Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting to spam sites


  • This topic is locked This topic is locked
21 replies to this topic

#1 Mertrodome

Mertrodome

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 20 November 2011 - 09:33 AM

Hi everyone,

I've used advice from this site in the past but ultimately always been able to resolve whatever infection I had. Right now, however, I'm having some trouble.

Google is redirecting search results to a range of spam sites (usually "search tools" or eBay stores). The specific site it directs to seems to change each time I reboot. Usually hammering the back button a few times will lead me to the site I'm after. Every time I open Firefox I get told it's not my default browser and ask if I want to set it as such - this happens even in Safe Mode. Finally, I get errors from IE saying it has stopped working. I rarely use IE and it has the popup blocker enabled - clearly something is trying to use it, however.

I've tried running MBAM, AdAware and ComboFix both in Safe Mode and standard with no joy. If I run rkill, it only finds itself. Below are DDS, HijackThis and ComboFix logs. Of course if there's anything else you need me to do I would be glad to.

My extreme gratitude in advance for your help with this - very much appreciated!

Mert

---

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by User at 14:20:26 on 2011-11-20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.8182.5979 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.eu/cabs/QOLCheck.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{26AE8BA0-3F78-4724-9E3B-E6DB6B6B17E4} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{35E5C627-3A08-4B98-8063-B5FB96A0BD80} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76AD7A10-0FB3-417A-BEC4-F99E5E85CDE9} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{989235B0-6208-4A91-B6E2-C0DB2489C517} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E858683D-2CD3-4EAE-9D61-24A07EC47433} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
mRun-x64: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\da5hd3r5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-5-20 632792]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\system32\Drivers\LGPBTDD.sys --> C:\Windows\system32\Drivers\LGPBTDD.sys [?]
S3 MODRC;PCTV Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys --> C:\Windows\system32\DRIVERS\modrc.sys [?]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-14 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-20 13:51:49 -------- d-----w- C:\$RECYCLE.BIN
2011-11-20 03:44:40 -------- d-----w- C:\cmbfix
2011-11-20 03:32:37 388096 ----a-r- C:\Users\User\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-11-20 03:32:36 -------- d-----w- C:\Program Files (x86)\TrendMicro
2011-11-18 01:17:35 -------- d-----w- C:\Users\User\AppData\Roaming\AnvSoft
2011-11-18 01:17:26 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-11-16 20:55:52 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-11-16 20:55:52 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-11-16 20:55:52 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-11-16 20:55:15 -------- d-----w- C:\Program Files\iPod
2011-11-16 20:55:14 -------- d-----w- C:\Program Files\iTunes
2011-11-16 20:55:14 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-16 20:49:30 -------- d-----w- C:\Program Files\Bonjour
2011-11-16 20:49:30 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-16 19:59:44 -------- d-----w- C:\Users\User\{31933492-8639-45ae-9c2b-c4d6a1199d7a}
2011-11-14 20:33:00 -------- d-----w- C:\Users\User\AppData\Local\Skyrim
2011-11-14 20:17:36 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-11-14 20:17:36 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-14 20:17:36 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-11-14 20:17:36 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-14 20:17:33 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-11-14 20:17:33 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-11-14 20:17:32 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-11-14 20:17:32 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-11-14 19:59:22 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-14 19:49:33 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-11-14 18:56:14 9600 ----a-w- C:\Windows\SysWow64\drivers\ISODisk.sys
2011-11-14 18:56:14 -------- d-----w- C:\Program Files (x86)\ISODisk
2011-11-14 08:14:42 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-11-14 08:14:37 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
.
==================== Find3M ====================
.
2011-09-25 01:44:13 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-25 01:44:12 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-09-21 20:36:57 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-08-31 16:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 14:28:02.32 ===============


---


ComboFix 11-11-19.04 - User 20/11/2011 4:00.2.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.8182.6165 [GMT 0:00]
Running from: c:\users\User\Downloads\cmbfix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 04:38 . 2011-11-20 04:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-20 04:38 . 2011-11-20 04:38 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-11-20 04:38 . 2011-11-20 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 04:38 . 2011-11-20 04:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-20 03:32 . 2011-11-20 03:32 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-11-20 03:32 . 2011-11-20 03:32 -------- d-----w- c:\program files (x86)\TrendMicro
2011-11-18 01:17 . 2011-11-18 01:17 -------- d-----w- c:\users\User\AppData\Roaming\AnvSoft
2011-11-18 01:17 . 2011-11-18 01:17 -------- d-----w- c:\program files (x86)\AnvSoft
2011-11-16 20:55 . 2009-05-18 13:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-16 20:55 . 2008-04-17 12:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-16 20:55 . 2008-04-17 12:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-16 20:55 . 2011-11-16 20:55 -------- d-----w- c:\program files\iPod
2011-11-16 20:55 . 2011-11-16 20:55 -------- d-----w- c:\program files\iTunes
2011-11-16 20:55 . 2011-11-16 20:55 -------- d-----w- c:\program files (x86)\iTunes
2011-11-16 20:53 . 2011-11-16 20:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-16 20:49 . 2011-11-16 20:49 -------- d-----w- c:\program files\Bonjour
2011-11-16 20:49 . 2011-11-16 20:49 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-16 20:41 . 2011-11-16 20:55 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-16 20:41 . 2011-11-16 20:41 -------- d-----w- c:\program files\Common Files\Apple
2011-11-16 19:59 . 2011-11-16 20:03 -------- d-----w- c:\users\User\{31933492-8639-45ae-9c2b-c4d6a1199d7a}
2011-11-14 20:33 . 2011-11-14 20:33 -------- d-----w- c:\users\User\AppData\Local\Skyrim
2011-11-14 20:17 . 2010-02-04 10:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-14 20:17 . 2010-02-04 10:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-11-14 20:17 . 2010-02-04 10:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-14 20:17 . 2010-02-04 10:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-11-14 19:59 . 2011-11-14 20:21 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2011-11-14 19:49 . 2011-11-14 19:49 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-11-14 18:56 . 2011-11-14 18:56 -------- d-----w- c:\program files (x86)\ISODisk
2011-11-14 18:56 . 2006-04-26 01:03 9600 ----a-w- c:\windows\SysWow64\drivers\ISODisk.sys
2011-11-14 08:14 . 2011-11-14 08:14 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-14 08:14 . 2011-11-14 08:14 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 01:44 . 2011-09-25 01:44 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-25 01:44 . 2011-09-25 05:41 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-21 20:36 . 2010-06-20 01:20 525792 ----a-w- c:\windows\DIFxAPI.dll
2011-08-31 16:00 . 2009-11-25 01:55 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 23:05 . 2011-08-30 23:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 23:05 . 2011-08-30 23:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 23:05 . 2011-08-30 23:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 23:05 . 2011-08-30 23:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 23:05 . 2011-08-30 23:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 23:05 . 2011-08-30 23:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 23:05 . 2011-08-30 23:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 23:05 . 2011-08-30 23:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-02_11.47.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-03-18 08:15 . 2010-03-18 08:15 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 81744 c:\windows\SysWOW64\mfcm100.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 62288 c:\windows\SysWOW64\mfc100ita.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 63824 c:\windows\SysWOW64\mfc100esn.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2011-03-07 02:08 . 2011-03-07 02:08 93552 c:\windows\SysWOW64\ElbyCDIO.dll
+ 2008-01-21 03:20 . 2011-11-20 04:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-10-02 06:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-10-02 06:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-20 04:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-20 04:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-02 06:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-11-20 03:31 64464 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-20 03:31 87886 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-28 17:47 . 2011-11-20 03:31 12470 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1297148271-1496708834-2496070127-1000_UserData.bin
+ 2011-11-16 20:55 . 2009-05-18 13:17 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspiWDM.sys
- 2010-08-04 01:32 . 2009-05-18 12:17 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspiWDM.sys
+ 2011-08-02 17:38 . 2011-08-02 17:38 51712 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_73c59bc2\usbaapl64.sys
+ 2011-08-02 17:38 . 2011-08-02 17:38 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_37ca2c1a\netaapl64.sys
+ 2011-08-02 17:38 . 2011-08-02 17:38 51712 c:\windows\system32\drivers\usbaapl64.sys
+ 2010-12-16 22:58 . 2010-12-16 22:58 40816 c:\windows\system32\drivers\ElbyCDIO.sys
- 2009-07-28 12:49 . 2011-10-01 14:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-28 12:49 . 2011-11-20 13:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-28 12:49 . 2011-11-20 13:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-28 12:49 . 2011-10-01 14:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-28 12:49 . 2011-10-01 14:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-28 12:49 . 2011-11-20 13:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-04 00:55 . 2011-11-20 04:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-04 00:55 . 2011-10-02 06:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-04 00:55 . 2011-10-02 06:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-04 00:55 . 2011-11-20 04:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-04 00:55 . 2011-11-20 04:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-04 00:55 . 2011-10-02 06:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-12 14:23 . 2011-10-17 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-12 14:23 . 2011-01-24 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-12 14:23 . 2011-01-24 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-12 14:23 . 2011-10-17 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-16 20:54 . 2011-11-16 20:54 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2006-11-02 12:40 . 2011-11-16 20:53 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-09-21 20:38 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-10-01 14:02 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-11-16 20:53 51200 c:\windows\inf\infpub.dat
- 2011-05-04 21:19 . 2011-05-04 21:19 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-11-20 04:41 . 2011-11-20 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-02 06:09 . 2011-10-02 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-20 04:41 . 2011-11-20 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-02 06:09 . 2011-10-02 06:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-19 00:40 . 2011-02-19 00:40 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 421200 c:\windows\SysWOW64\msvcp100.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-01-09 14:31 . 2011-11-18 01:26 137032 c:\windows\SysWOW64\mlfcache.dat
+ 2011-03-07 00:52 . 2011-03-07 00:52 134512 c:\windows\SysWOW64\ElbyVCD.dll
- 2010-03-18 08:15 . 2010-03-18 08:15 138056 c:\windows\SysWOW64\atl100.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 138056 c:\windows\SysWOW64\atl100.dll
- 2006-11-02 12:46 . 2011-08-04 18:01 683552 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-16 20:16 683552 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-16 20:16 139130 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-08-04 18:01 139130 c:\windows\system32\perfc009.dat
+ 2011-11-16 20:55 . 2008-04-17 12:12 126312 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi64.dll
- 2010-08-04 01:32 . 2008-04-17 11:12 126312 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi64.dll
- 2010-08-04 01:32 . 2008-04-17 11:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi.dll
+ 2011-11-16 20:55 . 2008-04-17 12:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi.dll
+ 2011-11-14 08:14 . 2011-11-14 08:14 279616 c:\windows\system32\DriverStore\FileRepository\dtsoftbus01.inf_ea8aad38\dtsoftbus01.sys
+ 2011-11-14 20:17 . 2011-11-14 20:17 160768 c:\windows\Installer\15cb70.msi
+ 2011-11-01 21:54 . 2011-11-01 21:54 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2011-11-16 20:58 . 2011-11-16 20:58 380928 c:\windows\Installer\{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}\iTunesIco.exe
+ 2006-11-02 12:40 . 2011-11-16 20:53 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-10-01 14:02 143360 c:\windows\inf\infstrng.dat
+ 2011-11-14 20:15 . 2011-11-14 20:15 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 4397384 c:\windows\SysWOW64\mfc100.dll
+ 2011-08-02 17:38 . 2011-08-02 17:38 4517664 c:\windows\system32\usbaaplrc.dll
- 2006-11-02 15:21 . 2011-03-23 20:37 4885104 c:\windows\system32\FNTCACHE.DAT
+ 2011-11-20 03:07 . 2011-11-20 03:09 4885104 c:\windows\system32\FNTCACHE.DAT
+ 2011-08-02 17:38 . 2011-08-02 17:38 4517664 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_73c59bc2\usbaaplrc.dll
+ 2010-04-19 19:29 . 2010-04-19 19:29 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_37ca2c1a\wdfcoinstaller01009.dll
+ 2011-11-16 20:58 . 2011-11-16 20:58 5777920 c:\windows\Installer\ae092.msi
+ 2011-11-16 20:54 . 2011-11-16 20:54 1769984 c:\windows\Installer\ae08e.msi
+ 2011-11-16 20:53 . 2011-11-16 20:53 2187776 c:\windows\Installer\ae053.msi
+ 2011-11-16 20:49 . 2011-11-16 20:49 2011136 c:\windows\Installer\adfd4.msi
+ 2011-11-16 20:49 . 2011-11-16 20:49 1532928 c:\windows\Installer\adfcf.msi
+ 2011-11-20 03:32 . 2011-11-20 03:32 1093632 c:\windows\Installer\3afd1.msi
+ 2011-11-01 21:54 . 2011-11-01 21:54 1527808 c:\windows\Installer\289d6b66.msi
- 2011-05-04 21:19 . 2011-05-04 21:19 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-05-04 21:19 . 2011-05-04 21:19 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-11-14 20:15 . 2011-11-14 20:15 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2006-11-02 12:33 . 2011-03-30 00:18 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2011-11-16 20:30 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-12-20 3046808]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-9-13 0]
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 ISODisk;ISODisk; [x]
R1 SASDIFSV;SASDIFSV;c:\users\User\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\User\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-30 2152152]
R3 cpuz130;cpuz130;c:\users\User\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]
R3 MODRC;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [x]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SysInfo;SysInfo;c:\windows\system32\drivers\SysInfo.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-05-20 632792]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-19 20:46 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 855608]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
"combofix"="c:\cmbfix\CF14637.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\da5hd3r5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1297148271-1496708834-2496070127-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:31,a1,cb,3a,7c,b9,fe,65,1c,86,54,45,96,42,4e,78,d1,9e,d7,ab,c5,fb,e9,
f1,9c,47,b0,9a,75,3c,63,20,4d,ae,07,6c,d7,4b,59,fc,d6,37,0a,d8,c1,70,fa,4d,\
"??"=hex:d0,90,3c,23,9a,e4,6c,53,10,ae,c2,73,87,06,c6,7f
.
[HKEY_USERS\S-1-5-21-1297148271-1496708834-2496070127-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:77,28,2d,fc,06,23,c9,d7,62,41,bf,ce,db,1a,dc,f5,f5,3f,8a,39,c2,
b3,e7,dd,32,f7,70,34,d9,79,0e,50,da,1c,ef,6f,63,61,f7,4f,d2,59,6b,23,f8,c4,\
"rkeysecu"=hex:60,f0,fc,11,d7,69,33,c3,01,6b,f0,89,f3,06,0b,af
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\Razer\Copperhead\razertra.exe
c:\program files (x86)\Razer\Copperhead\razerofa.exe
.
**************************************************************************
.
Completion time: 2011-11-20 14:12:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 14:12
ComboFix2.txt 2011-10-02 12:09
.
Pre-Run: 66,941,145,088 bytes free
Post-Run: 66,551,738,368 bytes free
.
- - End Of File - - EDA02BC415062B10F2A635C6BBEFB0FA

---

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:32:30, on 20/11/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [PlayNC Launcher] (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-21-1297148271-1496708834-2496070127-1003\..\Run: [VI8Y9F2W0IUI5J6DETVE] C:\sys920e.bin\A6AA6194B30.exe /q (User 'postgres')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.eu/cabs/QOLCheck.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11609 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 24 November 2011 - 09:43 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mertrodome

Mertrodome
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 25 November 2011 - 04:48 PM

Hi Gringo, thanks for your post. No worries about the wait time - you guys provide a fantastic service for which I'm more than happy to wait a few days.

I'll detail some of the symptoms my computer is showing and then post the logs you requested following that.

  • On boot I get an error titled "Message from webpage" with the content "Stack overflow at line: 133" and just an OK button.
  • When opening Firefox it says it is not my default browser and asks if I want to set it as such. This happens every time, irrespective of whether or not it is set to be.
  • Even though it's not open or running, I intermittently get Vista error messages saying Internet Explorer has crashed and options to check online for a solution, close the program, etc
  • When using Google in any browser, any search result I click on redirects initially to a site (examples: familybook.us, dollartemplates.com, icon.us) which then again auto-forwards to a second site, usually get-answers-fast.com, though occasionally an eBay store or similar
  • I can get to the page I've searched for by pressing "back" repeatedly - usually 3-4 times. I get no further redirects from Google as long as that tab remains open. As soon as I end the session or close the browser, the problem re-occurs.

Those are the most common problems I've faced. I'll continue to note down any other sites I'm redirected to, if that will help.

The DDS logs are as follows:

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by User at 20:08:44 on 2011-11-25
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.8182.6235 [GMT 0:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RayV\RayV\RayV.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Razer\Copperhead\razertra.exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [RayV] C:\Program Files (x86)\RayV\RayV\RayV.exe /background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.eu/cabs/QOLCheck.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{26AE8BA0-3F78-4724-9E3B-E6DB6B6B17E4} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{35E5C627-3A08-4B98-8063-B5FB96A0BD80} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{661811FD-D21C-499B-84CD-CB4837BC1DFD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76AD7A10-0FB3-417A-BEC4-F99E5E85CDE9} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{989235B0-6208-4A91-B6E2-C0DB2489C517} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E858683D-2CD3-4EAE-9D61-24A07EC47433} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
mRun-x64: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\da5hd3r5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-5-20 632792]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-9-19 65536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\system32\Drivers\LGPBTDD.sys --> C:\Windows\system32\Drivers\LGPBTDD.sys [?]
S3 MODRC;PCTV Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys --> C:\Windows\system32\DRIVERS\modrc.sys [?]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-14 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-20 13:51:49 -------- d-----w- C:\$RECYCLE.BIN
2011-11-20 03:44:40 -------- d-----w- C:\cmbfix
2011-11-20 03:32:37 388096 ----a-r- C:\Users\User\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-11-20 03:32:36 -------- d-----w- C:\Program Files (x86)\TrendMicro
2011-11-18 01:17:35 -------- d-----w- C:\Users\User\AppData\Roaming\AnvSoft
2011-11-18 01:17:26 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-11-16 20:55:52 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-11-16 20:55:52 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-11-16 20:55:52 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-11-16 20:55:15 -------- d-----w- C:\Program Files\iPod
2011-11-16 20:55:14 -------- d-----w- C:\Program Files\iTunes
2011-11-16 20:55:14 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-16 20:49:30 -------- d-----w- C:\Program Files\Bonjour
2011-11-16 20:49:30 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-16 19:59:44 -------- d-----w- C:\Users\User\{31933492-8639-45ae-9c2b-c4d6a1199d7a}
2011-11-14 20:33:00 -------- d-----w- C:\Users\User\AppData\Local\Skyrim
2011-11-14 20:17:36 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-11-14 20:17:36 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-14 20:17:36 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-11-14 20:17:36 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-14 20:17:33 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-11-14 20:17:33 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-11-14 20:17:32 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-11-14 20:17:32 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-11-14 19:59:22 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-14 19:49:33 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-11-14 18:56:14 9600 ----a-w- C:\Windows\SysWow64\drivers\ISODisk.sys
2011-11-14 18:56:14 -------- d-----w- C:\Program Files (x86)\ISODisk
2011-11-14 08:14:42 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-11-14 08:14:37 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
.
==================== Find3M ====================
.
2011-09-25 01:44:13 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-21 20:36:57 525792 ----a-w- C:\Windows\DIFxAPI.dll
2011-08-31 16:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-30 23:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-30 23:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-30 23:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-30 23:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-30 23:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-30 23:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-30 23:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 23:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 20:16:52.64 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/07/2009 14:33:10
System Uptime: 25/11/2011 19:53:27 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T SE
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 892 GiB total, 54.667 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\SCSIADAPTER\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
3DMark06
AC3Filter 1.63b
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.2
AIM 7
Aliens vs Predator
Amazon MP3 Downloader 1.0.9
Amnesia - The Dark Descent
Anvil Studio
Any Video Converter 3.3.0
Apple Application Support
Apple Software Update
µTorrent
Audio Encoder 1.0
Audiosurf
Belkin 54Mbps Wireless Network Adapter
Bigasoft iPod Transfer 1.5.7.3680
Black Prophecy
Borderlands
Build Your Own Net Dream (remove only)
calibre
Call of Duty: Black Ops
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center InstallProxy
Curse Client
DAEMON Tools Lite
DAEMON Tools Toolbar
Dead Space™
Deus Ex
Deus Ex - HDTP
Deus Ex: Human Revolution
DivX Plus DirectShow Filters
DivX Setup
Download Updater (AOL LLC)
Driver Sweeper 2.0.5
Driving Test Success - All Tests (2008-2009)
Dropbox
DTVblizzcon
DVD Suite
EVE Online (remove only)
EVEMon
F1 2010
FAKEFACTORY Cinematic Mod V10
Final Fantasy VII - Ultima Edition
Football Manager 2011
Fraps (remove only)
Futuremark SystemInfo
Galactic Civilizations II - Ultimate Edition
GTK+ Runtime 2.14.7 rev a (remove only)
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
iBackupBot for iTunes 3.0.12
Impulse
ISODisk 1.1
Java Auto Updater
Java™ 6 Update 22
Joboshare iPod Rip
Junk Mail filter update
LabelPrint
League of Legends
LightScribe System Software 1.10.16.1
LogMeIn Hamachi
Magic FLAC to MP3 Converter 3.72
Magicka
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaShow
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mirror's Edge™
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
NCsoft Launcher
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
Pando Media Booster
PDF Settings CS5
PhotoNow! 1.0
Pidgin
Plants vs. Zombies
PokerStars
PokerTracker 3 (remove only)
Portal
PostgreSQL 8.3
Power2Go 5.0
PowerBackup
PowerDirector Express
PowerDVD
PowerDVD Copy
PowerProducer
PunkBuster Services
Quake Live Mozilla Plugin
Rapture3D 2.4.4 Game
Razer Copperhead
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Rockstar Games Social Club
Safari
SimCity 4 Deluxe
Sins of a Solar Empire
Skype Toolbars
Skype™ 5.5
SopCast 3.2.9
Spotify
StarCraft II
Steam
System Requirements Lab CYRI
Team Fortress 2
TeamSpeak 2 RC2
The Lord of the Rings Online™ v03.02.04.8010
Torchlight
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VirtualCloneDrive
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinLauncherXP 2.0.5 beta
WinLems 1.0
WinRAR archiver
World of Warcraft
World of Warcraft Public Test
Xvid Video Codec
YVD
.
==== Event Viewer Messages From Past Week ========
.
21/11/2011 17:20:09, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E858683D-2CD3-4EAE-9D61-24A07EC47433} because another computer on the network has the same name. The server could not start.
21/11/2011 17:20:09, Error: netbt [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 0.0.0.0. The computer with the IP address 169.254.35.85 did not allow the name to be claimed by this computer.
20/11/2011 04:20:10, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
20/11/2011 03:29:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep i8042prt ISODisk SASDIFSV SASKUTIL
20/11/2011 03:28:53, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ISODisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
20/11/2011 03:25:50, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
20/11/2011 03:16:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
20/11/2011 03:12:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20/11/2011 03:12:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20/11/2011 03:12:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/11/2011 03:12:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20/11/2011 03:09:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep ElbyCDIO i8042prt ISODisk SASDIFSV SASKUTIL spldr Wanarpv6
20/11/2011 03:09:39, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
20/11/2011 03:08:29, Error: EventLog [6008] - The previous system shutdown at 03:05:24 on 20/11/2011 was unexpected.
.
==== End Of File ===========================

#4 Mertrodome

Mertrodome
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 25 November 2011 - 04:49 PM

Sorry, just to confirm: I had no problems whatsoever running either DeFogger or DDS, though I notice that DDS has listed E:\ as "CD-Rom". This is a virtual drive, though I had run DeFogger and I had no virtual drive software running that I'm aware of. Don't know if this makes a difference, but I might as well tell you everything in case it helps :)

Edited by Mertrodome, 25 November 2011 - 04:51 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 25 November 2011 - 07:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Mertrodome

Mertrodome
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 November 2011 - 11:06 AM

Hi Gringo,

I ran ComboFix without any trouble but, unfortunately, my problems persist - I still get asked to set Firefox as default browser on opening it and Google searches still redirect variously to klp.us, thespecialsearch.com, freesearchquick.com, get-answers-fast.com, etc. Usually these forward to each other in quick succession, so it'll load three to four different sites after each search, ultimately ending up at commercial sites such as Groupon or eBay.

It would appear that whatever it is I have that is causing this was not picked up by ComboFix. The log from ComboFix is below.

Thanks again for taking the time to help with this issue, very much appreciated.

Mert

---

ComboFix 11-11-26.01 - User 26/11/2011 14:51:29.3.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.8182.6123 [GMT 0:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 15:29 . 2011-11-26 15:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-26 15:29 . 2011-11-26 15:29 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-11-26 15:29 . 2011-11-26 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 15:29 . 2011-11-26 15:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-25 22:27 . 2011-11-25 22:27 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-11-20 03:44 . 2011-11-20 14:13 -------- d-----w- C:\cmbfix
2011-11-20 03:32 . 2011-11-20 03:32 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-11-20 03:32 . 2011-11-20 03:32 -------- d-----w- c:\program files (x86)\TrendMicro
2011-11-18 01:17 . 2011-11-18 01:17 -------- d-----w- c:\users\User\AppData\Roaming\AnvSoft
2011-11-18 01:17 . 2011-11-18 01:17 -------- d-----w- c:\program files (x86)\AnvSoft
2011-11-16 20:55 . 2009-05-18 13:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-16 20:55 . 2008-04-17 12:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-16 20:55 . 2008-04-17 12:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-16 20:55 . 2011-11-16 20:55 -------- d-----w- c:\program files\iPod
2011-11-16 20:55 . 2011-11-16 20:55 -------- d-----w- c:\program files\iTunes
2011-11-16 20:55 . 2011-11-16 20:55 -------- d-----w- c:\program files (x86)\iTunes
2011-11-16 20:53 . 2011-11-16 20:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-16 20:49 . 2011-11-16 20:49 -------- d-----w- c:\program files\Bonjour
2011-11-16 20:49 . 2011-11-16 20:49 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-16 20:41 . 2011-11-16 20:55 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-16 20:41 . 2011-11-16 20:41 -------- d-----w- c:\program files\Common Files\Apple
2011-11-16 19:59 . 2011-11-16 20:03 -------- d-----w- c:\users\User\{31933492-8639-45ae-9c2b-c4d6a1199d7a}
2011-11-14 20:33 . 2011-11-14 20:33 -------- d-----w- c:\users\User\AppData\Local\Skyrim
2011-11-14 20:17 . 2010-02-04 10:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-14 20:17 . 2010-02-04 10:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2011-11-14 20:17 . 2010-02-04 10:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-14 20:17 . 2010-02-04 10:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-14 20:17 . 2010-02-04 10:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2011-11-14 19:59 . 2011-11-14 20:21 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2011-11-14 19:49 . 2011-11-14 19:49 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-11-14 18:56 . 2011-11-14 18:56 -------- d-----w- c:\program files (x86)\ISODisk
2011-11-14 18:56 . 2006-04-26 01:03 9600 ----a-w- c:\windows\SysWow64\drivers\ISODisk.sys
2011-11-14 08:14 . 2011-11-14 08:14 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-14 08:14 . 2011-11-14 08:14 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 01:44 . 2011-09-25 01:44 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-21 20:36 . 2010-06-20 01:20 525792 ----a-w- c:\windows\DIFxAPI.dll
2011-08-31 16:00 . 2009-11-25 01:55 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 23:05 . 2011-08-30 23:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 23:05 . 2011-08-30 23:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 23:05 . 2011-08-30 23:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 23:05 . 2011-08-30 23:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 23:05 . 2011-08-30 23:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 23:05 . 2011-08-30 23:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 23:05 . 2011-08-30 23:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 23:05 . 2011-08-30 23:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-20_13.52.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2011-11-26 15:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-11-20 04:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-11-20 04:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-26 15:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-11-20 04:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-26 15:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-11-26 15:34 64914 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-26 15:34 88086 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-28 17:47 . 2011-11-20 03:31 12470 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1297148271-1496708834-2496070127-1000_UserData.bin
+ 2009-07-28 17:47 . 2011-11-26 15:34 12470 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1297148271-1496708834-2496070127-1000_UserData.bin
+ 2008-01-21 02:47 . 2008-01-21 02:47 98816 c:\windows\system32\drivers\USBAUDIO.sys
- 2009-07-28 12:49 . 2011-11-20 13:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-28 12:49 . 2011-11-25 22:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-28 12:49 . 2011-11-20 13:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-28 12:49 . 2011-11-25 22:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-28 12:49 . 2011-11-20 13:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-28 12:49 . 2011-11-25 22:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-04 00:55 . 2011-11-20 04:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-04 00:55 . 2011-11-26 15:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-04 00:55 . 2011-11-20 04:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-04 00:55 . 2011-11-26 15:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-04 00:55 . 2011-11-20 04:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-04 00:55 . 2011-11-26 15:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 12:40 . 2011-11-16 20:53 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-11-25 22:32 51200 c:\windows\inf\infpub.dat
- 2011-11-20 04:41 . 2011-11-20 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-26 15:32 . 2011-11-26 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-20 04:41 . 2011-11-20 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-26 15:32 . 2011-11-26 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:40 . 2011-11-16 20:53 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2011-11-25 22:32 143360 c:\windows\inf\infstrng.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RayV"="c:\program files (x86)\RayV\RayV\RayV.exe" [2010-10-21 2839848]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-12-20 3046808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-9-13 0]
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 ISODisk;ISODisk; [x]
R1 SASDIFSV;SASDIFSV;c:\users\User\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\User\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\User\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x]
R3 MODRC;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [x]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SysInfo;SysInfo;c:\windows\system32\drivers\SysInfo.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-05-20 632792]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-19 20:46 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 855608]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\da5hd3r5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1297148271-1496708834-2496070127-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:31,a1,cb,3a,7c,b9,fe,65,1c,86,54,45,96,42,4e,78,d1,9e,d7,ab,c5,fb,e9,
f1,9c,47,b0,9a,75,3c,63,20,4d,ae,07,6c,d7,4b,59,fc,d6,37,0a,d8,c1,70,fa,4d,\
"??"=hex:d0,90,3c,23,9a,e4,6c,53,10,ae,c2,73,87,06,c6,7f
.
[HKEY_USERS\S-1-5-21-1297148271-1496708834-2496070127-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:77,28,2d,fc,06,23,c9,d7,62,41,bf,ce,db,1a,dc,f5,f5,3f,8a,39,c2,
b3,e7,dd,32,f7,70,34,d9,79,0e,50,da,1c,ef,6f,63,61,f7,4f,d2,59,6b,23,f8,c4,\
"rkeysecu"=hex:60,f0,fc,11,d7,69,33,c3,01,6b,f0,89,f3,06,0b,af
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Razer\Copperhead\razertra.exe
c:\program files (x86)\Razer\Copperhead\razerofa.exe
.
**************************************************************************
.
Completion time: 2011-11-26 15:53:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-26 15:53
ComboFix2.txt 2011-11-20 14:12
ComboFix3.txt 2011-10-02 12:09
.
Pre-Run: 52,836,823,040 bytes free
Post-Run: 53,283,766,272 bytes free
.
- - End Of File - - 02BC929DD12B5DBD5040E91AD88A5123

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 November 2011 - 11:10 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Mertrodome

Mertrodome
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 November 2011 - 11:28 AM

No infections or suspicious files were found. Searches currently redirecting to klp.us and then get-answers-fast.com.

Usually this happens on Google only but most recently it happened with the link you posted to TDSSKiller from this forum.

Log:

16:24:03.0919 1500 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:24:04.0044 1500 ============================================================
16:24:04.0044 1500 Current date / time: 2011/11/26 16:24:04.0044
16:24:04.0044 1500 SystemInfo:
16:24:04.0044 1500
16:24:04.0044 1500 OS Version: 6.0.6001 ServicePack: 1.0
16:24:04.0044 1500 Product type: Workstation
16:24:04.0044 1500 ComputerName: USER-PC
16:24:04.0044 1500 UserName: User
16:24:04.0044 1500 Windows directory: C:\Windows
16:24:04.0044 1500 System windows directory: C:\Windows
16:24:04.0044 1500 Running under WOW64
16:24:04.0044 1500 Processor architecture: Intel x64
16:24:04.0044 1500 Number of processors: 8
16:24:04.0044 1500 Page size: 0x1000
16:24:04.0044 1500 Boot type: Normal boot
16:24:04.0044 1500 ============================================================
16:24:05.0588 1500 Initialize success
16:24:09.0941 3584 ============================================================
16:24:09.0941 3584 Scan started
16:24:09.0941 3584 Mode: Manual;
16:24:09.0941 3584 ============================================================
16:24:13.0279 3584 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
16:24:13.0279 3584 ACPI - ok
16:24:13.0373 3584 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:24:13.0373 3584 adp94xx - ok
16:24:13.0529 3584 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:24:13.0529 3584 adpahci - ok
16:24:13.0669 3584 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:24:13.0669 3584 adpu160m - ok
16:24:13.0794 3584 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:24:13.0794 3584 adpu320 - ok
16:24:13.0856 3584 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
16:24:13.0856 3584 AFD - ok
16:24:13.0872 3584 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:24:13.0872 3584 agp440 - ok
16:24:13.0888 3584 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:24:13.0888 3584 aic78xx - ok
16:24:13.0903 3584 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:24:13.0903 3584 aliide - ok
16:24:13.0934 3584 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:24:13.0934 3584 amdide - ok
16:24:13.0950 3584 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:24:13.0950 3584 AmdK8 - ok
16:24:14.0012 3584 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:24:14.0012 3584 arc - ok
16:24:14.0059 3584 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:24:14.0059 3584 arcsas - ok
16:24:14.0137 3584 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:24:14.0137 3584 AsyncMac - ok
16:24:14.0153 3584 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
16:24:14.0153 3584 atapi - ok
16:24:14.0168 3584 Beep - ok
16:24:14.0200 3584 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:24:14.0200 3584 blbdrive - ok
16:24:14.0215 3584 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
16:24:14.0215 3584 bowser - ok
16:24:14.0231 3584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:24:14.0231 3584 BrFiltLo - ok
16:24:14.0246 3584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:24:14.0246 3584 BrFiltUp - ok
16:24:14.0278 3584 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:24:14.0278 3584 Brserid - ok
16:24:14.0293 3584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:24:14.0293 3584 BrSerWdm - ok
16:24:14.0309 3584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:24:14.0309 3584 BrUsbMdm - ok
16:24:14.0418 3584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:24:14.0418 3584 BrUsbSer - ok
16:24:14.0434 3584 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:24:14.0434 3584 BTHMODEM - ok
16:24:14.0761 3584 catchme - ok
16:24:14.0808 3584 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:24:14.0808 3584 cdfs - ok
16:24:14.0824 3584 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
16:24:14.0824 3584 cdrom - ok
16:24:14.0870 3584 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
16:24:14.0870 3584 circlass - ok
16:24:14.0933 3584 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
16:24:14.0933 3584 CLFS - ok
16:24:14.0980 3584 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:24:14.0980 3584 cmdide - ok
16:24:14.0995 3584 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
16:24:14.0995 3584 Compbatt - ok
16:24:15.0073 3584 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys
16:24:15.0073 3584 copperhd - ok
16:24:15.0120 3584 cpuz130 - ok
16:24:15.0151 3584 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:24:15.0151 3584 crcdisk - ok
16:24:15.0650 3584 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
16:24:15.0650 3584 DfsC - ok
16:24:15.0666 3584 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
16:24:15.0666 3584 disk - ok
16:24:15.0697 3584 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:24:15.0697 3584 drmkaud - ok
16:24:15.0744 3584 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:24:15.0744 3584 dtsoftbus01 - ok
16:24:16.0056 3584 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
16:24:16.0056 3584 DXGKrnl - ok
16:24:16.0150 3584 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:24:16.0150 3584 E1G60 - ok
16:24:16.0196 3584 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
16:24:16.0196 3584 Ecache - ok
16:24:16.0274 3584 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:24:16.0274 3584 ElbyCDIO - ok
16:24:16.0306 3584 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:24:16.0306 3584 elxstor - ok
16:24:16.0368 3584 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
16:24:16.0368 3584 ENTECH64 - ok
16:24:16.0384 3584 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:24:16.0384 3584 ErrDev - ok
16:24:16.0415 3584 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
16:24:16.0415 3584 exfat - ok
16:24:16.0446 3584 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
16:24:16.0446 3584 fastfat - ok
16:24:16.0462 3584 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:24:16.0462 3584 fdc - ok
16:24:16.0493 3584 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:24:16.0493 3584 FileInfo - ok
16:24:16.0508 3584 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:24:16.0508 3584 Filetrace - ok
16:24:16.0524 3584 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:24:16.0524 3584 flpydisk - ok
16:24:16.0524 3584 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
16:24:16.0540 3584 FltMgr - ok
16:24:16.0555 3584 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:24:16.0555 3584 Fs_Rec - ok
16:24:16.0664 3584 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:24:16.0664 3584 gagp30kx - ok
16:24:16.0774 3584 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:24:16.0774 3584 GEARAspiWDM - ok
16:24:16.0945 3584 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:24:16.0945 3584 hamachi - ok
16:24:17.0023 3584 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
16:24:17.0023 3584 HdAudAddService - ok
16:24:17.0039 3584 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:24:17.0039 3584 HDAudBus - ok
16:24:17.0054 3584 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:24:17.0054 3584 HidBth - ok
16:24:17.0164 3584 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:24:17.0164 3584 HidIr - ok
16:24:17.0242 3584 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
16:24:17.0242 3584 HidUsb - ok
16:24:17.0273 3584 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:24:17.0273 3584 HpCISSs - ok
16:24:17.0288 3584 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys
16:24:17.0288 3584 HTTP - ok
16:24:17.0382 3584 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:24:17.0382 3584 i2omp - ok
16:24:17.0429 3584 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:24:17.0429 3584 i8042prt - ok
16:24:17.0476 3584 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:24:17.0491 3584 iaStorV - ok
16:24:17.0554 3584 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:24:17.0554 3584 iirsp - ok
16:24:17.0663 3584 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
16:24:17.0678 3584 IntcAzAudAddService - ok
16:24:17.0710 3584 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
16:24:17.0710 3584 intelide - ok
16:24:17.0741 3584 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:24:17.0741 3584 intelppm - ok
16:24:17.0756 3584 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:24:17.0756 3584 IpFilterDriver - ok
16:24:17.0756 3584 IpInIp - ok
16:24:17.0772 3584 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:24:17.0772 3584 IPMIDRV - ok
16:24:17.0788 3584 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:24:17.0803 3584 IPNAT - ok
16:24:17.0834 3584 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:24:17.0834 3584 IRENUM - ok
16:24:17.0850 3584 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:24:17.0850 3584 isapnp - ok
16:24:17.0881 3584 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
16:24:17.0881 3584 iScsiPrt - ok
16:24:17.0897 3584 ISODisk - ok
16:24:17.0912 3584 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:24:17.0912 3584 iteatapi - ok
16:24:17.0928 3584 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:24:17.0944 3584 iteraid - ok
16:24:17.0959 3584 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:24:17.0959 3584 kbdclass - ok
16:24:17.0975 3584 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:24:17.0990 3584 kbdhid - ok
16:24:18.0022 3584 KSecDD (a6f636c447cf3def5f50018f0c0e1aae) C:\Windows\system32\Drivers\ksecdd.sys
16:24:18.0022 3584 KSecDD - ok
16:24:18.0037 3584 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:24:18.0037 3584 ksthunk - ok
16:24:18.0131 3584 LGPBTDD (12c28d2f38dcdf0fe34aa58a5629a3b0) C:\Windows\system32\Drivers\LGPBTDD.sys
16:24:18.0146 3584 LGPBTDD - ok
16:24:18.0178 3584 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:24:18.0178 3584 lltdio - ok
16:24:18.0193 3584 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:24:18.0193 3584 LSI_FC - ok
16:24:18.0224 3584 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:24:18.0224 3584 LSI_SAS - ok
16:24:18.0240 3584 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:24:18.0240 3584 LSI_SCSI - ok
16:24:18.0240 3584 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:24:18.0240 3584 luafv - ok
16:24:18.0271 3584 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:24:18.0271 3584 megasas - ok
16:24:18.0334 3584 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:24:18.0334 3584 MegaSR - ok
16:24:18.0458 3584 mod7700 (7ab7e3009b17e13c5bafc57ec5724ccf) C:\Windows\system32\DRIVERS\mod7700.sys
16:24:18.0474 3584 mod7700 - ok
16:24:18.0505 3584 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:24:18.0521 3584 Modem - ok
16:24:18.0614 3584 MODRC (7071044fbcb23b47177e866a4f2ee802) C:\Windows\system32\DRIVERS\modrc.sys
16:24:18.0630 3584 MODRC - ok
16:24:18.0661 3584 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:24:18.0661 3584 monitor - ok
16:24:18.0661 3584 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:24:18.0661 3584 mouclass - ok
16:24:18.0677 3584 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:24:18.0677 3584 mouhid - ok
16:24:18.0677 3584 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:24:18.0692 3584 MountMgr - ok
16:24:18.0708 3584 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:24:18.0708 3584 mpio - ok
16:24:18.0724 3584 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:24:18.0724 3584 mpsdrv - ok
16:24:18.0755 3584 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:24:18.0755 3584 Mraid35x - ok
16:24:18.0770 3584 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
16:24:18.0770 3584 MRxDAV - ok
16:24:18.0786 3584 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:24:18.0802 3584 mrxsmb - ok
16:24:18.0817 3584 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:24:18.0817 3584 mrxsmb10 - ok
16:24:18.0817 3584 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:24:18.0817 3584 mrxsmb20 - ok
16:24:18.0833 3584 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
16:24:18.0833 3584 msahci - ok
16:24:18.0848 3584 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:24:18.0864 3584 msdsm - ok
16:24:18.0880 3584 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:24:18.0880 3584 Msfs - ok
16:24:18.0911 3584 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:24:18.0911 3584 msisadrv - ok
16:24:18.0989 3584 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:24:18.0989 3584 MSKSSRV - ok
16:24:19.0020 3584 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:24:19.0020 3584 MSPCLOCK - ok
16:24:19.0036 3584 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:24:19.0036 3584 MSPQM - ok
16:24:19.0036 3584 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
16:24:19.0051 3584 MsRPC - ok
16:24:19.0051 3584 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:24:19.0051 3584 mssmbios - ok
16:24:19.0067 3584 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:24:19.0067 3584 MSTEE - ok
16:24:19.0098 3584 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
16:24:19.0098 3584 MTsensor - ok
16:24:19.0114 3584 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
16:24:19.0114 3584 Mup - ok
16:24:19.0145 3584 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
16:24:19.0145 3584 NativeWifiP - ok
16:24:19.0176 3584 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
16:24:19.0176 3584 NDIS - ok
16:24:19.0176 3584 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:24:19.0176 3584 NdisTapi - ok
16:24:19.0192 3584 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:24:19.0192 3584 Ndisuio - ok
16:24:19.0207 3584 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
16:24:19.0207 3584 NdisWan - ok
16:24:19.0207 3584 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:24:19.0207 3584 NDProxy - ok
16:24:19.0223 3584 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:24:19.0223 3584 NetBIOS - ok
16:24:19.0238 3584 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
16:24:19.0238 3584 netbt - ok
16:24:19.0316 3584 netr7364 (118e9136b5b48dd5b2cc81f78431a69e) C:\Windows\system32\DRIVERS\netr7364.sys
16:24:19.0332 3584 netr7364 - ok
16:24:19.0348 3584 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:24:19.0348 3584 nfrd960 - ok
16:24:19.0348 3584 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
16:24:19.0348 3584 Npfs - ok
16:24:19.0363 3584 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:24:19.0363 3584 nsiproxy - ok
16:24:19.0394 3584 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
16:24:19.0394 3584 Ntfs - ok
16:24:19.0394 3584 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:24:19.0394 3584 Null - ok
16:24:19.0457 3584 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
16:24:19.0457 3584 NVENETFD - ok
16:24:20.0923 3584 nvlddmkm (aa0828f3223e1a2952f80a8d2047dd40) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:24:20.0970 3584 nvlddmkm - ok
16:24:21.0422 3584 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:24:21.0422 3584 nvraid - ok
16:24:21.0454 3584 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:24:21.0454 3584 nvstor - ok
16:24:21.0469 3584 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:24:21.0469 3584 nv_agp - ok
16:24:21.0469 3584 NwlnkFlt - ok
16:24:21.0485 3584 NwlnkFwd - ok
16:24:21.0516 3584 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
16:24:21.0516 3584 ohci1394 - ok
16:24:21.0625 3584 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
16:24:21.0656 3584 Parport - ok
16:24:21.0703 3584 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
16:24:21.0703 3584 partmgr - ok
16:24:21.0703 3584 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
16:24:21.0703 3584 pci - ok
16:24:21.0766 3584 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:24:21.0766 3584 pciide - ok
16:24:21.0890 3584 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:24:21.0906 3584 pcmcia - ok
16:24:21.0937 3584 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:24:21.0953 3584 PEAUTH - ok
16:24:22.0031 3584 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
16:24:22.0031 3584 PptpMiniport - ok
16:24:22.0046 3584 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:24:22.0046 3584 Processor - ok
16:24:22.0078 3584 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
16:24:22.0078 3584 PSched - ok
16:24:22.0124 3584 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:24:22.0140 3584 ql2300 - ok
16:24:22.0171 3584 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:24:22.0171 3584 ql40xx - ok
16:24:22.0187 3584 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:24:22.0187 3584 QWAVEdrv - ok
16:24:22.0202 3584 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:24:22.0202 3584 RasAcd - ok
16:24:22.0218 3584 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:24:22.0218 3584 Rasl2tp - ok
16:24:22.0218 3584 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
16:24:22.0218 3584 RasPppoe - ok
16:24:22.0234 3584 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
16:24:22.0234 3584 RasSstp - ok
16:24:22.0234 3584 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
16:24:22.0234 3584 rdbss - ok
16:24:22.0249 3584 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:24:22.0249 3584 RDPCDD - ok
16:24:22.0265 3584 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:24:22.0280 3584 rdpdr - ok
16:24:22.0280 3584 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:24:22.0280 3584 RDPENCDD - ok
16:24:22.0312 3584 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
16:24:22.0312 3584 RDPWD - ok
16:24:22.0343 3584 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:24:22.0358 3584 rspndr - ok
16:24:22.0374 3584 RTL8169 (9f248ef4d204ade0b18dd50e26095cd5) C:\Windows\system32\DRIVERS\Rtlh64.sys
16:24:22.0374 3584 RTL8169 - ok
16:24:22.0546 3584 RTL85n64 (9269ef78a780a3161087df1bec117dc8) C:\Windows\system32\DRIVERS\RTL85n64.sys
16:24:22.0561 3584 RTL85n64 - ok
16:24:22.0639 3584 SASDIFSV - ok
16:24:22.0639 3584 SASKUTIL - ok
16:24:22.0670 3584 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:24:22.0702 3584 sbp2port - ok
16:24:22.0733 3584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:24:22.0733 3584 secdrv - ok
16:24:22.0764 3584 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
16:24:22.0764 3584 Serenum - ok
16:24:22.0811 3584 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
16:24:22.0811 3584 Serial - ok
16:24:22.0842 3584 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:24:22.0842 3584 sermouse - ok
16:24:22.0873 3584 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:24:22.0873 3584 sffdisk - ok
16:24:22.0889 3584 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:24:22.0889 3584 sffp_mmc - ok
16:24:22.0904 3584 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:24:22.0904 3584 sffp_sd - ok
16:24:22.0920 3584 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:24:22.0920 3584 sfloppy - ok
16:24:22.0967 3584 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:24:22.0967 3584 SiSRaid2 - ok
16:24:22.0982 3584 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:24:22.0982 3584 SiSRaid4 - ok
16:24:22.0998 3584 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
16:24:22.0998 3584 Smb - ok
16:24:23.0029 3584 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
16:24:23.0029 3584 spldr - ok
16:24:23.0060 3584 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys
16:24:23.0060 3584 srv - ok
16:24:23.0060 3584 srv2 (68dcd148225f40ef1cdf6cfc115cb6fe) C:\Windows\system32\DRIVERS\srv2.sys
16:24:23.0076 3584 srv2 - ok
16:24:23.0076 3584 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
16:24:23.0076 3584 srvnet - ok
16:24:23.0107 3584 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:24:23.0107 3584 swenum - ok
16:24:23.0138 3584 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:24:23.0138 3584 Symc8xx - ok
16:24:23.0154 3584 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:24:23.0154 3584 Sym_hi - ok
16:24:23.0185 3584 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:24:23.0185 3584 Sym_u3 - ok
16:24:23.0201 3584 SysInfo - ok
16:24:23.0248 3584 Tcpip (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\drivers\tcpip.sys
16:24:23.0263 3584 Tcpip - ok
16:24:23.0372 3584 Tcpip6 (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\DRIVERS\tcpip.sys
16:24:23.0388 3584 Tcpip6 - ok
16:24:23.0419 3584 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
16:24:23.0419 3584 tcpipreg - ok
16:24:23.0435 3584 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:24:23.0435 3584 TDPIPE - ok
16:24:23.0450 3584 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:24:23.0450 3584 TDTCP - ok
16:24:23.0466 3584 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
16:24:23.0466 3584 tdx - ok
16:24:23.0482 3584 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
16:24:23.0482 3584 TermDD - ok
16:24:23.0513 3584 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:24:23.0513 3584 tssecsrv - ok
16:24:23.0544 3584 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:24:23.0544 3584 tunmp - ok
16:24:23.0560 3584 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
16:24:23.0560 3584 tunnel - ok
16:24:23.0622 3584 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:24:23.0622 3584 uagp35 - ok
16:24:23.0653 3584 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
16:24:23.0653 3584 udfs - ok
16:24:23.0669 3584 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:24:23.0669 3584 uliagpkx - ok
16:24:23.0684 3584 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:24:23.0684 3584 uliahci - ok
16:24:23.0716 3584 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:24:23.0716 3584 UlSata - ok
16:24:23.0747 3584 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:24:23.0747 3584 ulsata2 - ok
16:24:23.0747 3584 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:24:23.0747 3584 umbus - ok
16:24:23.0809 3584 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:24:23.0809 3584 USBAAPL64 - ok
16:24:23.0856 3584 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
16:24:23.0856 3584 usbaudio - ok
16:24:23.0887 3584 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:24:23.0903 3584 usbccgp - ok
16:24:23.0934 3584 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:24:23.0965 3584 usbcir - ok
16:24:23.0996 3584 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
16:24:23.0996 3584 usbehci - ok
16:24:24.0012 3584 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
16:24:24.0012 3584 usbhub - ok
16:24:24.0059 3584 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
16:24:24.0059 3584 usbohci - ok
16:24:24.0106 3584 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
16:24:24.0106 3584 usbprint - ok
16:24:24.0152 3584 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:24:24.0184 3584 USBSTOR - ok
16:24:24.0215 3584 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:24:24.0215 3584 usbuhci - ok
16:24:24.0246 3584 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:24:24.0246 3584 vga - ok
16:24:24.0262 3584 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:24:24.0262 3584 VgaSave - ok
16:24:24.0293 3584 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:24:24.0293 3584 viaide - ok
16:24:24.0308 3584 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
16:24:24.0308 3584 volmgr - ok
16:24:24.0324 3584 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
16:24:24.0324 3584 volmgrx - ok
16:24:24.0340 3584 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
16:24:24.0340 3584 volsnap - ok
16:24:24.0371 3584 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:24:24.0386 3584 vsmraid - ok
16:24:24.0402 3584 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:24:24.0402 3584 WacomPen - ok
16:24:24.0433 3584 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
16:24:24.0433 3584 Wanarp - ok
16:24:24.0433 3584 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
16:24:24.0433 3584 Wanarpv6 - ok
16:24:24.0464 3584 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:24:24.0464 3584 Wd - ok
16:24:24.0480 3584 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:24:24.0480 3584 Wdf01000 - ok
16:24:24.0511 3584 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
16:24:24.0511 3584 WmiAcpi - ok
16:24:24.0558 3584 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
16:24:24.0558 3584 WpdUsb - ok
16:24:24.0620 3584 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:24:24.0636 3584 ws2ifsl - ok
16:24:24.0683 3584 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:24:24.0683 3584 WUDFRd - ok
16:24:24.0730 3584 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
16:24:24.0745 3584 xnacc - ok
16:24:24.0761 3584 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:24:24.0776 3584 \Device\Harddisk0\DR0 - ok
16:24:24.0776 3584 Boot (0x1200) (a26c0c721860f529e2160f79828e9a0d) \Device\Harddisk0\DR0\Partition0
16:24:24.0776 3584 \Device\Harddisk0\DR0\Partition0 - ok
16:24:24.0776 3584 ============================================================
16:24:24.0776 3584 Scan finished
16:24:24.0776 3584 ============================================================
16:24:24.0776 4884 Detected object count: 0
16:24:24.0776 4884 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 November 2011 - 04:22 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Mertrodome

Mertrodome
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 November 2011 - 07:39 PM

Having trouble running this. Am able to download, run and update definitions with no problem. However, when I click "scan", my computer immediately blue screens and begins "dumping physical memory".

The error is reported as "DRIVER_IRQL_NOT_LESS_OR_EQUAL" and identifies the file ataport.sys as the problem.

I've tried this three times in standard Windows. Would you like me to try in Safe Mode to see if I receive the same error?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 November 2011 - 08:13 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Mertrodome

Mertrodome
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 November 2011 - 08:35 PM

Hi,

fixTDSS ran fine and asked me to reboot. I did so and it reported "***Infected MBR detected" and asked if I wanted to repair. I did so and it printed the message "Repair was successful".

I then rebooted as instructed - however, aswMBR still crashed to blue screen when I clicked on the "scan" button and gave the same error as previously.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 November 2011 - 08:52 PM

are you still getting redirects?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Mertrodome

Mertrodome
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 26 November 2011 - 09:01 PM

I've just checked and it appears I am no longer getting them - thanks a lot! :)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:28 PM

Posted 26 November 2011 - 09:14 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users