Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Adware -gen virus?


  • This topic is locked This topic is locked
169 replies to this topic

#1 bpitch27

bpitch27

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 25 November 2011 - 08:41 AM

I cannot enable real shield in Avast nor turn back on Windows Firewall.

Message from Avast:

Avast!will not be able to protect mail/news (error 10050). Please check that Avast is not blocked by Firewall.

Avast! is not blocked by Windows Firewall since I cannot enable it.

When I ran a boot time scan with Avast, it tried to remove Win32 Adware-gen virus but it stated it failed in the log. Now, the logs from Avast no longer show what happened. When I ran Malware, no threats found.


Please help me to find what is happening...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Bob P at 20:32:31 on 2011-11-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {656EC4B7-072B-4698-B504-2A414C1F0037} - No File
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: rcsd1.org\www
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5FAF2F4D-8251-42B8-AE35-521532373F9A} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob p\application data\mozilla\firefox\profiles\r02mkrai.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=9ek35669dcaut|http://my.yahoo.com/|http://www.google.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\bob p\application data\mozilla\firefox\profiles\r02mkrai.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\bob p\application data\mozilla\firefox\profiles\r02mkrai.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\plugins\npbilleo.dll
FF - plugin: c:\documents and settings\bob p\application data\mozilla\firefox\profiles\r02mkrai.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? ivusb;Initio Driver for USB Default Controller
R? PciCon;PciCon
R? Roxio UPnP Renderer 10;Roxio UPnP Renderer 10
R? Roxio Upnp Server 10;Roxio Upnp Server 10
R? RoxLiveShare10;LiveShare P2P Server 10
R? RoxMediaDB10;RoxMediaDB10
R? RoxWatch10;Roxio Hard Drive Watcher 10
R? Secunia Update Agent;Secunia Update Agent
R? SessionLauncher;SessionLauncher
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-11-16 01:40:52 -------- d-sh--w- C:\found.000
2011-11-11 00:47:29 -------- d-----w- c:\program files\iPod
2011-11-11 00:47:24 -------- d-----w- c:\program files\iTunes
2011-11-11 00:44:05 -------- d-----w- c:\program files\Bonjour
2011-11-10 21:01:43 -------- d-----w- c:\documents and settings\bob p\local settings\application data\Secunia PSI
2011-11-10 21:01:22 -------- d-----w- c:\program files\Secunia
2011-11-10 14:03:41 -------- d-sh--w- c:\documents and settings\bob p\local settings\application data\982bf85b
2011-10-30 02:18:13 -------- d-----w- c:\windows\system32\custom matrices
2011-10-30 02:18:01 -------- d-----w- c:\windows\system32\QuickTime
2011-10-30 02:18:01 -------- d-----w- c:\windows\system32\C2MP
.
==================== Find3M ====================
.
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 13:25:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-22 18:43:08 3578880 ----a-w- c:\windows\system32\ffdshow.ax
2011-09-22 17:08:56 3902976 ----a-w- c:\windows\system32\ffmpeg.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
============= FINISH: 20:34:58.21 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 27 November 2011 - 09:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bpitch27

bpitch27
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 28 November 2011 - 09:37 AM

Thank you for replying and for helping me. You have helped me once before, and I am glad you are back to help me again.

When ComboFix was running, it gave me this message:

You are infected with Rootkit.ZeroAccess. It has inserted itself into the tcp/ip stack. This is a particulary difficult infection...

ComboFix rebooted itself and continued to run. While running, a error message popped up:

pev.3xe-application error: The instruction at 0X003e3aad referenced memory at 0x000000008. The memory could not be "read". Click ok to terminate click cancel to debug.

I ignored the pop up since ComboFix was still running. When ComboFix completed, still unable to start Avast or Windows Firewall:
Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall /Internet Connection Sharing Service? ...(OK)then... Windows cannot start the Windows Firewall /Internet Connection Sharing Service.

Here is the ComboFix log:

ComboFix 11-11-28.02 - Bob P 11/28/2011 9:02.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1613 [GMT -5:00]
Running from: c:\documents and settings\Bob P\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bob P\WINDOWS
c:\windows\$NtUninstallKB24688$
c:\windows\$NtUninstallKB24688$\1030924119
c:\windows\$NtUninstallKB40847$
c:\windows\$NtUninstallKB40847$\2553018459\@
c:\windows\$NtUninstallKB40847$\2553018459\L\iahonoel
c:\windows\$NtUninstallKB40847$\2553018459\loader.tlb
c:\windows\$NtUninstallKB40847$\2553018459\U\@00000001
c:\windows\$NtUninstallKB40847$\2553018459\U\@000000c0
c:\windows\$NtUninstallKB40847$\2553018459\U\@000000cb
c:\windows\$NtUninstallKB40847$\2553018459\U\@000000cf
c:\windows\$NtUninstallKB40847$\2553018459\U\@80000000
c:\windows\$NtUninstallKB40847$\2553018459\U\@800000c0
c:\windows\$NtUninstallKB40847$\2553018459\U\@800000cb
c:\windows\$NtUninstallKB40847$\2553018459\U\@800000cf
c:\windows\$NtUninstallKB40847$\3998712158
c:\windows\bwUnin-7.2.0.157-8876480SL.exe
c:\windows\CSC\d6
c:\windows\system32\
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.ipsec
-------\Service_.redbook
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-16 01:40 . 2011-11-16 01:40 -------- d-----w- C:\found.000
2011-11-11 00:47 . 2011-11-11 00:47 -------- d-----w- c:\program files\iPod
2011-11-11 00:47 . 2011-11-11 00:48 -------- d-----w- c:\program files\iTunes
2011-11-11 00:44 . 2011-11-11 00:44 -------- d-----w- c:\program files\Bonjour
2011-11-10 21:01 . 2011-11-10 21:01 -------- d-----w- c:\documents and settings\Bob P\Local Settings\Application Data\Secunia PSI
2011-11-10 21:01 . 2011-11-10 21:01 -------- d-----w- c:\program files\Secunia
2011-11-10 14:03 . 2011-11-23 07:46 -------- d-sh--w- c:\documents and settings\Bob P\Local Settings\Application Data\982bf85b
2011-10-30 02:18 . 2011-10-30 02:18 -------- d-----w- c:\windows\system32\custom matrices
2011-10-30 02:18 . 2011-11-11 16:13 -------- d-----w- c:\windows\system32\C2MP
2011-10-30 02:18 . 2011-10-30 02:18 -------- d-----w- c:\windows\system32\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 13:25 . 2011-07-06 03:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-11 23:12 692736 ------w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-11 23:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-11 23:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-22 18:43 . 2011-09-22 18:43 3578880 ----a-w- c:\windows\system32\ffdshow.ax
2011-09-22 17:08 . 2011-09-22 17:08 3902976 ----a-w- c:\windows\system32\ffmpeg.dll
2011-09-06 20:45 . 2010-10-24 22:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-10-24 22:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-03-22 02:35 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-10-24 22:45 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-10-24 22:45 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-10-24 22:45 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-10-24 22:45 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-10-24 22:45 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-10-24 22:45 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-10-24 22:45 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2004-08-11 23:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-10-24 16:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-11-05 06:53 . 2011-07-06 03:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billeo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billeo.lnk
backup=c:\windows\pss\Billeo.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bob P^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Bob P\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 22:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2005-11-16 19:38 61440 -c--a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 -c--a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2004-03-11 21:50 28672 ------w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 16:43 57344 -c--a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-11-15 14:23 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-08-20 19:57 221184 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 16:24 49152 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-03-08 19:42 176128 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-08-20 21:15 483328 ------w- c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-20 21:23 49152 -c--a-r- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 09:40 86960 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 22:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 22:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 -c--a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-11-16 19:57 26112 -c--a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 01:29 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-04-29 01:25 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 -c----w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Speed Disk service"=2 (0x2)
"SessionLauncher"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\malwareplease.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\malware.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/21/2011 9:35 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/24/2010 5:45 PM 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2010 5:45 PM 20568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe" --> c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [?]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" --> c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/24/2010 4:30 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 SessionLauncher;SessionLauncher;c:\docume~1\BOBP~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\BOBP~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-24 c:\windows\Tasks\Differentials.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
.
2009-04-14 c:\windows\Tasks\Full Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]
.
2011-11-19 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-7002003-08-20 19:57Y39A2220HK5.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 19:57]
.
2011-11-25 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2005-11-19 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: rcsd1.org\www
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Bob P\Application Data\Mozilla\Firefox\Profiles\r02mkrai.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=9ek35669dcaut|http://my.yahoo.com/|http://www.google.com/
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-33071436.sys
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 09:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-28 09:29:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 14:29
.
Pre-Run: 143,072,280,576 bytes free
Post-Run: 143,103,606,784 bytes free
.
- - End Of File - - 0CBFA836BF298E86099AD31DF1CC3D8F

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 28 November 2011 - 11:26 AM

Hello

Please do the following:

Step One
Please download Junction.zip and save it to your desktop.
Unzip it and extract junction.exe to your C:\ drive.

Step Two
Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

@ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
Save it to your desktop as File name: junc.bat
Save as type: All Files

Step Three
Double click junc.bat to run it. A log will be presented. Copy and paste or attach the content of the log in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bpitch27

bpitch27
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 28 November 2011 - 10:21 PM

Gringo:

junc bat log:


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612: Access is denied.


..

...

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine: Access is denied.


..

...

...

...


Failed to open \\?\c:\\Documents and Settings\Bob P\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Bob P\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


...

...

...

...

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.\\?\c:\\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0
Substitute Name: C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0

\\?\c:\\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733
Substitute Name: C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.22__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.22__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641

\\?\c:\\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3405.36910__90ba9c70f846762e: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3405.36910_x-ww_a8b70be
Substitute Name: C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3405.36910_x-ww_a8b70be

\\?\c:\\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8
Substitute Name: C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8



...

...

...

...

.\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

..

...

...

...

...

...

...

.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 29 November 2011 - 08:49 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bpitch27

bpitch27
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 29 November 2011 - 09:17 AM

Thank you Gringo!

TDSS report:

09:07:27.0484 2764 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
09:07:27.0531 2764 ============================================================
09:07:27.0531 2764 Current date / time: 2011/11/29 09:07:27.0531
09:07:27.0531 2764 SystemInfo:
09:07:27.0531 2764
09:07:27.0531 2764 OS Version: 5.1.2600 ServicePack: 3.0
09:07:27.0531 2764 Product type: Workstation
09:07:27.0531 2764 ComputerName: BOB
09:07:27.0546 2764 UserName: Bob P
09:07:27.0546 2764 Windows directory: C:\WINDOWS
09:07:27.0546 2764 System windows directory: C:\WINDOWS
09:07:27.0546 2764 Processor architecture: Intel x86
09:07:27.0546 2764 Number of processors: 2
09:07:27.0546 2764 Page size: 0x1000
09:07:27.0546 2764 Boot type: Normal boot
09:07:27.0546 2764 ============================================================
09:07:28.0140 2764 Initialize success
09:08:02.0234 2816 ============================================================
09:08:02.0234 2816 Scan started
09:08:02.0234 2816 Mode: Manual;
09:08:02.0234 2816 ============================================================
09:08:02.0390 2816 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
09:08:02.0406 2816 61883 - ok
09:08:02.0468 2816 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
09:08:02.0468 2816 Aavmker4 - ok
09:08:02.0500 2816 Abiosdsk - ok
09:08:02.0531 2816 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:08:02.0546 2816 abp480n5 - ok
09:08:02.0640 2816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:08:02.0640 2816 ACPI - ok
09:08:02.0671 2816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:08:02.0671 2816 ACPIEC - ok
09:08:02.0703 2816 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:08:02.0718 2816 adpu160m - ok
09:08:02.0750 2816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:08:02.0750 2816 aec - ok
09:08:02.0796 2816 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:08:02.0796 2816 AegisP - ok
09:08:02.0828 2816 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:08:02.0828 2816 AFD - ok
09:08:02.0875 2816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:08:02.0875 2816 agp440 - ok
09:08:02.0890 2816 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:08:02.0906 2816 agpCPQ - ok
09:08:02.0906 2816 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:08:02.0906 2816 Aha154x - ok
09:08:02.0937 2816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:08:02.0937 2816 aic78u2 - ok
09:08:02.0953 2816 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:08:02.0953 2816 aic78xx - ok
09:08:02.0968 2816 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:08:02.0968 2816 AliIde - ok
09:08:03.0000 2816 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:08:03.0015 2816 alim1541 - ok
09:08:03.0031 2816 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:08:03.0046 2816 amdagp - ok
09:08:03.0062 2816 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:08:03.0078 2816 amsint - ok
09:08:03.0093 2816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:08:03.0093 2816 Arp1394 - ok
09:08:03.0140 2816 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:08:03.0140 2816 asc - ok
09:08:03.0171 2816 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:08:03.0187 2816 asc3350p - ok
09:08:03.0218 2816 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:08:03.0218 2816 asc3550 - ok
09:08:03.0281 2816 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
09:08:03.0281 2816 ASCTRM - ok
09:08:03.0343 2816 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:08:03.0343 2816 aswFsBlk - ok
09:08:03.0375 2816 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
09:08:03.0375 2816 aswMon2 - ok
09:08:03.0390 2816 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
09:08:03.0390 2816 aswRdr - ok
09:08:03.0437 2816 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
09:08:03.0453 2816 aswSnx - ok
09:08:03.0515 2816 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
09:08:03.0531 2816 aswSP - ok
09:08:03.0640 2816 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
09:08:03.0656 2816 aswTdi - ok
09:08:03.0687 2816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:08:03.0687 2816 AsyncMac - ok
09:08:03.0750 2816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:08:03.0750 2816 atapi - ok
09:08:03.0781 2816 Atdisk - ok
09:08:03.0937 2816 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:08:03.0968 2816 ati2mtag - ok
09:08:04.0015 2816 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:08:04.0015 2816 AtiHdmiService - ok
09:08:04.0031 2816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:08:04.0031 2816 Atmarpc - ok
09:08:04.0078 2816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:08:04.0078 2816 audstub - ok
09:08:04.0109 2816 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
09:08:04.0109 2816 Avc - ok
09:08:04.0125 2816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:08:04.0125 2816 Beep - ok
09:08:04.0140 2816 BVRPMPR5 - ok
09:08:04.0140 2816 bvrp_pci - ok
09:08:04.0156 2816 catchme - ok
09:08:04.0187 2816 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:08:04.0187 2816 cbidf - ok
09:08:04.0203 2816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:08:04.0203 2816 cbidf2k - ok
09:08:04.0218 2816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:08:04.0218 2816 CCDECODE - ok
09:08:04.0250 2816 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:08:04.0250 2816 cd20xrnt - ok
09:08:04.0250 2816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:08:04.0250 2816 Cdaudio - ok
09:08:04.0281 2816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:08:04.0296 2816 Cdfs - ok
09:08:04.0296 2816 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
09:08:04.0296 2816 cdrbsvsd - ok
09:08:04.0328 2816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:08:04.0328 2816 Cdrom - ok
09:08:04.0328 2816 Changer - ok
09:08:04.0359 2816 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:08:04.0359 2816 CmdIde - ok
09:08:04.0390 2816 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:08:04.0390 2816 Cpqarray - ok
09:08:04.0437 2816 ctac32k (1e41b8a10b9d78240c8bfacc269db155) C:\WINDOWS\system32\drivers\ctac32k.sys
09:08:04.0453 2816 ctac32k - ok
09:08:04.0515 2816 ctaud2k (9bf1aa0eac9c7d33ce4d8a152e151f60) C:\WINDOWS\system32\drivers\ctaud2k.sys
09:08:04.0531 2816 ctaud2k - ok
09:08:04.0609 2816 ctdvda2k (29f78d59b053cb8778f8426e4e24099c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
09:08:04.0625 2816 ctdvda2k - ok
09:08:04.0656 2816 ctprxy2k (a6f4c70da545230d001915d8eb08d881) C:\WINDOWS\system32\drivers\ctprxy2k.sys
09:08:04.0656 2816 ctprxy2k - ok
09:08:04.0671 2816 ctsfm2k (b39e55c1c5e28e016ee3848f2e34c205) C:\WINDOWS\system32\drivers\ctsfm2k.sys
09:08:04.0671 2816 ctsfm2k - ok
09:08:04.0734 2816 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:08:04.0750 2816 dac2w2k - ok
09:08:04.0812 2816 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:08:04.0812 2816 dac960nt - ok
09:08:04.0890 2816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:08:04.0890 2816 Disk - ok
09:08:04.0953 2816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:08:04.0984 2816 dmboot - ok
09:08:05.0015 2816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:08:05.0015 2816 dmio - ok
09:08:05.0031 2816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:08:05.0031 2816 dmload - ok
09:08:05.0078 2816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:08:05.0078 2816 DMusic - ok
09:08:05.0125 2816 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:08:05.0125 2816 dpti2o - ok
09:08:05.0140 2816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:08:05.0140 2816 drmkaud - ok
09:08:05.0171 2816 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:08:05.0187 2816 E100B - ok
09:08:05.0218 2816 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:08:05.0218 2816 e1express - ok
09:08:05.0265 2816 emupia (5d70013d7e6602ec0a482f2985558c2d) C:\WINDOWS\system32\drivers\emupia2k.sys
09:08:05.0265 2816 emupia - ok
09:08:05.0312 2816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:08:05.0312 2816 Fastfat - ok
09:08:05.0343 2816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:08:05.0343 2816 Fdc - ok
09:08:05.0375 2816 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
09:08:05.0375 2816 FilterService - ok
09:08:05.0421 2816 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS
09:08:05.0437 2816 FINEPIX_PCC - ok
09:08:05.0453 2816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:08:05.0453 2816 Fips - ok
09:08:05.0562 2816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:08:05.0578 2816 Flpydisk - ok
09:08:05.0687 2816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:08:05.0687 2816 FltMgr - ok
09:08:05.0718 2816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:08:05.0718 2816 Fs_Rec - ok
09:08:05.0796 2816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:08:05.0796 2816 Ftdisk - ok
09:08:05.0828 2816 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:08:05.0828 2816 gameenum - ok
09:08:05.0875 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:08:05.0875 2816 GEARAspiWDM - ok
09:08:05.0906 2816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:08:05.0906 2816 Gpc - ok
09:08:05.0953 2816 ha10kx2k (7ec50a84b89dae3458cb0308739b80de) C:\WINDOWS\system32\drivers\ha10kx2k.sys
09:08:06.0000 2816 ha10kx2k - ok
09:08:06.0015 2816 hap16v2k (02a6bad64177c56d8b86b198b38db361) C:\WINDOWS\system32\drivers\hap16v2k.sys
09:08:06.0015 2816 hap16v2k - ok
09:08:06.0062 2816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:08:06.0062 2816 HDAudBus - ok
09:08:06.0078 2816 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:08:06.0078 2816 HidUsb - ok
09:08:06.0109 2816 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:08:06.0125 2816 hpn - ok
09:08:06.0156 2816 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:08:06.0156 2816 HPZid412 - ok
09:08:06.0171 2816 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:08:06.0187 2816 HPZipr12 - ok
09:08:06.0203 2816 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:08:06.0203 2816 HPZius12 - ok
09:08:06.0234 2816 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:08:06.0234 2816 HSFHWBS2 - ok
09:08:06.0281 2816 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:08:06.0312 2816 HSF_DP - ok
09:08:06.0359 2816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:08:06.0359 2816 HTTP - ok
09:08:06.0437 2816 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:08:06.0437 2816 i2omgmt - ok
09:08:06.0531 2816 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:08:06.0531 2816 i2omp - ok
09:08:06.0640 2816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:08:06.0640 2816 i8042prt - ok
09:08:06.0671 2816 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
09:08:06.0671 2816 iastor - ok
09:08:06.0703 2816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:08:06.0703 2816 Imapi - ok
09:08:06.0750 2816 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:08:06.0750 2816 ini910u - ok
09:08:06.0796 2816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:08:06.0812 2816 IntelIde - ok
09:08:06.0843 2816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:08:06.0843 2816 intelppm - ok
09:08:06.0875 2816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:08:06.0875 2816 Ip6Fw - ok
09:08:06.0890 2816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:08:06.0906 2816 IpFilterDriver - ok
09:08:06.0937 2816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:08:06.0937 2816 IpInIp - ok
09:08:06.0968 2816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:08:06.0968 2816 IpNat - ok
09:08:07.0000 2816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:08:07.0000 2816 IRENUM - ok
09:08:07.0031 2816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:08:07.0031 2816 isapnp - ok
09:08:07.0046 2816 ivusb - ok
09:08:07.0078 2816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:08:07.0078 2816 Kbdclass - ok
09:08:07.0093 2816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:08:07.0093 2816 kbdhid - ok
09:08:07.0140 2816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:08:07.0140 2816 kmixer - ok
09:08:07.0156 2816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:08:07.0156 2816 KSecDD - ok
09:08:07.0171 2816 lbrtfdc - ok
09:08:07.0218 2816 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
09:08:07.0218 2816 LVPr2Mon - ok
09:08:07.0265 2816 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
09:08:07.0265 2816 LVRS - ok
09:08:07.0343 2816 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
09:08:07.0343 2816 LVUSBSta - ok
09:08:07.0531 2816 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:08:07.0578 2816 LVUVC - ok
09:08:07.0593 2816 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:08:07.0593 2816 mdmxsdk - ok
09:08:07.0640 2816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:08:07.0640 2816 mnmdd - ok
09:08:07.0671 2816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:08:07.0671 2816 Modem - ok
09:08:07.0687 2816 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:08:07.0687 2816 MODEMCSA - ok
09:08:07.0718 2816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:08:07.0718 2816 Mouclass - ok
09:08:07.0750 2816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:08:07.0750 2816 mouhid - ok
09:08:07.0765 2816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:08:07.0765 2816 MountMgr - ok
09:08:07.0796 2816 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:08:07.0796 2816 mraid35x - ok
09:08:07.0812 2816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:08:07.0828 2816 MRxDAV - ok
09:08:07.0843 2816 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:08:07.0859 2816 MRxSmb - ok
09:08:07.0906 2816 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
09:08:07.0921 2816 MSDV - ok
09:08:07.0968 2816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:08:07.0968 2816 Msfs - ok
09:08:08.0000 2816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:08:08.0000 2816 MSKSSRV - ok
09:08:08.0015 2816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:08:08.0015 2816 MSPCLOCK - ok
09:08:08.0031 2816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:08:08.0031 2816 MSPQM - ok
09:08:08.0062 2816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:08:08.0062 2816 mssmbios - ok
09:08:08.0078 2816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:08:08.0078 2816 MSTEE - ok
09:08:08.0109 2816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:08:08.0140 2816 Mup - ok
09:08:08.0171 2816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:08:08.0171 2816 NABTSFEC - ok
09:08:08.0218 2816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:08:08.0218 2816 NDIS - ok
09:08:08.0250 2816 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:08:08.0265 2816 NdisIP - ok
09:08:08.0281 2816 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:08:08.0296 2816 NdisTapi - ok
09:08:08.0328 2816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:08:08.0328 2816 Ndisuio - ok
09:08:08.0343 2816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:08:08.0343 2816 NdisWan - ok
09:08:08.0390 2816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:08:08.0390 2816 NDProxy - ok
09:08:08.0421 2816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:08:08.0421 2816 NetBIOS - ok
09:08:08.0453 2816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:08:08.0453 2816 NetBT - ok
09:08:08.0515 2816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:08:08.0515 2816 NIC1394 - ok
09:08:08.0562 2816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:08:08.0562 2816 Npfs - ok
09:08:08.0593 2816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:08:08.0593 2816 Ntfs - ok
09:08:08.0625 2816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:08:08.0625 2816 Null - ok
09:08:08.0734 2816 nv (0a83977b8909fda12e45112575a59ba7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:08:08.0796 2816 nv - ok
09:08:08.0812 2816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:08:08.0812 2816 NwlnkFlt - ok
09:08:08.0828 2816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:08:08.0828 2816 NwlnkFwd - ok
09:08:08.0859 2816 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:08:08.0859 2816 ohci1394 - ok
09:08:08.0906 2816 ossrv (c52548b920482db03af8b49babd9fc48) C:\WINDOWS\system32\drivers\ctoss2k.sys
09:08:08.0906 2816 ossrv - ok
09:08:08.0953 2816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:08:08.0953 2816 Parport - ok
09:08:08.0968 2816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:08:08.0968 2816 PartMgr - ok
09:08:08.0968 2816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:08:08.0984 2816 ParVdm - ok
09:08:08.0984 2816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:08:09.0000 2816 PCI - ok
09:08:09.0000 2816 PciCon - ok
09:08:09.0015 2816 PCIDump - ok
09:08:09.0031 2816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:08:09.0031 2816 PCIIde - ok
09:08:09.0062 2816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:08:09.0062 2816 Pcmcia - ok
09:08:09.0078 2816 PDCOMP - ok
09:08:09.0093 2816 PDFRAME - ok
09:08:09.0093 2816 PDRELI - ok
09:08:09.0109 2816 PDRFRAME - ok
09:08:09.0156 2816 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
09:08:09.0156 2816 pepifilter - ok
09:08:09.0187 2816 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:08:09.0203 2816 perc2 - ok
09:08:09.0234 2816 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:08:09.0234 2816 perc2hib - ok
09:08:09.0281 2816 PfModNT (fefc8ebc170615068c3305dbee2667dd) C:\WINDOWS\system32\drivers\PfModNT.sys
09:08:09.0281 2816 PfModNT - ok
09:08:09.0343 2816 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
09:08:09.0375 2816 PID_08A0 - ok
09:08:09.0406 2816 PID_PEPI - ok
09:08:09.0468 2816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:08:09.0468 2816 PptpMiniport - ok
09:08:09.0593 2816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:08:09.0593 2816 PSched - ok
09:08:09.0671 2816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:08:09.0671 2816 Ptilink - ok
09:08:09.0703 2816 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:08:09.0703 2816 PxHelp20 - ok
09:08:09.0734 2816 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:08:09.0734 2816 ql1080 - ok
09:08:09.0812 2816 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:08:09.0812 2816 Ql10wnt - ok
09:08:09.0859 2816 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:08:09.0859 2816 ql12160 - ok
09:08:09.0906 2816 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:08:09.0906 2816 ql1240 - ok
09:08:09.0968 2816 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:08:09.0968 2816 ql1280 - ok
09:08:10.0031 2816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:08:10.0031 2816 RasAcd - ok
09:08:10.0078 2816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:08:10.0078 2816 Rasl2tp - ok
09:08:10.0109 2816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:08:10.0109 2816 RasPppoe - ok
09:08:10.0125 2816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:08:10.0125 2816 Raspti - ok
09:08:10.0140 2816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:08:10.0156 2816 Rdbss - ok
09:08:10.0156 2816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:08:10.0171 2816 RDPCDD - ok
09:08:10.0203 2816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:08:10.0203 2816 rdpdr - ok
09:08:10.0250 2816 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:08:10.0265 2816 RDPWD - ok
09:08:10.0359 2816 RT61 (ef64988c8e699e2481d1fd45bf472ef0) C:\WINDOWS\system32\DRIVERS\RT61.sys
09:08:10.0375 2816 RT61 - ok
09:08:10.0406 2816 RxFilter (80cae340f37b52d1cb75ff74e6a087cd) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
09:08:10.0406 2816 RxFilter - ok
09:08:10.0546 2816 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:08:10.0546 2816 SASDIFSV - ok
09:08:10.0562 2816 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:08:10.0562 2816 SASKUTIL - ok
09:08:10.0687 2816 SbcpHid (aaf28ab6effd8990bfe20398e92f101e) C:\WINDOWS\system32\Drivers\SbcpHid.sys
09:08:10.0687 2816 SbcpHid - ok
09:08:10.0718 2816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:08:10.0718 2816 Secdrv - ok
09:08:10.0750 2816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:08:10.0750 2816 serenum - ok
09:08:10.0796 2816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:08:10.0796 2816 Serial - ok
09:08:10.0828 2816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:08:10.0828 2816 Sfloppy - ok
09:08:10.0843 2816 Simbad - ok
09:08:10.0859 2816 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:08:10.0859 2816 sisagp - ok
09:08:10.0890 2816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:08:10.0890 2816 SLIP - ok
09:08:10.0937 2816 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
09:08:10.0937 2816 sonypvs1 - ok
09:08:10.0968 2816 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:08:10.0968 2816 Sparrow - ok
09:08:11.0000 2816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:08:11.0000 2816 splitter - ok
09:08:11.0015 2816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:08:11.0015 2816 sr - ok
09:08:11.0062 2816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:08:11.0078 2816 Srv - ok
09:08:11.0125 2816 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:08:11.0125 2816 StillCam - ok
09:08:11.0156 2816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:08:11.0156 2816 streamip - ok
09:08:11.0187 2816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:08:11.0203 2816 swenum - ok
09:08:11.0234 2816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:08:11.0234 2816 swmidi - ok
09:08:11.0265 2816 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:08:11.0265 2816 symc810 - ok
09:08:11.0296 2816 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:08:11.0312 2816 symc8xx - ok
09:08:11.0312 2816 SymIM - ok
09:08:11.0328 2816 SymIMMP - ok
09:08:11.0375 2816 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
09:08:11.0375 2816 symlcbrd - ok
09:08:11.0390 2816 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:08:11.0390 2816 sym_hi - ok
09:08:11.0421 2816 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:08:11.0421 2816 sym_u3 - ok
09:08:11.0468 2816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:08:11.0484 2816 sysaudio - ok
09:08:11.0609 2816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:08:11.0625 2816 Tcpip - ok
09:08:11.0671 2816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:08:11.0671 2816 TDPIPE - ok
09:08:11.0703 2816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:08:11.0718 2816 TDTCP - ok
09:08:11.0750 2816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:08:11.0750 2816 TermDD - ok
09:08:11.0781 2816 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:08:11.0781 2816 TosIde - ok
09:08:11.0828 2816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:08:11.0828 2816 Udfs - ok
09:08:11.0875 2816 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:08:11.0875 2816 ultra - ok
09:08:11.0921 2816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:08:11.0921 2816 Update - ok
09:08:11.0968 2816 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:08:11.0968 2816 USBAAPL - ok
09:08:12.0015 2816 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:08:12.0015 2816 usbaudio - ok
09:08:12.0046 2816 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
09:08:12.0046 2816 usbbus - ok
09:08:12.0078 2816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:08:12.0078 2816 usbccgp - ok
09:08:12.0125 2816 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
09:08:12.0125 2816 UsbDiag - ok
09:08:12.0156 2816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:08:12.0156 2816 usbehci - ok
09:08:12.0203 2816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:08:12.0203 2816 usbhub - ok
09:08:12.0218 2816 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
09:08:12.0218 2816 USBModem - ok
09:08:12.0250 2816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:08:12.0250 2816 usbprint - ok
09:08:12.0281 2816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:08:12.0281 2816 usbscan - ok
09:08:12.0312 2816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:08:12.0312 2816 USBSTOR - ok
09:08:12.0343 2816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:08:12.0359 2816 usbuhci - ok
09:08:12.0390 2816 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:08:12.0406 2816 usbvideo - ok
09:08:12.0453 2816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:08:12.0453 2816 VgaSave - ok
09:08:12.0484 2816 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:08:12.0484 2816 viaagp - ok
09:08:12.0562 2816 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:08:12.0562 2816 ViaIde - ok
09:08:12.0640 2816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:08:12.0640 2816 VolSnap - ok
09:08:12.0687 2816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:08:12.0687 2816 Wanarp - ok
09:08:12.0703 2816 wanatw - ok
09:08:12.0718 2816 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
09:08:12.0734 2816 WDC_SAM - ok
09:08:12.0734 2816 WDICA - ok
09:08:12.0812 2816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:08:12.0812 2816 wdmaud - ok
09:08:12.0875 2816 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:08:12.0890 2816 winachsf - ok
09:08:12.0968 2816 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:08:12.0968 2816 WpdUsb - ok
09:08:13.0000 2816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:08:13.0015 2816 WSTCODEC - ok
09:08:13.0078 2816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:08:13.0078 2816 WudfPf - ok
09:08:13.0109 2816 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
09:08:13.0125 2816 WUDFRd - ok
09:08:13.0156 2816 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
09:08:13.0171 2816 \Device\Harddisk0\DR0 - ok
09:08:13.0171 2816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
09:08:13.0187 2816 \Device\Harddisk1\DR4 - ok
09:08:13.0187 2816 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR6
09:08:29.0937 2816 \Device\Harddisk2\DR6 - ok
09:08:29.0937 2816 Boot (0x1200) (7d08e961b8b699b0b0b1464af86fd110) \Device\Harddisk0\DR0\Partition0
09:08:29.0937 2816 \Device\Harddisk0\DR0\Partition0 - ok
09:08:29.0953 2816 Boot (0x1200) (d9494b52412302b6d824720c6f3a432d) \Device\Harddisk1\DR4\Partition0
09:08:29.0953 2816 \Device\Harddisk1\DR4\Partition0 - ok
09:08:29.0953 2816 Boot (0x1200) (592c48f83a49fc0f3c39633645904461) \Device\Harddisk2\DR6\Partition0
09:08:29.0953 2816 \Device\Harddisk2\DR6\Partition0 - ok
09:08:29.0953 2816 ============================================================
09:08:29.0953 2816 Scan finished
09:08:29.0953 2816 ============================================================
09:08:29.0968 2808 Detected object count: 0
09:08:29.0968 2808 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 29 November 2011 - 09:46 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bpitch27

bpitch27
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 29 November 2011 - 10:01 PM

Gringo,

I want you know how much I appreciate your help!

Here is the aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-29 21:34:10
-----------------------------
21:34:10.984 OS Version: Windows 5.1.2600 Service Pack 3
21:34:10.984 Number of processors: 2 586 0x404
21:34:11.000 ComputerName: BOB UserName:
21:34:12.125 Initialize success
21:34:12.250 AVAST engine defs: 11112200
21:34:20.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:34:20.500 Disk 0 Vendor: Intel___ 1.0. Size: 238416MB BusType: 3
21:34:20.531 Disk 0 MBR read successfully
21:34:20.531 Disk 0 MBR scan
21:34:20.531 Disk 0 unknown MBR code
21:34:20.531 Disk 0 scanning sectors +488263545
21:34:20.593 Disk 0 scanning C:\WINDOWS\system32\drivers
21:34:30.750 Service scanning
21:34:31.812 Modules scanning
21:34:35.750 Disk 0 trace - called modules:
21:34:35.765
21:34:36.359 AVAST engine scan C:\WINDOWS
21:34:43.312 AVAST engine scan C:\WINDOWS\system32
21:36:31.156 AVAST engine scan C:\WINDOWS\system32\drivers
21:36:50.187 AVAST engine scan C:\Documents and Settings\Bob P
21:47:56.750 AVAST engine scan C:\Documents and Settings\All Users
21:52:36.015 Scan finished successfully
21:56:09.281 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:56:09.296 The log file has been saved successfully to "E:\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 30 November 2011 - 08:18 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bpitch27

bpitch27
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 30 November 2011 - 09:42 AM

Seems like a problem. Ran the scan as per your instructions and settings, when the scan finished, no logs appeared. Did a search for them but could not find them. When I minimized OTL to see them on the desktop, some of my desktop shortcut icons look like they have been cut in half.

I had Winpatrol and Avast off during the scan. I turned off Avast so that it would not come on during startup when we first started to fix my computer. Should I try running OTL with Windows in Safe Mode?

Just rebooted computer and WinPatrol has detected a new Internet Explorer add-on: C;\Program Files\Common Files\Adobe\Acrobat\Active\AcrolEHelperShim.dll. I denied its approval. I have not been on Internet since I have started communicating with you but I did not disconnect my network wiring to my router yet. Should I disconnect it?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 30 November 2011 - 09:55 AM

yes try running in safe mode


make sure any antivirus is turned off


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bpitch27

bpitch27
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 30 November 2011 - 10:01 AM

Gringo,

Ran the OTL scan after rebooting in safe mode with networking, and OTL ran fine. Should I be running all scans with the computer started in safe mode?

OTL logfile created on: 11/30/2011 9:48:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob P\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.29% Memory free
3.85 Gb Paging File | 3.77 Gb Available in Paging File | 97.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.80 Gb Total Space | 135.32 Gb Free Space | 59.14% Space Free | Partition Type: NTFS

Computer Name: BOB | User Name: Bob P | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob P\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- File not found
SRV - (Secunia Update Agent) -- File not found
SRV - (RoxWatch10) -- File not found
SRV - (RoxMediaDB10) -- File not found
SRV - (RoxLiveShare10) -- File not found
SRV - (Roxio Upnp Server 10) -- File not found
SRV - (Roxio UPnP Renderer 10) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology, Corp.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (cdrbsvsd) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys (B.H.A Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (FINEPIX_PCC) -- C:\WINDOWS\system32\drivers\V4CB011D.SYS (FUJI PHOTO FILM CO.,LTD.)
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/10/14 20:06:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 12:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 19:50:37 | 000,000,000 | ---D | M]

[2009/04/07 09:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob P\Application Data\Mozilla\Extensions
[2011/11/11 11:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob P\Application Data\Mozilla\Firefox\Profiles\r02mkrai.default\extensions
[2011/09/28 15:50:10 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Bob P\Application Data\Mozilla\Firefox\Profiles\r02mkrai.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 19:44:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob P\Application Data\Mozilla\Firefox\Profiles\r02mkrai.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 11:59:04 | 000,000,000 | ---D | M] (Billeo) -- C:\Documents and Settings\Bob P\Application Data\Mozilla\Firefox\Profiles\r02mkrai.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2011/07/29 07:24:45 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Bob P\Application Data\Mozilla\Firefox\Profiles\r02mkrai.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/11 12:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/06 08:15:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/05 22:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/30 12:50:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/28 09:24:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - No CLSID value found.
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found.
O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..Trusted Domains: rcsd1.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FAF2F4D-8251-42B8-AE35-521532373F9A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bob P\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob P\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 09:19:55 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2011/11/30 08:44:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob P\Desktop\OTL.exe
[2011/11/29 21:33:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bob P\Desktop\aswMBR.exe
[2011/11/29 09:07:01 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bob P\Desktop\tdsskiller.exe
[2011/11/28 09:56:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob P\Recent
[2011/11/28 09:56:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/28 09:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/28 08:46:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/28 08:46:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/28 08:46:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/28 08:46:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/28 08:46:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 08:46:03 | 004,310,219 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob P\Desktop\ComboFix.exe
[2011/11/24 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob P\Desktop\gmer
[2011/11/24 20:23:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob P\Desktop\dds.scr
[2011/11/23 09:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob P\My Documents\txt modifications 11-22-11
[2011/11/23 09:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob P\My Documents\New Folder (2)
[2011/11/23 09:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob P\My Documents\New Folder
[2011/11/19 10:31:09 | 000,606,528 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Bob P\Desktop\musicmanagerinstaller.exe
[2011/11/15 20:40:52 | 000,000,000 | ---D | C] -- C:\found.000
[2011/11/10 19:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/10 19:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/10 19:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/10 19:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/10 19:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/10 19:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/10 16:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob P\Local Settings\Application Data\Secunia PSI
[2011/11/10 16:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/11/10 10:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/11/10 09:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/10 09:03:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bob P\Local Settings\Application Data\982bf85b
[2005/11/16 14:53:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2005/11/16 14:53:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/11/30 09:47:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/30 09:45:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/30 09:45:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/11/30 09:44:26 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2011/11/30 09:44:26 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2011/11/30 09:44:26 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2011/11/30 09:44:26 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000004-00001102-00000004-20061102}.rfx
[2011/11/30 09:44:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/11/30 09:44:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/11/30 09:44:26 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2011/11/30 09:44:26 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2011/11/30 09:12:20 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/11/30 09:12:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/11/30 08:48:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2011/11/30 08:39:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob P\Desktop\OTL.exe
[2011/11/29 20:51:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bob P\Desktop\aswMBR.exe
[2011/11/29 09:00:02 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Bob P\Desktop\tdsskiller.exe
[2011/11/28 21:01:40 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Bob P\Desktop\Junction.zip
[2011/11/28 09:24:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/28 08:43:58 | 004,310,219 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob P\Desktop\ComboFix.exe
[2011/11/24 20:24:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bob P\defogger_reenable
[2011/11/24 20:14:20 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Bob P\Desktop\gmer.zip
[2011/11/24 20:11:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob P\Desktop\dds.scr
[2011/11/24 20:08:44 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Bob P\Desktop\Defogger.exe
[2011/11/21 10:02:00 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Bob P\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2003.lnk
[2011/11/19 16:49:07 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7700#MY39A2220HK5.job
[2011/11/19 10:31:09 | 000,606,528 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bob P\Desktop\musicmanagerinstaller.exe
[2011/11/18 23:18:16 | 000,006,067 | ---- | M] () -- C:\Documents and Settings\Bob P\My Documents\labeu.jpg
[2011/11/13 08:59:38 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Bob P\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/11/11 12:28:19 | 001,053,309 | ---- | M] () -- C:\Documents and Settings\Bob P\My Documents\gjgny-energy-audit-app.pdf
[2011/11/11 12:19:16 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Bob P\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/11 12:19:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/10 10:13:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/06 11:52:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/06 08:57:12 | 000,485,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 08:57:12 | 000,081,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 13:15:14 | 004,886,875 | ---- | M] () -- C:\Documents and Settings\Bob P\My Documents\La Casa Catering Menu.pdf

========== Files Created - No Company Name ==========

[2011/11/28 22:11:44 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Bob P\Desktop\Junction.zip
[2011/11/28 08:46:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/28 08:46:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/28 08:46:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/28 08:46:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/28 08:46:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/24 20:24:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob P\defogger_reenable
[2011/11/24 20:23:02 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Bob P\Desktop\gmer.zip
[2011/11/24 20:23:02 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Bob P\Desktop\Defogger.exe
[2011/11/18 23:18:15 | 000,006,067 | ---- | C] () -- C:\Documents and Settings\Bob P\My Documents\labeu.jpg
[2011/11/11 12:28:19 | 001,053,309 | ---- | C] () -- C:\Documents and Settings\Bob P\My Documents\gjgny-energy-audit-app.pdf
[2011/11/10 10:13:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/04 13:15:13 | 004,886,875 | ---- | C] () -- C:\Documents and Settings\Bob P\My Documents\La Casa Catering Menu.pdf
[2011/09/28 18:26:11 | 000,774,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2491459274-366269988-1872023526-1005-0.dat
[2011/09/28 18:26:10 | 000,202,058 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/22 12:08:56 | 003,902,976 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/08/22 14:07:48 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/22 14:07:02 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/08/22 14:07:00 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/08/22 14:06:30 | 001,524,224 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/08/22 14:06:30 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/08/22 14:06:30 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/08/22 14:06:28 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/08/22 14:06:28 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/08/22 14:06:26 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/08/22 14:06:26 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/08/19 10:41:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/08/19 10:38:21 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/02/24 08:44:50 | 000,003,724 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/10/24 17:14:32 | 000,360,832 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/24 11:34:26 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/08/03 14:11:55 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/08/03 14:11:55 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/07/27 03:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 03:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 03:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/03/21 12:39:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob P\Local Settings\Application Data\prvlcl.dat
[2010/01/01 12:23:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/01 12:11:08 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/01 12:08:17 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/26 16:20:45 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\Bob P\Application Data\mainhst.zgh
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 16:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/06 17:07:47 | 000,010,283 | ---- | C] () -- C:\Documents and Settings\Bob P\Application Data\Comma Separated Values (Windows).CAL
[2009/04/28 20:42:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/04/28 20:42:28 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/13 19:18:02 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\fefa_s.dll
[2009/04/07 12:31:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/01 14:59:00 | 000,188,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/08/22 18:24:03 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2008/02/14 21:48:36 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Bob P\Application Data\DMX.bmk
[2008/02/05 16:32:12 | 000,040,052 | ---- | C] () -- C:\Documents and Settings\Bob P\Local Settings\Application Data\rx_audio.Cache
[2008/02/05 16:28:15 | 000,001,368 | ---- | C] () -- C:\Documents and Settings\Bob P\Local Settings\Application Data\rx_image.Cache
[2007/11/07 22:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/09/21 11:42:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/09/21 11:24:12 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2007/09/18 10:36:04 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a0.dll
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/29 14:20:20 | 000,042,312 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/12/10 10:03:35 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Bob P.ini
[2006/07/28 10:37:13 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2006/03/03 23:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[2006/03/03 17:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/03/03 17:30:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/03/03 17:26:57 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/03/03 17:26:57 | 000,000,410 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2006/03/02 16:43:28 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/12/22 18:55:24 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Bob P\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/23 09:53:40 | 000,003,350 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/23 09:53:40 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\8030C066F3.sys
[2005/11/20 15:44:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/20 13:40:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/19 16:43:49 | 000,006,371 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2005/11/19 16:40:28 | 000,018,283 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2005/11/19 16:40:28 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2005/11/19 16:14:10 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Bob P\Local Settings\Application Data\fusioncache.dat
[2005/11/19 16:04:09 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2005/11/19 16:03:47 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/11/16 15:11:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/16 15:08:09 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/11/16 15:06:36 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2005/11/16 14:59:24 | 000,005,189 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/16 14:57:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/16 14:53:55 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2005/11/16 14:53:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/11/16 14:53:53 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/11/16 14:53:40 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2005/11/16 14:53:40 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
[2005/11/16 14:53:33 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/11/16 14:53:33 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/11/16 14:53:33 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/11/16 14:53:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/11/16 14:53:32 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/11/16 14:53:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/11/16 14:53:32 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/11/16 14:53:12 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/11/16 14:31:32 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/11/16 14:31:32 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/11/16 14:31:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/11/16 14:30:44 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,485,962 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,081,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/05/13 08:59:03 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Unicode (All) ==========
[2008/08/22 18:29:49 | 000,000,152 | ---- | M] ()(C:\WINDOWS\System32\?????????????????????4???????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥停潥汰健屃敐灯敬䍐䤠瑮牥敮⁴敓畣楲祴倠捡屫慓慮䍜湯楦屧噘敩⹷潣普杩
[2008/08/22 18:29:49 | 000,000,152 | ---- | C] ()(C:\WINDOWS\System32\?????????????????????4???????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥停潥汰健屃敐灯敬䍐䤠瑮牥敮⁴敓畣楲祴倠捡屫慓慮䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\stones.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\Need_New_Glasses_.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\In Boulder.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\4cupbanners.jpg:Roxio EMC Stream

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:47 PM

Posted 30 November 2011 - 10:20 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {656EC4B7-072B-4698-B504-2A414C1F0037} - No CLSID value found.
    O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found.
    O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-2491459274-366269988-1872023526-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\stones.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\Need_New_Glasses_.wmv:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\In Boulder.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Bob P\My Documents\4cupbanners.jpg:Roxio EMC    
    [2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2009/04/13 19:18:02 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\fefa_s.dll
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bpitch27

bpitch27
  • Topic Starter

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 30 November 2011 - 09:45 PM

OTL ran fix while in safe mode. Allowed computer to reboot in normal mode and log was there. still cannot enable Firewall or Avast. WinPatrol detected C:\Window\System32\drivers\etc\hosts and I denied it permission to run. I hope that was the right thing to do.

Here is the log.


All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656EC4B7-072B-4698-B504-2A414C1F0037}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656EC4B7-072B-4698-B504-2A414C1F0037}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}\ not found.
Registry value HKEY_USERS\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2491459274-366269988-1872023526-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Documents and Settings\Bob P\My Documents\stones.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Bob P\My Documents\Need_New_Glasses_.wmv:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Bob P\My Documents\In Boulder.jpg:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Documents and Settings\Bob P\My Documents\4cupbanners.jpg:Roxio EMC .
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
C:\WINDOWS\system32\fefa_s.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Bob P\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Bob P\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bob P
->Temp folder emptied: 22675 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 70460 bytes
->FireFox cache emptied: 42410844 bytes
->Flash cache emptied: 487 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 692963 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 65 bytes

Total Files Cleaned = 41.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Bob P
->Java cache emptied: 0 bytes

User: Default User

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Bob P
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11302011_212406

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users