Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplore/firefox redirect.


  • Please log in to reply
24 replies to this topic

#1 rob71

rob71

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 14 November 2011 - 07:38 PM

Had it for about a week. Started like one we got some time back where it hid everything then offered you some software to clean it up. Managed to un-hide the files but redirects were rampant and had random radio through i-explorer. I have tried to get rid of it to no avail. I'm to the point where I know it's in the registry and probably alot of other places I shouldn't go myself. Running Vista. Noticed as well that i have a new user account UpDatus.user. read that it was an invidia update somethin or other. does it really need it's own password protected user account on my computer? I'm sure I signed on to it somewhere in the ethereal fine print but I don't understand why it needs it's own user account. I have hijackthis and a couple other programs downloaded but some didn't go to desktop. May look to have several AV software on the computer but it's unintentional, alot of them now make no mention of it costing you till after you download and run the free scan (not found one yet that finds anything that one of the free one can't). What ever happen to false advertisement?

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:33 AM

Posted 14 November 2011 - 08:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 14 November 2011 - 09:47 PM

Thanks in advance! I'm not gonna be your favorite. :(
This was run in safe mode, windows vista 64 bit. 4 people use this computer non-stop and I think all have tried their hand at getting rid of this. Almost 300 gig, I reclaimed 40 gig last night, and in ahelluvamess.

DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 21:11:33 on 2011-11-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2468 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{1D6E1282-D965-48CB-B1C2-7332745A31D1} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SSODL: Svchost - {4022EBF4-C813-40F1-9030-8ED96A9BBFE0} - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
SSODL-X64: Svchost - {4022EBF4-C813-40F1-9030-8ED96A9BBFE0} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMXENG.DLL
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\Downloaded Program Files\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-4 136360]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-4 269480]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 AviraUpgradeService;Avira Upgrade Service;"C:\Windows\TEMP\AVSETUP_4ebc7f5c\avupgsvc.exe" /TEMPSTART:""C:\Windows\TEMP\AVSETUP_4ebc7f5c\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> C:\Windows\TEMP\AVSETUP_4ebc7f5c\avupgsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-1 133104]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-8-22 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-22 79360]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-1 133104]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-26 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2071-07-25 14:13:30 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-11-14 23:41:52 7168 ----a-w- C:\Windows\SysWow64\drivers\ute4odq4.sys
2011-11-14 18:32:13 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E4E517C-B2CC-4CDC-8018-C2F80D287CE0}\offreg.dll
2011-11-14 16:28:07 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E4E517C-B2CC-4CDC-8018-C2F80D287CE0}\mpengine.dll
2011-11-14 11:21:05 0 ---ha-w- C:\Users\Administrator\AppData\Local\BITB6D4.tmp
2011-11-14 03:51:46 -------- d-----w- C:\ProgramData\eMule
2011-11-14 00:00:18 -------- d-----w- C:\ProgramData\STOPzilla!
2011-11-13 01:30:37 -------- d-----w- C:\Users\Administrator\AppData\Local\NCSoft
2011-11-13 01:11:22 -------- d-----w- C:\Users\Administrator\AppData\Local\assembly
2011-11-13 01:11:03 -------- d-----w- C:\Program Files (x86)\NCSoft
2011-11-13 01:09:10 -------- d-----w- C:\Users\Administrator\AppData\Roaming\GetRightToGo
2011-11-12 08:27:59 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-12 01:03:38 -------- d-----w- C:\Hitech Creations
2011-11-12 00:52:33 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2011-11-12 00:42:17 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-12 00:42:16 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-11-12 00:42:16 801752 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-11-12 00:42:16 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-11-12 00:42:16 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-12 00:42:16 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-11-12 00:42:16 1989592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-11-12 00:42:16 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-11-11 02:36:46 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7ACDA9E-E888-4BE7-B330-D963F72BF85F}\gapaengine.dll
2011-11-11 02:27:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-11 02:27:25 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-11 02:26:48 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-11-11 01:55:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-11-11 00:39:27 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-11-11 00:37:16 -------- d-----w- C:\ProgramData\Hitman Pro
2011-11-10 01:38:46 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-11-10 01:38:46 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 01:38:40 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-10 01:38:40 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-10 01:38:23 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 01:38:23 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 01:38:23 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-10 01:37:47 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D4E13A5-FA8C-454B-91AC-B0FD9F40B844}\mpengine.dll
2011-11-10 01:34:07 -------- d-----w- C:\ProgramData\WildTangent
2011-11-09 05:13:41 -------- d-s---w- C:\ComboFix
2011-11-07 16:17:04 -------- d-----w- C:\Users\Administrator\AppData\Local\Trend Micro
2011-11-07 16:12:16 -------- d-----w- C:\ProgramData\Trend Micro
2011-11-07 16:11:05 -------- d-----w- C:\Program Files\Trend Micro
2011-11-07 15:49:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-05 07:25:34 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2011-11-05 06:48:24 -------- d-----w- C:\ProgramData\Common Files
2011-11-05 06:43:28 -------- d-----w- C:\ProgramData\MFAData
2011-10-31 15:18:47 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2011-10-31 15:18:47 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-10-31 15:17:42 -------- d-----w- C:\ProgramData\LGMOBILEAX
2011-10-31 15:15:18 5071872 ----a-w- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUnitedMobileDriver_S4981CAN33AP22_ML_WHQL_Ver_3.3.msi
2011-10-31 15:15:17 90112 ----a-w- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2011-10-31 15:15:17 24576 ----a-w- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2011-10-31 15:15:15 1339392 ----a-w- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2011-10-31 15:15:03 86016 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\K\LGUTchkdl.dll
2011-10-31 15:15:03 4608 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\K\LGEUSBAutorun.dll
2011-10-26 17:41:21 -------- d-----w- C:\Users\Administrator\AppData\Roaming\NVIDIA
2011-10-24 08:10:17 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2011-10-24 08:10:17 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
.
==================== Find3M ====================
.
2011-10-15 04:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-10-14 15:34:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-27 20:59:44 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-09-27 20:59:44 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-08-23 20:21:22 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
.
============= FINISH: 21:19:00.83 ===============


aswMBR log in next post

#4 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 14 November 2011 - 10:27 PM

aswMBR log:



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-14 21:58:00
-----------------------------
21:58:00.636 OS Version: Windows x64 6.0.6002 Service Pack 2
21:58:00.636 Number of processors: 4 586 0x1707
21:58:00.636 ComputerName: WHISNANT-PC UserName:
21:58:04.299 Initialize success
21:58:07.005 AVAST engine defs: 11111401
21:58:07.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
21:58:07.955 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
21:58:10.018 Disk 0 MBR read successfully
21:58:10.020 Disk 0 MBR scan
21:58:10.023 Disk 0 Windows VISTA default MBR code
21:58:10.042 Service scanning
21:58:10.527 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:58:11.097 Modules scanning
21:58:11.100 Disk 0 trace - called modules:
21:58:11.134 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8004caf334]<<
21:58:11.145 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c96060]
21:58:11.156 3 CLASSPNP.SYS[fffffa6001202c33] -> nt!IofCallDriver -> [0xfffffa8004922730]
21:58:11.159 5 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8004922060]
21:58:11.171 \Driver\nvstor64[0xfffffa800491e5b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004caf334
21:58:13.323 AVAST engine scan C:\Windows
21:58:50.753 AVAST engine scan C:\Windows\system32
22:00:35.423 AVAST engine scan C:\Windows\system32\drivers
22:00:44.463 AVAST engine scan C:\Users\Administrator
22:23:34.056 AVAST engine scan C:\ProgramData
22:25:14.838 Scan finished successfully
22:25:56.136 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
22:25:56.158 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"



So much for the almost 300 gig. Wife couldn't get on today so ran a restore, put most of it back.

Edited by rob71, 14 November 2011 - 10:39 PM.


#5 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 November 2011 - 05:56 PM

Trying to clean up the mess and it seems permissions have been changed on alot, and it's started crashing when I'm on this or some of the other help sites, thinking I should probably just reformat. Computer has not been cleaned up or really maintained in the few years we've had it. Windows explorer crashed twice and had to restart, that's a new one. There is a hosts.dll that keeps restarting the processes I close.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:33 AM

Posted 15 November 2011 - 07:58 PM

Hello,

If you want to reformat let me know. If you want to see if it is infected and we can cleanup let me know and we will continue.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 November 2011 - 08:05 PM

If you think we can I'm all for it. Just was amazed at how bad it was and while cleaning up some files windows crashed and recovered twice so I stopped that. I think even using the recovery CD I'd still have it.
Sorry if I sound frustrated, I know looking through all this isn't fun, and any help is Greatly appreciated. Had 15 user names saved for hotmail where this has the community computer for all the neighborhood kids and their facebook addiction.
Before when I thought I had it I had run Minitoolbox. If that helps any.

Edited by rob71, 15 November 2011 - 08:30 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:33 AM

Posted 16 November 2011 - 05:53 PM

Hello,


Lets run a couple of tools and see if this is and infection or just needs reformatted.


1.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

2.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or AntiVir Desktop.


3.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


4.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


[b5.[/b]
You may have corrupt critical system files. Let's see if we can fix that.

1. SelectPosted Image
2. Select All Programs
3. Select Accessories
4. Right click Command Prompt and choose Run as administrator

Posted Image

  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. This can be done with a borrowed DVD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 November 2011 - 06:36 PM

Tools downloaded. AntiVir is on the system but does not show up in "Programs and features" and has no uninstall in it's folder so I uninstalled MS security essentials. Will run the scans and post them.


tdss:

18:38:57.0714 0920 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
18:38:58.0080 0920 ============================================================
18:38:58.0080 0920 Current date / time: 2011/11/16 18:38:58.0080
18:38:58.0080 0920 SystemInfo:
18:38:58.0080 0920
18:38:58.0080 0920 OS Version: 6.0.6002 ServicePack: 2.0
18:38:58.0080 0920 Product type: Workstation
18:38:58.0080 0920 ComputerName: WHISNANT-PC
18:38:58.0081 0920 UserName: Administrator
18:38:58.0081 0920 Windows directory: C:\Windows
18:38:58.0081 0920 System windows directory: C:\Windows
18:38:58.0081 0920 Running under WOW64
18:38:58.0081 0920 Processor architecture: Intel x64
18:38:58.0081 0920 Number of processors: 4
18:38:58.0081 0920 Page size: 0x1000
18:38:58.0081 0920 Boot type: Normal boot
18:38:58.0081 0920 ============================================================
18:38:58.0382 0920 Initialize success
18:39:16.0511 4380 ============================================================
18:39:16.0511 4380 Scan started
18:39:16.0511 4380 Mode: Manual;
18:39:16.0511 4380 ============================================================
18:39:18.0209 4380 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:39:18.0212 4380 ACPI - ok
18:39:18.0254 4380 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:39:18.0261 4380 adp94xx - ok
18:39:18.0292 4380 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:39:18.0297 4380 adpahci - ok
18:39:18.0317 4380 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:39:18.0319 4380 adpu160m - ok
18:39:18.0370 4380 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:39:18.0373 4380 adpu320 - ok
18:39:18.0417 4380 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
18:39:18.0423 4380 AFD - ok
18:39:18.0509 4380 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:39:18.0511 4380 agp440 - ok
18:39:18.0531 4380 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:39:18.0533 4380 aic78xx - ok
18:39:18.0559 4380 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
18:39:18.0560 4380 aliide - ok
18:39:18.0610 4380 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:39:18.0611 4380 amdide - ok
18:39:18.0632 4380 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:39:18.0634 4380 AmdK8 - ok
18:39:18.0658 4380 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:39:18.0659 4380 arc - ok
18:39:18.0683 4380 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:39:18.0685 4380 arcsas - ok
18:39:18.0686 4380 AsIO - ok
18:39:18.0792 4380 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:18.0793 4380 AsyncMac - ok
18:39:18.0821 4380 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:39:18.0822 4380 atapi - ok
18:39:18.0858 4380 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
18:39:18.0860 4380 avgntflt - ok
18:39:18.0879 4380 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
18:39:18.0881 4380 avipbb - ok
18:39:18.0939 4380 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:39:18.0940 4380 blbdrive - ok
18:39:19.0039 4380 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:39:19.0041 4380 bowser - ok
18:39:19.0077 4380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:39:19.0078 4380 BrFiltLo - ok
18:39:19.0108 4380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:39:19.0109 4380 BrFiltUp - ok
18:39:19.0136 4380 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:39:19.0138 4380 Brserid - ok
18:39:19.0180 4380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:39:19.0181 4380 BrSerWdm - ok
18:39:19.0230 4380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:39:19.0231 4380 BrUsbMdm - ok
18:39:19.0278 4380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:39:19.0278 4380 BrUsbSer - ok
18:39:19.0319 4380 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:39:19.0320 4380 BTHMODEM - ok
18:39:19.0362 4380 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:39:19.0364 4380 cdfs - ok
18:39:19.0400 4380 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:39:19.0401 4380 cdrom - ok
18:39:19.0433 4380 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
18:39:19.0434 4380 circlass - ok
18:39:19.0487 4380 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:39:19.0493 4380 CLFS - ok
18:39:19.0533 4380 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:39:19.0534 4380 cmdide - ok
18:39:19.0582 4380 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
18:39:19.0583 4380 Compbatt - ok
18:39:19.0663 4380 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:39:19.0664 4380 crcdisk - ok
18:39:19.0747 4380 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:39:19.0749 4380 DfsC - ok
18:39:19.0786 4380 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:39:19.0788 4380 disk - ok
18:39:19.0822 4380 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:39:19.0823 4380 drmkaud - ok
18:39:19.0861 4380 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:39:19.0871 4380 DXGKrnl - ok
18:39:19.0956 4380 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:39:19.0958 4380 E1G60 - ok
18:39:19.0964 4380 EagleX64 - ok
18:39:19.0999 4380 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:39:20.0002 4380 Ecache - ok
18:39:20.0037 4380 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:39:20.0043 4380 elxstor - ok
18:39:20.0079 4380 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:39:20.0080 4380 ErrDev - ok
18:39:20.0106 4380 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:39:20.0109 4380 exfat - ok
18:39:20.0146 4380 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:39:20.0149 4380 fastfat - ok
18:39:20.0231 4380 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:39:20.0232 4380 fdc - ok
18:39:20.0246 4380 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:39:20.0248 4380 FileInfo - ok
18:39:20.0269 4380 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:39:20.0270 4380 Filetrace - ok
18:39:20.0287 4380 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:20.0288 4380 flpydisk - ok
18:39:20.0324 4380 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:39:20.0329 4380 FltMgr - ok
18:39:20.0373 4380 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:20.0373 4380 Fs_Rec - ok
18:39:20.0393 4380 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:39:20.0394 4380 gagp30kx - ok
18:39:20.0449 4380 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:39:20.0450 4380 GEARAspiWDM - ok
18:39:20.0532 4380 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
18:39:20.0537 4380 HdAudAddService - ok
18:39:20.0589 4380 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:39:20.0600 4380 HDAudBus - ok
18:39:20.0627 4380 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:39:20.0628 4380 HidBth - ok
18:39:20.0676 4380 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
18:39:20.0677 4380 HidIr - ok
18:39:20.0733 4380 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:39:20.0733 4380 HidUsb - ok
18:39:20.0751 4380 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:39:20.0752 4380 HpCISSs - ok
18:39:20.0790 4380 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:39:20.0797 4380 HTTP - ok
18:39:20.0823 4380 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:39:20.0824 4380 i2omp - ok
18:39:20.0855 4380 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:39:20.0857 4380 i8042prt - ok
18:39:20.0918 4380 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:39:20.0922 4380 iaStorV - ok
18:39:20.0975 4380 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:39:20.0976 4380 iirsp - ok
18:39:21.0019 4380 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:39:21.0020 4380 intelide - ok
18:39:21.0036 4380 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:21.0036 4380 intelppm - ok
18:39:21.0070 4380 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:21.0071 4380 IpFilterDriver - ok
18:39:21.0080 4380 IpInIp - ok
18:39:21.0113 4380 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:39:21.0115 4380 IPMIDRV - ok
18:39:21.0162 4380 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:39:21.0164 4380 IPNAT - ok
18:39:21.0212 4380 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:39:21.0213 4380 IRENUM - ok
18:39:21.0231 4380 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:39:21.0232 4380 isapnp - ok
18:39:21.0263 4380 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:39:21.0266 4380 iScsiPrt - ok
18:39:21.0283 4380 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:39:21.0284 4380 iteatapi - ok
18:39:21.0308 4380 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:39:21.0309 4380 iteraid - ok
18:39:21.0338 4380 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:39:21.0339 4380 kbdclass - ok
18:39:21.0384 4380 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:39:21.0385 4380 kbdhid - ok
18:39:21.0433 4380 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
18:39:21.0439 4380 KSecDD - ok
18:39:21.0479 4380 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:39:21.0480 4380 ksthunk - ok
18:39:21.0524 4380 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:21.0525 4380 lltdio - ok
18:39:21.0562 4380 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:39:21.0564 4380 LSI_FC - ok
18:39:21.0600 4380 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:39:21.0602 4380 LSI_SAS - ok
18:39:21.0630 4380 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:39:21.0632 4380 LSI_SCSI - ok
18:39:21.0649 4380 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:39:21.0651 4380 luafv - ok
18:39:21.0703 4380 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
18:39:21.0707 4380 mcdbus - ok
18:39:21.0713 4380 MCSTRM - ok
18:39:21.0746 4380 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:39:21.0747 4380 megasas - ok
18:39:21.0787 4380 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:39:21.0793 4380 MegaSR - ok
18:39:21.0827 4380 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:39:21.0828 4380 Modem - ok
18:39:21.0864 4380 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:39:21.0865 4380 monitor - ok
18:39:21.0898 4380 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:39:21.0900 4380 mouclass - ok
18:39:21.0935 4380 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:21.0935 4380 mouhid - ok
18:39:21.0948 4380 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:39:21.0949 4380 MountMgr - ok
18:39:22.0010 4380 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:39:22.0013 4380 mpio - ok
18:39:22.0072 4380 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:39:22.0073 4380 mpsdrv - ok
18:39:22.0098 4380 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:39:22.0099 4380 Mraid35x - ok
18:39:22.0137 4380 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:39:22.0139 4380 MRxDAV - ok
18:39:22.0168 4380 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:22.0171 4380 mrxsmb - ok
18:39:22.0200 4380 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:22.0204 4380 mrxsmb10 - ok
18:39:22.0222 4380 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:22.0224 4380 mrxsmb20 - ok
18:39:22.0239 4380 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
18:39:22.0240 4380 msahci - ok
18:39:22.0279 4380 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:39:22.0281 4380 msdsm - ok
18:39:22.0350 4380 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:39:22.0351 4380 Msfs - ok
18:39:22.0378 4380 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:39:22.0379 4380 msisadrv - ok
18:39:22.0398 4380 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:22.0399 4380 MSKSSRV - ok
18:39:22.0414 4380 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:22.0414 4380 MSPCLOCK - ok
18:39:22.0429 4380 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:39:22.0430 4380 MSPQM - ok
18:39:22.0466 4380 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:39:22.0471 4380 MsRPC - ok
18:39:22.0513 4380 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:39:22.0514 4380 mssmbios - ok
18:39:22.0535 4380 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:39:22.0535 4380 MSTEE - ok
18:39:22.0561 4380 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
18:39:22.0562 4380 MTsensor - ok
18:39:22.0604 4380 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:39:22.0606 4380 Mup - ok
18:39:22.0664 4380 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:22.0666 4380 NativeWifiP - ok
18:39:22.0739 4380 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:39:22.0748 4380 NDIS - ok
18:39:22.0776 4380 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:22.0777 4380 NdisTapi - ok
18:39:22.0812 4380 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:22.0813 4380 Ndisuio - ok
18:39:22.0841 4380 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:22.0844 4380 NdisWan - ok
18:39:22.0859 4380 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:39:22.0861 4380 NDProxy - ok
18:39:22.0873 4380 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:39:22.0874 4380 NetBIOS - ok
18:39:22.0945 4380 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:39:22.0949 4380 netbt - ok
18:39:23.0011 4380 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:39:23.0012 4380 nfrd960 - ok
18:39:23.0063 4380 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:39:23.0064 4380 Npfs - ok
18:39:23.0074 4380 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:39:23.0075 4380 nsiproxy - ok
18:39:23.0151 4380 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:39:23.0169 4380 Ntfs - ok
18:39:23.0233 4380 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:39:23.0234 4380 Null - ok
18:39:23.0300 4380 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
18:39:23.0317 4380 NVENETFD - ok
18:39:23.0595 4380 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:39:23.0798 4380 nvlddmkm - ok
18:39:23.0911 4380 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:39:23.0913 4380 nvraid - ok
18:39:23.0939 4380 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:39:23.0941 4380 nvstor - ok
18:39:23.0971 4380 nvstor64 (e87e17e9fd94ee9f0dbde4b6ad882f26) C:\Windows\system32\DRIVERS\nvstor64.sys
18:39:23.0972 4380 nvstor64 - ok
18:39:24.0021 4380 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:39:24.0023 4380 nv_agp - ok
18:39:24.0030 4380 NwlnkFlt - ok
18:39:24.0037 4380 NwlnkFwd - ok
18:39:24.0067 4380 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:39:24.0068 4380 ohci1394 - ok
18:39:24.0176 4380 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
18:39:24.0191 4380 P17 - ok
18:39:24.0254 4380 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
18:39:24.0255 4380 Parport - ok
18:39:24.0276 4380 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
18:39:24.0277 4380 partmgr - ok
18:39:24.0339 4380 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:39:24.0342 4380 pci - ok
18:39:24.0423 4380 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
18:39:24.0423 4380 pciide - ok
18:39:24.0464 4380 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:39:24.0467 4380 pcmcia - ok
18:39:24.0499 4380 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:39:24.0508 4380 PEAUTH - ok
18:39:24.0562 4380 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:24.0564 4380 PptpMiniport - ok
18:39:24.0598 4380 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:39:24.0599 4380 Processor - ok
18:39:24.0638 4380 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:39:24.0639 4380 PSched - ok
18:39:24.0771 4380 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:39:24.0786 4380 ql2300 - ok
18:39:24.0804 4380 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:39:24.0807 4380 ql40xx - ok
18:39:24.0865 4380 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:39:24.0866 4380 QWAVEdrv - ok
18:39:24.0889 4380 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:24.0890 4380 RasAcd - ok
18:39:24.0929 4380 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:24.0932 4380 Rasl2tp - ok
18:39:25.0023 4380 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:25.0024 4380 RasPppoe - ok
18:39:25.0059 4380 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:25.0060 4380 RasSstp - ok
18:39:25.0110 4380 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:25.0114 4380 rdbss - ok
18:39:25.0148 4380 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:25.0148 4380 RDPCDD - ok
18:39:25.0171 4380 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:39:25.0175 4380 rdpdr - ok
18:39:25.0241 4380 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:39:25.0242 4380 RDPENCDD - ok
18:39:25.0267 4380 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
18:39:25.0271 4380 RDPWD - ok
18:39:25.0318 4380 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:25.0320 4380 rspndr - ok
18:39:25.0338 4380 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:39:25.0340 4380 sbp2port - ok
18:39:25.0376 4380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:39:25.0377 4380 secdrv - ok
18:39:25.0405 4380 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
18:39:25.0405 4380 Serenum - ok
18:39:25.0441 4380 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
18:39:25.0443 4380 Serial - ok
18:39:25.0483 4380 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:39:25.0484 4380 sermouse - ok
18:39:25.0505 4380 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:39:25.0506 4380 sffdisk - ok
18:39:25.0521 4380 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:39:25.0522 4380 sffp_mmc - ok
18:39:25.0535 4380 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:39:25.0535 4380 sffp_sd - ok
18:39:25.0557 4380 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:25.0558 4380 sfloppy - ok
18:39:25.0618 4380 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:39:25.0620 4380 SiSRaid2 - ok
18:39:25.0663 4380 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:39:25.0665 4380 SiSRaid4 - ok
18:39:25.0725 4380 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:39:25.0727 4380 Smb - ok
18:39:25.0758 4380 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:39:25.0759 4380 spldr - ok
18:39:25.0800 4380 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:39:25.0806 4380 srv - ok
18:39:25.0837 4380 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:39:25.0840 4380 srv2 - ok
18:39:25.0849 4380 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:25.0851 4380 srvnet - ok
18:39:25.0963 4380 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:39:25.0964 4380 swenum - ok
18:39:25.0997 4380 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:39:25.0998 4380 Symc8xx - ok
18:39:26.0013 4380 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:39:26.0014 4380 Sym_hi - ok
18:39:26.0030 4380 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:39:26.0032 4380 Sym_u3 - ok
18:39:26.0112 4380 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
18:39:26.0127 4380 Tcpip - ok
18:39:26.0231 4380 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:26.0238 4380 Tcpip6 - ok
18:39:26.0278 4380 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
18:39:26.0279 4380 tcpipreg - ok
18:39:26.0306 4380 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:39:26.0307 4380 TDPIPE - ok
18:39:26.0339 4380 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:39:26.0340 4380 TDTCP - ok
18:39:26.0367 4380 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:39:26.0369 4380 tdx - ok
18:39:26.0400 4380 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:39:26.0401 4380 TermDD - ok
18:39:26.0488 4380 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:26.0489 4380 tssecsrv - ok
18:39:26.0513 4380 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:39:26.0514 4380 tunmp - ok
18:39:26.0531 4380 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:26.0532 4380 tunnel - ok
18:39:26.0566 4380 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:39:26.0568 4380 uagp35 - ok
18:39:26.0613 4380 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:39:26.0617 4380 udfs - ok
18:39:26.0642 4380 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:39:26.0644 4380 uliagpkx - ok
18:39:26.0675 4380 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:39:26.0680 4380 uliahci - ok
18:39:26.0785 4380 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:39:26.0787 4380 UlSata - ok
18:39:26.0821 4380 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:39:26.0824 4380 ulsata2 - ok
18:39:26.0850 4380 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:39:26.0851 4380 umbus - ok
18:39:26.0886 4380 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
18:39:26.0887 4380 USBAAPL64 - ok
18:39:26.0938 4380 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
18:39:26.0939 4380 usbbus - ok
18:39:27.0010 4380 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:27.0011 4380 usbccgp - ok
18:39:27.0041 4380 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:39:27.0042 4380 usbcir - ok
18:39:27.0079 4380 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
18:39:27.0080 4380 UsbDiag - ok
18:39:27.0106 4380 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:39:27.0107 4380 usbehci - ok
18:39:27.0123 4380 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:27.0127 4380 usbhub - ok
18:39:27.0207 4380 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
18:39:27.0208 4380 USBModem - ok
18:39:27.0244 4380 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
18:39:27.0245 4380 usbohci - ok
18:39:27.0273 4380 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
18:39:27.0274 4380 usbprint - ok
18:39:27.0298 4380 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:27.0298 4380 USBSTOR - ok
18:39:27.0319 4380 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:39:27.0320 4380 usbuhci - ok
18:39:27.0337 4380 ute4odq4 - ok
18:39:27.0363 4380 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:27.0364 4380 vga - ok
18:39:27.0373 4380 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:39:27.0374 4380 VgaSave - ok
18:39:27.0394 4380 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:39:27.0395 4380 viaide - ok
18:39:27.0446 4380 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:39:27.0447 4380 volmgr - ok
18:39:27.0512 4380 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:39:27.0518 4380 volmgrx - ok
18:39:27.0546 4380 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:39:27.0550 4380 volsnap - ok
18:39:27.0584 4380 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:39:27.0586 4380 vsmraid - ok
18:39:27.0607 4380 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:39:27.0608 4380 WacomPen - ok
18:39:27.0655 4380 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:27.0657 4380 Wanarp - ok
18:39:27.0660 4380 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:27.0661 4380 Wanarpv6 - ok
18:39:27.0685 4380 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:39:27.0686 4380 Wd - ok
18:39:27.0761 4380 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:39:27.0761 4380 WDC_SAM - ok
18:39:27.0794 4380 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:39:27.0805 4380 Wdf01000 - ok
18:39:27.0875 4380 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
18:39:27.0877 4380 WmiAcpi - ok
18:39:27.0941 4380 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:39:27.0942 4380 WpdUsb - ok
18:39:28.0025 4380 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:28.0026 4380 ws2ifsl - ok
18:39:28.0054 4380 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:28.0056 4380 WUDFRd - ok
18:39:28.0070 4380 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:39:28.0081 4380 \Device\Harddisk0\DR0 - ok
18:39:28.0083 4380 Boot (0x1200) (58a6ce894b0d239b9a422eff679d98d2) \Device\Harddisk0\DR0\Partition0
18:39:28.0084 4380 \Device\Harddisk0\DR0\Partition0 - ok
18:39:28.0085 4380 ============================================================
18:39:28.0085 4380 Scan finished
18:39:28.0085 4380 ============================================================
18:39:28.0092 2640 Detected object count: 0
18:39:28.0092 2640 Actual detected object count: 0
18:39:51.0184 4788 Deinitialize success

Edited by rob71, 16 November 2011 - 06:41 PM.


#10 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 November 2011 - 06:57 PM

combofix scan went rather fast. it sees microsoft security essentials scanners even though i just uninstalled, says to stop them then click ok. i don't see anything in the task manager having to do with any antivirus or malware. It was still running. I did not see anything about any app in task manager so ran anyway (got a message about doing so at my own risk) it said a new version of combofix was available so I allowed it to update, it said it need to restart so I said ok. next message was windows canot find combofix, be sure I had it installed correctly. never asked to install the recovery console.

Edited by rob71, 16 November 2011 - 07:09 PM.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:33 AM

Posted 16 November 2011 - 07:47 PM

Hello,

Go ahead and delete the copy of Combofix you have on your desktop and download a new copy and run it. Then after combofix runs and produces the log run SFC/Scannow step 5

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 November 2011 - 08:56 PM

Combofix:


ComboFix 11-11-16.02 - Administrator 11/16/2011 19:24:20.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2528 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\hgksfg.bat
c:\users\Administrator\AppData\Roaming\MMD1e6imk7.txt
c:\users\Administrator\AppData\Roaming\pnmfzy.dat
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\jestertb.dll
c:\windows\wnUninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2071-07-25 14:13 . 2006-11-22 01:48 203576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-11-17 01:05 . 2011-11-17 01:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB3B07D5-1124-4815-87D7-489666DCF736}\offreg.dll
2011-11-17 01:01 . 2011-11-17 01:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-17 01:01 . 2011-11-17 01:01 -------- d-----w- c:\users\WHISNANT\AppData\Local\temp
2011-11-17 01:01 . 2011-11-17 01:01 -------- d-----w- c:\users\Whisnant.Whisnant-PC\AppData\Local\temp
2011-11-17 01:01 . 2011-11-17 01:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-17 00:03 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB3B07D5-1124-4815-87D7-489666DCF736}\mpengine.dll
2011-11-15 07:36 . 2011-11-15 07:36 -------- d-----w- c:\programdata\PCPitstop
2011-11-14 23:41 . 2011-11-14 23:47 7168 ----a-w- c:\windows\SysWow64\drivers\ute4odq4.sys
2011-11-14 11:21 . 2011-11-14 11:21 0 ----a-w- c:\users\Administrator\AppData\Local\BITB6D4.tmp
2011-11-14 00:00 . 2011-11-14 00:11 -------- d-----w- c:\programdata\STOPzilla!
2011-11-13 01:30 . 2011-11-13 01:30 -------- d-----w- c:\users\Administrator\AppData\Local\NCSoft
2011-11-13 01:11 . 2011-11-13 01:11 -------- d-----w- c:\users\Administrator\AppData\Local\assembly
2011-11-13 01:11 . 2011-11-13 01:12 -------- d-----w- c:\program files (x86)\NCSoft
2011-11-13 01:09 . 2011-11-13 01:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
2011-11-12 01:03 . 2011-11-12 01:03 -------- d-----w- C:\Hitech Creations
2011-11-12 00:42 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-12 00:42 . 2011-11-05 06:53 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-11-12 00:42 . 2011-11-05 06:53 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-11-12 00:42 . 2011-11-05 06:53 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-11-12 00:42 . 2011-11-05 06:53 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-11-12 00:42 . 2011-11-05 06:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-11-12 00:42 . 2011-11-05 03:21 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-11-12 00:42 . 2011-11-05 03:21 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-11-11 02:26 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-11 01:55 . 2011-11-11 01:55 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-11-11 00:39 . 2011-11-11 01:06 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-11 00:37 . 2011-11-11 00:51 -------- d-----w- c:\programdata\Hitman Pro
2011-11-10 01:38 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 01:38 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-10 01:38 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-10 01:38 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-10 01:38 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 01:38 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-10 01:38 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-07 16:17 . 2011-11-07 16:17 -------- d-----w- c:\users\Administrator\AppData\Local\Trend Micro
2011-11-07 16:11 . 2011-11-07 16:11 -------- d-----w- c:\program files\Trend Micro
2011-11-07 15:49 . 2011-11-07 16:19 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-05 06:48 . 2011-11-05 06:48 -------- d-----w- c:\programdata\Common Files
2011-11-05 06:43 . 2011-11-05 06:49 -------- d-----w- c:\programdata\MFAData
2011-11-05 06:22 . 2011-11-05 06:22 -------- d-----w- c:\users\Whisnant.Whisnant-PC\AppData\Roaming\Malwarebytes
2011-10-31 15:18 . 2005-11-24 06:34 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2011-10-31 15:18 . 2005-10-04 05:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-10-31 15:17 . 2011-10-31 15:19 -------- d-----w- c:\programdata\LGMOBILEAX
2011-10-31 15:15 . 2011-10-31 15:15 5071872 ----a-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUnitedMobileDriver_S4981CAN33AP22_ML_WHQL_Ver_3.3.msi
2011-10-31 15:15 . 2011-10-31 15:15 90112 ----a-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2011-10-31 15:15 . 2011-10-31 15:15 24576 ----a-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2011-10-31 15:15 . 2011-10-31 15:15 1339392 ----a-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2011-10-31 15:15 . 2010-09-28 08:51 86016 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\K\LGUTchkdl.dll
2011-10-31 15:15 . 2010-08-25 07:46 4608 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\K\LGEUSBAutorun.dll
2011-10-26 17:41 . 2011-11-05 21:32 -------- d-----w- c:\users\Administrator\AppData\Roaming\NVIDIA
2011-10-24 08:10 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-24 08:10 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 08:53 . 2011-06-09 05:44 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-06-09 05:44 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-01-08 00:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-01-08 00:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-08 00:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-01-08 00:48 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-08 00:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-04-03 22:42 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-14 15:34 . 2011-10-14 15:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-27 20:59 . 2010-11-21 22:34 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-09-27 20:59 . 2010-08-26 03:27 189480 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-09-20 05:17 . 2011-09-20 05:17 0 ----a-w- c:\users\Administrator\AppData\Local\BIT7731.tmp
2011-09-06 13:56 . 2011-10-13 05:09 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 05:24 . 2011-10-13 07:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 07:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 07:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 07:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 07:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 07:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 22:00 . 2010-09-02 06:13 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:20 . 2011-10-13 05:09 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-13 05:09 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:19 . 2011-10-13 05:09 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:15 . 2011-10-13 05:09 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-13 05:09 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 16:14 . 2011-10-13 05:09 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 13:54 . 2011-10-13 05:09 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-13 05:09 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-08-23 20:21 . 2011-08-23 20:21 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R2 AviraUpgradeService;Avira Upgrade Service;c:\windows\TEMP\AVSETUP_4ebc7f5c\avupgsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-01 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-23 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-01 133104]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-01 23:09]
.
2011-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-01 23:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i2ans7qx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Toolbar-Locked - (no file)
SSODL-Svchost-{4022EBF4-C813-40F1-9030-8ED96A9BBFE0} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
AddRemove-FOX Carolina Desktop Alert - c:\windows\wnUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,3b,1b,c2,a5,80,
08,3a,06,f1,04,bc,f5,f8,b1,5b,1e,27,0b
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:cf,d1,12,1d,ac,2a,cc,01
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,a6,2f,98,0b,4d,59,45,90,87,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,a6,2f,98,0b,4d,59,45,90,87,64,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,a7,ae,97,3a,06,b7,40,8a,1e,2d,\
"027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dc,b4,3e,7e,bc,6c,1f,46,84,7e,9e,\
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RealPlayer.3GPP2.10"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_asf_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RealPlayer.FLV.6"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mov"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mp4_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mpeg_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mpg_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPointViewer.SlideShow.11"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RealPlayer.RM.6"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_wmv_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xvid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_xvid_file"
.
[HKEY_USERS\S-1-5-21-3028918883-1445047881-3884403264-500\Software\SecuROM\License information*]
"datasecu"=hex:ba,f7,9c,d3,54,df,09,9a,77,65,fa,cc,a7,c9,f5,ac,4d,ba,b1,89,0d,
cc,f2,60,80,93,4c,00,15,fc,6d,6f,f9,26,db,d5,6a,be,2b,ff,5b,6b,21,d6,c6,34,\
"rkeysecu"=hex:b8,07,d5,ab,1e,d1,c2,46,63,01,78,91,7d,01,cc,d8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
c:\program files (x86)\ASUS\AASP\1.00.91\aaCenter.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-16 20:31:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-17 01:31
.
Pre-Run: 194,742,071,296 bytes free
Post-Run: 204,460,802,048 bytes free
.
- - End Of File - - 698F879D0F0C7D942CA28CCF2207E347

SFC said some files were unable to be fixed

#13 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 November 2011 - 08:59 PM

redirects are still there, machine response time has greatly improved though. It brought antivir back from the land of the lost in that the security see's it and say's I can turn it on from there but it doesn't show up still in the programs that can be uninstalled. It's there in c/program files(x86)/avira/antivir desktop, but there is no uninstall in the folder. Wife say's that's what we were using. Should I turn it back on?

Edited by rob71, 16 November 2011 - 09:17 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:33 AM

Posted 16 November 2011 - 09:09 PM

Hello,
Are you connected to the internet through a router? If so we need to reset that router.
How to reset your router.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.



3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, type 1 (SCAN) then Enter
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Things to include in your next reply::
MBAM log
RogueKiller log
How is your machine running now?
Do you have a Windows Vista install disc?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 rob71

rob71
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 November 2011 - 09:22 PM

now getting websites in foreign languages popping up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users