Repeated Google captcha due to "unusual traffic" from my computer

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Repeated Google captcha due to "unusual traffic" from my computer Not getting redirects or pop-up ads or anything

#1 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 24 September 2011 - 01:53 PM

Hi,

For the past couple of days, I have been receiving annoying and repeated requests from Google when I try to Google something. Instead of going to my search result, it makes me solve a captcha (attached is a screenshot). It then proceeds to the search result normally. Things work fine for awhile, but inevitably (within half an hour, an hour, I'm not sure) the same thing happens again.

EXACT TEXT (See attached screencap): Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

- I ran Malwarebytes and it found no problems at all.
- My Google searches are not being redirected, as far as I can tell.
- I am not seeing any pop-up ads or anything that looks suspicious.

I am physically connected to my router, and there are 4-5 other computers on the wireless network. My wife's computer (a Mac) was also having the exact same problem as mine (a PC). However, we removed computers from the network one by one to isolate which one was causing the problem, and my computer is the only one remaining and it's still receiving the problem. So I suspect it's mine.

I began using Google Chrome instead of Firefox to see if it was a browser add-on or something causing the issue, but received the captcha requests with Chrome as well.

One more fact: around the time this began, I also began using Dropbox for files, so I suspected that Dropbox traffic may have been responsible, but I disabled Dropbox and am still receiving the captcha request. Also, I'm not running any kind of torrents or anything else similar.

Note: the screenshot I attached is from my wife's Mac, but I receive identical messages on my PC. I'll be happy to capture one of those if it makes a difference.

Thanks for any help you can provide.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by waxwingslain at 14:39:11 on 2011-09-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4055.2206 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\StarCraft II\Versions\Base19679\SC2.exe
C:\Users\waxwingslain\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=102840&l=dis&gct=hp
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\waxwingslain\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\WAXWIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\waxwingslain\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
TCP: Interfaces\{DB8AC899-EE1E-486B-9EB2-F68189B7DE8D} : DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\waxwingslain\AppData\Roaming\Mozilla\Firefox\Profiles\29dww15b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\waxwingslain\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-11-22 91456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-24 15:16:35 -------- d-----w- C:\Users\waxwingslain\AppData\Local\Google
2011-09-24 15:03:16 -------- d-----w- C:\Users\waxwingslain\AppData\Local\Apple Computer
2011-09-23 11:11:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EE4D3C0-0743-40EE-BA63-76E0DA619423}\offreg.dll
2011-09-23 11:11:45 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EE4D3C0-0743-40EE-BA63-76E0DA619423}\mpengine.dll
2011-09-22 02:54:30 -------- d-----w- C:\Users\waxwingslain\AppData\Roaming\Malwarebytes
2011-09-22 02:54:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-22 02:54:23 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-22 02:54:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-20 03:32:22 -------- d-----r- C:\Users\waxwingslain\Dropbox
2011-09-20 03:30:35 -------- d-----w- C:\Users\waxwingslain\AppData\Roaming\Dropbox
2011-09-18 19:16:05 -------- d-----w- C:\Program Files (x86)\CDex
2011-09-10 16:00:18 -------- d-----w- C:\Users\waxwingslain\AppData\Roaming\pdfforge
2011-09-10 16:00:17 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2011-09-10 16:00:17 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2011-09-10 16:00:17 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2011-09-10 16:00:16 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2011-09-10 16:00:16 -------- d-----w- C:\Program Files (x86)\PDFCreator
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-04 22:53:37 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-09-04 19:11:18 -------- d-----w- C:\EASY_RIDER_DISC01
2011-09-04 19:11:02 -------- d-----w- C:\Program Files (x86)\DVD Decrypter
2011-09-02 21:53:55 -------- d-----w- C:\Users\waxwingslain\AppData\Local\Wizards_of_the_Coast
.
==================== Find3M ====================
.
2011-08-13 13:34:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-29 20:26:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-06-29 20:26:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
.
============= FINISH: 14:39:39.88 ===============

Attached File(s)

Attach.txt (4.22K)
Number of downloads: 2
Screen Shot 2011-09-21 at 3.28.17 PM copy.jpg (66.81K)
Number of downloads: 0

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,514
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 25 September 2011 - 05:46 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 26 September 2011 - 06:30 PM

Thank you--I will go through this process tonight!

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,514
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 26 September 2011 - 07:14 PM

I will be waiting for the report

Gringo

<-- Don't worry every little bit helps.

#5 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 26 September 2011 - 08:14 PM

Hi Gringo,

First, let me say thank you for all your assistance thus far.

I did not receive any errors or problems while running ComboFix. However, before posting here, I checked Google, and yup, I was still required to complete a captcha before retrieving my search result.

Here is the ComboFix log:

ComboFix 11-09-26.02 - waxwingslain 09/26/2011 21:05:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4055.2880 [GMT -4:00]
Running from: c:\users\waxwingslain\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 01:10 . 2011-09-27 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-25 21:21 . 2011-09-25 21:21 -------- d-----w- c:\users\waxwingslain\.tokentool
2011-09-24 15:16 . 2011-09-24 15:17 -------- d-----w- c:\users\waxwingslain\AppData\Local\Google
2011-09-24 15:03 . 2011-09-24 15:03 -------- d-----w- c:\users\waxwingslain\AppData\Local\Apple Computer
2011-09-24 15:03 . 2011-09-24 15:03 -------- d-----w- c:\users\waxwingslain\AppData\Roaming\Apple Computer
2011-09-23 11:11 . 2011-09-27 00:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EE4D3C0-0743-40EE-BA63-76E0DA619423}\offreg.dll
2011-09-23 11:11 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EE4D3C0-0743-40EE-BA63-76E0DA619423}\mpengine.dll
2011-09-22 02:54 . 2011-09-22 02:54 -------- d-----w- c:\users\waxwingslain\AppData\Roaming\Malwarebytes
2011-09-22 02:54 . 2011-09-22 02:54 -------- d-----w- c:\programdata\Malwarebytes
2011-09-22 02:54 . 2011-09-22 02:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-22 02:54 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-20 03:32 . 2011-09-27 00:43 -------- d-----r- c:\users\waxwingslain\Dropbox
2011-09-20 03:30 . 2011-09-27 00:43 -------- d-----w- c:\users\waxwingslain\AppData\Roaming\Dropbox
2011-09-18 19:16 . 2011-09-18 19:17 -------- d-----w- c:\program files (x86)\CDex
2011-09-10 16:00 . 2011-09-10 16:00 -------- d-----w- c:\users\waxwingslain\AppData\Roaming\pdfforge
2011-09-10 16:00 . 2005-03-12 05:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-09-10 16:00 . 2004-03-09 05:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2011-09-10 16:00 . 1998-06-24 05:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2011-09-10 16:00 . 2011-09-10 16:00 -------- d-----w- c:\program files (x86)\PDFCreator
2011-09-10 16:00 . 1998-07-06 05:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-09-04 22:53 . 2011-09-04 22:53 -------- d-----w- c:\users\waxwingslain\AppData\Roaming\vlc
2011-09-04 22:53 . 2011-09-04 22:53 -------- d-----w- c:\program files (x86)\VideoLAN
2011-09-04 19:11 . 2011-09-09 02:27 -------- d-----w- C:\EASY_RIDER_DISC01
2011-09-04 19:11 . 2011-09-04 19:11 -------- d-----w- c:\program files (x86)\DVD Decrypter
2011-09-02 21:53 . 2011-09-25 18:49 -------- d-----w- c:\users\waxwingslain\AppData\Local\Wizards_of_the_Coast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 00:44 . 2011-06-04 14:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42 . 2011-08-13 07:01 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-13 07:01 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-13 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-13 07:01 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-13 07:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-13 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-12 21:49 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-12 21:49 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-12 21:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-12 21:49 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-12 21:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-12 21:49 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-12 21:49 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-12 21:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-12 21:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-12 21:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-12 21:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-12 21:49 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-12 21:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-12 21:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-12 21:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-12 21:49 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-12 21:49 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-12 21:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-12 21:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14 . 2011-08-24 16:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-24 16:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-12 21:49 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-29 20:26 . 2011-06-29 20:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-06-29 20:26 . 2011-06-29 20:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-29 273544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\waxwingslain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-21 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-12-2 844800]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091624378-2798203866-3324922203-1000Core.job
- c:\users\waxwingslain\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 15:16]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091624378-2798203866-3324922203-1000UA.job
- c:\users\waxwingslain\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 15:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\waxwingslain\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=102840&l=dis&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
FF - ProfilePath - c:\users\waxwingslain\AppData\Roaming\Mozilla\Firefox\Profiles\29dww15b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-26 21:12:00
ComboFix-quarantined-files.txt 2011-09-27 01:12
.
Pre-Run: 672,692,252,672 bytes free
Post-Run: 672,284,446,720 bytes free
.
- - End Of File - - B3D6871D6526FEF47AA8E604060B999E

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,514
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 26 September 2011 - 08:18 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#7 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 26 September 2011 - 08:31 PM

21:30:37.0999 1052 TDSS rootkit removing tool 2.6.1.0 Sep 26 2011 09:21:32
21:30:38.0235 1052 ============================================================
21:30:38.0235 1052 Current date / time: 2011/09/26 21:30:38.0235
21:30:38.0235 1052 SystemInfo:
21:30:38.0235 1052
21:30:38.0235 1052 OS Version: 6.1.7600 ServicePack: 0.0
21:30:38.0235 1052 Product type: Workstation
21:30:38.0235 1052 ComputerName: DIDACTICKATYDID
21:30:38.0235 1052 UserName: waxwingslain
21:30:38.0235 1052 Windows directory: C:\Windows
21:30:38.0235 1052 System windows directory: C:\Windows
21:30:38.0235 1052 Running under WOW64
21:30:38.0235 1052 Processor architecture: Intel x64
21:30:38.0235 1052 Number of processors: 4
21:30:38.0235 1052 Page size: 0x1000
21:30:38.0235 1052 Boot type: Normal boot
21:30:38.0235 1052 ============================================================
21:30:38.0972 1052 Initialize success
21:30:46.0225 2472 ============================================================
21:30:46.0225 2472 Scan started
21:30:46.0225 2472 Mode: Manual;
21:30:46.0225 2472 ============================================================
21:30:47.0258 2472 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:30:47.0260 2472 1394ohci - ok
21:30:47.0279 2472 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:30:47.0283 2472 ACPI - ok
21:30:47.0292 2472 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:30:47.0292 2472 AcpiPmi - ok
21:30:47.0368 2472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:30:47.0373 2472 adp94xx - ok
21:30:47.0393 2472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:30:47.0396 2472 adpahci - ok
21:30:47.0419 2472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:30:47.0421 2472 adpu320 - ok
21:30:47.0538 2472 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:30:47.0543 2472 AFD - ok
21:30:47.0576 2472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:30:47.0577 2472 agp440 - ok
21:30:47.0585 2472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:30:47.0585 2472 aliide - ok
21:30:47.0601 2472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:30:47.0601 2472 amdide - ok
21:30:47.0616 2472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:30:47.0616 2472 AmdK8 - ok
21:30:47.0616 2472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:30:47.0616 2472 AmdPPM - ok
21:30:47.0662 2472 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:30:47.0662 2472 amdsata - ok
21:30:47.0697 2472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:30:47.0699 2472 amdsbs - ok
21:30:47.0761 2472 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:30:47.0762 2472 amdxata - ok
21:30:47.0791 2472 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:30:47.0792 2472 AppID - ok
21:30:47.0835 2472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:30:47.0836 2472 arc - ok
21:30:47.0857 2472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:30:47.0858 2472 arcsas - ok
21:30:47.0908 2472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:47.0908 2472 AsyncMac - ok
21:30:47.0923 2472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:30:47.0924 2472 atapi - ok
21:30:47.0979 2472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:30:47.0983 2472 b06bdrv - ok
21:30:48.0011 2472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:30:48.0013 2472 b57nd60a - ok
21:30:48.0048 2472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:30:48.0048 2472 Beep - ok
21:30:48.0108 2472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:30:48.0109 2472 blbdrive - ok
21:30:48.0169 2472 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:30:48.0170 2472 bowser - ok
21:30:48.0191 2472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:30:48.0191 2472 BrFiltLo - ok
21:30:48.0201 2472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:30:48.0202 2472 BrFiltUp - ok
21:30:48.0227 2472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:30:48.0230 2472 Brserid - ok
21:30:48.0239 2472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:30:48.0240 2472 BrSerWdm - ok
21:30:48.0251 2472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:30:48.0251 2472 BrUsbMdm - ok
21:30:48.0261 2472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:30:48.0262 2472 BrUsbSer - ok
21:30:48.0320 2472 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:30:48.0320 2472 BthEnum - ok
21:30:48.0355 2472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:30:48.0356 2472 BTHMODEM - ok
21:30:48.0391 2472 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:30:48.0392 2472 BthPan - ok
21:30:48.0424 2472 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
21:30:48.0429 2472 BTHPORT - ok
21:30:48.0468 2472 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
21:30:48.0469 2472 BTHUSB - ok
21:30:48.0519 2472 BTKRNL (99a60b7ae40624ffd410b40c64dc7519) C:\Windows\system32\DRIVERS\btkrnl.sys
21:30:48.0529 2472 BTKRNL - ok
21:30:48.0587 2472 BTSERIAL - ok
21:30:48.0607 2472 BTWUSB (4b20964c08aa7ac1f1e6a476861d9209) C:\Windows\system32\Drivers\btwusb.sys
21:30:48.0608 2472 BTWUSB - ok
21:30:48.0641 2472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:30:48.0642 2472 cdfs - ok
21:30:48.0672 2472 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:30:48.0672 2472 cdrom - ok
21:30:48.0705 2472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:30:48.0706 2472 circlass - ok
21:30:48.0732 2472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:30:48.0735 2472 CLFS - ok
21:30:48.0796 2472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:48.0797 2472 CmBatt - ok
21:30:48.0818 2472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:30:48.0819 2472 cmdide - ok
21:30:48.0843 2472 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:30:48.0847 2472 CNG - ok
21:30:48.0878 2472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:30:48.0879 2472 Compbatt - ok
21:30:48.0918 2472 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:30:48.0918 2472 CompositeBus - ok
21:30:48.0948 2472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:30:48.0949 2472 crcdisk - ok
21:30:49.0029 2472 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:30:49.0030 2472 DfsC - ok
21:30:49.0051 2472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:30:49.0051 2472 discache - ok
21:30:49.0072 2472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:30:49.0073 2472 Disk - ok
21:30:49.0124 2472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:30:49.0124 2472 drmkaud - ok
21:30:49.0314 2472 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:30:49.0323 2472 DXGKrnl - ok
21:30:49.0448 2472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:30:49.0470 2472 ebdrv - ok
21:30:49.0550 2472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:30:49.0552 2472 elxstor - ok
21:30:49.0602 2472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:30:49.0603 2472 ErrDev - ok
21:30:49.0622 2472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:30:49.0623 2472 exfat - ok
21:30:49.0641 2472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:30:49.0643 2472 fastfat - ok
21:30:49.0654 2472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:30:49.0654 2472 fdc - ok
21:30:49.0673 2472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:30:49.0673 2472 FileInfo - ok
21:30:49.0685 2472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:30:49.0685 2472 Filetrace - ok
21:30:49.0695 2472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:30:49.0695 2472 flpydisk - ok
21:30:49.0731 2472 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:30:49.0731 2472 FltMgr - ok
21:30:49.0788 2472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:30:49.0789 2472 FsDepends - ok
21:30:49.0808 2472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:30:49.0808 2472 Fs_Rec - ok
21:30:49.0836 2472 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:30:49.0838 2472 fvevol - ok
21:30:49.0866 2472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:30:49.0866 2472 gagp30kx - ok
21:30:49.0880 2472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:30:49.0881 2472 hcw85cir - ok
21:30:49.0918 2472 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:30:49.0922 2472 HdAudAddService - ok
21:30:49.0960 2472 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:30:49.0961 2472 HDAudBus - ok
21:30:50.0017 2472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:30:50.0017 2472 HidBatt - ok
21:30:50.0028 2472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:30:50.0029 2472 HidBth - ok
21:30:50.0044 2472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:30:50.0045 2472 HidIr - ok
21:30:50.0068 2472 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:30:50.0069 2472 HidUsb - ok
21:30:50.0099 2472 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:30:50.0100 2472 HpSAMD - ok
21:30:50.0125 2472 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:30:50.0131 2472 HTTP - ok
21:30:50.0148 2472 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:30:50.0148 2472 hwpolicy - ok
21:30:50.0209 2472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:30:50.0210 2472 i8042prt - ok
21:30:50.0245 2472 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:30:50.0248 2472 iaStorV - ok
21:30:50.0289 2472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:30:50.0290 2472 iirsp - ok
21:30:50.0311 2472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:30:50.0312 2472 intelide - ok
21:30:50.0330 2472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:30:50.0331 2472 intelppm - ok
21:30:50.0371 2472 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:50.0372 2472 IpFilterDriver - ok
21:30:50.0418 2472 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:30:50.0419 2472 IPMIDRV - ok
21:30:50.0428 2472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:30:50.0429 2472 IPNAT - ok
21:30:50.0438 2472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:30:50.0438 2472 IRENUM - ok
21:30:50.0457 2472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:30:50.0458 2472 isapnp - ok
21:30:50.0481 2472 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:30:50.0483 2472 iScsiPrt - ok
21:30:50.0502 2472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:50.0503 2472 kbdclass - ok
21:30:50.0520 2472 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:30:50.0520 2472 kbdhid - ok
21:30:50.0541 2472 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:30:50.0542 2472 KSecDD - ok
21:30:50.0590 2472 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:30:50.0591 2472 KSecPkg - ok
21:30:50.0646 2472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:30:50.0646 2472 ksthunk - ok
21:30:50.0702 2472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:30:50.0702 2472 lltdio - ok
21:30:50.0733 2472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:30:50.0735 2472 LSI_FC - ok
21:30:50.0747 2472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:30:50.0747 2472 LSI_SAS - ok
21:30:50.0789 2472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:30:50.0790 2472 LSI_SAS2 - ok
21:30:50.0809 2472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:30:50.0811 2472 LSI_SCSI - ok
21:30:50.0860 2472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:30:50.0861 2472 luafv - ok
21:30:50.0887 2472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:30:50.0887 2472 megasas - ok
21:30:50.0913 2472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:30:50.0915 2472 MegaSR - ok
21:30:50.0944 2472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:30:50.0945 2472 Modem - ok
21:30:50.0958 2472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:30:50.0958 2472 monitor - ok
21:30:51.0001 2472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:30:51.0002 2472 mouclass - ok
21:30:51.0020 2472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:30:51.0020 2472 mouhid - ok
21:30:51.0042 2472 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:30:51.0043 2472 mountmgr - ok
21:30:51.0086 2472 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:30:51.0088 2472 mpio - ok
21:30:51.0106 2472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:30:51.0107 2472 mpsdrv - ok
21:30:51.0121 2472 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:30:51.0122 2472 MRxDAV - ok
21:30:51.0160 2472 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:51.0162 2472 mrxsmb - ok
21:30:51.0196 2472 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:51.0199 2472 mrxsmb10 - ok
21:30:51.0232 2472 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:51.0233 2472 mrxsmb20 - ok
21:30:51.0253 2472 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:30:51.0254 2472 msahci - ok
21:30:51.0278 2472 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:30:51.0279 2472 msdsm - ok
21:30:51.0336 2472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:30:51.0336 2472 Msfs - ok
21:30:51.0358 2472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:30:51.0358 2472 mshidkmdf - ok
21:30:51.0373 2472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:30:51.0373 2472 msisadrv - ok
21:30:51.0421 2472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:30:51.0422 2472 MSKSSRV - ok
21:30:51.0432 2472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:51.0432 2472 MSPCLOCK - ok
21:30:51.0444 2472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:30:51.0444 2472 MSPQM - ok
21:30:51.0467 2472 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:30:51.0471 2472 MsRPC - ok
21:30:51.0489 2472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:51.0490 2472 mssmbios - ok
21:30:51.0550 2472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:30:51.0550 2472 MSTEE - ok
21:30:51.0572 2472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:30:51.0572 2472 MTConfig - ok
21:30:51.0633 2472 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
21:30:51.0633 2472 MTsensor - ok
21:30:51.0689 2472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:30:51.0690 2472 Mup - ok
21:30:51.0740 2472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:30:51.0743 2472 NativeWifiP - ok
21:30:51.0824 2472 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:30:51.0832 2472 NDIS - ok
21:30:51.0850 2472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:51.0851 2472 NdisCap - ok
21:30:51.0877 2472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:51.0878 2472 NdisTapi - ok
21:30:51.0906 2472 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:51.0907 2472 Ndisuio - ok
21:30:51.0928 2472 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:51.0929 2472 NdisWan - ok
21:30:51.0960 2472 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:30:51.0961 2472 NDProxy - ok
21:30:52.0015 2472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:30:52.0016 2472 NetBIOS - ok
21:30:52.0034 2472 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:30:52.0036 2472 NetBT - ok
21:30:52.0071 2472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:30:52.0071 2472 nfrd960 - ok
21:30:52.0119 2472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:30:52.0120 2472 Npfs - ok
21:30:52.0135 2472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:30:52.0136 2472 nsiproxy - ok
21:30:52.0200 2472 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:30:52.0213 2472 Ntfs - ok
21:30:52.0246 2472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:30:52.0246 2472 Null - ok
21:30:52.0295 2472 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
21:30:52.0296 2472 NVHDA - ok
21:30:52.0512 2472 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:30:52.0557 2472 nvlddmkm - ok
21:30:52.0638 2472 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:30:52.0640 2472 nvraid - ok
21:30:52.0663 2472 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:30:52.0665 2472 nvstor - ok
21:30:52.0712 2472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:30:52.0713 2472 nv_agp - ok
21:30:52.0723 2472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:30:52.0724 2472 ohci1394 - ok
21:30:52.0738 2472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:30:52.0739 2472 Parport - ok
21:30:52.0754 2472 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:30:52.0755 2472 partmgr - ok
21:30:52.0778 2472 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:30:52.0779 2472 pci - ok
21:30:52.0819 2472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:30:52.0819 2472 pciide - ok
21:30:52.0834 2472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:30:52.0834 2472 pcmcia - ok
21:30:52.0850 2472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:30:52.0850 2472 pcw - ok
21:30:52.0881 2472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:30:52.0887 2472 PEAUTH - ok
21:30:52.0963 2472 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:30:52.0964 2472 PptpMiniport - ok
21:30:53.0006 2472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:30:53.0007 2472 Processor - ok
21:30:53.0045 2472 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:30:53.0047 2472 Psched - ok
21:30:53.0091 2472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:30:53.0105 2472 ql2300 - ok
21:30:53.0122 2472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:30:53.0124 2472 ql40xx - ok
21:30:53.0149 2472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:30:53.0150 2472 QWAVEdrv - ok
21:30:53.0211 2472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:30:53.0212 2472 RasAcd - ok
21:30:53.0236 2472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:53.0237 2472 RasAgileVpn - ok
21:30:53.0274 2472 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:53.0275 2472 Rasl2tp - ok
21:30:53.0295 2472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:53.0296 2472 RasPppoe - ok
21:30:53.0315 2472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:30:53.0316 2472 RasSstp - ok
21:30:53.0334 2472 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:30:53.0337 2472 rdbss - ok
21:30:53.0356 2472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:30:53.0356 2472 rdpbus - ok
21:30:53.0407 2472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:53.0408 2472 RDPCDD - ok
21:30:53.0421 2472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:30:53.0422 2472 RDPENCDD - ok
21:30:53.0438 2472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:30:53.0439 2472 RDPREFMP - ok
21:30:53.0449 2472 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:30:53.0452 2472 RDPWD - ok
21:30:53.0511 2472 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:30:53.0514 2472 rdyboost - ok
21:30:53.0563 2472 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:30:53.0564 2472 RFCOMM - ok
21:30:53.0619 2472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:30:53.0620 2472 rspndr - ok
21:30:53.0661 2472 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:30:53.0663 2472 RTL8167 - ok
21:30:53.0683 2472 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:30:53.0685 2472 sbp2port - ok
21:30:53.0710 2472 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:30:53.0710 2472 scfilter - ok
21:30:53.0755 2472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:30:53.0756 2472 secdrv - ok
21:30:53.0825 2472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:30:53.0825 2472 Serenum - ok
21:30:53.0845 2472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:30:53.0846 2472 Serial - ok
21:30:53.0860 2472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:30:53.0861 2472 sermouse - ok
21:30:53.0879 2472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:30:53.0879 2472 sffdisk - ok
21:30:53.0889 2472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:30:53.0889 2472 sffp_mmc - ok
21:30:53.0889 2472 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:30:53.0889 2472 sffp_sd - ok
21:30:53.0899 2472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:30:53.0899 2472 sfloppy - ok
21:30:53.0940 2472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:30:53.0941 2472 SiSRaid2 - ok
21:30:53.0960 2472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:30:53.0961 2472 SiSRaid4 - ok
21:30:53.0980 2472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:30:53.0981 2472 Smb - ok
21:30:54.0044 2472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:30:54.0045 2472 spldr - ok
21:30:54.0095 2472 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:30:54.0099 2472 srv - ok
21:30:54.0124 2472 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:30:54.0128 2472 srv2 - ok
21:30:54.0164 2472 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:30:54.0165 2472 srvnet - ok
21:30:54.0221 2472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:30:54.0222 2472 stexstor - ok
21:30:54.0273 2472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:30:54.0274 2472 swenum - ok
21:30:54.0364 2472 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
21:30:54.0381 2472 Tcpip - ok
21:30:54.0413 2472 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
21:30:54.0421 2472 TCPIP6 - ok
21:30:54.0436 2472 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:30:54.0437 2472 tcpipreg - ok
21:30:54.0465 2472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:30:54.0465 2472 TDPIPE - ok
21:30:54.0497 2472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:30:54.0498 2472 TDTCP - ok
21:30:54.0530 2472 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:30:54.0531 2472 tdx - ok
21:30:54.0551 2472 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:30:54.0552 2472 TermDD - ok
21:30:54.0592 2472 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:54.0593 2472 tssecsrv - ok
21:30:54.0620 2472 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:30:54.0621 2472 tunnel - ok
21:30:54.0637 2472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:30:54.0638 2472 uagp35 - ok
21:30:54.0676 2472 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:30:54.0680 2472 udfs - ok
21:30:54.0736 2472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:30:54.0737 2472 uliagpkx - ok
21:30:54.0764 2472 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:30:54.0765 2472 umbus - ok
21:30:54.0781 2472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:30:54.0782 2472 UmPass - ok
21:30:54.0817 2472 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
21:30:54.0819 2472 usbccgp - ok
21:30:54.0837 2472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:30:54.0838 2472 usbcir - ok
21:30:54.0868 2472 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:30:54.0869 2472 usbehci - ok
21:30:54.0897 2472 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:30:54.0900 2472 usbhub - ok
21:30:54.0944 2472 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:30:54.0945 2472 usbohci - ok
21:30:54.0965 2472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:30:54.0965 2472 usbprint - ok
21:30:54.0998 2472 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:55.0000 2472 USBSTOR - ok
21:30:55.0040 2472 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:30:55.0040 2472 usbuhci - ok
21:30:55.0086 2472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:30:55.0087 2472 vdrvroot - ok
21:30:55.0113 2472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:55.0114 2472 vga - ok
21:30:55.0150 2472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:30:55.0150 2472 VgaSave - ok
21:30:55.0181 2472 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:30:55.0184 2472 vhdmp - ok
21:30:55.0201 2472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:30:55.0201 2472 viaide - ok
21:30:55.0219 2472 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:30:55.0220 2472 volmgr - ok
21:30:55.0244 2472 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:30:55.0248 2472 volmgrx - ok
21:30:55.0269 2472 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:30:55.0272 2472 volsnap - ok
21:30:55.0335 2472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:30:55.0336 2472 vsmraid - ok
21:30:55.0354 2472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:30:55.0355 2472 vwifibus - ok
21:30:55.0379 2472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:30:55.0379 2472 WacomPen - ok
21:30:55.0402 2472 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:55.0403 2472 WANARP - ok
21:30:55.0406 2472 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:55.0407 2472 Wanarpv6 - ok
21:30:55.0434 2472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:30:55.0434 2472 Wd - ok
21:30:55.0455 2472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:30:55.0459 2472 Wdf01000 - ok
21:30:55.0481 2472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:55.0481 2472 WfpLwf - ok
21:30:55.0569 2472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:30:55.0569 2472 WIMMount - ok
21:30:55.0632 2472 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:30:55.0632 2472 WinUsb - ok
21:30:55.0680 2472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:30:55.0681 2472 WmiAcpi - ok
21:30:55.0724 2472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:30:55.0725 2472 ws2ifsl - ok
21:30:55.0779 2472 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:30:55.0781 2472 WudfPf - ok
21:30:55.0801 2472 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:55.0802 2472 WUDFRd - ok
21:30:55.0836 2472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:30:55.0843 2472 \Device\Harddisk0\DR0 - ok
21:30:55.0846 2472 Boot (0x1200) (631d3b36d5b1aa5b251866760fe40f16) \Device\Harddisk0\DR0\Partition0
21:30:55.0847 2472 \Device\Harddisk0\DR0\Partition0 - ok
21:30:55.0854 2472 Boot (0x1200) (ee8a9d0fbc420cd89dc8ed1c8b00194e) \Device\Harddisk0\DR0\Partition1
21:30:55.0856 2472 \Device\Harddisk0\DR0\Partition1 - ok
21:30:55.0856 2472 ============================================================
21:30:55.0856 2472 Scan finished
21:30:55.0856 2472 ============================================================
21:30:55.0871 2852 Detected object count: 0
21:30:55.0871 2852 Actual detected object count: 0

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,514
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 27 September 2011 - 08:43 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTListIt.txt in your next reply.

Gringo

<-- Don't worry every little bit helps.

#9 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 27 September 2011 - 04:54 PM

OTL logfile created on: 9/27/2011 5:38:47 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\waxwingslain\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.86% Memory free
7.92 Gb Paging File | 6.41 Gb Available in Paging File | 80.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 626.42 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DIDACTICKATYDID | User Name: waxwingslain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\waxwingslain\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll ()
MOD - C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\avutil-51.dll ()
MOD - C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\avformat-53.dll ()
MOD - C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\avcodec-53.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (BTKRNL) -- C:\Windows\SysNative\drivers\btkrnl.sys (Broadcom Corporation.)
DRV:64bit: - (BTWUSB) -- C:\Windows\SysNative\drivers\btwusb.sys (Broadcom Corporation.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3091624378-2798203866-3324922203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=102840&l=dis&gct=hp
IE - HKU\S-1-5-21-3091624378-2798203866-3324922203-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3091624378-2798203866-3324922203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.wikipedia.org/wiki/Special:Random"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\waxwingslain\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\waxwingslain\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/29 16:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/06 21:27:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 18:07:08 | 000,000,000 | ---D | M]

[2010/11/18 18:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waxwingslain\AppData\Roaming\Mozilla\Extensions
[2011/09/07 22:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\waxwingslain\AppData\Roaming\Mozilla\Firefox\Profiles\29dww15b.default\extensions
[2011/09/07 22:34:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\waxwingslain\AppData\Roaming\Mozilla\Firefox\Profiles\29dww15b.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/02 17:49:13 | 000,002,569 | ---- | M] () -- C:\Users\waxwingslain\AppData\Roaming\Mozilla\Firefox\Profiles\29dww15b.default\searchplugins\askcom.xml
[2011/03/23 23:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/21 23:18:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 23:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/09/06 21:27:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\waxwingslain\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\waxwingslain\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\waxwingslain\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3091624378-2798203866-3324922203-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\waxwingslain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\waxwingslain\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3091624378-2798203866-3324922203-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3091624378-2798203866-3324922203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB8AC899-EE1E-486B-9EB2-F68189B7DE8D}: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 17:37:42 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\waxwingslain\Desktop\OTL.exe
[2011/09/26 21:32:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/26 21:12:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/26 21:03:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/26 21:03:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/26 21:03:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/26 21:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/26 21:03:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 17:26:30 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Documents\New Folder
[2011/09/25 17:21:16 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\.tokentool
[2011/09/24 11:17:04 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/24 11:16:35 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Local\Google
[2011/09/24 11:03:16 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Local\Apple Computer
[2011/09/24 11:03:02 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\Apple Computer
[2011/09/21 22:54:30 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\Malwarebytes
[2011/09/21 22:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/21 22:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/21 22:54:23 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/21 22:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/19 23:32:22 | 000,000,000 | R--D | C] -- C:\Users\waxwingslain\Dropbox
[2011/09/19 23:31:30 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/09/19 23:30:35 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\Dropbox
[2011/09/18 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Desktop\Kevin Hufnagel
[2011/09/18 15:24:17 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Desktop\Ruby's Crazytown Dance Party
[2011/09/18 15:19:39 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Desktop\Written in Blood
[2011/09/18 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Desktop\Billmix 2k9 Maycation Overload
[2011/09/18 15:16:13 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Desktop\Kraftwerk
[2011/09/18 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDex
[2011/09/10 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\pdfforge
[2011/09/10 12:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/09/10 12:00:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2011/09/10 12:00:17 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2011/09/10 12:00:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2011/09/10 12:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2011/09/10 11:59:28 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Desktop\Bomboclat! Island Soak 2 A Rocksteady Mixtape
[2011/09/04 18:53:50 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\vlc
[2011/09/04 18:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/09/04 18:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/09/04 15:11:18 | 000,000,000 | ---D | C] -- C:\EASY_RIDER_DISC01
[2011/09/04 15:11:02 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011/09/04 15:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011/09/04 15:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2011/09/02 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\AppData\Local\Wizards_of_the_Coast
[2011/09/02 17:52:39 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Documents\ddi
[2011/08/29 10:44:11 | 000,000,000 | ---D | C] -- C:\Users\waxwingslain\Desktop\Cottage Cheese From The Lips Of Death
[2010/12/04 21:11:24 | 000,131,072 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2010/12/04 21:11:24 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\csnpstd3.dll
[2010/12/04 21:11:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/09/27 17:37:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\waxwingslain\Desktop\OTL.exe
[2011/09/27 17:28:50 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3091624378-2798203866-3324922203-1000UA.job
[2011/09/27 17:28:49 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3091624378-2798203866-3324922203-1000Core.job
[2011/09/27 17:28:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 23:52:02 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 23:52:02 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 20:49:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/26 20:49:56 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/26 20:49:56 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/26 20:44:15 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/26 20:42:32 | 3189,022,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/25 22:50:07 | 000,000,740 | ---- | M] () -- C:\Users\waxwingslain\Desktop\tokentool-1.0.b28.jar - Shortcut.lnk
[2011/09/24 14:42:26 | 000,068,411 | ---- | M] () -- C:\Users\waxwingslain\Desktop\Screen Shot 2011-09-21 at 3.28.17 PM copy.jpg
[2011/09/20 20:30:16 | 000,037,454 | ---- | M] () -- C:\Users\waxwingslain\Desktop\qZ3qS.jpg
[2011/09/19 23:32:22 | 000,001,053 | ---- | M] () -- C:\Users\waxwingslain\Desktop\Dropbox.lnk
[2011/09/19 23:31:36 | 000,001,033 | ---- | M] () -- C:\Users\waxwingslain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/18 15:37:03 | 000,013,648 | ---- | M] () -- C:\Users\waxwingslain\Desktop\TagRename.exe - Shortcut.lnk
[2011/09/07 22:47:00 | 000,068,072 | ---- | M] () -- C:\Users\waxwingslain\Desktop\01acassady.jpg
[2011/09/07 22:43:59 | 000,159,757 | ---- | M] () -- C:\Users\waxwingslain\Desktop\ill_pho_port_bw_1_pic_american_way_life_blacks_1937.jpg
[2011/09/07 19:40:36 | 000,909,882 | ---- | M] () -- C:\Users\waxwingslain\Desktop\bus2.jpg
[2011/09/06 21:27:50 | 000,002,056 | ---- | M] () -- C:\Users\waxwingslain\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/02 17:52:45 | 000,002,386 | ---- | M] () -- C:\Users\Public\Desktop\Character Builder.lnk
[2011/09/02 10:11:10 | 000,125,493 | ---- | M] () -- C:\Users\waxwingslain\Desktop\fridakahlo.jpg
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/29 00:17:05 | 002,163,882 | ---- | M] () -- C:\Users\waxwingslain\Desktop\Where Eagles Dare (The Misfits).mp3

========== Files Created - No Company Name ==========

[2011/09/26 21:03:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/26 21:03:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/26 21:03:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/26 21:03:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/26 21:03:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/25 22:50:07 | 000,000,740 | ---- | C] () -- C:\Users\waxwingslain\Desktop\tokentool-1.0.b28.jar - Shortcut.lnk
[2011/09/24 14:42:24 | 000,068,411 | ---- | C] () -- C:\Users\waxwingslain\Desktop\Screen Shot 2011-09-21 at 3.28.17 PM copy.jpg
[2011/09/24 11:16:36 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3091624378-2798203866-3324922203-1000UA.job
[2011/09/24 11:16:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3091624378-2798203866-3324922203-1000Core.job
[2011/09/20 20:30:16 | 000,037,454 | ---- | C] () -- C:\Users\waxwingslain\Desktop\qZ3qS.jpg
[2011/09/19 23:32:22 | 000,001,053 | ---- | C] () -- C:\Users\waxwingslain\Desktop\Dropbox.lnk
[2011/09/19 23:31:36 | 000,001,033 | ---- | C] () -- C:\Users\waxwingslain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/09/18 15:37:03 | 000,013,648 | ---- | C] () -- C:\Users\waxwingslain\Desktop\TagRename.exe - Shortcut.lnk
[2011/09/10 12:00:17 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2011/09/07 22:47:00 | 000,068,072 | ---- | C] () -- C:\Users\waxwingslain\Desktop\01acassady.jpg
[2011/09/07 22:43:56 | 000,159,757 | ---- | C] () -- C:\Users\waxwingslain\Desktop\ill_pho_port_bw_1_pic_american_way_life_blacks_1937.jpg
[2011/09/07 19:40:33 | 000,909,882 | ---- | C] () -- C:\Users\waxwingslain\Desktop\bus2.jpg
[2011/09/02 17:52:45 | 000,002,386 | ---- | C] () -- C:\Users\Public\Desktop\Character Builder.lnk
[2011/09/02 10:11:09 | 000,125,493 | ---- | C] () -- C:\Users\waxwingslain\Desktop\fridakahlo.jpg
[2011/08/29 00:17:04 | 002,163,882 | ---- | C] () -- C:\Users\waxwingslain\Desktop\Where Eagles Dare (The Misfits).mp3
[2011/01/25 23:47:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/04 21:11:23 | 008,702,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\snpstd3.sys
[2010/12/04 21:11:23 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010/12/04 21:11:23 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,514
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 27 September 2011 - 07:34 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:otl
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2011/03/02 17:49:13 | 000,002,569 | ---- | M] () -- C:\Users\waxwingslain\AppData\Roaming\Mozilla\Firefox\Profiles\29dww15b.default\searchplugins\askcom.xml
:Files
ipconfig /flushdns /c
:Commands
[PURITY] 
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

<-- Don't worry every little bit helps.

#11 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 27 September 2011 - 07:51 PM

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Users\waxwingslain\AppData\Roaming\Mozilla\Firefox\Profiles\29dww15b.default\searchplugins\askcom.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\waxwingslain\Desktop\cmd.bat deleted successfully.
C:\Users\waxwingslain\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: waxwingslain
->Temp folder emptied: 110089 bytes
->Temporary Internet Files folder emptied: 19192202 bytes
->Java cache emptied: 1463703 bytes
->FireFox cache emptied: 1080496497 bytes
->Google Chrome cache emptied: 151132246 bytes
->Flash cache emptied: 1263842 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6574 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1548080 bytes

Total Files Cleaned = 1,197.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: waxwingslain
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09272011_204416

Files\Folders moved on Reboot...
C:\Users\waxwingslain\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\waxwingslain\AppData\Local\Temp\~DF074A1064F7567FB8.TMP not found!
File\Folder C:\Users\waxwingslain\AppData\Local\Temp\~DF203A0B43C1F7A29D.TMP not found!
File\Folder C:\Users\waxwingslain\AppData\Local\Temp\~DF486C09909D9A9765.TMP not found!
File\Folder C:\Users\waxwingslain\AppData\Local\Temp\~DF8B59A62AAC65C06A.TMP not found!
File\Folder C:\Users\waxwingslain\AppData\Local\Temp\~DFD01395F8BC4EDAA9.TMP not found!
File\Folder C:\Users\waxwingslain\AppData\Local\Temp\~WRS0000.tmp not found!

Registry entries deleted on Reboot...

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,514
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 27 September 2011 - 08:06 PM

How are things doing now

gringo

<-- Don't worry every little bit helps.

#13 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 27 September 2011 - 08:22 PM

I just did a bunch of Google searches and did not receive a captcha request. In my experience, it seems that solving a single captcha kept me from receiving captcha requests for a period of time after that, though I could never pinpoint whether it was a half hour, an hour, or something else. I do believe that I have not solved a captcha in well over an hour, so...my fingers are crossed that it's fixed! I don't think I'll know until I keep googling over the next day and see if one ever resurfaces.

Thank you very much for all your help. Is it possible for you to briefly explain what happened--did I indeed have malware hidden on my computer somewhere? I see references to "Ask.com" in the logs above--did I pick it up there? (I don't remember ever visiting Ask.com, but stranger things have happened).

Thanks again! I'll weigh in tomorrow if I still haven't found a new problem.

#14 waxwingslain

New Member

Group: Members
Posts: 13
Joined: 24-September 11

Posted 28 September 2011 - 06:57 PM

Still no captchas appearing, and I've done a bunch of Googling. Cautiously, I'm going to say it looks fixed. Thank you!

#15 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,514
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 28 September 2011 - 07:12 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter

File sharing infects 500,000 computers

USAToday

infoworld

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
Your Java is out of date.

It can be updated by the Java control panel

click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
An update should begin;
follow the prompts

Clear your Java Cache

click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo