Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trusted Installer Rootkit


  • This topic is locked This topic is locked
14 replies to this topic

#1 geezor

geezor

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 16 August 2010 - 05:47 PM

I believe my computer has a rootkit on it. The Gmer program wouldn't even do a full scan as it wouldn't let me click Systems, Section, Devices, Module, Processes, threads, or Libraries.

I recently reinstalled Vista because my computer wouldn't even load properly. I needed to use System Recovery. I thought I had formatted the computer when I reinstalled it but I guess it saved my old stuff for me(which is obviously infected). Before I reinstalled Vista I had deleted about 30 gigs of stuff but the harddrive still read the same space taken up. My wireless internet also doesn't seem to work.

Edit: I tried to install Kaspersky trial and it was interrupted beyond my control!

I'm running an AMD Turion 64 X2 Mobile Technology TL-56 1.80 GHz
2 gigs of Ram
64 Bit Operating System

I would like to fix the computer but if you can't help me I'll format it.

-Geezor

Attached Files

  • Attached File  ark.log   615bytes   7 downloads
  • Attached File  DDS.txt   14.06KB   7 downloads

Edited by geezor, 16 August 2010 - 06:24 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 24 August 2010 - 02:32 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 geezor

geezor
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 August 2010 - 05:49 AM

RKUnHooker error!

Error Loading Driver,NTSTATUS code 0xc000036b



DDS LOG


DDS (Ver_10-03-17.01) - NTFSX64
Run by snargletooth at 3:36:41.67 on Tue 08/24/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1982.918 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\snargletooth\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

================= FIREFOX ===================

FF - ProfilePath - c:\users\snargl~1\appdata\roaming\mozilla\firefox\profiles\x9hz5dj9.default\
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-8-18 93184]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]

=============== Created Last 30 ================

2010-08-19 00:48:48 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-08-19 00:39:47 41984 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-08-19 00:39:47 13824 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-19 00:39:36 96760 ----a-w- c:\windows\syswow64\dfshim.dll
2010-08-19 00:39:36 112120 ----a-w- c:\windows\system32\dfshim.dll
2010-08-19 00:39:26 406528 ----a-w- c:\windows\system32\mscoree.dll
2010-08-19 00:39:26 282112 ----a-w- c:\windows\syswow64\mscoree.dll
2010-08-19 00:39:18 158720 ----a-w- c:\windows\syswow64\mscorier.dll
2010-08-19 00:39:18 158208 ----a-w- c:\windows\system32\mscorier.dll
2010-08-19 00:39:14 76288 ----a-w- c:\windows\system32\mscories.dll
2010-08-19 00:39:12 83968 ----a-w- c:\windows\syswow64\mscories.dll
2010-08-19 00:34:01 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-19 00:34:01 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-08-19 00:33:59 610304 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-19 00:33:58 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-08-19 00:33:58 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2010-08-19 00:27:52 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-08-19 00:27:52 101376 ----a-w- c:\windows\system32\MSNP.ax
2010-08-19 00:27:51 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2010-08-19 00:27:51 57856 ----a-w- c:\windows\syswow64\MSDvbNP.ax
2010-08-19 00:27:51 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2010-08-19 00:27:51 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-08-19 00:27:47 558592 ----a-w- c:\windows\system32\EncDec.dll
2010-08-19 00:27:47 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2010-08-19 00:27:47 375808 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-19 00:27:47 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-08-19 00:27:47 289792 ----a-w- c:\windows\system32\psisrndr.ax
2010-08-19 00:27:47 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2010-08-16 23:23:51 2414360 ----a-w- c:\windows\syswow64\d3dx9_31.dll
2010-08-16 23:23:51 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-08-16 23:23:18 0 d-----w- c:\program files (x86)\Winamp Detect
2010-08-16 23:23:08 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-08-16 22:59:10 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-16 22:34:47 12240896 ----a-w- c:\windows\syswow64\NlsLexicons0007.dll
2010-08-16 22:34:46 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-08-16 22:34:43 2644480 ----a-w- c:\windows\syswow64\NlsLexicons0009.dll
2010-08-16 22:34:43 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-08-16 22:34:11 1361920 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-08-16 22:34:10 801280 ----a-w- c:\windows\syswow64\NaturalLanguage6.dll
2010-08-16 22:24:25 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2010-08-16 22:24:22 372736 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-16 22:24:21 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2010-08-16 22:24:16 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-16 22:24:16 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-08-16 22:22:46 189440 ----a-w- c:\windows\system32\t2embed.dll
2010-08-16 22:21:57 604672 ----a-w- c:\windows\syswow64\WMSPDMOD.DLL
2010-08-16 22:19:53 855552 ----a-w- c:\windows\syswow64\kernel32.dll
2010-08-16 22:19:52 25600 ----a-w- c:\windows\system32\amxread.dll
2010-08-16 22:19:52 24064 ----a-w- c:\windows\syswow64\amxread.dll
2010-08-16 22:19:52 15872 ----a-w- c:\windows\system32\apilogen.dll
2010-08-16 22:19:52 13824 ----a-w- c:\windows\syswow64\apilogen.dll
2010-08-16 22:19:48 388608 ----a-w- c:\windows\system32\gdi32.dll
2010-08-16 22:19:48 303104 ----a-w- c:\windows\syswow64\gdi32.dll
2010-08-16 22:19:20 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-16 22:19:20 36352 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-16 22:19:15 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-16 22:19:09 1729024 ----a-w- c:\windows\system32\msxml6.dll
2010-08-16 22:19:09 1334272 ----a-w- c:\windows\syswow64\msxml6.dll
2010-08-16 22:17:57 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-16 22:14:57 996352 ----a-w- c:\windows\syswow64\WMNetMgr.dll
2010-08-16 22:13:13 730112 ----a-w- c:\windows\system32\msdtcprx.dll
2010-08-16 22:13:13 562176 ----a-w- c:\windows\syswow64\msdtcprx.dll
2010-08-16 22:13:12 48640 ----a-w- c:\windows\system32\xolehlp.dll
2010-08-16 22:13:11 38912 ----a-w- c:\windows\syswow64\xolehlp.dll
2010-08-16 22:13:04 72192 ----a-w- c:\windows\system32\l3codeca.acm
2010-08-16 22:13:04 62464 ----a-w- c:\windows\syswow64\l3codeca.acm
2010-08-16 22:11:33 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2010-08-16 22:11:33 313344 ----a-w- c:\windows\syswow64\wmpdxm.dll
2010-08-16 22:11:31 9216 ----a-w- c:\windows\system32\spwmp.dll
2010-08-16 22:11:28 7680 ----a-w- c:\windows\syswow64\spwmp.dll
2010-08-16 22:11:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
2010-08-16 22:11:27 5120 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-16 22:11:26 4096 ----a-w- c:\windows\syswow64\msdxm.ocx
2010-08-16 22:11:26 4096 ----a-w- c:\windows\syswow64\dxmasf.dll
2010-08-16 22:11:24 43520 ----a-w- c:\windows\syswow64\msdxm.tlb
2010-08-16 22:11:24 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-08-16 22:11:24 18432 ----a-w- c:\windows\syswow64\amcompat.tlb
2010-08-16 22:11:24 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-08-16 22:10:38 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-16 22:10:38 274432 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-16 22:10:19 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-08-16 22:08:56 466944 ----a-w- c:\windows\syswow64\netapi32.dll
2010-08-16 21:35:29 0 ----a-w- c:\users\snargletooth\defogger_reenable
2010-08-16 21:30:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-12 03:36:52 0 d-----w- c:\windows\syswow64\Macromed
2010-08-12 03:13:52 553 ----a-w- c:\windows\USetup.iss
2010-08-12 03:13:24 525792 ----a-w- c:\windows\DIFxAPI.dll
2010-08-12 03:13:23 0 d-----w- c:\program files (x86)\Realtek
2010-08-12 03:13:22 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-08-12 03:13:22 315392 ----a-w- c:\windows\HideWin.exe
2010-08-12 03:13:10 0 d-----w- c:\users\snargl~1\appdata\roaming\WinBatch
2010-08-12 03:04:48 32536 ----a-w- c:\programdata\nvModes.dat
2010-08-12 02:44:00 0 d-----w- c:\programdata\NVIDIA
2010-08-12 02:36:24 0 d-----w- c:\users\snargl~1\appdata\roaming\Malwarebytes
2010-08-12 02:36:19 410656 ----a-w- c:\windows\system32\nvcpl.cpl
2010-08-12 02:36:19 2113568 ----a-w- c:\windows\system32\nvcplui.exe
2010-08-12 02:36:19 1097248 ----a-w- c:\windows\system32\nvcpluir.dll
2010-08-12 02:36:18 539168 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-12 02:35:51 0 d-----w- c:\programdata\Malwarebytes
2010-08-12 02:35:49 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-12 02:35:49 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-12 02:33:00 0 ----a-w- c:\windows\syswow64\config.nt
2010-08-12 02:32:00 0 d-sh--w- c:\windows\Installer
2010-08-12 02:31:35 0 d-----w- c:\programdata\Alwil Software
2010-08-12 02:31:35 0 d-----w- c:\program files\Alwil Software
2010-08-12 02:30:51 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-08-12 02:30:51 104960 ----a-w- c:\windows\system32\cabview.dll
2010-08-12 02:30:47 218112 ----a-w- c:\windows\system32\wintrust.dll
2010-08-12 02:30:47 171520 ----a-w- c:\windows\syswow64\wintrust.dll
2010-08-12 02:19:49 67584 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2010-08-12 02:19:49 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2010-08-12 02:19:49 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2010-08-12 02:19:49 114688 ----a-w- c:\windows\syswow64\RicohMediadriverVer.dll
2010-08-12 02:19:48 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-08-12 02:19:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2010-08-12 02:17:36 2621440 ----a-w- c:\windows\system32\wucltux.dll
2010-08-12 02:17:06 98816 ----a-w- c:\windows\system32\wudriver.dll
2010-08-12 02:17:06 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2010-08-12 02:17:06 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2010-08-12 02:17:06 35552 ----a-w- c:\windows\syswow64\wups.dll
2010-08-12 02:16:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2010-08-12 02:16:49 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2010-08-12 02:16:49 185416 ----a-w- c:\windows\system32\wuwebv.dll
2010-08-12 02:16:49 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2010-08-12 01:31:07 0 d-----w- c:\windows\Panther
2010-08-12 01:30:52 8192 --s-a-r- C:\BOOTSECT.BAK
2010-08-12 01:30:23 171136 --sha-r- C:\grldr
2010-08-12 01:01:31 0 d-----w- C:\Windows.old
2010-08-11 09:42:57 0 d-----w- C:\ComboFix
2010-08-11 05:41:08 0 d-----w- C:\stuff
2010-08-11 03:44:25 0 d-----w- C:\Temp

==================== Find3M ====================

2010-08-24 10:34:19 653296 ----a-w- c:\windows\system32\perfh019.dat
2010-08-24 10:34:19 125770 ----a-w- c:\windows\system32\perfc019.dat
2010-08-19 01:54:06 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-19 01:54:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-19 01:53:57 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-19 01:53:57 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-28 16:56:48 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:52:22 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 16:17:26 833024 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-28 16:17:07 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-28 16:15:50 146432 ----a-w- c:\windows\syswow64\occache.dll
2010-06-28 16:14:56 671232 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-28 16:14:41 476672 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-06-28 16:14:41 3586560 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-28 16:14:39 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-28 16:13:52 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-28 16:13:33 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-28 16:13:33 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-28 16:13:32 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-06-28 16:13:32 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-28 16:13:32 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-28 16:13:32 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-06-28 16:13:31 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2010-06-21 13:53:02 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:08:18 1875456 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 15:30:23 1257472 ----a-w- c:\windows\syswow64\msxml3.dll
2010-06-08 17:47:14 4690832 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-26 16:53:52 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 16:16:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 14:56:53 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2008-02-06 08:59:24 38684 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2008-02-06 08:59:24 38684 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2008-02-06 08:59:23 332666 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2008-02-06 08:59:23 332666 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:38:20.18 ===============




ATTACH LOG



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/11/2010 5:53:53 PM
System Uptime: 8/24/2010 3:27:43 AM (0 hours ago)

Motherboard: Quanta | | 30B9
Processor: AMD Turion™ 64 X2 Mobile Technology TL-56 | Socket S1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 67.334 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.781 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11n Network Adapter
Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_1366103C&REV_03\4&2E9521D1&0&0018
Manufacturer: Broadcom
Name: Broadcom 802.11n Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_1366103C&REV_03\4&2E9521D1&0&0018
Service: BCM43XV

Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&2&53
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30B7103C&REV_A3\3&13C0B0C5&2&53
Service:

==== System Restore Points ===================


==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
Realtek High Definition Audio Driver
RICOH Media Driver
Winamp
Winamp Detector Plug-in

==== End Of File ===========================





MBR LOG

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9000 (GL892UA#ABL)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 147):
0x01C57000 \SystemRoot\system32\ntoskrnl.exe
0x01C11000 \SystemRoot\system32\hal.dll
0x00603000 \SystemRoot\system32\kdcom.dll
0x0060D000 \SystemRoot\system32\PSHED.dll
0x00621000 \SystemRoot\system32\CLFS.SYS
0x0067E000 \SystemRoot\system32\CI.dll
0x0080C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F4000 \SystemRoot\system32\drivers\acpi.sys
0x0094A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00953000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095D000 \SystemRoot\system32\drivers\pci.sys
0x0098D000 \SystemRoot\System32\drivers\partmgr.sys
0x009A2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009B2000 \SystemRoot\system32\drivers\volmgr.sys
0x00730000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C6000 \SystemRoot\system32\drivers\pciide.sys
0x009CD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009DD000 \SystemRoot\System32\drivers\mountmgr.sys
0x009F0000 \SystemRoot\system32\drivers\atapi.sys
0x00796000 \SystemRoot\system32\drivers\ataport.SYS
0x007BA000 \SystemRoot\system32\drivers\nvstor.sys
0x00A0E000 \SystemRoot\system32\drivers\storport.sys
0x00A6B000 \SystemRoot\system32\drivers\fltmgr.sys
0x00AB1000 \SystemRoot\system32\drivers\fileinfo.sys
0x00AC5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0F000 \SystemRoot\system32\drivers\ndis.sys
0x00B4C000 \SystemRoot\system32\drivers\msrpc.sys
0x00B9C000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E0A000 \SystemRoot\System32\drivers\tcpip.sys
0x00F7E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0100B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0118F000 \SystemRoot\system32\drivers\volsnap.sys
0x011D3000 \SystemRoot\System32\Drivers\spldr.sys
0x011DB000 \SystemRoot\System32\Drivers\mup.sys
0x00FAA000 \SystemRoot\System32\drivers\ecache.sys
0x00FD6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x00DD2000 \SystemRoot\system32\drivers\disk.sys
0x007CA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011ED000 \SystemRoot\system32\drivers\crcdisk.sys
0x02237000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02240000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x02254000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02259000 \SystemRoot\system32\DRIVERS\cpqbttn64.sys
0x0225D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0226F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02277000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0240B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0230A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02D44000 \SystemRoot\System32\drivers\watchdog.sys
0x02D53000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x02D5E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02DA4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02DD1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02DE3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03001000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03021000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03037000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x0304E000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x030A5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x030B8000 \SystemRoot\system32\DRIVERS\nvm60x64.sys
0x031D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x031EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02DF3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0320D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03245000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03252000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03275000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03281000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x032B2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x032C2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x032E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x032F8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03392000 \SystemRoot\system32\DRIVERS\termdd.sys
0x033A4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x033A6000 \SystemRoot\system32\DRIVERS\ks.sys
0x033DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x033E5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x033F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02280000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x022C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0340E000 \SystemRoot\system32\drivers\HdAudio.sys
0x03457000 \SystemRoot\system32\drivers\portcls.sys
0x03492000 \SystemRoot\system32\drivers\drmk.sys
0x034B5000 \SystemRoot\system32\drivers\ksthunk.sys
0x034BB000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x0360F000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x0350C000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x0378D000 \SystemRoot\system32\drivers\modem.sys
0x0379C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x037A6000 \SystemRoot\System32\Drivers\Null.SYS
0x037AF000 \SystemRoot\System32\drivers\vga.sys
0x037BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x037E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x037EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x037F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x035D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x022DB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x035E4000 \SystemRoot\system32\DRIVERS\smb.sys
0x03807000 \SystemRoot\system32\drivers\afd.sys
0x03874000 \SystemRoot\System32\DRIVERS\netbt.sys
0x038B8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x038D6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x038E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03900000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0394E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03957000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03959000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03965000 \SystemRoot\system32\drivers\csc.sys
0x039DB000 \SystemRoot\System32\Drivers\dfsc.sys
0x03400000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03A07000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03A23000 \SystemRoot\System32\Drivers\usbvideo.sys
0x03A4D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03A5B000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x03A65000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x03A75000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x03A88000 \SystemRoot\System32\drivers\Dxapi.sys
0x03A94000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x03AA7000 \SystemRoot\system32\drivers\luafv.sys
0x03AC9000 \SystemRoot\system32\drivers\spsys.sys
0x03B63000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03B77000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03BAB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03BB6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07200000 \SystemRoot\system32\drivers\HTTP.sys
0x0729F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x072C7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x072E5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x072FF000 \SystemRoot\system32\drivers\mrxdav.sys
0x07326000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0734F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07398000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x073B7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07406000 \SystemRoot\System32\DRIVERS\srv.sys
0x0749D000 \SystemRoot\system32\drivers\peauth.sys
0x07553000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0755E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0756D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07589000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x77A80000 \Windows\System32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
580 csrss.exe
620 C:\Windows\System32\wininit.exe
640 csrss.exe
672 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\winlogon.exe
880 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\nvvsvc.exe
952 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
360 C:\Windows\System32\svchost.exe
440 C:\Windows\System32\svchost.exe
456 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\audiodg.exe
1028 C:\Windows\System32\SLsvc.exe
1052 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\rundll32.exe
1284 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\spoolsv.exe
1660 C:\Windows\System32\taskeng.exe
1720 C:\Windows\System32\dwm.exe
1728 C:\Windows\explorer.exe
1800 C:\Windows\System32\taskeng.exe
1856 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
1876 C:\Windows\System32\svchost.exe
2052 C:\Windows\System32\svchost.exe
2084 C:\Windows\System32\SearchIndexer.exe
2268 C:\Program Files\Windows Defender\MSASCui.exe
2284 C:\Windows\System32\rundll32.exe
2292 C:\Program Files\Windows Sidebar\sidebar.exe
2372 C:\Program Files (x86)\Winamp\winampa.exe
3600 C:\Windows\System32\svchost.exe
3760 C:\Windows\System32\svchost.exe
2068 C:\Windows\servicing\TrustedInstaller.exe
1692 C:\Windows\System32\wsqmcons.exe
3912 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3728 C:\Windows\System32\SearchProtocolHost.exe
2864 C:\Windows\System32\SearchFilterHost.exe
3320 C:\Users\snargletooth\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`3d5d4200 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9S, Rev: SB4O

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 24 August 2010 - 01:34 PM

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download and run OTL:

Download OTL by Old Timer and save it to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
      netsvcs
      drivers32 /all
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\*.wt
      %systemroot%\system32\*.ruy
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      %systemroot%\system32\ws2help.dll /md5
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time,

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. The two logs from OTL
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 geezor

geezor
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 24 August 2010 - 07:22 PM

Computer seems to be running better. Still no wireless internet and the harddrive seems to be more filled than it should be. I just found older system files from before I reinstalled windows. I'm deleting them now.

Thankyou for your help so far. I really appreciate this more than you could know.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4473

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/24/2010 5:04:02 PM
mbam-log-2010-08-24 (17-04-02).txt

Scan type: Quick scan
Objects scanned: 125338
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL logfile created on: 8/24/2010 5:05:47 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\snargletooth\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.96 Gb Total Space | 66.04 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.78 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNARGLETOOTH-PC
Current User Name: snargletooth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 16:58:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\snargletooth\Downloads\OTL.exe
PRC - [2010/07/12 09:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 16:58:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\snargletooth\Downloads\OTL.exe
MOD - [2008/01/20 19:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 19:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 19:51:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/20 19:51:03 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/20 19:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 19:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/01/20 19:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/01/20 19:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 19:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 19:46:05 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 19:46:02 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 19:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/28 12:40:00 | 000,012,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys -- (HBtnKey)
DRV - [2010/08/24 03:41:48 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/11 19:22:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/16 16:23:18 | 000,000,000 | ---D | M]

[2010/08/11 19:22:22 | 000,000,000 | ---D | M] -- C:\Users\snargletooth\AppData\Roaming\Mozilla\Extensions
[2010/08/24 03:49:58 | 000,000,000 | ---D | M] -- C:\Users\snargletooth\AppData\Roaming\Mozilla\Firefox\Profiles\x9hz5dj9.default\extensions
[2010/08/16 14:32:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\snargletooth\AppData\Roaming\Mozilla\Firefox\Profiles\x9hz5dj9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/11 19:22:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/12 09:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/04 11:59:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()

Drivers32:64bit: aux - wdmaud.drv ()
Drivers32:64bit: midi - wdmaud.drv ()
Drivers32:64bit: midimapper - midimap.dll ()
Drivers32:64bit: mixer - wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm ()
Drivers32:64bit: msacm.msg711 - msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm ()
Drivers32:64bit: MSVideo8 - VfWWDM32.dll ()
Drivers32:64bit: vidc.i420 - iyuv_32.dll ()
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll ()
Drivers32:64bit: vidc.msvc - msvidc32.dll ()
Drivers32:64bit: VIDC.UYVY - msyuv.dll ()
Drivers32:64bit: VIDC.YUY2 - msyuv.dll ()
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll ()
Drivers32:64bit: VIDC.YVYU - msyuv.dll ()
Drivers32:64bit: wave - wdmaud.drv ()
Drivers32:64bit: wavemapper - msacm32.drv ()
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/16 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/08/16 16:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/08/16 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\Winamp
[2010/08/16 16:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/08/16 15:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/08/16 14:30:11 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\Desktop\Releasing
[2010/08/11 20:36:57 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\Macromedia
[2010/08/11 20:36:57 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\Adobe
[2010/08/11 20:36:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/08/11 20:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/08/11 20:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/08/11 20:13:10 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\WinBatch
[2010/08/11 19:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/08/11 19:36:24 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\Malwarebytes
[2010/08/11 19:35:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/11 19:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/11 19:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/11 19:32:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/08/11 19:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/11 19:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/11 19:22:08 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Local\Mozilla
[2010/08/11 19:22:07 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\Mozilla
[2010/08/11 19:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/08/11 19:19:49 | 000,114,688 | ---- | C] (RICOH) -- C:\Windows\SysWow64\RicohMediadriverVer.dll
[2010/08/11 19:19:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/08/11 18:32:02 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Searches
[2010/08/11 18:31:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/08/11 18:29:49 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\Identities
[2010/08/11 18:29:46 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Contacts
[2010/08/11 18:29:45 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Local\VirtualStore
[2010/08/11 18:29:39 | 000,000,000 | --SD | C] -- C:\Users\snargletooth\AppData\Roaming\Microsoft
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Videos
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Saved Games
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Pictures
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Music
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Links
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Favorites
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Downloads
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Documents
[2010/08/11 18:29:39 | 000,000,000 | R--D | C] -- C:\Users\snargletooth\Desktop
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\AppData\Local\Temporary Internet Files
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Templates
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Start Menu
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\SendTo
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Recent
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\PrintHood
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\NetHood
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Documents\My Videos
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Documents\My Pictures
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Documents\My Music
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\My Documents
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Local Settings
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\AppData\Local\History
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Cookies
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\Application Data
[2010/08/11 18:29:39 | 000,000,000 | -HSD | C] -- C:\Users\snargletooth\AppData\Local\Application Data
[2010/08/11 18:29:39 | 000,000,000 | -H-D | C] -- C:\Users\snargletooth\AppData
[2010/08/11 18:29:39 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Local\Temp
[2010/08/11 18:29:39 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Local\Microsoft
[2010/08/11 18:29:39 | 000,000,000 | ---D | C] -- C:\Users\snargletooth\AppData\Roaming\Media Center Programs
[2010/08/11 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/08/11 18:01:31 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010/08/11 17:43:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/08/11 17:40:40 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/08/11 17:32:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/08/11 02:42:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/08/10 22:41:08 | 000,000,000 | ---D | C] -- C:\stuff
[2010/08/10 20:44:25 | 000,000,000 | ---D | C] -- C:\Temp

========== Files - Modified Within 90 Days ==========

[2010/08/24 17:05:44 | 000,786,432 | -HS- | M] () -- C:\Users\snargletooth\NTUSER.DAT
[2010/08/24 17:03:59 | 001,459,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/24 17:03:59 | 000,653,296 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2010/08/24 17:03:59 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/24 17:03:59 | 000,125,770 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2010/08/24 17:03:59 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/24 16:56:24 | 000,032,536 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/24 16:56:13 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 16:56:13 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 16:56:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 16:56:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 16:55:45 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/24 09:03:14 | 000,524,288 | -HS- | M] () -- C:\Users\snargletooth\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/08/24 09:03:14 | 000,065,536 | -HS- | M] () -- C:\Users\snargletooth\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/08/24 09:03:07 | 001,440,062 | -H-- | M] () -- C:\Users\snargletooth\AppData\Local\IconCache.db
[2010/08/24 03:41:58 | 000,080,384 | ---- | M] () -- C:\Users\snargletooth\Desktop\MBRCheck.exe
[2010/08/24 03:41:48 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/24 03:37:11 | 000,133,632 | ---- | M] () -- C:\Users\snargletooth\Desktop\RKUnhookerLE.EXE
[2010/08/18 20:23:54 | 000,049,168 | ---- | M] () -- C:\Users\snargletooth\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/18 20:19:43 | 000,229,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/16 16:23:53 | 000,000,842 | ---- | M] () -- C:\Users\snargletooth\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/08/16 16:23:53 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/08/16 14:41:54 | 000,293,376 | ---- | M] () -- C:\Users\snargletooth\Desktop\gmer.exe
[2010/08/16 14:39:00 | 000,284,915 | ---- | M] () -- C:\Users\snargletooth\Desktop\gmer.zip
[2010/08/16 14:36:19 | 000,032,536 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/16 14:35:49 | 000,525,824 | ---- | M] () -- C:\Users\snargletooth\Desktop\dds.scr
[2010/08/16 14:35:29 | 000,000,000 | ---- | M] () -- C:\Users\snargletooth\defogger_reenable
[2010/08/16 14:30:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/08/11 19:40:41 | 000,050,477 | ---- | M] () -- C:\Users\snargletooth\Desktop\Defogger.exe
[2010/08/11 19:36:00 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 19:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 19:22:03 | 000,001,802 | ---- | M] () -- C:\Users\snargletooth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 19:22:03 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/11 19:21:25 | 000,000,104 | ---- | M] () -- C:\Users\snargletooth\Desktop\Computer - Shortcut.lnk
[2010/08/11 18:32:43 | 000,000,732 | ---- | M] () -- C:\Users\snargletooth\AppData\Local\d3d9caps64.dat
[2010/08/11 18:30:52 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/08/11 18:30:04 | 000,524,288 | -HS- | M] () -- C:\Users\snargletooth\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms
[2010/08/11 18:29:39 | 000,000,020 | -HS- | M] () -- C:\Users\snargletooth\ntuser.ini
[2010/08/11 17:45:08 | 000,049,052 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/06/28 09:55:07 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/28 09:53:56 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2010/06/28 09:53:55 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/28 09:52:23 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/28 09:52:23 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/28 09:52:22 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/28 09:52:22 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll
[2010/06/28 09:52:21 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2010/06/28 08:35:36 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2010/06/18 10:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/08 10:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe

========== Files Created - No Company Name ==========

[2010/08/24 03:41:57 | 000,080,384 | ---- | C] () -- C:\Users\snargletooth\Desktop\MBRCheck.exe
[2010/08/24 03:40:38 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/08/24 03:37:09 | 000,133,632 | ---- | C] () -- C:\Users\snargletooth\Desktop\RKUnhookerLE.EXE
[2010/08/18 18:43:38 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\wsepno.dll
[2010/08/18 18:43:36 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msshooks.dll
[2010/08/18 18:43:35 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\msscb.dll
[2010/08/18 18:43:34 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/18 18:43:34 | 000,106,605 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/08/18 18:43:34 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\propdefs.dll
[2010/08/18 18:43:34 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\xmlfilter.dll
[2010/08/18 18:43:34 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\rtffilt.dll
[2010/08/18 18:43:34 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\mimefilt.dll
[2010/08/18 18:43:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/18 18:43:34 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/08/18 18:43:32 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\mssitlb.dll
[2010/08/18 18:43:31 | 001,676,800 | ---- | C] () -- C:\Windows\SysNative\chsbrkr.dll
[2010/08/18 18:43:31 | 000,921,088 | ---- | C] () -- C:\Windows\SysNative\propsys.dll
[2010/08/18 18:43:31 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\srchadmin.dll
[2010/08/18 18:43:31 | 000,317,440 | ---- | C] () -- C:\Windows\SysNative\thawbrkr.dll
[2010/08/18 18:43:31 | 000,316,928 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/08/18 18:43:31 | 000,280,064 | ---- | C] () -- C:\Windows\SysNative\offfilt.dll
[2010/08/18 18:43:31 | 000,181,248 | ---- | C] () -- C:\Windows\SysNative\nlhtml.dll
[2010/08/18 18:43:31 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.dll
[2010/08/18 18:43:31 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\mssprxy.dll
[2010/08/18 18:43:30 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/08/18 18:43:30 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/08/18 18:43:30 | 006,100,480 | ---- | C] () -- C:\Windows\SysNative\chtbrkr.dll
[2010/08/18 18:43:30 | 000,796,672 | ---- | C] () -- C:\Windows\SysNative\mssvp.dll
[2010/08/18 18:43:30 | 000,498,176 | ---- | C] () -- C:\Windows\SysNative\mssph.dll
[2010/08/18 18:43:30 | 000,312,832 | ---- | C] () -- C:\Windows\SysNative\mssphtb.dll
[2010/08/18 18:43:30 | 000,258,560 | ---- | C] () -- C:\Windows\SysNative\SearchProtocolHost.exe
[2010/08/18 18:43:30 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\SearchFilterHost.exe
[2010/08/18 18:43:30 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\msstrc.dll
[2010/08/18 18:43:30 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\msscntrs.dll
[2010/08/18 18:43:29 | 002,209,792 | ---- | C] () -- C:\Windows\SysNative\tquery.dll
[2010/08/18 18:43:29 | 002,176,512 | ---- | C] () -- C:\Windows\SysNative\mssrch.dll
[2010/08/18 18:43:29 | 000,598,016 | ---- | C] () -- C:\Windows\SysNative\SearchIndexer.exe
[2010/08/18 17:48:48 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2010/08/18 17:48:44 | 000,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/08/18 17:48:44 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2010/08/18 17:48:43 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2010/08/18 17:48:43 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2010/08/18 17:48:42 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2010/08/18 17:48:34 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2010/08/18 17:48:32 | 000,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/08/18 17:39:47 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/08/18 17:39:36 | 000,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/08/18 17:39:26 | 000,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/08/18 17:39:18 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2010/08/18 17:39:14 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2010/08/18 17:34:01 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/08/18 17:33:59 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/08/18 17:33:58 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/08/18 17:27:52 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/08/18 17:27:52 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/08/18 17:27:51 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/08/18 17:27:47 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/08/18 17:27:47 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/08/18 17:27:47 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/08/16 16:23:53 | 000,000,842 | ---- | C] () -- C:\Users\snargletooth\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/08/16 16:23:53 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/08/16 15:34:46 | 012,240,896 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0007.dll
[2010/08/16 15:34:43 | 002,644,480 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0009.dll
[2010/08/16 15:34:11 | 001,361,920 | ---- | C] () -- C:\Windows\SysNative\NaturalLanguage6.dll
[2010/08/16 15:24:29 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/08/16 15:24:22 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/08/16 15:24:16 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/08/16 15:23:24 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/16 15:23:19 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/08/16 15:23:13 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/08/16 15:23:13 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/08/16 15:23:12 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/08/16 15:23:12 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/08/16 15:23:12 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/08/16 15:23:12 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/08/16 15:23:12 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/08/16 15:23:12 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/08/16 15:23:11 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/08/16 15:22:46 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/08/16 15:22:38 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/08/16 15:22:30 | 001,926,656 | ---- | C] () -- C:\Windows\SysNative\gameux.dll
[2010/08/16 15:22:30 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/08/16 15:22:28 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/08/16 15:22:22 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/08/16 15:22:22 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/08/16 15:22:22 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/08/16 15:22:16 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/08/16 15:22:10 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/08/16 15:22:02 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/08/16 15:21:56 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/08/16 15:21:43 | 001,078,840 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2010/08/16 15:21:43 | 000,382,008 | ---- | C] () -- C:\Windows\SysNative\ci.dll
[2010/08/16 15:21:42 | 001,066,040 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2010/08/16 15:21:41 | 000,993,336 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2010/08/16 15:21:41 | 000,982,584 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2010/08/16 15:21:41 | 000,022,072 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2010/08/16 15:21:40 | 000,474,624 | ---- | C] () -- C:\Windows\SysNative\srcore.dll
[2010/08/16 15:21:40 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\setbcdlocale.dll
[2010/08/16 15:21:39 | 000,339,968 | ---- | C] () -- C:\Windows\SysNative\rstrui.exe
[2010/08/16 15:21:39 | 000,046,592 | ---- | C] () -- C:\Windows\SysNative\srclient.dll
[2010/08/16 15:21:39 | 000,018,944 | ---- | C] () -- C:\Windows\SysNative\srdelayed.exe
[2010/08/16 15:21:39 | 000,007,680 | ---- | C] () -- C:\Windows\SysNative\kbd106n.dll
[2010/08/16 15:20:53 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/08/16 15:20:43 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
[2010/08/16 15:20:37 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/08/16 15:20:31 | 000,439,808 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/08/16 15:20:21 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/08/16 15:20:21 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/08/16 15:20:21 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/08/16 15:20:14 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/16 15:20:14 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/16 15:20:08 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/16 15:20:02 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/08/16 15:20:02 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/08/16 15:19:55 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/08/16 15:19:52 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/08/16 15:19:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/08/16 15:19:48 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/08/16 15:19:20 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/16 15:19:09 | 001,729,024 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/08/16 15:18:56 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/16 15:18:52 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/08/16 15:18:47 | 000,361,984 | ---- | C] () -- C:\Windows\SysNative\es.dll
[2010/08/16 15:18:41 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/08/16 15:18:35 | 000,531,456 | ---- | C] () -- C:\Windows\SysNative\IPSECSVC.DLL
[2010/08/16 15:18:28 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/08/16 15:18:16 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/08/16 15:18:16 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/08/16 15:18:12 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/08/16 15:18:12 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/08/16 15:18:12 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/08/16 15:18:12 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/08/16 15:18:12 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/08/16 15:18:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/08/16 15:17:57 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/08/16 15:17:57 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/08/16 15:17:56 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/08/16 15:17:56 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/08/16 15:17:55 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/08/16 15:17:55 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/08/16 15:17:54 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/08/16 15:17:54 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/08/16 15:17:54 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/08/16 15:17:31 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/08/16 15:17:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/08/16 15:17:15 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/08/16 15:16:59 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/08/16 15:16:57 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/08/16 15:16:46 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/08/16 15:16:45 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/08/16 15:16:45 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/08/16 15:16:45 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/08/16 15:16:45 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/08/16 15:16:45 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/08/16 15:16:39 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/08/16 15:16:33 | 000,557,056 | ---- | C] () -- C:\Windows\SysNative\wmpeffects.dll
[2010/08/16 15:16:30 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\scrobj.dll
[2010/08/16 15:16:30 | 000,197,632 | ---- | C] () -- C:\Windows\SysNative\scrrun.dll
[2010/08/16 15:16:30 | 000,144,384 | ---- | C] () -- C:\Windows\SysNative\wshom.ocx
[2010/08/16 15:16:29 | 000,166,912 | ---- | C] () -- C:\Windows\SysNative\wscript.exe
[2010/08/16 15:16:29 | 000,147,968 | ---- | C] () -- C:\Windows\SysNative\cscript.exe
[2010/08/16 15:16:29 | 000,101,888 | ---- | C] () -- C:\Windows\SysNative\wshext.dll
[2010/08/16 15:16:06 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/08/16 15:16:05 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/08/16 15:16:05 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/08/16 15:16:04 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/08/16 15:16:04 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/08/16 15:16:04 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/08/16 15:16:04 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/08/16 15:16:04 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/08/16 15:16:03 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/08/16 15:14:57 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/08/16 15:14:57 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/08/16 15:14:49 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/16 15:14:45 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/08/16 15:14:41 | 000,883,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2010/08/16 15:14:41 | 000,399,872 | ---- | C] () -- C:\Windows\SysNative\emdmgmt.dll
[2010/08/16 15:14:41 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\drivers\nwifi.sys
[2010/08/16 15:14:41 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\dataclen.dll
[2010/08/16 15:14:41 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2010/08/16 15:14:35 | 000,140,288 | ---- | C] () -- C:\Windows\SysNative\drivers\rmcast.sys
[2010/08/16 15:14:35 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\wshrm.dll
[2010/08/16 15:14:31 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/08/16 15:14:21 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\drivers\pacer.sys
[2010/08/16 15:14:21 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\traffic.dll
[2010/08/16 15:14:21 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\pacerprf.dll
[2010/08/16 15:14:21 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\wshqos.dll
[2010/08/16 15:14:13 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/08/16 15:14:01 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/08/16 15:13:13 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/08/16 15:13:12 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/08/16 15:13:04 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/08/16 15:12:44 | 002,452,872 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2010/08/16 15:12:41 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/16 15:12:37 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/16 15:12:35 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/16 15:12:35 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/16 15:12:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/16 15:12:28 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2010/08/16 15:12:27 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/08/16 15:12:24 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/16 15:12:23 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/16 15:12:22 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/16 15:12:22 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/16 15:12:20 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2010/08/16 15:12:19 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/16 15:12:19 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/08/16 15:12:19 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2010/08/16 15:12:19 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/16 15:12:17 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/16 15:12:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/16 15:11:33 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/08/16 15:11:31 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/08/16 15:11:27 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/08/16 15:11:27 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/08/16 15:11:24 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/08/16 15:11:24 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/08/16 15:10:38 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/16 15:10:19 | 000,270,208 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2010/08/16 15:09:21 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/08/16 15:09:20 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/08/16 15:09:15 | 000,841,216 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecs.dll
[2010/08/16 15:09:15 | 000,470,016 | ---- | C] () -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010/08/16 15:09:15 | 000,386,560 | ---- | C] () -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010/08/16 15:09:06 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/08/16 15:09:05 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/08/16 15:09:05 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/08/16 15:09:05 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/08/16 15:09:04 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/08/16 15:09:03 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/08/16 15:09:03 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/08/16 15:08:56 | 000,648,704 | ---- | C] () -- C:\Windows\SysNative\netapi32.dll
[2010/08/16 14:38:11 | 000,284,915 | ---- | C] () -- C:\Users\snargletooth\Desktop\gmer.zip
[2010/08/16 14:35:45 | 000,525,824 | ---- | C] () -- C:\Users\snargletooth\Desktop\dds.scr
[2010/08/16 14:35:29 | 000,000,000 | ---- | C] () -- C:\Users\snargletooth\defogger_reenable
[2010/08/16 14:30:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/08/11 20:13:52 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2010/08/11 20:09:17 | 000,032,536 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/11 20:04:48 | 000,032,536 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/11 19:40:40 | 000,050,477 | ---- | C] () -- C:\Users\snargletooth\Desktop\Defogger.exe
[2010/08/11 19:36:19 | 002,113,568 | ---- | C] () -- C:\Windows\SysNative\nvcplui.exe
[2010/08/11 19:36:19 | 001,097,248 | ---- | C] () -- C:\Windows\SysNative\nvcpluir.dll
[2010/08/11 19:36:19 | 000,410,656 | ---- | C] () -- C:\Windows\SysNative\nvcpl.cpl
[2010/08/11 19:36:18 | 000,539,168 | ---- | C] () -- C:\Windows\SysNative\nvuninst.exe
[2010/08/11 19:36:00 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 19:35:49 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/11 19:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 19:32:00 | 000,428,424 | ---- | C] () -- C:\Users\snargletooth\AppData\Local\dd_vcredistMSI1712.txt
[2010/08/11 19:31:58 | 000,011,674 | ---- | C] () -- C:\Users\snargletooth\AppData\Local\dd_vcredistUI1712.txt
[2010/08/11 19:30:51 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/08/11 19:30:47 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/08/11 19:22:03 | 000,001,802 | ---- | C] () -- C:\Users\snargletooth\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/11 19:22:03 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/11 19:21:25 | 000,000,104 | ---- | C] () -- C:\Users\snargletooth\Desktop\Computer - Shortcut.lnk
[2010/08/11 19:19:49 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\drivers\rimmpx64.sys
[2010/08/11 19:19:49 | 000,057,856 | ---- | C] () -- C:\Windows\SysNative\drivers\rixdpx64.sys
[2010/08/11 19:19:49 | 000,055,296 | ---- | C] () -- C:\Windows\SysNative\drivers\rimspx64.sys
[2010/08/11 19:19:48 | 000,172,032 | ---- | C] () -- C:\Windows\SysNative\rixdicon.dll
[2010/08/11 19:19:48 | 000,090,112 | ---- | C] () -- C:\Windows\SysNative\snymsico.dll
[2010/08/11 19:17:36 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/08/11 19:17:36 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/08/11 19:17:36 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/08/11 19:17:36 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/08/11 19:17:06 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/08/11 19:17:06 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/08/11 19:17:06 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/08/11 19:16:49 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/08/11 19:16:49 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/08/11 18:30:52 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/08/11 18:30:23 | 000,171,136 | RHS- | C] () -- C:\grldr
[2010/08/11 18:29:41 | 000,000,732 | ---- | C] () -- C:\Users\snargletooth\AppData\Local\d3d9caps64.dat
[2010/08/11 18:29:39 | 000,786,432 | -HS- | C] () -- C:\Users\snargletooth\NTUSER.DAT
[2010/08/11 18:29:39 | 000,524,288 | -HS- | C] () -- C:\Users\snargletooth\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms
[2010/08/11 18:29:39 | 000,524,288 | -HS- | C] () -- C:\Users\snargletooth\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/08/11 18:29:39 | 000,262,144 | -H-- | C] () -- C:\Users\snargletooth\ntuser.dat.LOG1
[2010/08/11 18:29:39 | 000,065,536 | -HS- | C] () -- C:\Users\snargletooth\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/08/11 18:29:39 | 000,000,258 | ---- | C] () -- C:\Users\snargletooth\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/11 18:29:39 | 000,000,240 | ---- | C] () -- C:\Users\snargletooth\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/11 18:29:39 | 000,000,020 | -HS- | C] () -- C:\Users\snargletooth\ntuser.ini
[2010/08/11 18:29:39 | 000,000,000 | -H-- | C] () -- C:\Users\snargletooth\ntuser.dat.LOG2
[2010/08/11 17:55:04 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2008/01/20 19:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/11 20:13:10 | 000,000,000 | ---D | M] -- C:\Users\snargletooth\AppData\Roaming\WinBatch
[2010/08/24 09:03:25 | 000,007,478 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/05/04 11:59:36 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/09 18:11:08 | 000,000,086 | ---- | M] () -- C:\bcmwl6.log
[2008/01/20 19:49:22 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/08/11 18:30:52 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/11/02 15:00:00 | 000,171,136 | RHS- | M] () -- C:\grldr
[2009/01/04 20:26:12 | 000,000,000 | ---- | M] () -- C:\Health Product - GLC.txt
[2010/08/24 16:55:45 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/19 19:15:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/27 17:54:56 | 000,028,160 | ---- | M] () -- C:\Liver Detox.doc
[2008/12/19 19:15:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/24 16:55:40 | 2392,649,728 | -HS- | M] () -- C:\pagefile.sys
[2010/08/11 20:13:52 | 000,000,411 | ---- | M] () -- C:\RHDSetup.log
[2007/05/04 12:23:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/05/04 12:23:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 08:05:44 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:05:44 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:05:44 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:05:44 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 20:21:14 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 19:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 19:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >


OTL Extras logfile created on: 8/24/2010 5:05:47 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\snargletooth\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.96 Gb Total Space | 66.04 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.78 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNARGLETOOTH-PC
Current User Name: snargletooth
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{3D57D639-D70E-4FB1-9234-A898725791E4}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{9B69F49C-E09D-4728-8F3F-592A49185962}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2010 5:28:55 PM | Computer Name = snargletooth-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/16/2010 7:06:23 PM | Computer Name = snargletooth-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/16/2010 7:23:51 PM | Computer Name = snargletooth-PC | Source = System Restore | ID = 8193
Description =

Error - 8/18/2010 7:55:52 PM | Computer Name = snargletooth-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2010 8:56:56 PM | Computer Name = snargletooth-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 8/18/2010 11:20:27 PM | Computer Name = snargletooth-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2010 11:21:59 PM | Computer Name = snargletooth-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 8/24/2010 6:29:44 AM | Computer Name = snargletooth-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/24/2010 6:31:33 AM | Computer Name = snargletooth-PC | Source = RasClient | ID = 20227
Description =

Error - 8/24/2010 7:57:28 PM | Computer Name = snargletooth-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/18/2010 11:18:52 PM | Computer Name = snargletooth-PC | Source = BCM43XV | ID = 5005
Description = Broadcom 802.11n Network Adapter : Has encountered an internal error
and has failed.

Error - 8/18/2010 11:20:02 PM | Computer Name = snargletooth-PC | Source = HTTP | ID = 15016
Description =

Error - 8/24/2010 6:27:53 AM | Computer Name = snargletooth-PC | Source = BCM43XV | ID = 5005
Description = Broadcom 802.11n Network Adapter : Has encountered an internal error
and has failed.

Error - 8/24/2010 6:28:28 AM | Computer Name = snargletooth-PC | Source = HTTP | ID = 15016
Description =

Error - 8/24/2010 6:28:38 AM | Computer Name = snargletooth-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001B247E6DC8. The following
error occurred: %%258. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 8/24/2010 6:33:41 AM | Computer Name = snargletooth-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 001B247E6DC8 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 8/24/2010 6:40:38 AM | Computer Name = snargletooth-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/24/2010 6:41:48 AM | Computer Name = snargletooth-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/24/2010 7:55:35 PM | Computer Name = snargletooth-PC | Source = BCM43XV | ID = 5005
Description = Broadcom 802.11n Network Adapter : Has encountered an internal error
and has failed.

Error - 8/24/2010 7:56:09 PM | Computer Name = snargletooth-PC | Source = HTTP | ID = 15016
Description =


< End of report >

Edited by geezor, 24 August 2010 - 08:18 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 25 August 2010 - 01:35 AM

Hello

lets try this to get you back online, let me know if it works

Download and run WinSockFix. This is a two step process that will Back up the Registry and Reset the Winsock Stack.
  • Double click on WinsockXPFix.exe to open.
  • On the Winsock and TCP Repair Utility screen, click "ReG-Backup"
  • On the ERDNT Welcome screen, click "OK".
  • On the Backup to: screen, click "OK".
  • On the Folder does not exist question screen click "Yes".
  • You will see a status screen as your registry is being backed up.
  • On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  • On the Winsock and TCP Repair Utility screen, click "Fix".
  • On the Apply the VB_Winsock fix? screen click "Yes".
  • The screen will display a status message "repair completed please reboot."
  • On the Repair Completed screen click "OK" to reboot your computer.
  • If your computer was not using DHCP, you will need to reconfigure TCP/IP.
  • You should have connectivity restored.
If you have internet back come back and let me know if not go to next step

Download LSPFix and save to your desktop.
alternate download site
alternate download site
  • Disconnect from the Internet, go to the LSPfix file and extract (unzip) LSP-Fix into its own folder such as C:\lspfix. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.
  • Open the lspfix folder and double-click on LSPFix.exe to start the program.
  • Check the "I know what I am doing" checkbox.
  • Click "Finish" and LSPfix will restore the chain numbers.
  • restart the computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 geezor

geezor
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 25 August 2010 - 05:54 PM

Edit: Just so we're clear, when I connect my internet directly into my computer it works, my wireless doesn't though.

1) I tried to run that Winsock repair and it didn't work and then I realized it was for XP and I'm running Vista
2)I tried running netsh winsock reset from Command Prompt and it says "The requested operation requires elevation"

I think I need to reinstall Winsock because when I ran LSP fix I got an error message saying the file wasn't found or was corrupted and couldn't be accessed and needed to be reinstalled.

Edit: I found the same program except for Vista

http://www.softpedia.com/progDownload/WinS...load-15337.html

I ran it and it says "File not found".

Oh boy. HAHA.

Edited by geezor, 25 August 2010 - 06:20 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 26 August 2010 - 11:23 AM


Hello geezor

I don't think the wireless has to do with malware so I want you to open a thread in the Networking forum they should find out what is going on with it faster than I could, send me the link eo I can follow what is going on



Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 geezor

geezor
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 August 2010 - 03:31 AM

The computer is slow at startup, is using a ton of processing power, and will freeze during tasks it shouldn't(It just froze momentarily changing windows so I could type this).

As for the Networking forum, I'll do as you say.

Thanks and any more advice would be appreciated.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 28 August 2010 - 03:39 AM

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 geezor

geezor
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 30 August 2010 - 11:14 PM

I'm getting soooo frustrated. I did the scans you told me to but when I tried to install internet explorer(I use firefox) my computer said it couldn't install for some reason.

I finally formatted my computer but it keeps coming back with the stuff from the older installed version. Is there anyway I can completely format my computer and completely reinstall Vista clean with no residual leftover files from the previous installs? Can I do it manually somehow without the DVD and then install Vista afterwards from boot?

Thanks in advance. I'm ready to headbutt smash my skull into my wall until I can't feel my legs.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 01 September 2010 - 12:43 AM

hello

Can I do it manually somehow without the DVD and then install Vista afterwards from boot? no you have to do it from the install DVD but you should be able to burn these disks

let me have the make and modle of the computer and let me see what I can find

gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 geezor

geezor
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 03 September 2010 - 06:31 AM

Okay so I reinstalled Vista. It kept all my old crap though. Like now I have two different program files.

Program Files
Program Files(X86)

Also half my harddrive is filled.

Any suggestions would once again be appreciated. I hope you weren't hit too hard by that Hurricane. Nasty business.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 03 September 2010 - 10:40 PM

Hello

My expertize is in malware removal and I don't know if those folders are normal or not for 64 bit OS - but you can ask in the vista forum and see if they have an answer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:55 AM

Posted 06 September 2010 - 01:20 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users