Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus - Nothing Shows Up On Scans Except Hitman Pro


  • Please log in to reply
9 replies to this topic

#1 willatx

willatx

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 14 November 2011 - 05:18 PM

Hi guys,

Windows 7 user here. I get redirected to random websites when using search engines. I've tried all scans and nothing shows up, except when using hitman pro. I cant afford to buy a program but heres what it found.

--link-- http://i.imgur.com/VUidi.png

Here are some scan logs

MiniToolBox by Farbar
Ran by Will (administrator) on 14-11-2011 at 16:06:06
Windows 7 Home Premium (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Will-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-16-44-98-B4-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::95b3:81cf:fa53:afc9%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 14, 2011 3:58:48 PM
Lease Expires . . . . . . . . . . : Monday, November 21, 2011 3:58:48 PM
Default Gateway . . . . . . . . . : fe80::16d6:4dff:fe2a:3466%12
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : grandenetworks.net
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-A0-D1-88-77-66
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.grandenetworks.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2ce1:1770:e764:75c9(Preferred)
Link-local IPv6 Address . . . . . : fe80::2ce1:1770:e764:75c9%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C3964712-9435-465D-9275-5F7E80F154E2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 209.85.225.104
209.85.225.99
209.85.225.103
209.85.225.147
209.85.225.106
209.85.225.105


Pinging google.com [209.85.225.105] with 32 bytes of data:
Reply from 209.85.225.105: bytes=32 time=51ms TTL=51
Reply from 209.85.225.105: bytes=32 time=53ms TTL=51

Ping statistics for 209.85.225.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 53ms, Average = 52ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=64ms TTL=54
Reply from 67.195.160.76: bytes=32 time=64ms TTL=54

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 64ms, Average = 64ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 16 44 98 b4 b2 ......Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
11...00 a0 d1 88 77 66 ......Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 281
192.168.0.101 255.255.255.255 On-link 192.168.0.101 281
192.168.0.255 255.255.255.255 On-link 192.168.0.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
12 281 ::/0 fe80::16d6:4dff:fe2a:3466
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:2ce1:1770:e764:75c9/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::2ce1:1770:e764:75c9/128
On-link
12 281 fe80::95b3:81cf:fa53:afc9/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2011 01:58:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (11/14/2011 01:40:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16722, time stamp: 0x4d0c2f29
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7ab86
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x954
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 01:39:37 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.

Program: Internet Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/14/2011 01:39:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16722, time stamp: 0x4d0c2f29
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000bc5e6
Faulting process id: 0x954
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 01:26:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16722, time stamp: 0x4d0c2f29
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x138
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 01:25:58 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.

Program: Internet Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/14/2011 01:25:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16722, time stamp: 0x4d0c2f29
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x000e7984
Faulting process id: 0x138
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 01:25:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16722, time stamp: 0x4d0c2f29
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74004100
Faulting process id: 0x138
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2011 00:57:56 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.

Program: Internet Explorer
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (11/14/2011 00:57:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16722, time stamp: 0x4d0c2f29
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000001d
Fault offset: 0x00034681
Faulting process id: 0xe18
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (11/14/2011 03:59:44 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:59:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:59:43 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (11/14/2011 03:58:58 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:58:51 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:58:48 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:58:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:58:45 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:54:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/14/2011 03:53:03 PM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 2.0.2)
AC3Filter (remove only)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 10 Plugin (Version: 10.1.53.64)
Adobe Reader 9.4.5 (Version: 9.4.5)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Bonjour (Version: 3.0.0.2)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility64 (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
Diablo II
DivX Web Player (Version: 1.5.0)
Google Earth Plug-in (Version: 6.1.0.4857)
Google Update Helper (Version: 1.3.21.79)
HiJackThis (Version: 1.0.0)
Hitman Pro 3.5 (Version: 3.5.9.131)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series (Version: 1.10.0000)
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 22 (Version: 6.0.220)
LimeWire 5.5.16 (Version: 5.5.16)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
PokerStars
QuickTime (Version: 7.69.80.9)
Skins (Version: 2010.0210.2339.42455)
Skype™ 5.0 (Version: 5.0.156)
thinkorswim from TD AMERITRADE
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (KB2466076)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Veetle TV 0.9.18 (Version: 0.9.18)
VLC media player 1.1.11 (Version: 1.1.11)
vShare Plugin
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets (Version: 4.5.2.0)

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 1918.03 MB
Available physical RAM: 708.14 MB
Total Pagefile: 3836.05 MB
Available Pagefile: 2305.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.06 MB

========================= Partitions: =====================================

1 Drive c: (SQ004621V02) (Fixed) (Total:110.32 GB) (Free:56.1 GB) NTFS

========================= Users: ========================================

User accounts for \\WILL-PC

Administrator Guest Will

========================= Minidump Files ==================================

No minidump file found

**** End of log ****














Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8147

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/14/2011 3:55:36 PM
mbam-log-2011-11-14 (15-55-36).txt

Scan type: Quick scan
Objects scanned: 170289
Time elapsed: 15 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-14 16:11:32
Windows 6.1.7600
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Will\AppData\Local\Temp\~DFB1A58309258D57F4.TMP 0 bytes

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Will at 15:32:14 on 2011-11-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.591 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\Philips\SPC610NC\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Will\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{566FF3B7-80F2-4D50-9790-BF9C4A5B79E0} : DhcpNameServer = 66.90.130.101 66.90.130.10
TCP: Interfaces\{C3964712-9435-465D-9275-5F7E80F154E2} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C3964712-9435-465D-9275-5F7E80F154E2}\140747E202632313027596C6C6023586162756024302422303F2D4F6E64786 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C3964712-9435-465D-9275-5F7E80F154E2}\2656C6B696E6534376 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{C3964712-9435-465D-9275-5F7E80F154E2}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C3964712-9435-465D-9275-5F7E80F154E2}\A45637573702943702143702255616C6021437023516E64716 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C3964712-9435-465D-9275-5F7E80F154E2}\B456E6A6F6C6 : DhcpNameServer = 192.168.41.1
TCP: Interfaces\{C3964712-9435-465D-9275-5F7E80F154E2}\C4F6E67686F627E6 : DhcpNameServer = 192.168.40.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\jv55h5ei.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\Will\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys --> C:\Windows\system32\DRIVERS\RTL8187B.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-5 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SPC610NC;SPC 610NC Laptop Camera;C:\Windows\system32\DRIVERS\SPC610NC.SYS --> C:\Windows\system32\DRIVERS\SPC610NC.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-14 20:38:14 388096 ----a-r- C:\Users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 20:38:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-14 20:28:46 111408 ----a-w- C:\Windows\System32\drivers\33597240.sys
2011-11-14 20:27:52 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4778B143-22B9-4BA1-A714-2ED92F6109FD}\offreg.dll
2011-11-14 05:24:27 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4778B143-22B9-4BA1-A714-2ED92F6109FD}\mpengine.dll
2011-11-13 03:00:47 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-11-13 03:00:44 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-11-13 03:00:14 -------- d-----w- C:\ProgramData\Hitman Pro
2011-11-13 02:28:05 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-12 17:02:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-12 16:58:27 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-12 16:58:26 801752 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-11-12 16:58:26 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-11-12 16:58:26 1989592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-11-12 16:58:26 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-11-12 16:58:25 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-11-12 16:58:25 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-12 16:58:25 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-11-05 17:06:24 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 15:25:56 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A35BAE03-AEA4-4DEF-A376-041E7E34B741}\gapaengine.dll
2011-11-04 15:12:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-04 15:11:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-04 15:11:03 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-10-27 07:01:19 -------- d-----w- C:\Users\Will\AppData\Roaming\ivS2obF3pa6W8R9
2011-10-27 07:01:17 -------- d-----w- C:\Users\Will\AppData\Roaming\jXwkUVelOtPyAiD
2011-10-27 07:01:13 -------- d-----w- C:\Users\Will\AppData\Roaming\udEK8gRZ9YweIzc
2011-10-27 07:01:11 -------- d-----w- C:\Users\Will\AppData\Roaming\GxP0ucS1iDoGa
2011-10-27 07:01:07 -------- d-----w- C:\Users\Will\AppData\Roaming\clOBtzP0yAiDo4m
2011-10-27 07:01:06 -------- d-----w- C:\Users\Will\AppData\Roaming\vgTZqjYCwIrOtPu
2011-10-27 07:01:02 -------- d-----w- C:\Users\Will\AppData\Roaming\oWJ7fEL8gZhCkVl
2011-10-27 07:01:00 -------- d-----w- C:\Users\Will\AppData\Roaming\sL9hTXqjUeIrOyA
2011-10-27 06:59:59 -------- d-----w- C:\Users\Will\AppData\Roaming\ALYXwkUVeOtPyAi
2011-10-27 06:58:57 -------- d-----w- C:\Users\Will\AppData\Roaming\FjUVelIBtPyAuDo
2011-10-27 06:57:59 -------- d-----w- C:\Users\Will\AppData\Roaming\upmGaQJ6dKfLhXj
2011-10-27 06:56:59 -------- d-----w- C:\Users\Will\AppData\Roaming\ollOOBP0ycSiD3n
2011-10-27 06:55:59 -------- d-----w- C:\Users\Will\AppData\Roaming\z55aaQH66dK7f
2011-10-27 06:54:56 -------- d-----w- C:\Users\Will\AppData\Roaming\vjYYCekIVrzN0c2
2011-10-27 06:53:59 -------- d-----w- C:\Users\Will\AppData\Roaming\sLL88gRRZqhXkUe
2011-10-27 06:52:59 -------- d-----w- C:\Users\Will\AppData\Roaming\L0uuvSS2ibFpn5a
2011-10-27 06:51:55 -------- d-----w- C:\Users\Will\AppData\Roaming\YUeellIBPNyx1uS
2011-10-27 06:50:57 -------- d-----w- C:\Users\Will\AppData\Roaming\B22obF33m6fL9TX
2011-10-27 06:49:57 -------- d-----w- C:\Users\Will\AppData\Roaming\PIzPNycA1uvD2b
2011-10-27 06:48:56 -------- d-----w- C:\Users\Will\AppData\Roaming\LTXXqqjYCek
2011-10-27 06:47:59 -------- d-----w- C:\Users\Will\AppData\Roaming\goonFF4ms7EgZYw
2011-10-27 06:46:58 -------- d-----w- C:\Users\Will\AppData\Roaming\PSS22obFpm5aJdR
2011-10-27 06:45:52 -------- d-----w- C:\Users\Will\AppData\Roaming\TZqqjwkIVONt0ci
2011-10-27 06:44:56 -------- d-----w- C:\Users\Will\AppData\Roaming\g9TTXjelBzx1v2F
2011-10-27 06:43:55 -------- d-----w- C:\Users\Will\AppData\Roaming\zTTTZqqhYCwkVrO
.
==================== Find3M ====================
.
.
============= FINISH: 15:40:37.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:23 AM

Posted 14 November 2011 - 06:38 PM

Hello willatx ,

Posted Image

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 willatx

willatx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 14 November 2011 - 10:52 PM

Nothing found on the tds scan, here's the log

21:50:04.0895 5108 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
21:50:05.0055 5108 ============================================================
21:50:05.0055 5108 Current date / time: 2011/11/14 21:50:05.0055
21:50:05.0055 5108 SystemInfo:
21:50:05.0055 5108
21:50:05.0055 5108 OS Version: 6.1.7600 ServicePack: 0.0
21:50:05.0055 5108 Product type: Workstation
21:50:05.0055 5108 ComputerName: WILL-PC
21:50:05.0055 5108 UserName: Will
21:50:05.0055 5108 Windows directory: C:\Windows
21:50:05.0055 5108 System windows directory: C:\Windows
21:50:05.0055 5108 Running under WOW64
21:50:05.0055 5108 Processor architecture: Intel x64
21:50:05.0055 5108 Number of processors: 2
21:50:05.0055 5108 Page size: 0x1000
21:50:05.0055 5108 Boot type: Normal boot
21:50:05.0055 5108 ============================================================
21:50:11.0371 5108 Initialize success
21:50:13.0817 0108 ============================================================
21:50:13.0817 0108 Scan started
21:50:13.0817 0108 Mode: Manual;
21:50:13.0817 0108 ============================================================
21:50:17.0499 0108 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:50:17.0509 0108 1394ohci - ok
21:50:17.0819 0108 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:50:17.0829 0108 ACPI - ok
21:50:17.0959 0108 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:50:17.0959 0108 AcpiPmi - ok
21:50:18.0139 0108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:50:18.0149 0108 adp94xx - ok
21:50:18.0239 0108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:50:18.0249 0108 adpahci - ok
21:50:18.0309 0108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:50:18.0329 0108 adpu320 - ok
21:50:18.0389 0108 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
21:50:18.0399 0108 AFD - ok
21:50:18.0499 0108 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
21:50:18.0519 0108 AgereSoftModem - ok
21:50:18.0619 0108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:50:18.0619 0108 agp440 - ok
21:50:18.0699 0108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:50:18.0699 0108 aliide - ok
21:50:18.0769 0108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:50:18.0769 0108 amdide - ok
21:50:18.0819 0108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:50:18.0819 0108 AmdK8 - ok
21:50:18.0869 0108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:50:18.0869 0108 AmdPPM - ok
21:50:18.0929 0108 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:50:18.0939 0108 amdsata - ok
21:50:18.0969 0108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:50:18.0969 0108 amdsbs - ok
21:50:19.0089 0108 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:50:19.0099 0108 amdxata - ok
21:50:19.0189 0108 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:50:19.0209 0108 AppID - ok
21:50:19.0319 0108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:50:19.0340 0108 arc - ok
21:50:19.0401 0108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:50:19.0401 0108 arcsas - ok
21:50:19.0441 0108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:19.0451 0108 AsyncMac - ok
21:50:19.0471 0108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:50:19.0471 0108 atapi - ok
21:50:20.0281 0108 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
21:50:20.0451 0108 atikmdag - ok
21:50:20.0641 0108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:50:20.0651 0108 b06bdrv - ok
21:50:20.0691 0108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:50:20.0691 0108 b57nd60a - ok
21:50:20.0801 0108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:50:20.0801 0108 Beep - ok
21:50:20.0861 0108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:50:20.0861 0108 blbdrive - ok
21:50:20.0911 0108 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:50:20.0911 0108 bowser - ok
21:50:21.0011 0108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:50:21.0011 0108 BrFiltLo - ok
21:50:21.0041 0108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:50:21.0041 0108 BrFiltUp - ok
21:50:21.0101 0108 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:50:21.0101 0108 Bridge - ok
21:50:21.0131 0108 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:50:21.0141 0108 BridgeMP - ok
21:50:21.0281 0108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:50:21.0291 0108 Brserid - ok
21:50:21.0321 0108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:50:21.0321 0108 BrSerWdm - ok
21:50:21.0351 0108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:50:21.0361 0108 BrUsbMdm - ok
21:50:21.0541 0108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:50:21.0541 0108 BrUsbSer - ok
21:50:21.0631 0108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:50:21.0641 0108 BTHMODEM - ok
21:50:21.0731 0108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:50:21.0731 0108 cdfs - ok
21:50:21.0811 0108 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:50:21.0811 0108 cdrom - ok
21:50:21.0891 0108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:50:21.0891 0108 circlass - ok
21:50:21.0961 0108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:50:21.0961 0108 CLFS - ok
21:50:22.0051 0108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:22.0051 0108 CmBatt - ok
21:50:22.0111 0108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:50:22.0111 0108 cmdide - ok
21:50:22.0141 0108 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:50:22.0151 0108 CNG - ok
21:50:22.0191 0108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:50:22.0191 0108 Compbatt - ok
21:50:22.0251 0108 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:50:22.0261 0108 CompositeBus - ok
21:50:22.0421 0108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:50:22.0431 0108 crcdisk - ok
21:50:22.0711 0108 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
21:50:22.0721 0108 DfsC - ok
21:50:22.0781 0108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:50:22.0781 0108 discache - ok
21:50:22.0831 0108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:50:22.0841 0108 Disk - ok
21:50:22.0931 0108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:50:22.0931 0108 drmkaud - ok
21:50:23.0011 0108 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
21:50:23.0031 0108 DXGKrnl - ok
21:50:23.0321 0108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:50:23.0381 0108 ebdrv - ok
21:50:23.0521 0108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:50:23.0531 0108 elxstor - ok
21:50:23.0551 0108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:50:23.0551 0108 ErrDev - ok
21:50:23.0631 0108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:50:23.0631 0108 exfat - ok
21:50:23.0701 0108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:50:23.0711 0108 fastfat - ok
21:50:23.0781 0108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:50:23.0781 0108 fdc - ok
21:50:23.0831 0108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:50:23.0841 0108 FileInfo - ok
21:50:23.0911 0108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:50:23.0921 0108 Filetrace - ok
21:50:23.0965 0108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:50:23.0966 0108 flpydisk - ok
21:50:24.0023 0108 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:50:24.0023 0108 FltMgr - ok
21:50:24.0153 0108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:50:24.0153 0108 FsDepends - ok
21:50:24.0193 0108 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:50:24.0203 0108 Fs_Rec - ok
21:50:24.0243 0108 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
21:50:24.0243 0108 fvevol - ok
21:50:24.0293 0108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:50:24.0293 0108 gagp30kx - ok
21:50:24.0393 0108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:50:24.0393 0108 GEARAspiWDM - ok
21:50:24.0503 0108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:50:24.0513 0108 hcw85cir - ok
21:50:24.0663 0108 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:50:24.0663 0108 HdAudAddService - ok
21:50:24.0713 0108 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:50:24.0713 0108 HDAudBus - ok
21:50:24.0793 0108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:50:24.0803 0108 HidBatt - ok
21:50:24.0973 0108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:50:24.0983 0108 HidBth - ok
21:50:25.0093 0108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:50:25.0093 0108 HidIr - ok
21:50:25.0283 0108 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:50:25.0283 0108 HidUsb - ok
21:50:25.0363 0108 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:50:25.0363 0108 HpSAMD - ok
21:50:25.0423 0108 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:50:25.0433 0108 HTTP - ok
21:50:25.0503 0108 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:50:25.0503 0108 hwpolicy - ok
21:50:25.0633 0108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:50:25.0643 0108 i8042prt - ok
21:50:25.0693 0108 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:50:25.0703 0108 iaStorV - ok
21:50:25.0773 0108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:50:25.0783 0108 iirsp - ok
21:50:25.0813 0108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:50:25.0813 0108 intelide - ok
21:50:25.0883 0108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:50:25.0883 0108 intelppm - ok
21:50:25.0903 0108 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:25.0903 0108 IpFilterDriver - ok
21:50:25.0983 0108 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:50:25.0983 0108 IPMIDRV - ok
21:50:26.0003 0108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:50:26.0003 0108 IPNAT - ok
21:50:26.0073 0108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:50:26.0073 0108 IRENUM - ok
21:50:26.0093 0108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:50:26.0093 0108 isapnp - ok
21:50:26.0163 0108 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:50:26.0163 0108 iScsiPrt - ok
21:50:26.0193 0108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:50:26.0203 0108 kbdclass - ok
21:50:26.0273 0108 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:50:26.0273 0108 kbdhid - ok
21:50:26.0343 0108 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:50:26.0353 0108 KSecDD - ok
21:50:26.0383 0108 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:50:26.0393 0108 KSecPkg - ok
21:50:26.0443 0108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:50:26.0443 0108 ksthunk - ok
21:50:26.0585 0108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:50:26.0585 0108 lltdio - ok
21:50:26.0665 0108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:50:26.0665 0108 LSI_FC - ok
21:50:26.0715 0108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:50:26.0725 0108 LSI_SAS - ok
21:50:26.0815 0108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:50:26.0815 0108 LSI_SAS2 - ok
21:50:26.0945 0108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:50:26.0955 0108 LSI_SCSI - ok
21:50:27.0005 0108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:50:27.0015 0108 luafv - ok
21:50:27.0145 0108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:50:27.0145 0108 megasas - ok
21:50:27.0255 0108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:50:27.0275 0108 MegaSR - ok
21:50:27.0455 0108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:50:27.0455 0108 Modem - ok
21:50:27.0605 0108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:50:27.0605 0108 monitor - ok
21:50:27.0655 0108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:50:27.0655 0108 mouclass - ok
21:50:27.0745 0108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:50:27.0755 0108 mouhid - ok
21:50:27.0785 0108 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:50:27.0785 0108 mountmgr - ok
21:50:27.0915 0108 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:50:27.0925 0108 MpFilter - ok
21:50:27.0965 0108 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:50:27.0975 0108 mpio - ok
21:50:28.0095 0108 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:50:28.0095 0108 MpNWMon - ok
21:50:28.0115 0108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:50:28.0125 0108 mpsdrv - ok
21:50:28.0165 0108 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:50:28.0165 0108 MRxDAV - ok
21:50:28.0205 0108 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:28.0205 0108 mrxsmb - ok
21:50:28.0315 0108 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:28.0315 0108 mrxsmb10 - ok
21:50:28.0345 0108 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:28.0355 0108 mrxsmb20 - ok
21:50:28.0385 0108 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:50:28.0385 0108 msahci - ok
21:50:28.0415 0108 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:50:28.0415 0108 msdsm - ok
21:50:28.0505 0108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:50:28.0505 0108 Msfs - ok
21:50:28.0545 0108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:50:28.0545 0108 mshidkmdf - ok
21:50:28.0595 0108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:50:28.0595 0108 msisadrv - ok
21:50:28.0645 0108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:50:28.0645 0108 MSKSSRV - ok
21:50:28.0865 0108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:28.0865 0108 MSPCLOCK - ok
21:50:28.0935 0108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:50:28.0945 0108 MSPQM - ok
21:50:29.0165 0108 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:50:29.0175 0108 MsRPC - ok
21:50:29.0225 0108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:50:29.0225 0108 mssmbios - ok
21:50:29.0305 0108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:50:29.0305 0108 MSTEE - ok
21:50:29.0365 0108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:50:29.0365 0108 MTConfig - ok
21:50:29.0415 0108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:50:29.0425 0108 Mup - ok
21:50:29.0485 0108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:50:29.0495 0108 NativeWifiP - ok
21:50:29.0715 0108 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:50:29.0745 0108 NDIS - ok
21:50:29.0887 0108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:50:29.0887 0108 NdisCap - ok
21:50:29.0977 0108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:29.0987 0108 NdisTapi - ok
21:50:30.0357 0108 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:30.0377 0108 Ndisuio - ok
21:50:30.0577 0108 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:30.0587 0108 NdisWan - ok
21:50:30.0757 0108 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:50:30.0767 0108 NDProxy - ok
21:50:30.0999 0108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:50:31.0019 0108 NetBIOS - ok
21:50:31.0209 0108 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:50:31.0219 0108 NetBT - ok
21:50:31.0301 0108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:50:31.0301 0108 nfrd960 - ok
21:50:31.0421 0108 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:50:31.0421 0108 NisDrv - ok
21:50:31.0501 0108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:50:31.0511 0108 Npfs - ok
21:50:31.0541 0108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:50:31.0541 0108 nsiproxy - ok
21:50:31.0641 0108 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:50:31.0671 0108 Ntfs - ok
21:50:31.0761 0108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:50:31.0761 0108 Null - ok
21:50:31.0821 0108 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:50:31.0831 0108 nvraid - ok
21:50:31.0851 0108 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:50:31.0861 0108 nvstor - ok
21:50:31.0881 0108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:50:31.0891 0108 nv_agp - ok
21:50:31.0964 0108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:50:31.0967 0108 ohci1394 - ok
21:50:32.0055 0108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:50:32.0055 0108 Parport - ok
21:50:32.0075 0108 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:50:32.0085 0108 partmgr - ok
21:50:32.0197 0108 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:50:32.0217 0108 pci - ok
21:50:32.0347 0108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:50:32.0347 0108 pciide - ok
21:50:32.0499 0108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:50:32.0509 0108 pcmcia - ok
21:50:32.0609 0108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:50:32.0629 0108 pcw - ok
21:50:32.0849 0108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:50:32.0859 0108 PEAUTH - ok
21:50:33.0141 0108 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:50:33.0161 0108 PptpMiniport - ok
21:50:33.0252 0108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:50:33.0260 0108 Processor - ok
21:50:33.0513 0108 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:50:33.0523 0108 Psched - ok
21:50:33.0943 0108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:50:34.0013 0108 ql2300 - ok
21:50:34.0315 0108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:50:34.0325 0108 ql40xx - ok
21:50:34.0645 0108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:50:34.0655 0108 QWAVEdrv - ok
21:50:34.0965 0108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:50:35.0005 0108 RasAcd - ok
21:50:36.0045 0108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:50:36.0085 0108 RasAgileVpn - ok
21:50:36.0825 0108 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:36.0835 0108 Rasl2tp - ok
21:50:37.0765 0108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:37.0795 0108 RasPppoe - ok
21:50:38.0195 0108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:50:38.0215 0108 RasSstp - ok
21:50:38.0509 0108 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:50:38.0539 0108 rdbss - ok
21:50:38.0930 0108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:50:38.0951 0108 rdpbus - ok
21:50:39.0471 0108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:39.0471 0108 RDPCDD - ok
21:50:39.0711 0108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:50:39.0711 0108 RDPENCDD - ok
21:50:39.0941 0108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:50:39.0941 0108 RDPREFMP - ok
21:50:40.0291 0108 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:50:40.0331 0108 RDPWD - ok
21:50:40.0881 0108 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:50:40.0911 0108 rdyboost - ok
21:50:41.0971 0108 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
21:50:41.0981 0108 rismxdp - ok
21:50:42.0251 0108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:50:42.0251 0108 rspndr - ok
21:50:42.0340 0108 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:50:42.0344 0108 RTL8167 - ok
21:50:42.0765 0108 RTL8187B (945ab249d12cbe044782430c6013aa1a) C:\Windows\system32\DRIVERS\RTL8187B.sys
21:50:42.0775 0108 RTL8187B - ok
21:50:43.0435 0108 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:50:43.0435 0108 sbp2port - ok
21:50:43.0825 0108 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:50:43.0825 0108 scfilter - ok
21:50:44.0057 0108 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
21:50:44.0067 0108 sdbus - ok
21:50:44.0247 0108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:50:44.0257 0108 secdrv - ok
21:50:44.0527 0108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:50:44.0527 0108 Serenum - ok
21:50:44.0717 0108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:50:44.0727 0108 Serial - ok
21:50:44.0917 0108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:50:44.0917 0108 sermouse - ok
21:50:45.0007 0108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:50:45.0017 0108 sffdisk - ok
21:50:45.0387 0108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:50:45.0397 0108 sffp_mmc - ok
21:50:45.0567 0108 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:50:45.0577 0108 sffp_sd - ok
21:50:45.0637 0108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:50:45.0639 0108 sfloppy - ok
21:50:45.0711 0108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:50:45.0719 0108 SiSRaid2 - ok
21:50:45.0739 0108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:50:45.0749 0108 SiSRaid4 - ok
21:50:45.0818 0108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:50:45.0821 0108 Smb - ok
21:50:45.0961 0108 SPC610NC (7a08f67a9e4342eda4845165d3bee476) C:\Windows\system32\DRIVERS\SPC610NC.SYS
21:50:45.0971 0108 SPC610NC - ok
21:50:46.0031 0108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:50:46.0041 0108 spldr - ok
21:50:46.0101 0108 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
21:50:46.0111 0108 srv - ok
21:50:46.0161 0108 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
21:50:46.0171 0108 srv2 - ok
21:50:46.0241 0108 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
21:50:46.0241 0108 srvnet - ok
21:50:46.0321 0108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:50:46.0321 0108 stexstor - ok
21:50:46.0371 0108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:50:46.0371 0108 swenum - ok
21:50:46.0541 0108 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
21:50:46.0571 0108 Tcpip - ok
21:50:46.0743 0108 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
21:50:46.0763 0108 TCPIP6 - ok
21:50:47.0175 0108 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:50:47.0185 0108 tcpipreg - ok
21:50:47.0575 0108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:50:47.0585 0108 TDPIPE - ok
21:50:47.0845 0108 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:50:47.0845 0108 TDTCP - ok
21:50:47.0915 0108 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:50:47.0915 0108 tdx - ok
21:50:47.0995 0108 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:50:47.0995 0108 TermDD - ok
21:50:48.0065 0108 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:48.0075 0108 tssecsrv - ok
21:50:48.0125 0108 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:50:48.0135 0108 tunnel - ok
21:50:48.0235 0108 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:50:48.0235 0108 TVALZ - ok
21:50:48.0275 0108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:50:48.0275 0108 uagp35 - ok
21:50:48.0325 0108 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:50:48.0335 0108 udfs - ok
21:50:48.0385 0108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:50:48.0395 0108 uliagpkx - ok
21:50:48.0445 0108 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:50:48.0445 0108 umbus - ok
21:50:48.0475 0108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:50:48.0475 0108 UmPass - ok
21:50:48.0565 0108 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:50:48.0575 0108 USBAAPL64 - ok
21:50:48.0615 0108 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:48.0615 0108 usbccgp - ok
21:50:48.0799 0108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:50:48.0802 0108 usbcir - ok
21:50:48.0827 0108 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
21:50:48.0827 0108 usbehci - ok
21:50:48.0877 0108 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
21:50:48.0897 0108 usbhub - ok
21:50:49.0347 0108 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:50:49.0357 0108 usbohci - ok
21:50:49.0467 0108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:50:49.0467 0108 usbprint - ok
21:50:49.0597 0108 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:50:49.0597 0108 usbscan - ok
21:50:49.0677 0108 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:49.0687 0108 USBSTOR - ok
21:50:49.0823 0108 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:50:49.0837 0108 usbuhci - ok
21:50:50.0081 0108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:50:50.0091 0108 vdrvroot - ok
21:50:50.0291 0108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:50.0301 0108 vga - ok
21:50:50.0431 0108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:50:50.0431 0108 VgaSave - ok
21:50:50.0481 0108 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:50:50.0491 0108 vhdmp - ok
21:50:50.0541 0108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:50:50.0541 0108 viaide - ok
21:50:50.0631 0108 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:50:50.0631 0108 volmgr - ok
21:50:50.0691 0108 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:50:50.0701 0108 volmgrx - ok
21:50:50.0753 0108 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:50:50.0763 0108 volsnap - ok
21:50:50.0923 0108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:50:50.0923 0108 vsmraid - ok
21:50:50.0953 0108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:50:50.0953 0108 vwifibus - ok
21:50:51.0253 0108 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:50:51.0263 0108 VWiFiFlt - ok
21:50:51.0433 0108 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:50:51.0433 0108 vwifimp - ok
21:50:51.0474 0108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:50:51.0484 0108 WacomPen - ok
21:50:51.0524 0108 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:50:51.0534 0108 WANARP - ok
21:50:51.0544 0108 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:50:51.0544 0108 Wanarpv6 - ok
21:50:51.0851 0108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:50:51.0852 0108 Wd - ok
21:50:52.0158 0108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:50:52.0188 0108 Wdf01000 - ok
21:50:52.0524 0108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:50:52.0524 0108 WfpLwf - ok
21:50:52.0734 0108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:50:52.0734 0108 WIMMount - ok
21:50:53.0211 0108 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:50:53.0233 0108 WinUsb - ok
21:50:53.0615 0108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:50:53.0618 0108 WmiAcpi - ok
21:50:54.0388 0108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:50:54.0405 0108 ws2ifsl - ok
21:50:54.0732 0108 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:50:54.0742 0108 WudfPf - ok
21:50:54.0872 0108 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:54.0872 0108 WUDFRd - ok
21:50:55.0026 0108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:50:55.0056 0108 \Device\Harddisk0\DR0 - ok
21:50:55.0076 0108 Boot (0x1200) (2beabbf8a0309c9f3f1bb9ceb5ee9aac) \Device\Harddisk0\DR0\Partition0
21:50:55.0086 0108 \Device\Harddisk0\DR0\Partition0 - ok
21:50:55.0086 0108 ============================================================
21:50:55.0086 0108 Scan finished
21:50:55.0086 0108 ============================================================
21:50:55.0136 0284 Detected object count: 0
21:50:55.0136 0284 Actual detected object count: 0

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:23 AM

Posted 15 November 2011 - 12:16 PM

Hello,

Thanks for that. :)

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If McAfee gives you any problems, you may have to temporarily uninstall it. For some reason, this is common with McAfee. <_<

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to willatx.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 willatx

willatx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 15 November 2011 - 10:03 PM

ComboFix 11-11-15.06 - Will 11/15/2011 19:56:31.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.841 [GMT -6:00]
Running from: c:\users\Will\Downloads\willatx.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Will\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 02:32 . 2011-11-16 02:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B95422C-2BD4-4A88-B620-5E0D4B528D93}\offreg.dll
2011-11-16 02:28 . 2011-11-16 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-15 15:37 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B95422C-2BD4-4A88-B620-5E0D4B528D93}\mpengine.dll
2011-11-14 20:38 . 2011-11-14 20:38 388096 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 20:38 . 2011-11-14 20:38 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-14 20:28 . 2011-11-14 20:28 111408 ----a-w- c:\windows\system32\drivers\33597240.sys
2011-11-13 03:00 . 2011-11-14 21:40 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-13 03:00 . 2011-11-13 03:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-13 03:00 . 2011-11-13 03:00 -------- d-----w- c:\programdata\Hitman Pro
2011-11-13 02:28 . 2011-11-13 02:28 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-12 17:02 . 2011-11-12 17:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-12 16:58 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-12 16:58 . 2011-11-05 06:53 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-11-12 16:58 . 2011-11-05 06:53 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-11-12 16:58 . 2011-11-05 06:53 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-11-12 16:58 . 2011-11-05 06:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-11-12 16:58 . 2011-11-05 06:53 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-11-12 16:58 . 2011-11-05 03:21 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-12 16:58 . 2011-11-05 03:21 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-11-05 17:06 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 15:25 . 2011-11-04 15:25 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A35BAE03-AEA4-4DEF-A376-041E7E34B741}\gapaengine.dll
2011-11-04 15:12 . 2011-11-04 15:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-04 15:11 . 2011-11-04 15:13 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-04 15:11 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\ivS2obF3pa6W8R9
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\jXwkUVelOtPyAiD
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\udEK8gRZ9YweIzc
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\GxP0ucS1iDoGa
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\clOBtzP0yAiDo4m
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\vgTZqjYCwIrOtPu
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\oWJ7fEL8gZhCkVl
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\sL9hTXqjUeIrOyA
2011-10-27 06:59 . 2011-10-27 06:59 -------- d-----w- c:\users\Will\AppData\Roaming\ALYXwkUVeOtPyAi
2011-10-27 06:58 . 2011-10-27 06:58 -------- d-----w- c:\users\Will\AppData\Roaming\FjUVelIBtPyAuDo
2011-10-27 06:57 . 2011-10-27 06:57 -------- d-----w- c:\users\Will\AppData\Roaming\upmGaQJ6dKfLhXj
2011-10-27 06:56 . 2011-10-27 06:56 -------- d-----w- c:\users\Will\AppData\Roaming\ollOOBP0ycSiD3n
2011-10-27 06:55 . 2011-10-27 06:55 -------- d-----w- c:\users\Will\AppData\Roaming\z55aaQH66dK7f
2011-10-27 06:54 . 2011-10-27 06:54 -------- d-----w- c:\users\Will\AppData\Roaming\vjYYCekIVrzN0c2
2011-10-27 06:53 . 2011-10-27 06:53 -------- d-----w- c:\users\Will\AppData\Roaming\sLL88gRRZqhXkUe
2011-10-27 06:52 . 2011-10-27 06:52 -------- d-----w- c:\users\Will\AppData\Roaming\L0uuvSS2ibFpn5a
2011-10-27 06:51 . 2011-10-27 06:51 -------- d-----w- c:\users\Will\AppData\Roaming\YUeellIBPNyx1uS
2011-10-27 06:50 . 2011-10-27 06:50 -------- d-----w- c:\users\Will\AppData\Roaming\B22obF33m6fL9TX
2011-10-27 06:49 . 2011-10-27 06:49 -------- d-----w- c:\users\Will\AppData\Roaming\PIzPNycA1uvD2b
2011-10-27 06:48 . 2011-10-27 06:48 -------- d-----w- c:\users\Will\AppData\Roaming\LTXXqqjYCek
2011-10-27 06:47 . 2011-10-27 06:47 -------- d-----w- c:\users\Will\AppData\Roaming\goonFF4ms7EgZYw
2011-10-27 06:46 . 2011-10-27 06:46 -------- d-----w- c:\users\Will\AppData\Roaming\PSS22obFpm5aJdR
2011-10-27 06:45 . 2011-10-27 06:45 -------- d-----w- c:\users\Will\AppData\Roaming\TZqqjwkIVONt0ci
2011-10-27 06:44 . 2011-10-27 06:44 -------- d-----w- c:\users\Will\AppData\Roaming\g9TTXjelBzx1v2F
2011-10-27 06:43 . 2011-10-27 06:43 -------- d-----w- c:\users\Will\AppData\Roaming\zTTTZqqhYCwkVrO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\DRIVERS\SPC610NC.SYS [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 03:51]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 03:51]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802682411-2481506085-4067105873-1000Core.job
- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-18 19:44]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802682411-2481506085-4067105873-1000UA.job
- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-18 19:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SPC610NC_Monitor"="c:\windows\Philips\SPC610NC\Monitor.exe" [2006-11-03 319488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{566FF3B7-80F2-4D50-9790-BF9C4A5B79E0}: DhcpNameServer = 66.90.130.101 66.90.130.10
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\jv55h5ei.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\ytbb.exe
.
**************************************************************************
.
Completion time: 2011-11-15 20:58:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-16 02:58
.
Pre-Run: 59,363,848,192 bytes free
Post-Run: 59,598,589,952 bytes free
.
- - End Of File - - B5EBF57817624FB429CBBD41D009205A

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:23 AM

Posted 15 November 2011 - 10:11 PM

Hello there,

How is it running please? :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 willatx

willatx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 16 November 2011 - 12:54 PM

Still getting redirected =/

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:23 AM

Posted 16 November 2011 - 10:44 PM

Hello,

Thanks for that. :)

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

KILLALL::
Folder::
c:\users\Will\AppData\Roaming\ivS2obF3pa6W8R9
c:\users\Will\AppData\Roaming\jXwkUVelOtPyAiD
c:\users\Will\AppData\Roaming\udEK8gRZ9YweIzc
c:\users\Will\AppData\Roaming\GxP0ucS1iDoGa
c:\users\Will\AppData\Roaming\clOBtzP0yAiDo4m
c:\users\Will\AppData\Roaming\vgTZqjYCwIrOtPu
c:\users\Will\AppData\Roaming\oWJ7fEL8gZhCkVl
c:\users\Will\AppData\Roaming\sL9hTXqjUeIrOyA
c:\users\Will\AppData\Roaming\ALYXwkUVeOtPyAi
c:\users\Will\AppData\Roaming\FjUVelIBtPyAuDo
c:\users\Will\AppData\Roaming\upmGaQJ6dKfLhXj
c:\users\Will\AppData\Roaming\ollOOBP0ycSiD3n
c:\users\Will\AppData\Roaming\z55aaQH66dK7f
c:\users\Will\AppData\Roaming\vjYYCekIVrzN0c2
c:\users\Will\AppData\Roaming\sLL88gRRZqhXkUe
c:\users\Will\AppData\Roaming\L0uuvSS2ibFpn5a
c:\users\Will\AppData\Roaming\YUeellIBPNyx1uS
c:\users\Will\AppData\Roaming\B22obF33m6fL9TX
c:\users\Will\AppData\Roaming\PIzPNycA1uvD2b
c:\users\Will\AppData\Roaming\LTXXqqjYCek
c:\users\Will\AppData\Roaming\goonFF4ms7EgZYw
c:\users\Will\AppData\Roaming\PSS22obFpm5aJdR
c:\users\Will\AppData\Roaming\TZqqjwkIVONt0ci
c:\users\Will\AppData\Roaming\g9TTXjelBzx1v2F
c:\users\Will\AppData\Roaming\zTTTZqqhYCwkVrO


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please also let me know how it's running. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 willatx

willatx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 17 November 2011 - 08:20 PM

No luck yet =/

ComboFix 11-11-15.06 - Will 11/17/2011 16:37:44.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.1096 [GMT -6:00]
Running from: c:\users\Will\Desktop\willatx.exe.exe
Command switches used :: c:\users\Will\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-17 23:13 . 2011-11-17 23:13 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C55EC3A-BDFA-40CA-9F1D-663474ABFE22}\offreg.dll
2011-11-17 23:09 . 2011-11-17 23:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-17 23:09 . 2011-11-17 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-17 22:22 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C55EC3A-BDFA-40CA-9F1D-663474ABFE22}\mpengine.dll
2011-11-16 01:46 . 2011-11-16 02:59 -------- d-----w- C:\willatx.exe
2011-11-14 20:38 . 2011-11-14 20:38 388096 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 20:38 . 2011-11-14 20:38 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-14 20:28 . 2011-11-14 20:28 111408 ----a-w- c:\windows\system32\drivers\33597240.sys
2011-11-13 03:00 . 2011-11-14 21:40 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-13 03:00 . 2011-11-13 03:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-13 03:00 . 2011-11-13 03:00 -------- d-----w- c:\programdata\Hitman Pro
2011-11-13 02:28 . 2011-11-13 02:28 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-12 17:02 . 2011-11-12 17:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-12 16:58 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-12 16:58 . 2011-11-05 06:53 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-11-12 16:58 . 2011-11-05 06:53 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-11-12 16:58 . 2011-11-05 06:53 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-11-12 16:58 . 2011-11-05 06:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-11-12 16:58 . 2011-11-05 06:53 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-11-12 16:58 . 2011-11-05 03:21 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-12 16:58 . 2011-11-05 03:21 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-11-05 17:06 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 15:25 . 2011-11-04 15:25 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A35BAE03-AEA4-4DEF-A376-041E7E34B741}\gapaengine.dll
2011-11-04 15:12 . 2011-11-04 15:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-04 15:11 . 2011-11-04 15:13 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-04 15:11 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\ivS2obF3pa6W8R9
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\jXwkUVelOtPyAiD
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\udEK8gRZ9YweIzc
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\GxP0ucS1iDoGa
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\clOBtzP0yAiDo4m
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\vgTZqjYCwIrOtPu
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\oWJ7fEL8gZhCkVl
2011-10-27 07:01 . 2011-10-27 07:01 -------- d-----w- c:\users\Will\AppData\Roaming\sL9hTXqjUeIrOyA
2011-10-27 06:59 . 2011-10-27 06:59 -------- d-----w- c:\users\Will\AppData\Roaming\ALYXwkUVeOtPyAi
2011-10-27 06:58 . 2011-10-27 06:58 -------- d-----w- c:\users\Will\AppData\Roaming\FjUVelIBtPyAuDo
2011-10-27 06:57 . 2011-10-27 06:57 -------- d-----w- c:\users\Will\AppData\Roaming\upmGaQJ6dKfLhXj
2011-10-27 06:56 . 2011-10-27 06:56 -------- d-----w- c:\users\Will\AppData\Roaming\ollOOBP0ycSiD3n
2011-10-27 06:55 . 2011-10-27 06:55 -------- d-----w- c:\users\Will\AppData\Roaming\z55aaQH66dK7f
2011-10-27 06:54 . 2011-10-27 06:54 -------- d-----w- c:\users\Will\AppData\Roaming\vjYYCekIVrzN0c2
2011-10-27 06:53 . 2011-10-27 06:53 -------- d-----w- c:\users\Will\AppData\Roaming\sLL88gRRZqhXkUe
2011-10-27 06:52 . 2011-10-27 06:52 -------- d-----w- c:\users\Will\AppData\Roaming\L0uuvSS2ibFpn5a
2011-10-27 06:51 . 2011-10-27 06:51 -------- d-----w- c:\users\Will\AppData\Roaming\YUeellIBPNyx1uS
2011-10-27 06:50 . 2011-10-27 06:50 -------- d-----w- c:\users\Will\AppData\Roaming\B22obF33m6fL9TX
2011-10-27 06:49 . 2011-10-27 06:49 -------- d-----w- c:\users\Will\AppData\Roaming\PIzPNycA1uvD2b
2011-10-27 06:48 . 2011-10-27 06:48 -------- d-----w- c:\users\Will\AppData\Roaming\LTXXqqjYCek
2011-10-27 06:47 . 2011-10-27 06:47 -------- d-----w- c:\users\Will\AppData\Roaming\goonFF4ms7EgZYw
2011-10-27 06:46 . 2011-10-27 06:46 -------- d-----w- c:\users\Will\AppData\Roaming\PSS22obFpm5aJdR
2011-10-27 06:45 . 2011-10-27 06:45 -------- d-----w- c:\users\Will\AppData\Roaming\TZqqjwkIVONt0ci
2011-10-27 06:44 . 2011-10-27 06:44 -------- d-----w- c:\users\Will\AppData\Roaming\g9TTXjelBzx1v2F
2011-10-27 06:43 . 2011-10-27 06:43 -------- d-----w- c:\users\Will\AppData\Roaming\zTTTZqqhYCwkVrO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-16_02.34.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-07-18 20:47 . 2011-11-16 02:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-18 20:47 . 2011-11-17 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-31 17:46 . 2011-11-16 02:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-31 17:46 . 2011-11-17 23:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-31 17:46 . 2011-11-17 23:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-10-31 17:46 . 2011-11-16 02:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-10-31 17:46 . 2011-11-16 02:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-10-31 17:46 . 2011-11-17 23:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-07-18 20:47 . 2011-11-16 02:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-18 20:47 . 2011-11-17 23:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-18 20:47 . 2011-11-16 02:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-18 20:47 . 2011-11-17 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-19 01:40 . 2011-11-16 02:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-19 01:40 . 2011-11-17 23:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-19 01:40 . 2011-11-17 23:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-19 01:40 . 2011-11-16 02:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-17 08:34 . 2011-11-17 08:34 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-17 08:34 . 2011-11-17 08:34 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
- 2011-11-16 02:32 . 2011-11-16 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-17 23:13 . 2011-11-17 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-17 23:13 . 2011-11-17 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-16 02:32 . 2011-11-16 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-19 13:35 . 2011-11-17 22:10 221290 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-07-19 13:35 . 2011-11-17 22:10 221290 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-11-16 02:31 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-17 23:12 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-16 02:31 . 2011-11-16 02:31 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-802682411-2481506085-4067105873-1000-12288.dat
+ 2011-11-16 02:31 . 2011-11-17 23:12 447380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-802682411-2481506085-4067105873-1000-12288.dat
+ 2011-10-17 18:31 . 2011-10-17 18:31 926208 c:\windows\Installer\6722252.msi
- 2009-07-14 02:34 . 2011-11-15 15:48 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-18 00:06 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-11-15 15:48 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-18 00:06 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\DRIVERS\SPC610NC.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 03:51]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-06 03:51]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802682411-2481506085-4067105873-1000Core.job
- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-18 19:44]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802682411-2481506085-4067105873-1000UA.job
- c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-18 19:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SPC610NC_Monitor"="c:\windows\Philips\SPC610NC\Monitor.exe" [2006-11-03 319488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{566FF3B7-80F2-4D50-9790-BF9C4A5B79E0}: DhcpNameServer = 66.90.130.101 66.90.130.10
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\jv55h5ei.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-17 19:18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-18 01:18
ComboFix2.txt 2011-11-16 02:58
.
Pre-Run: 60,718,678,016 bytes free
Post-Run: 59,750,084,608 bytes free
.
- - End Of File - - C97127FD60570A2347BA597D35135900

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:23 AM

Posted 19 November 2011 - 11:36 AM

Hello,

Can you please try the same directions again, but this time in safe mode, please? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users