Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore Virus won't delete.


  • This topic is locked This topic is locked
32 replies to this topic

#1 braedz08

braedz08

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 11 November 2011 - 05:08 AM

Hello,

i recently just got a netbook (64-bit) and on the first day i managed to get a virus.
It started off with heaps of critical error popups (about 15 - 20 at the same time) all saying i need to scan my computer.
along with the system restore virus.
then it started doing the redirecting thing when i open up webpages, and it even blocked tsk manager at one point.

i've tried removing this virus using malware bytes but it just keeps respawning. I discovered that in C:\ProgramData, it keeps spawning viruses with names such as "wT6jIXYFIzNyN.exe" and when i delete them, another is spawned the next time i restart computer.

any help would be greatly apprciated, and i have attached the dds .txt files like it said in the forum instructions.

Thankyou.

oh and all my icons have been hidden.

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 12 November 2011 - 02:10 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 13 November 2011 - 10:50 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 braedz08

braedz08
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 14 November 2011 - 02:44 AM

okay so i ran ComboFix, here is the log;

ComboFix 11-11-13.03 - coo0027 14/11/2011 16:55:10.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.3766.2069 [GMT 11:00]
Running from: c:\users\coo0027\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cNSfS7Wqae2F6a.exe
c:\programdata\FuxUSdPsKW.exe
c:\users\coo0027\.uc-a44348f42017093f6313ebb5ed550ec3.coo0027.coo0027-29000.tmp
c:\users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 06:44 . 2011-11-14 06:44 -------- d-----w- C:\Device
2011-11-14 06:35 . 2011-11-14 06:35 -------- d-----w- c:\users\LocalAdmin\AppData\Local\temp
2011-11-14 06:35 . 2011-11-14 06:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 05:43 . 2011-11-14 06:51 802738 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-08 11:58 . 2011-11-08 11:58 -------- d--h--w- c:\windows\Sun
2011-11-08 05:24 . 2011-11-14 17:38 -------- d--h--r- c:\program files (x86)\Skype
2011-11-08 05:24 . 2011-11-14 17:38 -------- d--h--w- c:\programdata\Skype
2011-11-08 00:55 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-08 00:55 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 00:41 . 2011-11-14 17:06 -------- d-----w- C:\Cache
2011-11-07 23:47 . 2011-11-14 06:32 -------- d--h--w- c:\users\coo0027
2011-10-17 00:39 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-17 00:39 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-17 00:39 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-17 00:39 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-17 00:36 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-17 00:36 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-17 00:36 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-17 00:36 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-17 00:36 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-17 00:20 . 2011-11-14 17:40 -------- d--h--w- c:\windows\wlansvc
2011-10-17 00:19 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-17 00:19 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-10-17 00:19 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-10-17 00:14 . 2011-11-14 17:40 -------- d--h--w- c:\users\administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 10:32 . 2011-07-22 04:57 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 907136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-17 136824]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 00:35]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 00:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-16 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-16 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-16 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
"combofix"="c:\combofix\CF16359.3XE" [2010-11-19 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files (x86)\CADE 2.20.2\Web\new.htm
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FuxUSdPsKW.exe - c:\programdata\FuxUSdPsKW.exe
SafeBoot-Symantec Antvirus
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-14 18:16:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 07:16
.
Pre-Run: 259,680,727,040 bytes free
Post-Run: 258,465,320,960 bytes free
.
- - End Of File - - 1D2AD44FA1BC1173FECAB1061ABA81DE

now, as for problems I've had, earlier today my computer got stuck in sort of a loop when starting up, it wouldn't load after the starting windows screen. It would just restart and then do it again, so then it came up with the options to do a system repair or what ever, and it had to restore windows. But then it just came back with the same virus.

also when I try and go onto this site on my infected computer, it says that internet explorer has stopped working and that I need to restart the program or search for solutions online.
I also still have the redirecting problem, my background is plain black and my desktop icons are still hidden. also, the taskbar (windows 7) now has long rectangles for my programs instead of the squares it usually had (if that makes sense)..

And the system restore virus shortcut is still on my desktop.

That's all i have noticed so far, Thanks :)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 14 November 2011 - 03:34 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 braedz08

braedz08
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 14 November 2011 - 04:26 AM

okay, It came up with no threats,

20:11:13.0756 4116 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
20:11:14.0836 4116 ============================================================
20:11:14.0836 4116 Current date / time: 2011/11/14 20:11:14.0836
20:11:14.0836 4116 SystemInfo:
20:11:14.0836 4116
20:11:14.0836 4116 OS Version: 6.1.7601 ServicePack: 1.0
20:11:14.0836 4116 Product type: Workstation
20:11:14.0836 4116 ComputerName: COO0027-29000
20:11:14.0836 4116 UserName: COO0027
20:11:14.0836 4116 Windows directory: C:\Windows
20:11:14.0836 4116 System windows directory: C:\Windows
20:11:14.0836 4116 Running under WOW64
20:11:14.0836 4116 Processor architecture: Intel x64
20:11:14.0836 4116 Number of processors: 2
20:11:14.0836 4116 Page size: 0x1000
20:11:14.0836 4116 Boot type: Normal boot
20:11:14.0836 4116 ============================================================
20:11:16.0006 4116 Initialize success
20:11:27.0336 4128 ============================================================
20:11:27.0336 4128 Scan started
20:11:27.0336 4128 Mode: Manual;
20:11:27.0336 4128 ============================================================
20:11:30.0296 4128 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:11:30.0326 4128 1394ohci - ok
20:11:30.0356 4128 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:11:30.0366 4128 ACPI - ok
20:11:30.0436 4128 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:11:30.0456 4128 AcpiPmi - ok
20:11:30.0586 4128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:11:30.0626 4128 adp94xx - ok
20:11:30.0736 4128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:11:30.0776 4128 adpahci - ok
20:11:30.0866 4128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:11:30.0896 4128 adpu320 - ok
20:11:30.0996 4128 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:11:31.0006 4128 AFD - ok
20:11:31.0036 4128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:11:31.0076 4128 agp440 - ok
20:11:31.0186 4128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:11:31.0216 4128 aliide - ok
20:11:31.0316 4128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:11:31.0356 4128 amdide - ok
20:11:31.0456 4128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:11:31.0496 4128 AmdK8 - ok
20:11:31.0526 4128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:11:31.0546 4128 AmdPPM - ok
20:11:31.0626 4128 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:11:31.0646 4128 amdsata - ok
20:11:31.0726 4128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:11:31.0746 4128 amdsbs - ok
20:11:31.0776 4128 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:11:31.0776 4128 amdxata - ok
20:11:31.0876 4128 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:11:31.0906 4128 AppID - ok
20:11:32.0036 4128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:11:32.0056 4128 arc - ok
20:11:32.0086 4128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:11:32.0126 4128 arcsas - ok
20:11:32.0246 4128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:32.0246 4128 AsyncMac - ok
20:11:32.0276 4128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:11:32.0276 4128 atapi - ok
20:11:32.0396 4128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:11:32.0446 4128 b06bdrv - ok
20:11:32.0566 4128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:11:32.0596 4128 b57nd60a - ok
20:11:32.0696 4128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:11:32.0696 4128 Beep - ok
20:11:32.0816 4128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:11:32.0816 4128 blbdrive - ok
20:11:32.0846 4128 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:11:32.0846 4128 bowser - ok
20:11:32.0926 4128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:11:32.0946 4128 BrFiltLo - ok
20:11:32.0966 4128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:11:32.0986 4128 BrFiltUp - ok
20:11:33.0086 4128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:11:33.0116 4128 Brserid - ok
20:11:33.0216 4128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:33.0246 4128 BrSerWdm - ok
20:11:33.0256 4128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:33.0276 4128 BrUsbMdm - ok
20:11:33.0386 4128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:33.0406 4128 BrUsbSer - ok
20:11:33.0496 4128 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
20:11:33.0516 4128 BthEnum - ok
20:11:33.0556 4128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:11:33.0576 4128 BTHMODEM - ok
20:11:33.0676 4128 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:11:33.0706 4128 BthPan - ok
20:11:33.0816 4128 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
20:11:33.0836 4128 BTHPORT - ok
20:11:33.0926 4128 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
20:11:33.0956 4128 BTHUSB - ok
20:11:34.0006 4128 catchme - ok
20:11:34.0086 4128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:34.0116 4128 cdfs - ok
20:11:34.0156 4128 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:11:34.0156 4128 cdrom - ok
20:11:34.0246 4128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:11:34.0276 4128 circlass - ok
20:11:34.0306 4128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:11:34.0316 4128 CLFS - ok
20:11:34.0476 4128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:11:34.0476 4128 CmBatt - ok
20:11:34.0546 4128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:11:34.0566 4128 cmdide - ok
20:11:34.0628 4128 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:11:34.0638 4128 CNG - ok
20:11:34.0748 4128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:11:34.0748 4128 Compbatt - ok
20:11:34.0788 4128 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:11:34.0788 4128 CompositeBus - ok
20:11:34.0878 4128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:11:34.0898 4128 crcdisk - ok
20:11:35.0020 4128 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:11:35.0030 4128 CSC - ok
20:11:35.0150 4128 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:11:35.0150 4128 DfsC - ok
20:11:35.0250 4128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:11:35.0250 4128 discache - ok
20:11:35.0290 4128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:11:35.0290 4128 Disk - ok
20:11:35.0400 4128 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:11:35.0420 4128 dmvsc - ok
20:11:35.0520 4128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:11:35.0540 4128 drmkaud - ok
20:11:35.0650 4128 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\drivers\dtsoftbus01.sys
20:11:35.0660 4128 dtsoftbus01 - ok
20:11:35.0700 4128 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:35.0720 4128 DXGKrnl - ok
20:11:35.0870 4128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:11:35.0950 4128 ebdrv - ok
20:11:36.0040 4128 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:11:36.0040 4128 eeCtrl - ok
20:11:36.0150 4128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:11:36.0190 4128 elxstor - ok
20:11:36.0290 4128 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:11:36.0290 4128 EraserUtilRebootDrv - ok
20:11:36.0350 4128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:11:36.0370 4128 ErrDev - ok
20:11:36.0470 4128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:11:36.0500 4128 exfat - ok
20:11:36.0510 4128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:11:36.0510 4128 fastfat - ok
20:11:36.0620 4128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:11:36.0650 4128 fdc - ok
20:11:36.0740 4128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:11:36.0740 4128 FileInfo - ok
20:11:36.0750 4128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:11:36.0780 4128 Filetrace - ok
20:11:36.0810 4128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:11:36.0830 4128 flpydisk - ok
20:11:36.0930 4128 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:11:36.0940 4128 FltMgr - ok
20:11:37.0030 4128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:11:37.0040 4128 FsDepends - ok
20:11:37.0050 4128 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:37.0050 4128 Fs_Rec - ok
20:11:37.0090 4128 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:11:37.0090 4128 fvevol - ok
20:11:37.0180 4128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:11:37.0220 4128 gagp30kx - ok
20:11:37.0340 4128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:11:37.0370 4128 hcw85cir - ok
20:11:37.0460 4128 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:11:37.0460 4128 HDAudBus - ok
20:11:37.0500 4128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:11:37.0520 4128 HidBatt - ok
20:11:37.0580 4128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:11:37.0610 4128 HidBth - ok
20:11:37.0620 4128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:11:37.0650 4128 HidIr - ok
20:11:37.0700 4128 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:11:37.0720 4128 HidUsb - ok
20:11:37.0820 4128 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:11:37.0840 4128 HpSAMD - ok
20:11:37.0890 4128 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:11:37.0900 4128 HTTP - ok
20:11:37.0980 4128 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:11:37.0980 4128 hwpolicy - ok
20:11:38.0020 4128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:11:38.0020 4128 i8042prt - ok
20:11:38.0130 4128 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:11:38.0170 4128 iaStorV - ok
20:11:38.0480 4128 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:11:38.0730 4128 igfx - ok
20:11:38.0830 4128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:11:38.0850 4128 iirsp - ok
20:11:38.0893 4128 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
20:11:38.0896 4128 Impcd - ok
20:11:39.0042 4128 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
20:11:39.0072 4128 IntcAzAudAddService - ok
20:11:39.0182 4128 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:11:39.0182 4128 IntcDAud - ok
20:11:39.0272 4128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:11:39.0292 4128 intelide - ok
20:11:39.0402 4128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:11:39.0402 4128 intelppm - ok
20:11:39.0492 4128 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:39.0522 4128 IpFilterDriver - ok
20:11:39.0562 4128 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:11:39.0632 4128 IPMIDRV - ok
20:11:39.0822 4128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:11:39.0862 4128 IPNAT - ok
20:11:39.0922 4128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:11:39.0942 4128 IRENUM - ok
20:11:40.0002 4128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:11:40.0022 4128 isapnp - ok
20:11:40.0082 4128 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:11:40.0122 4128 iScsiPrt - ok
20:11:40.0202 4128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:11:40.0212 4128 kbdclass - ok
20:11:40.0232 4128 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:11:40.0262 4128 kbdhid - ok
20:11:40.0342 4128 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:11:40.0342 4128 KSecDD - ok
20:11:40.0362 4128 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:11:40.0362 4128 KSecPkg - ok
20:11:40.0452 4128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:11:40.0452 4128 ksthunk - ok
20:11:40.0582 4128 L1C (02dc6d53714636d7d1749a5a1f1595d6) C:\Windows\system32\DRIVERS\L1C60x64.sys
20:11:40.0582 4128 L1C - ok
20:11:40.0712 4128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:40.0712 4128 lltdio - ok
20:11:40.0832 4128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:11:40.0862 4128 LSI_FC - ok
20:11:40.0952 4128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:11:40.0982 4128 LSI_SAS - ok
20:11:41.0072 4128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:11:41.0102 4128 LSI_SAS2 - ok
20:11:41.0202 4128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:11:41.0232 4128 LSI_SCSI - ok
20:11:41.0322 4128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:11:41.0322 4128 luafv - ok
20:11:41.0362 4128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:11:41.0382 4128 megasas - ok
20:11:41.0492 4128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:11:41.0522 4128 MegaSR - ok
20:11:41.0602 4128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:11:41.0642 4128 Modem - ok
20:11:41.0672 4128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:11:41.0672 4128 monitor - ok
20:11:41.0712 4128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:11:41.0712 4128 mouclass - ok
20:11:41.0802 4128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
20:11:41.0822 4128 mouhid - ok
20:11:41.0892 4128 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:11:41.0892 4128 mountmgr - ok
20:11:41.0932 4128 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:11:41.0942 4128 mpio - ok
20:11:42.0032 4128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:11:42.0042 4128 mpsdrv - ok
20:11:42.0132 4128 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:11:42.0162 4128 MRxDAV - ok
20:11:42.0192 4128 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:42.0202 4128 mrxsmb - ok
20:11:42.0282 4128 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:42.0282 4128 mrxsmb10 - ok
20:11:42.0312 4128 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:42.0322 4128 mrxsmb20 - ok
20:11:42.0402 4128 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:11:42.0402 4128 msahci - ok
20:11:42.0442 4128 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:11:42.0442 4128 msdsm - ok
20:11:42.0542 4128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:11:42.0552 4128 Msfs - ok
20:11:42.0652 4128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:11:42.0672 4128 mshidkmdf - ok
20:11:42.0702 4128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:11:42.0702 4128 msisadrv - ok
20:11:42.0812 4128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:42.0812 4128 MSKSSRV - ok
20:11:42.0912 4128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:42.0912 4128 MSPCLOCK - ok
20:11:43.0012 4128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:11:43.0012 4128 MSPQM - ok
20:11:43.0052 4128 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:11:43.0062 4128 MsRPC - ok
20:11:43.0142 4128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:11:43.0142 4128 mssmbios - ok
20:11:43.0232 4128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:11:43.0252 4128 MSTEE - ok
20:11:43.0292 4128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:11:43.0312 4128 MTConfig - ok
20:11:43.0392 4128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:11:43.0392 4128 Mup - ok
20:11:43.0512 4128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:43.0512 4128 NativeWifiP - ok
20:11:43.0622 4128 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110718.017\ENG64.SYS
20:11:43.0622 4128 NAVENG - ok
20:11:43.0792 4128 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110718.017\EX64.SYS
20:11:43.0822 4128 NAVEX15 - ok
20:11:43.0932 4128 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:11:43.0952 4128 NDIS - ok
20:11:44.0032 4128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:44.0052 4128 NdisCap - ok
20:11:44.0132 4128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:44.0142 4128 NdisTapi - ok
20:11:44.0172 4128 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:44.0182 4128 Ndisuio - ok
20:11:44.0232 4128 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:44.0242 4128 NdisWan - ok
20:11:44.0292 4128 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:11:44.0292 4128 NDProxy - ok
20:11:44.0402 4128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:11:44.0402 4128 NetBIOS - ok
20:11:44.0442 4128 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:11:44.0442 4128 NetBT - ok
20:11:44.0772 4128 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:11:44.0932 4128 NETw5s64 - ok
20:11:45.0312 4128 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
20:11:45.0502 4128 NETwNs64 - ok
20:11:45.0602 4128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:11:45.0632 4128 nfrd960 - ok
20:11:45.0742 4128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:11:45.0742 4128 Npfs - ok
20:11:45.0752 4128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:11:45.0752 4128 nsiproxy - ok
20:11:45.0852 4128 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:11:45.0872 4128 Ntfs - ok
20:11:45.0962 4128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:11:45.0962 4128 Null - ok
20:11:46.0052 4128 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:11:46.0082 4128 nvraid - ok
20:11:46.0172 4128 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:11:46.0202 4128 nvstor - ok
20:11:46.0312 4128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:11:46.0352 4128 nv_agp - ok
20:11:46.0462 4128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:11:46.0482 4128 ohci1394 - ok
20:11:46.0632 4128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:11:46.0662 4128 Parport - ok
20:11:46.0682 4128 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:11:46.0692 4128 partmgr - ok
20:11:46.0762 4128 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:11:46.0772 4128 pci - ok
20:11:46.0802 4128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:11:46.0822 4128 pciide - ok
20:11:46.0902 4128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:11:46.0932 4128 pcmcia - ok
20:11:46.0972 4128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:11:46.0982 4128 pcw - ok
20:11:47.0042 4128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:11:47.0052 4128 PEAUTH - ok
20:11:47.0202 4128 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:11:47.0202 4128 PptpMiniport - ok
20:11:47.0252 4128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:11:47.0282 4128 Processor - ok
20:11:47.0392 4128 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:11:47.0392 4128 Psched - ok
20:11:47.0532 4128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:11:47.0582 4128 ql2300 - ok
20:11:47.0682 4128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:11:47.0712 4128 ql40xx - ok
20:11:47.0742 4128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:11:47.0762 4128 QWAVEdrv - ok
20:11:47.0862 4128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:11:47.0882 4128 RasAcd - ok
20:11:47.0972 4128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:47.0972 4128 RasAgileVpn - ok
20:11:48.0012 4128 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:48.0012 4128 Rasl2tp - ok
20:11:48.0112 4128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:48.0112 4128 RasPppoe - ok
20:11:48.0122 4128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:11:48.0122 4128 RasSstp - ok
20:11:48.0162 4128 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:11:48.0162 4128 rdbss - ok
20:11:48.0242 4128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:11:48.0242 4128 rdpbus - ok
20:11:48.0272 4128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:48.0272 4128 RDPCDD - ok
20:11:48.0362 4128 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:11:48.0402 4128 RDPDR - ok
20:11:48.0502 4128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:11:48.0502 4128 RDPENCDD - ok
20:11:48.0542 4128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:11:48.0542 4128 RDPREFMP - ok
20:11:48.0652 4128 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:11:48.0672 4128 RdpVideoMiniport - ok
20:11:48.0712 4128 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:11:48.0742 4128 RDPWD - ok
20:11:48.0842 4128 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:11:48.0852 4128 rdyboost - ok
20:11:48.0952 4128 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:11:48.0982 4128 RFCOMM - ok
20:11:49.0072 4128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:11:49.0082 4128 rspndr - ok
20:11:49.0122 4128 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:11:49.0142 4128 s3cap - ok
20:11:49.0232 4128 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:11:49.0262 4128 sbp2port - ok
20:11:49.0302 4128 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:11:49.0322 4128 scfilter - ok
20:11:49.0442 4128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:11:49.0442 4128 secdrv - ok
20:11:49.0562 4128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:11:49.0592 4128 Serenum - ok
20:11:49.0612 4128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:11:49.0642 4128 Serial - ok
20:11:49.0732 4128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:11:49.0752 4128 sermouse - ok
20:11:49.0792 4128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:11:49.0812 4128 sffdisk - ok
20:11:49.0842 4128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:11:49.0872 4128 sffp_mmc - ok
20:11:49.0912 4128 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:11:49.0912 4128 sffp_sd - ok
20:11:49.0962 4128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:11:49.0982 4128 sfloppy - ok
20:11:50.0132 4128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:11:50.0132 4128 SiSRaid2 - ok
20:11:50.0192 4128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:11:50.0232 4128 SiSRaid4 - ok
20:11:50.0272 4128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:11:50.0292 4128 Smb - ok
20:11:50.0442 4128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:11:50.0442 4128 spldr - ok
20:11:50.0492 4128 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
20:11:50.0502 4128 SRTSP - ok
20:11:50.0582 4128 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
20:11:50.0592 4128 SRTSPL - ok
20:11:50.0622 4128 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
20:11:50.0632 4128 SRTSPX - ok
20:11:50.0702 4128 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:11:50.0712 4128 srv - ok
20:11:50.0752 4128 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:11:50.0762 4128 srv2 - ok
20:11:50.0832 4128 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:11:50.0832 4128 srvnet - ok
20:11:50.0882 4128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:11:50.0912 4128 stexstor - ok
20:11:50.0992 4128 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:11:50.0992 4128 storflt - ok
20:11:51.0032 4128 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:11:51.0052 4128 storvsc - ok
20:11:51.0122 4128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:11:51.0122 4128 swenum - ok
20:11:51.0242 4128 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:11:51.0242 4128 SymEvent - ok
20:11:51.0452 4128 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
20:11:51.0482 4128 Synth3dVsc - ok
20:11:51.0582 4128 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\drivers\SynTP.sys
20:11:51.0582 4128 SynTP - ok
20:11:51.0732 4128 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
20:11:51.0752 4128 Tcpip - ok
20:11:51.0882 4128 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
20:11:51.0902 4128 TCPIP6 - ok
20:11:51.0982 4128 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:11:51.0982 4128 tcpipreg - ok
20:11:52.0032 4128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:11:52.0052 4128 TDPIPE - ok
20:11:52.0112 4128 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:11:52.0112 4128 TDTCP - ok
20:11:52.0162 4128 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:11:52.0162 4128 tdx - ok
20:11:52.0252 4128 Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys
20:11:52.0252 4128 Teefer2 - ok
20:11:52.0292 4128 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:11:52.0292 4128 TermDD - ok
20:11:52.0402 4128 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
20:11:52.0432 4128 terminpt - ok
20:11:52.0582 4128 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:52.0612 4128 tssecsrv - ok
20:11:52.0662 4128 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:11:52.0662 4128 TsUsbFlt - ok
20:11:52.0752 4128 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:11:52.0772 4128 TsUsbGD - ok
20:11:52.0782 4128 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
20:11:52.0812 4128 tsusbhub - ok
20:11:52.0852 4128 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:11:52.0852 4128 tunnel - ok
20:11:52.0942 4128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:11:52.0972 4128 uagp35 - ok
20:11:53.0012 4128 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:11:53.0042 4128 udfs - ok
20:11:53.0162 4128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:11:53.0202 4128 uliagpkx - ok
20:11:53.0302 4128 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:11:53.0302 4128 umbus - ok
20:11:53.0332 4128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:11:53.0352 4128 UmPass - ok
20:11:53.0452 4128 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:53.0452 4128 usbccgp - ok
20:11:53.0492 4128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:11:53.0522 4128 usbcir - ok
20:11:53.0602 4128 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:11:53.0602 4128 usbehci - ok
20:11:53.0632 4128 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
20:11:53.0642 4128 usbhub - ok
20:11:53.0712 4128 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:11:53.0732 4128 usbohci - ok
20:11:53.0762 4128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:11:53.0792 4128 usbprint - ok
20:11:53.0852 4128 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:53.0862 4128 USBSTOR - ok
20:11:53.0892 4128 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:11:53.0922 4128 usbuhci - ok
20:11:54.0002 4128 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:11:54.0002 4128 usbvideo - ok
20:11:54.0052 4128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:11:54.0052 4128 vdrvroot - ok
20:11:54.0152 4128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:54.0182 4128 vga - ok
20:11:54.0212 4128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:11:54.0222 4128 VgaSave - ok
20:11:54.0292 4128 VGPU - ok
20:11:54.0322 4128 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:11:54.0362 4128 vhdmp - ok
20:11:54.0392 4128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:11:54.0412 4128 viaide - ok
20:11:54.0472 4128 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:11:54.0502 4128 vmbus - ok
20:11:54.0522 4128 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:11:54.0552 4128 VMBusHID - ok
20:11:54.0582 4128 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:11:54.0592 4128 volmgr - ok
20:11:54.0672 4128 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:11:54.0682 4128 volmgrx - ok
20:11:54.0762 4128 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:11:54.0772 4128 volsnap - ok
20:11:54.0862 4128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:11:54.0912 4128 vsmraid - ok
20:11:54.0952 4128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:11:54.0952 4128 vwifibus - ok
20:11:55.0042 4128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:11:55.0042 4128 vwififlt - ok
20:11:55.0092 4128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:11:55.0092 4128 WacomPen - ok
20:11:55.0182 4128 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:55.0182 4128 WANARP - ok
20:11:55.0202 4128 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:55.0202 4128 Wanarpv6 - ok
20:11:55.0322 4128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:11:55.0322 4128 Wd - ok
20:11:55.0372 4128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:11:55.0382 4128 Wdf01000 - ok
20:11:55.0492 4128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:55.0492 4128 WfpLwf - ok
20:11:55.0522 4128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:11:55.0542 4128 WIMMount - ok
20:11:55.0682 4128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:11:55.0682 4128 WmiAcpi - ok
20:11:55.0742 4128 WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys
20:11:55.0744 4128 WPS - ok
20:11:55.0844 4128 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
20:11:55.0854 4128 WpsHelper - ok
20:11:55.0934 4128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:55.0964 4128 ws2ifsl - ok
20:11:56.0014 4128 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:11:56.0014 4128 WudfPf - ok
20:11:56.0114 4128 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:56.0114 4128 WUDFRd - ok
20:11:56.0164 4128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:11:56.0174 4128 \Device\Harddisk0\DR0 - ok
20:11:56.0184 4128 Boot (0x1200) (5ad61dc08f9d6a3bfed5d71646fdd58d) \Device\Harddisk0\DR0\Partition0
20:11:56.0184 4128 \Device\Harddisk0\DR0\Partition0 - ok
20:11:56.0184 4128 ============================================================
20:11:56.0184 4128 Scan finished
20:11:56.0184 4128 ============================================================
20:11:56.0204 3228 Detected object count: 0
20:11:56.0204 3228 Actual detected object count: 0

#6 braedz08

braedz08
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 16 November 2011 - 06:59 AM

umm, i'm not sure how exactly to bump this topic, but it has been over 48 hours without reply

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 16 November 2011 - 09:48 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 braedz08

braedz08
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 16 November 2011 - 05:42 PM

OTL logfile created on: 17/11/2011 9:24:01 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\coo0027\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.68 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 65.76% Memory free
7.35 Gb Paging File | 6.09 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 239.39 Gb Free Space | 80.31% Space Free | Partition Type: NTFS
Drive Z: | 300.00 Mb Total Space | 199.18 Mb Free Space | 66.39% Space Free | Partition Type: NTFS

Computer Name: COO0027-29000 | User Name: coo0027 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\coo0027\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110718.017\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110718.017\ENG64.SYS (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3988950075-150930456-352445659-16360\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3988950075-150930456-352445659-16360\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKU\S-1-5-21-3988950075-150930456-352445659-16360\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F DD DD D2 22 4C CC 01 [binary data]
IE - HKU\S-1-5-21-3988950075-150930456-352445659-16360\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3988950075-150930456-352445659-16360\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3988950075-150930456-352445659-16360\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2077975\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/15 04:35:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/14 17:50:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3988950075-150930456-352445659-16360\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3988950075-150930456-352445659-16360\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3988950075-150930456-352445659-16360\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3988950075-150930456-352445659-16360\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3988950075-150930456-352445659-16360\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - C:\Program Files (x86)\CADE 2.20.2\Web\new.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.132.24.32 10.132.24.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emc.edu.vic.gov.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB368E6A-2B0C-463B-ACD8-BC8D8853838D}: DhcpNameServer = 10.132.24.32 10.132.24.37
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 09:22:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\coo0027\Desktop\OTL.exe
[2011/11/16 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\coo0027\Documents\bluetooth
[2011/11/15 08:46:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/14 20:11:10 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\coo0027\Desktop\tdsskiller.exe
[2011/11/14 18:18:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/14 17:44:37 | 000,000,000 | ---D | C] -- C:\Device
[2011/11/14 16:45:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/14 16:45:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/14 16:45:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/14 16:44:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/14 16:44:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/14 16:41:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/13 21:41:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/08 22:58:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/08 16:24:16 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Skype
[2011/11/08 16:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/08 16:24:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/11/08 16:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/11/08 12:14:21 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/08 12:14:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/08 12:14:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/08 12:14:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/08 12:14:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/08 12:14:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/08 12:14:16 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/08 12:14:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/08 12:14:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/08 11:57:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/11/08 11:56:08 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/11/08 11:56:08 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/11/08 11:56:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/11/08 11:56:07 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/11/08 11:56:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/11/08 11:56:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/11/08 11:56:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/11/08 11:56:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/11/08 11:56:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/11/08 11:41:53 | 000,000,000 | ---D | C] -- C:\Cache
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\AppData\Local\Temporary Internet Files
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Templates
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Start Menu
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\SendTo
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Recent
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\PrintHood
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\NetHood
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Documents\My Videos
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Documents\My Pictures
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Documents\My Music
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\My Documents
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Local Settings
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\AppData\Local\History
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Cookies
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\Application Data
[2011/11/08 10:47:45 | 000,000,000 | -HSD | C] -- C:\Users\coo0027\AppData\Local\Application Data
[2011/11/08 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\coo0027\.thumbnails
[2011/11/08 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\coo0027\.freemind
[2011/11/08 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\coo0027\.alice2
[2011/11/08 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\coo0027\.alice
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\WMTools Downloaded Files
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Windows Live
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\VirtualStore
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Temp
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Symantec
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Songsmith
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\rSBI8Xq1Og0c
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Paint.NET
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\PACE Anti-Piracy
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Microsoft_Research
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Microsoft Help
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Microsoft Education Labs
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Microsoft
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\MathematicaPlayer
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\IsolatedStorage
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\intuit
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\HandBrake
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Google
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\ElevatedDiagnostics
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Diagnostics
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Apps
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\ApplicationHistory
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Apple Computer
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Apple
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\Adobe
[2011/11/08 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Local\{8E332D95-E7D8-498B-9133-1BA3806F16B2}
[2011/11/08 10:47:06 | 000,000,000 | --SD | C] -- C:\Users\coo0027\Documents\My Shapes
[2011/11/08 10:47:06 | 000,000,000 | --SD | C] -- C:\Users\coo0027\AppData\Roaming\Microsoft
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Videos
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Searches
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Documents\Scanned Documents
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Saved Games
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Pictures
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Music
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Links
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Favorites
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Downloads
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Documents
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Desktop
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\Contacts
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/08 10:47:06 | 000,000,000 | R--D | C] -- C:\Users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Win7codecs
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\vlc
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Stellarium
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Shark007
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\RapidTyping
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Plogue
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\PACE Anti-Piracy
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\Documents\OneNote Notebooks
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Nvu
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\NCH Software
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Mozilla
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\MonkeyJam
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Media Center Programs
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\MathematicaPlayer
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Malwarebytes
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Macromedia
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\Documents\LEGO Creations
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\IrfanView
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\inkscape
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Identities
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\IcoFX
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\HandBrake
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Google
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\FreeCAD
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\Documents\Fax
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\DVD Flick
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\DAEMON Tools Lite
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Canneverbe Limited
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Audacity
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\Documents\Adobe
[2011/11/08 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\coo0027\AppData\Roaming\Adobe
[2011/07/03 23:48:42 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2010/02/04 01:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/17 09:02:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 08:58:46 | 000,012,272 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 08:58:46 | 000,012,272 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 08:55:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\coo0027\Desktop\OTL.exe
[2011/11/17 08:54:54 | 000,802,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/17 08:54:54 | 000,678,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/17 08:54:54 | 000,134,474 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/17 08:52:11 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/17 08:50:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/17 08:50:04 | 2961,592,320 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/16 09:59:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/15 09:53:05 | 005,072,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/14 20:12:22 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\coo0027\Desktop\tdsskiller.exe
[2011/11/14 17:50:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/14 11:37:28 | 000,000,464 | ---- | M] () -- C:\ProgramData\cNSfS7Wqae2F6a
[2011/11/14 10:14:11 | 000,000,288 | ---- | M] () -- C:\ProgramData\~cNSfS7Wqae2F6a
[2011/11/14 10:14:11 | 000,000,208 | ---- | M] () -- C:\ProgramData\~cNSfS7Wqae2F6ar
[2011/11/14 10:13:51 | 000,000,681 | ---- | M] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/14 10:13:51 | 000,000,657 | ---- | M] () -- C:\Users\coo0027\Desktop\System Restore.lnk
[2011/11/11 18:48:49 | 000,000,448 | ---- | M] () -- C:\ProgramData\wT6jIXYLFIzNyN
[2011/11/11 18:47:10 | 000,000,304 | ---- | M] () -- C:\ProgramData\~wT6jIXYLFIzNyN
[2011/11/11 18:47:10 | 000,000,240 | ---- | M] () -- C:\ProgramData\~wT6jIXYLFIzNyNr
[2011/11/11 11:52:43 | 000,000,304 | ---- | M] () -- C:\ProgramData\~Aap2ZVQfQ8h9Ri
[2011/11/11 11:52:43 | 000,000,240 | ---- | M] () -- C:\ProgramData\~Aap2ZVQfQ8h9Rir
[2011/11/10 22:04:24 | 000,112,578 | ---- | M] () -- C:\Users\coo0027\Documents\IMG_10112011_220620.png
[2011/11/09 08:59:14 | 000,000,304 | ---- | M] () -- C:\ProgramData\~joq0899rHPZCq3
[2011/11/09 08:59:14 | 000,000,224 | ---- | M] () -- C:\ProgramData\~joq0899rHPZCq3r
[2011/11/08 12:31:25 | 000,779,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/08 11:41:26 | 000,005,999 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/08 10:48:16 | 000,001,437 | ---- | M] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 17:12:07 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/14 16:45:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/14 16:45:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/14 16:45:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/14 16:45:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/14 16:45:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/14 10:14:11 | 000,000,208 | ---- | C] () -- C:\ProgramData\~cNSfS7Wqae2F6ar
[2011/11/14 10:14:04 | 000,000,288 | ---- | C] () -- C:\ProgramData\~cNSfS7Wqae2F6a
[2011/11/14 10:13:51 | 000,000,681 | ---- | C] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/14 10:13:51 | 000,000,657 | ---- | C] () -- C:\Users\coo0027\Desktop\System Restore.lnk
[2011/11/14 10:13:46 | 000,000,464 | ---- | C] () -- C:\ProgramData\cNSfS7Wqae2F6a
[2011/11/11 18:47:10 | 000,000,240 | ---- | C] () -- C:\ProgramData\~wT6jIXYLFIzNyNr
[2011/11/11 18:47:09 | 000,000,304 | ---- | C] () -- C:\ProgramData\~wT6jIXYLFIzNyN
[2011/11/11 18:47:02 | 000,000,448 | ---- | C] () -- C:\ProgramData\wT6jIXYLFIzNyN
[2011/11/11 11:52:43 | 000,000,240 | ---- | C] () -- C:\ProgramData\~Aap2ZVQfQ8h9Rir
[2011/11/11 11:52:42 | 000,000,304 | ---- | C] () -- C:\ProgramData\~Aap2ZVQfQ8h9Ri
[2011/11/10 22:04:11 | 000,112,578 | ---- | C] () -- C:\Users\coo0027\Documents\IMG_10112011_220620.png
[2011/11/09 08:59:14 | 000,000,224 | ---- | C] () -- C:\ProgramData\~joq0899rHPZCq3r
[2011/11/09 08:59:11 | 000,000,304 | ---- | C] () -- C:\ProgramData\~joq0899rHPZCq3
[2011/11/08 10:48:16 | 000,001,437 | ---- | C] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/08 10:48:16 | 000,001,409 | ---- | C] () -- C:\Users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/11/08 10:47:43 | 000,000,218 | ---- | C] () -- C:\Users\coo0027\.recently-used.xbel
[2011/11/08 10:47:35 | 000,000,098 | ---- | C] () -- C:\Users\coo0027\AppData\Local\fusioncache.dat
[2011/11/08 10:47:24 | 000,000,017 | ---- | C] () -- C:\Users\coo0027\AppData\Local\resmon.resmoncfg
[2011/11/08 10:47:14 | 000,000,290 | ---- | C] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/08 10:47:14 | 000,000,272 | ---- | C] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/08 10:47:10 | 000,001,443 | ---- | C] () -- C:\Users\coo0027\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/17 11:20:12 | 000,005,999 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/28 12:33:08 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/07/28 11:20:09 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/21 11:45:16 | 000,779,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/20 13:08:29 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/07/20 13:08:29 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/07/20 13:08:29 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/07/20 13:08:29 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/07/20 13:08:29 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/06/20 08:10:44 | 003,888,128 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/06/17 10:26:10 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/17 10:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/11 20:09:18 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/04 18:28:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/04/11 17:01:36 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2007/04/11 17:01:20 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2005/08/31 16:12:40 | 000,925,696 | ---- | C] () -- C:\Windows\SysWow64\Flpcad.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1090 bytes -> C:\Users\coo0027\AppData\Local\Temp:RKr6Y43NiUa9VAioN9gXZJnRJ
@Alternate Data Stream - 1068 bytes -> C:\Users\coo0027\AppData\Local\rSBI8Xq1Og0c:sTmVveZQtixfvCH0H20BpQZ

< End of report >

Here are the results

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 17 November 2011 - 04:50 AM

Hello

I want you to run this custom OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 1090 bytes -> C:\Users\coo0027\AppData\Local\Temp:RKr6Y43NiUa9VAioN9gXZJnRJ
    @Alternate Data Stream - 1068 bytes -> C:\Users\coo0027\AppData\Local\rSBI8Xq1Og0c:sTmVveZQtixfvCH0H20BpQZ  
    [2011/11/14 11:37:28 | 000,000,464 | ---- | M] () -- C:\ProgramData\cNSfS7Wqae2F6a
    [2011/11/14 10:14:11 | 000,000,288 | ---- | M] () -- C:\ProgramData\~cNSfS7Wqae2F6a
    [2011/11/14 10:14:11 | 000,000,208 | ---- | M] () -- C:\ProgramData\~cNSfS7Wqae2F6ar
    [2011/11/14 10:13:51 | 000,000,681 | ---- | M] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/11/14 10:13:51 | 000,000,657 | ---- | M] () -- C:\Users\coo0027\Desktop\System Restore.lnk
    [2011/11/11 18:48:49 | 000,000,448 | ---- | M] () -- C:\ProgramData\wT6jIXYLFIzNyN
    [2011/11/11 18:47:10 | 000,000,304 | ---- | M] () -- C:\ProgramData\~wT6jIXYLFIzNyN
    [2011/11/11 18:47:10 | 000,000,240 | ---- | M] () -- C:\ProgramData\~wT6jIXYLFIzNyNr
    [2011/11/11 11:52:43 | 000,000,304 | ---- | M] () -- C:\ProgramData\~Aap2ZVQfQ8h9Ri
    [2011/11/11 11:52:43 | 000,000,240 | ---- | M] () -- C:\ProgramData\~Aap2ZVQfQ8h9Rir
    [2011/11/09 08:59:14 | 000,000,304 | ---- | M] () -- C:\ProgramData\~joq0899rHPZCq3
    [2011/11/09 08:59:14 | 000,000,224 | ---- | M] () -- C:\ProgramData\~joq0899rHPZCq3r
    [2011/11/14 10:14:11 | 000,000,208 | ---- | C] () -- C:\ProgramData\~cNSfS7Wqae2F6ar
    [2011/11/14 10:14:04 | 000,000,288 | ---- | C] () -- C:\ProgramData\~cNSfS7Wqae2F6a
    [2011/11/14 10:13:51 | 000,000,681 | ---- | C] () -- C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/11/14 10:13:51 | 000,000,657 | ---- | C] () -- C:\Users\coo0027\Desktop\System Restore.lnk
    [2011/11/14 10:13:46 | 000,000,464 | ---- | C] () -- C:\ProgramData\cNSfS7Wqae2F6a
    [2011/11/11 18:47:10 | 000,000,240 | ---- | C] () -- C:\ProgramData\~wT6jIXYLFIzNyNr
    [2011/11/11 18:47:09 | 000,000,304 | ---- | C] () -- C:\ProgramData\~wT6jIXYLFIzNyN
    [2011/11/11 18:47:02 | 000,000,448 | ---- | C] () -- C:\ProgramData\wT6jIXYLFIzNyN
    [2011/11/11 11:52:43 | 000,000,240 | ---- | C] () -- C:\ProgramData\~Aap2ZVQfQ8h9Rir
    [2011/11/11 11:52:42 | 000,000,304 | ---- | C] () -- C:\ProgramData\~Aap2ZVQfQ8h9Ri
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 braedz08

braedz08
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 17 November 2011 - 07:53 PM

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\Users\coo0027\AppData\Local\Temp:RKr6Y43NiUa9VAioN9gXZJnRJ deleted successfully.
ADS C:\Users\coo0027\AppData\Local\rSBI8Xq1Og0c:sTmVveZQtixfvCH0H20BpQZ deleted successfully.
C:\ProgramData\cNSfS7Wqae2F6a moved successfully.
C:\ProgramData\~cNSfS7Wqae2F6a moved successfully.
C:\ProgramData\~cNSfS7Wqae2F6ar moved successfully.
C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
C:\Users\coo0027\Desktop\System Restore.lnk moved successfully.
C:\ProgramData\wT6jIXYLFIzNyN moved successfully.
C:\ProgramData\~wT6jIXYLFIzNyN moved successfully.
C:\ProgramData\~wT6jIXYLFIzNyNr moved successfully.
C:\ProgramData\~Aap2ZVQfQ8h9Ri moved successfully.
C:\ProgramData\~Aap2ZVQfQ8h9Rir moved successfully.
C:\ProgramData\~joq0899rHPZCq3 moved successfully.
C:\ProgramData\~joq0899rHPZCq3r moved successfully.
File C:\ProgramData\~cNSfS7Wqae2F6ar not found.
File C:\ProgramData\~cNSfS7Wqae2F6a not found.
File C:\Users\coo0027\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.
File C:\Users\coo0027\Desktop\System Restore.lnk not found.
File C:\ProgramData\cNSfS7Wqae2F6a not found.
File C:\ProgramData\~wT6jIXYLFIzNyNr not found.
File C:\ProgramData\~wT6jIXYLFIzNyN not found.
File C:\ProgramData\wT6jIXYLFIzNyN not found.
File C:\ProgramData\~Aap2ZVQfQ8h9Rir not found.
File C:\ProgramData\~Aap2ZVQfQ8h9Ri not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\coo0027\Desktop\cmd.bat deleted successfully.
C:\Users\coo0027\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328057 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 58022 bytes

User: All Users

User: coo0027
->Temp folder emptied: 8612195 bytes
->Temporary Internet Files folder emptied: 122075167 bytes
->Java cache emptied: 417 bytes
->Flash cache emptied: 70344 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328057 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 58022 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalAdmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 330157 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 58022 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1526784 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2100 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 88771 bytes
RecycleBin emptied: 14429645 bytes

Total Files Cleaned = 141.00 mb


[EMPTYJAVA]

User: administrator
->Java cache emptied: 0 bytes

User: All Users

User: coo0027
->Java cache emptied: 0 bytes

User: Default
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: LocalAdmin
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: administrator
->Flash cache emptied: 0 bytes

User: All Users

User: coo0027
->Flash cache emptied: 456 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalAdmin
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11172011_221337

Files\Folders moved on Reboot...
C:\Users\coo0027\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR08U905\01[1].htm moved successfully.
File\Folder C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR08U905\like[1].htm not found!
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR08U905\sandbox[1].htm moved successfully.
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR08U905\serve[1].htm moved successfully.
File\Folder C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KB4BPVRO\drupal[2].js not found!
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KB4BPVRO\redirect_v94_cim_11_16_0[1].htm moved successfully.
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H51SNIHB\B5936077[1].htm moved successfully.
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIYOW68M\01[1].htm moved successfully.
C:\Users\coo0027\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIYOW68M\x[1].htm moved successfully.

Registry entries deleted on Reboot...

here's the log, and the computer is semingly the same as it was before i ran that scan.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 17 November 2011 - 09:29 PM

What problems do you still have


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 braedz08

braedz08
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 19 November 2011 - 06:26 AM

well, my background is black, and my taskbar has rectangles instead of those small squares that windows 7 usually has for programs.

and i seem to be getting invisible pop ups or something. like ads just start playing randomly even if i have no internet open.
oh and my internet says that it has stopped working sometimes (usually only on this site)

thats basically my only problems.
thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 19 November 2011 - 11:05 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 braedz08

braedz08
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 20 November 2011 - 05:08 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-20 20:02:32
-----------------------------
20:02:32.558 OS Version: Windows x64 6.1.7601 Service Pack 1
20:02:32.558 Number of processors: 2 586 0x2505
20:02:32.558 ComputerName: COO0027-29000 UserName: COO0027
20:02:34.134 Initialize success
20:04:44.697 The log file has been saved successfully to "C:\Users\coo0027\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-20 20:02:32
-----------------------------
20:02:32.558 OS Version: Windows x64 6.1.7601 Service Pack 1
20:02:32.558 Number of processors: 2 586 0x2505
20:02:32.558 ComputerName: COO0027-29000 UserName: COO0027
20:02:34.134 Initialize success
20:04:44.697 The log file has been saved successfully to "C:\Users\coo0027\Desktop\aswMBR.txt"
20:04:53.512 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:04:53.512 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11
20:04:55.540 Disk 0 MBR read successfully
20:04:55.540 Disk 0 MBR scan
20:04:55.555 Disk 0 TDL4@MBR code has been found
20:04:55.555 Disk 0 Windows 7 default MBR code found via API
20:04:55.555 Disk 0 MBR hidden
20:04:55.571 Disk 0 MBR [TDL4] **ROOTKIT**
20:04:55.571 Disk 0 trace - called modules:
20:04:55.571 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004b00254]<<
20:04:55.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae8380]
20:04:55.587 3 CLASSPNP.SYS[fffff880019ae43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800493f060]
20:04:55.602 \Driver\atapi[0xfffffa800492ccb0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004b00254
20:04:55.602 Scan finished successfully
20:05:00.937 Disk 0 MBR has been saved successfully to "C:\Users\coo0027\Desktop\MBR.dat"
20:05:00.953 The log file has been saved successfully to "C:\Users\coo0027\Desktop\aswMBR.txt"


oh and i realised today that the computer still has the redirecting problem on the internet

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:42 AM

Posted 20 November 2011 - 12:02 PM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users