/04 15:18:16 | 000,084,954 | ---- | C] () -- C:\Users\Chad\Desktop\40gw.png
[2011/07/21 11:16:24 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/07/12 23:53:14 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/12 22:51:08 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2011/07/12 22:51:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2011/07/12 22:51:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2011/07/05 01:44:03 | 000,007,664 | ---- | C] () -- C:\Users\Chad\AppData\Local\resmon.resmoncfg
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/01 00:55:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/01 00:54:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/21 12:49:12 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/06 21:35:52 | 000,010,600 | -HS- | C] () -- C:\ProgramData\d370ib50k8d5s35bk41t72fyy28xc84
[2011/03/13 15:30:38 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/03/05 19:34:02 | 000,003,584 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 23:57:09 | 000,308,768 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/10 19:18:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/08/25 10:43:17 | 000,319,354 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\farm.bmp
[2010/08/24 15:56:05 | 000,004,041 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\settings.dat
[2010/06/25 13:19:07 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/05/29 18:41:09 | 000,000,132 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 11:30:57 | 000,000,694 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\MPQEditor.ini
[2010/03/15 16:38:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\2534066182
[2009/11/25 21:53:59 | 000,001,249 | ---- | C] () -- C:\Windows\eReg.dat
[2009/11/08 15:15:58 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/08 15:15:57 | 000,022,328 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\PnkBstrK.sys
[2009/11/08 15:15:46 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/08 15:15:44 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/11/08 15:15:44 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/07 15:15:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/06 00:02:38 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/31 09:26:01 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/31 09:26:01 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/10/31 09:26:01 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/10/30 20:42:18 | 000,045,091 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/10/30 19:45:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,920,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,662,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,122,210 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/01 01:16:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2005/10/22 22:01:04 | 000,067,473 | -H-- | C] () -- C:\Users\Chad\AppData\Roaming\Chadv1.18.0 - Trial versionlog.dat
[2005/09/12 16:57:45 | 000,044,767 | -H-- | C] () -- C:\Users\Chad\AppData\Roaming\Chadlog.dat
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation

< End of report >

This post has been edited by DavidMarlan: 30 August 2011 - 10:38 AM

#14 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,503
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 August 2011 - 10:43 AM

Hello

That looks alot better - come back when you can let me know about the redirects and stay out of trouble


Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
O4 - HKU\.DEFAULT..\Run: [RCWxJveOgCSQ]  File not found
O4 - HKU\S-1-5-18..\Run: [RCWxJveOgCSQ]  File not found
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
:Files
ipconfig /flushdns /c
:Commands
[PURITY] 
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   DavidMarlan 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 28-October 09

Posted 30 August 2011 - 10:52 AM

Didn't actually do anything bad, as hard as it is to believe online. I moved a ceiling tile in the basement so I could do chin-ups with our work out machine, and apparently that is baaaad.

I'll post the OTL log shortly, it's running right now. Thanks for all the help you are giving! When I can test it, hopefully this all actually works. Would you mind explaining why you used each tool, and how you selected the custom fix code for OTL? Knowledge is power :)

EditL He gave me back internet, I guess you can only ground someone so long for doing nothing.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\RCWxJveOgCSQ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\RCWxJveOgCSQ not found.
ADS C:\Windows\System32\zlib.dll:SummaryInformation deleted successfully.
ADS C:\Windows\System32\zlib.dll:DocumentSummaryInformation deleted successfully.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chad\Downloads\cmd.bat deleted successfully.
C:\Users\Chad\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 879996625 bytes
->Temporary Internet Files folder emptied: 49327158 bytes
->FireFox cache emptied: 8071276 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 58405 bytes
 
User: All Users
 
User: Chad
->Temp folder emptied: 113163855 bytes
->Temporary Internet Files folder emptied: 286763738 bytes
->Java cache emptied: 196377322 bytes
->FireFox cache emptied: 79599900 bytes
->Google Chrome cache emptied: 6240419 bytes
->Flash cache emptied: 191251 bytes
 
User: CHADS HOMEWORK
->Temp folder emptied: 7560115 bytes
->Temporary Internet Files folder emptied: 23999323 bytes
->Flash cache emptied: 57448 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17819852 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Test
->Temp folder emptied: 33151 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17819852 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 913408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 279294796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 37096722 bytes
 
Total Files Cleaned = 1,912.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Chad
->Flash cache emptied: 0 bytes
 
User: CHADS HOMEWORK
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Test
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.26.5 log created on 08302011_105057

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

This post has been edited by DavidMarlan: 30 August 2011 - 11:07 AM

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users