Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ping.exe svchost.exe Redirect Along with Blue Screens And No Firewall


  • This topic is locked This topic is locked
33 replies to this topic

#1 ThatGuyWithAVirus

ThatGuyWithAVirus

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 02 December 2011 - 02:07 PM

I Am Pretty Much Having The Same Problems As This User
http://www.bleepingcomputer.com/forums/topic428009.html
Right Down To The Firewall But In Addition, My Computer Keeps Blue Screening On Me.

Here Is My DDS And Attach Logs Please Help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Mike at 1:15:40 on 2011-12-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1023 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\svcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\HotKey Utility\HKServ.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\Vegas Pro 9.0\vegas90.exe
C:\Program Files\Sony\Vegas Pro 9.0\ErrorReportLauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\ping.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.Google.com/
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.Google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uDefault_Search_URL = hxxp://www.Google.com/
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Search_URL = hxxp://www.Google.com/
mSearch Page = hxxp://www.Google.com/
mSearch Bar = hxxp://www.Google.com/
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63434
uSearchAssistant = hxxp://www.Google.com/
mSearchURL = hxxp://www.Google.com/
mSearchAssistant = hxxp://www.Google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AppMon Utility] "c:\program files\sony\appmonutil\AppMonUtility.exe" @@@Start
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\divxplaybackmodule.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DivXPlaybackModule.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxbanneradplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdownloadmanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxmediamanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxplayerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXPlayerPlugin.dll",DllRegisterServer
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E810BB4-5FD5-44D9-8B70-10B476814C3F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C3460C8F-8152-46C4-9673-DB614C43A1B1} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\5pu352vq.default\
FF - prefs.js: browser.search.selectedEngine - Demonoid torrent pool
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mike\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\mike\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 MpKslc0d235e8;MpKslc0d235e8;c:\programdata\microsoft\microsoft antimalware\definition updates\{025ee9c2-4002-491a-9dae-9f24ee6985de}\MpKslc0d235e8.sys [2011-11-30 28752]
R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2010-8-25 22632]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-14 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-24 366152]
R2 NetworkLog;NetworkLog;c:\windows\svcs.exe [2011-11-20 508928]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-10-24 520040]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2007-12-25 16640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-24 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-25 6628352]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-8-20 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-8-20 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-20 812544]
S3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [2009-9-4 23096]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2010-11-19 29184]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-3-8 20080]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-9-1 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-9-1 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-9-1 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-8-20 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-8-20 79736]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-7-14 16640]
.
=============== Created Last 30 ================
.
2011-12-01 04:54:12 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{025ee9c2-4002-491a-9dae-9f24ee6985de}\MpKslc0d235e8.sys
2011-12-01 04:54:10 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{025ee9c2-4002-491a-9dae-9f24ee6985de}\offreg.dll
2011-11-29 15:34:42 -------- d-----w- c:\programdata\ALM
2011-11-28 16:33:58 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{025ee9c2-4002-491a-9dae-9f24ee6985de}\mpengine.dll
2011-11-28 16:29:42 -------- d-s---w- C:\ComboFix
2011-11-27 06:27:15 98816 ----a-w- c:\windows\sed.exe
2011-11-27 06:27:15 518144 ----a-w- c:\windows\SWREG.exe
2011-11-27 06:27:15 256000 ----a-w- c:\windows\PEV.exe
2011-11-27 06:27:15 208896 ----a-w- c:\windows\MBR.exe
2011-11-27 05:41:16 -------- d-----w- c:\program files\iTunes
2011-11-26 11:50:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-11-26 11:50:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-26 11:50:32 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-11-26 11:50:31 471552 ----a-w- c:\windows\system32\secproc.dll
2011-11-26 11:50:26 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-11-26 11:50:25 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-11-26 11:50:25 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-11-26 11:50:24 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-11-26 11:50:23 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-11-26 11:50:23 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-11-26 11:50:23 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-11-26 11:49:55 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-11-26 11:49:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-26 11:49:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-11-26 11:49:23 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-25 06:07:30 -------- d-----w- c:\windows\system32\Profiles
2011-11-25 00:57:34 -------- d-----w- c:\program files\Free Window Registry Repair
2011-11-24 10:25:47 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2011-11-24 10:25:26 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 10:25:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 10:25:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-22 16:38:08 -------- d-----w- c:\users\mike\appdata\roaming\IDM
2011-11-22 16:38:08 -------- d-----w- c:\users\mike\appdata\roaming\DMCache
2011-11-22 16:37:58 -------- d-----w- c:\program files\Internet Download Manager
2011-11-20 14:18:45 508928 ----a-w- c:\windows\svcs.exe
2011-11-20 05:49:36 -------- d-----w- c:\users\mike\appdata\roaming\PrimoPDF
2011-11-20 05:49:04 180624 ----a-w- c:\windows\system32\Primomonnt.dll
2011-11-20 05:49:01 -------- d-----w- c:\program files\Nitro PDF
2011-11-17 05:48:43 -------- d-----w- c:\users\mike\appdata\roaming\A97DB
2011-11-17 05:48:21 -------- d-----w- c:\users\mike\appdata\roaming\XJJJ6ddWK8fR9
2011-11-17 05:48:21 -------- d-----w- c:\users\mike\appdata\roaming\fTTXXqjjUCkIBzN
2011-11-17 05:48:19 -------- d-----w- c:\users\mike\appdata\roaming\AE5A9
2011-11-17 05:48:14 -------- d-----w- c:\users\mike\appdata\roaming\NgRRZZ9hYXw
2011-11-17 05:48:10 -------- d-----w- c:\users\mike\appdata\roaming\SzPPNNyA1uvSo
2011-11-17 05:48:10 -------- d-----w- c:\users\mike\appdata\roaming\my1uDD2bF4pm5sJ
2011-11-09 07:08:51 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:08:51 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 07:08:48 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-04 01:52:32 -------- d-----w- c:\users\mike\appdata\local\Akamai
.
==================== Find3M ====================
.
2011-11-17 21:03:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-23 18:58:55 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2011-09-23 18:58:55 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:21:23.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 04 December 2011 - 12:13 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ThatGuyWithAVirus

ThatGuyWithAVirus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 05 December 2011 - 12:25 AM

Whenever I try to run ComboFix, It gets to the screen about scanning for infected items, and then, nothing. It just sits there like that for hours on end. Ive tried it in normal windows, safe mode, and safe mode with networking. After I close the app and restart, it tells me the recycling bin on drive C is Corrupt. So in short, it doesn't complete (or even scan for all I know)

[Edit]
Also, Microsoft security essentials can no longer update its definitions, it keeps giving me error 0x80096001

Edited by ThatGuyWithAVirus, 05 December 2011 - 12:45 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 05 December 2011 - 01:12 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ThatGuyWithAVirus

ThatGuyWithAVirus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 05 December 2011 - 12:32 PM

It Didn't Find Anything, Here Is The Log

12:28:03.0428 4120 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
12:28:03.0616 4120 ============================================================
12:28:03.0616 4120 Current date / time: 2011/12/05 12:28:03.0616
12:28:03.0616 4120 SystemInfo:
12:28:03.0616 4120
12:28:03.0616 4120 OS Version: 6.0.6002 ServicePack: 2.0
12:28:03.0616 4120 Product type: Workstation
12:28:03.0616 4120 ComputerName: AMER
12:28:03.0616 4120 UserName: Mike
12:28:03.0616 4120 Windows directory: C:\Windows
12:28:03.0616 4120 System windows directory: C:\Windows
12:28:03.0616 4120 Processor architecture: Intel x86
12:28:03.0616 4120 Number of processors: 2
12:28:03.0616 4120 Page size: 0x1000
12:28:03.0616 4120 Boot type: Normal boot
12:28:03.0616 4120 ============================================================
12:28:29.0558 4120 Initialize success
12:28:42.0912 6984 ============================================================
12:28:42.0912 6984 Scan started
12:28:42.0912 6984 Mode: Manual;
12:28:42.0912 6984 ============================================================
12:28:43.0396 6984 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:28:43.0442 6984 ACPI - ok
12:28:43.0552 6984 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
12:28:43.0567 6984 adfs - ok
12:28:43.0801 6984 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:28:43.0910 6984 adp94xx - ok
12:28:44.0082 6984 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:28:44.0129 6984 adpahci - ok
12:28:44.0191 6984 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:28:44.0191 6984 adpu160m - ok
12:28:44.0238 6984 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:28:44.0254 6984 adpu320 - ok
12:28:44.0425 6984 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:28:44.0488 6984 AFD - ok
12:28:44.0550 6984 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:28:44.0566 6984 agp440 - ok
12:28:44.0690 6984 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:28:44.0706 6984 aic78xx - ok
12:28:44.0753 6984 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:28:44.0768 6984 aliide - ok
12:28:44.0831 6984 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:28:44.0846 6984 amdagp - ok
12:28:44.0956 6984 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:28:44.0971 6984 amdide - ok
12:28:45.0049 6984 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:28:45.0065 6984 AmdK7 - ok
12:28:45.0190 6984 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:28:45.0190 6984 AmdK8 - ok
12:28:45.0347 6984 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:28:45.0347 6984 arc - ok
12:28:45.0456 6984 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:28:45.0456 6984 arcsas - ok
12:28:45.0596 6984 ArcSoftKsUFilter (cf3a922857b052c3f073b72c905e4c89) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:28:45.0596 6984 ArcSoftKsUFilter - ok
12:28:45.0737 6984 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
12:28:45.0737 6984 ASPI32 - ok
12:28:45.0861 6984 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:28:45.0924 6984 AsyncMac - ok
12:28:46.0033 6984 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:28:46.0033 6984 atapi - ok
12:28:46.0220 6984 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:28:46.0220 6984 Beep - ok
12:28:46.0314 6984 blbdrive - ok
12:28:46.0517 6984 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:28:46.0517 6984 bowser - ok
12:28:46.0595 6984 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:28:46.0595 6984 BrFiltLo - ok
12:28:46.0704 6984 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:28:46.0704 6984 BrFiltUp - ok
12:28:46.0751 6984 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:28:46.0766 6984 Brserid - ok
12:28:46.0813 6984 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:28:46.0829 6984 BrSerWdm - ok
12:28:46.0891 6984 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:28:46.0891 6984 BrUsbMdm - ok
12:28:47.0000 6984 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:28:47.0016 6984 BrUsbSer - ok
12:28:47.0094 6984 BthEnum (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
12:28:47.0094 6984 BthEnum - ok
12:28:47.0234 6984 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:28:47.0250 6984 BTHMODEM - ok
12:28:47.0328 6984 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
12:28:47.0359 6984 BthPan - ok
12:28:47.0484 6984 BTHPORT (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
12:28:47.0515 6984 BTHPORT - ok
12:28:47.0577 6984 BTHUSB (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
12:28:47.0593 6984 BTHUSB - ok
12:28:47.0702 6984 btwaudio - ok
12:28:47.0749 6984 btwavdt - ok
12:28:47.0780 6984 btwl2cap - ok
12:28:47.0858 6984 btwrchid - ok
12:28:47.0936 6984 CamdAudio (e0f0f9b03fe292378384bf658148ac32) C:\Windows\system32\drivers\CamdAudio.sys
12:28:47.0952 6984 CamdAudio - ok
12:28:48.0061 6984 catchme - ok
12:28:48.0279 6984 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:28:48.0279 6984 cdfs - ok
12:28:48.0342 6984 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\Windows\system32\drivers\Cdr4_xp.sys
12:28:48.0342 6984 Cdr4_xp - ok
12:28:48.0467 6984 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
12:28:48.0467 6984 Cdralw2k - ok
12:28:48.0560 6984 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:28:48.0560 6984 cdrom - ok
12:28:48.0701 6984 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:28:48.0716 6984 circlass - ok
12:28:48.0779 6984 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:28:48.0794 6984 CLFS - ok
12:28:48.0997 6984 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:28:49.0013 6984 CmBatt - ok
12:28:49.0059 6984 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:28:49.0059 6984 cmdide - ok
12:28:49.0215 6984 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:28:49.0215 6984 Compbatt - ok
12:28:49.0293 6984 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:28:49.0293 6984 crcdisk - ok
12:28:49.0325 6984 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:28:49.0340 6984 Crusoe - ok
12:28:49.0590 6984 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:28:49.0590 6984 disk - ok
12:28:49.0668 6984 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
12:28:49.0668 6984 DMICall - ok
12:28:49.0871 6984 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:28:49.0871 6984 drmkaud - ok
12:28:49.0980 6984 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:28:50.0307 6984 DXGKrnl - ok
12:28:50.0697 6984 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:28:50.0713 6984 E1G60 - ok
12:28:51.0134 6984 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:28:51.0134 6984 Ecache - ok
12:28:51.0290 6984 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:28:51.0353 6984 elxstor - ok
12:28:51.0493 6984 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:28:51.0509 6984 exfat - ok
12:28:51.0649 6984 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:28:51.0665 6984 fastfat - ok
12:28:51.0758 6984 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:28:51.0774 6984 fdc - ok
12:28:51.0899 6984 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:28:51.0899 6984 FileInfo - ok
12:28:51.0992 6984 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:28:51.0992 6984 Filetrace - ok
12:28:52.0117 6984 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:28:52.0117 6984 flpydisk - ok
12:28:52.0195 6984 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:28:52.0226 6984 FltMgr - ok
12:28:52.0367 6984 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:28:52.0367 6984 Fs_Rec - ok
12:28:52.0476 6984 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:28:52.0491 6984 gagp30kx - ok
12:28:52.0601 6984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:28:52.0616 6984 GEARAspiWDM - ok
12:28:52.0741 6984 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:28:52.0741 6984 HdAudAddService - ok
12:28:52.0866 6984 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:28:52.0928 6984 HDAudBus - ok
12:28:53.0053 6984 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:28:53.0053 6984 HidBth - ok
12:28:53.0115 6984 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:28:53.0115 6984 HidIr - ok
12:28:53.0271 6984 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:28:53.0271 6984 HidUsb - ok
12:28:53.0365 6984 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:28:53.0427 6984 HpCISSs - ok
12:28:53.0599 6984 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:28:53.0615 6984 HSFHWAZL - ok
12:28:53.0677 6984 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:28:53.0677 6984 HSF_DPV - ok
12:28:53.0817 6984 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:28:53.0833 6984 HSXHWAZL - ok
12:28:57.0031 6984 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:28:57.0109 6984 HTTP - ok
12:28:57.0296 6984 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:28:57.0312 6984 i2omp - ok
12:28:57.0405 6984 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:28:57.0421 6984 i8042prt - ok
12:28:57.0608 6984 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
12:28:57.0608 6984 iaStor - ok
12:28:57.0655 6984 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:28:57.0655 6984 iaStorV - ok
12:28:57.0749 6984 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:28:57.0764 6984 iirsp - ok
12:28:57.0920 6984 IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
12:28:58.0107 6984 IntcAzAudAddService - ok
12:28:58.0310 6984 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:28:58.0310 6984 intelide - ok
12:28:58.0357 6984 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:28:58.0357 6984 intelppm - ok
12:28:58.0560 6984 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:28:58.0560 6984 IpFilterDriver - ok
12:28:58.0591 6984 IpInIp - ok
12:28:58.0638 6984 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:28:58.0638 6984 IPMIDRV - ok
12:28:58.0809 6984 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:28:58.0825 6984 IPNAT - ok
12:28:58.0887 6984 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:28:58.0903 6984 IRENUM - ok
12:28:59.0043 6984 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:28:59.0059 6984 isapnp - ok
12:28:59.0137 6984 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:28:59.0168 6984 iScsiPrt - ok
12:28:59.0324 6984 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:28:59.0340 6984 iteatapi - ok
12:28:59.0387 6984 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:28:59.0402 6984 iteraid - ok
12:28:59.0465 6984 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:28:59.0480 6984 kbdclass - ok
12:28:59.0636 6984 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:28:59.0636 6984 kbdhid - ok
12:28:59.0745 6984 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
12:28:59.0855 6984 KSecDD - ok
12:29:00.0089 6984 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:29:00.0104 6984 LHidFilt - ok
12:29:00.0151 6984 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\Windows\system32\drivers\libusb0.sys
12:29:00.0167 6984 libusb0 - ok
12:29:00.0229 6984 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:00.0229 6984 lltdio - ok
12:29:00.0369 6984 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:29:00.0385 6984 LMouFilt - ok
12:29:00.0557 6984 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:29:00.0588 6984 LSI_FC - ok
12:29:00.0619 6984 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:29:00.0635 6984 LSI_SAS - ok
12:29:00.0806 6984 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:29:00.0822 6984 LSI_SCSI - ok
12:29:00.0900 6984 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:29:00.0900 6984 luafv - ok
12:29:01.0071 6984 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
12:29:01.0071 6984 MBAMProtector - ok
12:29:01.0227 6984 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:29:01.0227 6984 mdmxsdk - ok
12:29:01.0305 6984 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:29:01.0305 6984 megasas - ok
12:29:01.0493 6984 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:29:01.0493 6984 Modem - ok
12:29:01.0571 6984 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:29:01.0633 6984 monitor - ok
12:29:01.0789 6984 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:01.0805 6984 mouclass - ok
12:29:01.0836 6984 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:01.0836 6984 mouhid - ok
12:29:01.0898 6984 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:29:01.0898 6984 MountMgr - ok
12:29:01.0945 6984 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
12:29:01.0961 6984 MpFilter - ok
12:29:02.0101 6984 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:29:02.0132 6984 mpio - ok
12:29:02.0257 6984 MpKsl36cfd3bc (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCE4ED33-35CC-40E2-B71F-D7007521C05F}\MpKsl36cfd3bc.sys
12:29:02.0257 6984 MpKsl36cfd3bc - ok
12:29:02.0304 6984 MpKsl72f37e65 - ok
12:29:02.0319 6984 MpKsl8082bd55 - ok
12:29:02.0335 6984 MpKsl8622993e - ok
12:29:02.0351 6984 MpKsla233b94a - ok
12:29:02.0444 6984 MpKslab877c70 - ok
12:29:02.0460 6984 MpKslae050f78 - ok
12:29:02.0460 6984 MpKslc088533e - ok
12:29:02.0475 6984 MpKslc0d235e8 - ok
12:29:02.0491 6984 MpKsld1e68497 - ok
12:29:02.0491 6984 MpKslfed7ce8e - ok
12:29:02.0631 6984 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:29:02.0631 6984 MpNWMon - ok
12:29:02.0709 6984 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:29:02.0725 6984 mpsdrv - ok
12:29:02.0928 6984 mr7910 (d805cc36f02afe93e3236d5bf91a8dc7) C:\Windows\system32\DRIVERS\mr7910.sys
12:29:02.0943 6984 mr7910 - ok
12:29:02.0990 6984 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:29:03.0006 6984 Mraid35x - ok
12:29:03.0162 6984 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:29:03.0177 6984 MRxDAV - ok
12:29:03.0224 6984 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:03.0240 6984 mrxsmb - ok
12:29:03.0427 6984 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:03.0427 6984 mrxsmb10 - ok
12:29:03.0474 6984 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:03.0474 6984 mrxsmb20 - ok
12:29:03.0645 6984 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:29:03.0645 6984 msahci - ok
12:29:03.0692 6984 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:29:03.0723 6984 msdsm - ok
12:29:03.0879 6984 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:29:03.0879 6984 Msfs - ok
12:29:03.0957 6984 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:29:03.0957 6984 msisadrv - ok
12:29:04.0113 6984 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:04.0129 6984 MSKSSRV - ok
12:29:04.0301 6984 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:04.0301 6984 MSPCLOCK - ok
12:29:04.0441 6984 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:29:04.0441 6984 MSPQM - ok
12:29:04.0519 6984 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:29:04.0519 6984 MsRPC - ok
12:29:04.0597 6984 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:29:04.0597 6984 mssmbios - ok
12:29:04.0769 6984 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:29:04.0769 6984 MSTEE - ok
12:29:04.0831 6984 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:29:04.0831 6984 Mup - ok
12:29:05.0018 6984 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:05.0065 6984 NativeWifiP - ok
12:29:05.0174 6984 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:29:05.0268 6984 NDIS - ok
12:29:05.0455 6984 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:05.0471 6984 NdisTapi - ok
12:29:05.0533 6984 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:05.0533 6984 Ndisuio - ok
12:29:05.0627 6984 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:05.0658 6984 NdisWan - ok
12:29:05.0829 6984 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:29:05.0845 6984 NDProxy - ok
12:29:05.0923 6984 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:29:05.0923 6984 NetBIOS - ok
12:29:06.0095 6984 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:29:06.0157 6984 netbt - ok
12:29:06.0204 6984 netr28u - ok
12:29:06.0453 6984 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
12:29:06.0516 6984 NETw4v32 - ok
12:29:06.0921 6984 NETw5v32 (feb745e4669476c8d368f6c1ca7c7442) C:\Windows\system32\DRIVERS\NETw5v32.sys
12:29:07.0140 6984 NETw5v32 - ok
12:29:07.0296 6984 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:29:07.0311 6984 nfrd960 - ok
12:29:07.0358 6984 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:29:07.0358 6984 NisDrv - ok
12:29:07.0577 6984 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\Windows\system32\DRIVERS\pctnullport.sys
12:29:07.0577 6984 Nmea - ok
12:29:07.0639 6984 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:29:07.0639 6984 Npfs - ok
12:29:07.0795 6984 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:29:07.0795 6984 nsiproxy - ok
12:29:07.0935 6984 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:29:08.0388 6984 Ntfs - ok
12:29:08.0528 6984 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:29:08.0528 6984 ntrigdigi - ok
12:29:08.0606 6984 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:29:08.0622 6984 Null - ok
12:29:09.0043 6984 nvlddmkm (e2c21340fdbe809d97e6cec2f7717419) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:29:09.0605 6984 nvlddmkm - ok
12:29:09.0761 6984 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:29:09.0776 6984 nvraid - ok
12:29:09.0823 6984 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:29:09.0839 6984 nvstor - ok
12:29:09.0870 6984 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:29:09.0885 6984 nv_agp - ok
12:29:09.0901 6984 NwlnkFlt - ok
12:29:09.0917 6984 NwlnkFwd - ok
12:29:10.0104 6984 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:29:10.0104 6984 ohci1394 - ok
12:29:10.0197 6984 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:29:10.0197 6984 Parport - ok
12:29:10.0353 6984 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:29:10.0369 6984 partmgr - ok
12:29:10.0400 6984 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:29:10.0400 6984 Parvdm - ok
12:29:10.0478 6984 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:29:10.0509 6984 pci - ok
12:29:10.0634 6984 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
12:29:10.0650 6984 pciide - ok
12:29:10.0728 6984 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:10.0759 6984 pcmcia - ok
12:29:10.0946 6984 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:29:11.0087 6984 PEAUTH - ok
12:29:11.0305 6984 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:11.0305 6984 PptpMiniport - ok
12:29:11.0336 6984 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:29:11.0352 6984 Processor - ok
12:29:11.0430 6984 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:29:11.0492 6984 PSched - ok
12:29:11.0648 6984 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:29:11.0648 6984 PxHelp20 - ok
12:29:11.0757 6984 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:29:11.0835 6984 ql2300 - ok
12:29:11.0976 6984 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:29:11.0991 6984 ql40xx - ok
12:29:12.0069 6984 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:29:12.0069 6984 QWAVEdrv - ok
12:29:12.0225 6984 R5U870FLx86 (9c9d24115f13af3aea05e1343a032bb1) C:\Windows\system32\Drivers\R5U870FLx86.sys
12:29:12.0225 6984 R5U870FLx86 - ok
12:29:12.0272 6984 R5U870FUx86 (18b4c879647661de37b49c2e48d65820) C:\Windows\system32\Drivers\R5U870FUx86.sys
12:29:12.0272 6984 R5U870FUx86 - ok
12:29:12.0335 6984 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:12.0350 6984 RasAcd - ok
12:29:12.0522 6984 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:12.0537 6984 Rasl2tp - ok
12:29:12.0631 6984 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:12.0631 6984 RasPppoe - ok
12:29:12.0787 6984 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:12.0818 6984 RasSstp - ok
12:29:12.0896 6984 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:12.0959 6984 rdbss - ok
12:29:13.0037 6984 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:13.0052 6984 RDPCDD - ok
12:29:13.0177 6984 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:29:13.0193 6984 rdpdr - ok
12:29:13.0286 6984 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:29:13.0286 6984 RDPENCDD - ok
12:29:13.0458 6984 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:29:13.0473 6984 RDPWD - ok
12:29:13.0551 6984 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
12:29:13.0567 6984 RFCOMM - ok
12:29:13.0723 6984 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
12:29:13.0723 6984 RimVSerPort - ok
12:29:13.0801 6984 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
12:29:13.0801 6984 ROOTMODEM - ok
12:29:13.0863 6984 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:13.0895 6984 rspndr - ok
12:29:14.0019 6984 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:29:14.0051 6984 sbp2port - ok
12:29:14.0129 6984 SCDEmu (85a26c37b91b1187550c99b046840691) C:\Windows\system32\drivers\SCDEmu.sys
12:29:14.0144 6984 SCDEmu - ok
12:29:14.0285 6984 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:29:14.0300 6984 secdrv - ok
12:29:14.0331 6984 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:29:14.0331 6984 Serenum - ok
12:29:14.0394 6984 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:29:14.0409 6984 Serial - ok
12:29:14.0597 6984 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:29:14.0612 6984 sermouse - ok
12:29:14.0659 6984 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
12:29:14.0659 6984 sffdisk - ok
12:29:14.0706 6984 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
12:29:14.0706 6984 sffp_mmc - ok
12:29:14.0815 6984 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
12:29:14.0815 6984 sffp_sd - ok
12:29:14.0846 6984 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
12:29:14.0862 6984 sfloppy - ok
12:29:14.0909 6984 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:29:14.0924 6984 sisagp - ok
12:29:14.0971 6984 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:29:14.0987 6984 SiSRaid2 - ok
12:29:15.0111 6984 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:29:15.0143 6984 SiSRaid4 - ok
12:29:15.0221 6984 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:29:15.0252 6984 Smb - ok
12:29:15.0314 6984 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
12:29:15.0314 6984 SNC - ok
12:29:15.0501 6984 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:29:15.0501 6984 spldr - ok
12:29:15.0611 6984 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:29:15.0626 6984 srv - ok
12:29:15.0751 6984 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:29:15.0767 6984 srv2 - ok
12:29:15.0813 6984 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:15.0813 6984 srvnet - ok
12:29:16.0047 6984 STHDA (117a6e06593160d083b49c01f76e8fb0) C:\Windows\system32\drivers\stwrt.sys
12:29:16.0047 6984 STHDA - ok
12:29:16.0125 6984 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:29:16.0125 6984 swenum - ok
12:29:16.0313 6984 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\Windows\System32\drivers\swmsflt.sys
12:29:16.0313 6984 swmsflt - ok
12:29:16.0375 6984 swmx00 (a56848914c78093a1ec84a6ce424c7bf) C:\Windows\system32\DRIVERS\swmx00.sys
12:29:16.0453 6984 swmx00 - ok
12:29:16.0593 6984 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:29:16.0625 6984 Symc8xx - ok
12:29:16.0671 6984 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:29:16.0671 6984 Sym_hi - ok
12:29:16.0718 6984 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:29:16.0734 6984 Sym_u3 - ok
12:29:16.0890 6984 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
12:29:16.0937 6984 SynTP - ok
12:29:17.0061 6984 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
12:29:17.0264 6984 Tcpip - ok
12:29:17.0451 6984 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:17.0467 6984 Tcpip6 - ok
12:29:17.0639 6984 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
12:29:17.0639 6984 tcpipreg - ok
12:29:17.0717 6984 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:29:17.0717 6984 TDPIPE - ok
12:29:17.0841 6984 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:29:17.0857 6984 TDTCP - ok
12:29:17.0919 6984 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:29:17.0951 6984 tdx - ok
12:29:18.0029 6984 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:29:18.0044 6984 TermDD - ok
12:29:18.0216 6984 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
12:29:18.0216 6984 ti21sony - ok
12:29:18.0403 6984 TsLwWfF (d61b3fc65e4dd1fd78229800406831a5) C:\Windows\system32\DRIVERS\TsLwWfF.sys
12:29:18.0419 6984 TsLwWfF - ok
12:29:18.0481 6984 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:18.0497 6984 tssecsrv - ok
12:29:18.0559 6984 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:29:18.0559 6984 tunmp - ok
12:29:18.0699 6984 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:18.0715 6984 tunnel - ok
12:29:18.0762 6984 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:29:18.0777 6984 uagp35 - ok
12:29:18.0855 6984 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:29:18.0887 6984 udfs - ok
12:29:19.0011 6984 UIUSys - ok
12:29:19.0058 6984 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:29:19.0074 6984 uliagpkx - ok
12:29:19.0121 6984 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:29:19.0152 6984 uliahci - ok
12:29:19.0183 6984 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:29:19.0183 6984 UlSata - ok
12:29:19.0339 6984 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:29:19.0355 6984 ulsata2 - ok
12:29:19.0417 6984 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:29:19.0433 6984 umbus - ok
12:29:19.0495 6984 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
12:29:19.0495 6984 UMPass - ok
12:29:19.0635 6984 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
12:29:19.0635 6984 UnlockerDriver5 - ok
12:29:19.0838 6984 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:29:19.0854 6984 USBAAPL - ok
12:29:20.0057 6984 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:29:20.0088 6984 usbaudio - ok
12:29:20.0150 6984 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:20.0181 6984 usbccgp - ok
12:29:20.0228 6984 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:29:20.0259 6984 usbcir - ok
12:29:20.0462 6984 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:20.0478 6984 usbehci - ok
12:29:20.0509 6984 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:20.0571 6984 usbhub - ok
12:29:20.0634 6984 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:29:20.0634 6984 usbohci - ok
12:29:20.0774 6984 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:20.0790 6984 usbprint - ok
12:29:20.0852 6984 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:29:20.0852 6984 usbscan - ok
12:29:21.0039 6984 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:21.0039 6984 USBSTOR - ok
12:29:21.0117 6984 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:21.0117 6984 usbuhci - ok
12:29:21.0289 6984 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:29:21.0320 6984 usbvideo - ok
12:29:21.0570 6984 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:21.0570 6984 vga - ok
12:29:21.0648 6984 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:29:21.0663 6984 VgaSave - ok
12:29:21.0741 6984 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:29:21.0757 6984 viaagp - ok
12:29:21.0835 6984 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:29:21.0835 6984 ViaC7 - ok
12:29:21.0866 6984 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:29:21.0882 6984 viaide - ok
12:29:22.0022 6984 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:29:22.0022 6984 volmgr - ok
12:29:22.0116 6984 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:29:22.0241 6984 volmgrx - ok
12:29:22.0381 6984 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:29:22.0412 6984 volsnap - ok
12:29:22.0490 6984 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:29:22.0490 6984 vsmraid - ok
12:29:22.0646 6984 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:29:22.0646 6984 WacomPen - ok
12:29:22.0740 6984 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:22.0771 6984 Wanarp - ok
12:29:22.0787 6984 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:22.0787 6984 Wanarpv6 - ok
12:29:22.0927 6984 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:29:22.0927 6984 Wd - ok
12:29:23.0021 6984 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:29:23.0067 6984 Wdf01000 - ok
12:29:23.0208 6984 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
12:29:23.0223 6984 WimFltr - ok
12:29:23.0301 6984 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:29:23.0457 6984 winachsf - ok
12:29:23.0598 6984 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
12:29:23.0598 6984 WmiAcpi - ok
12:29:23.0707 6984 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:29:23.0723 6984 WpdUsb - ok
12:29:23.0863 6984 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:23.0863 6984 ws2ifsl - ok
12:29:23.0972 6984 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
12:29:23.0972 6984 WsAudioDevice_383 - ok
12:29:24.0128 6984 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:24.0159 6984 WUDFRd - ok
12:29:24.0237 6984 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
12:29:24.0237 6984 XAudio - ok
12:29:24.0409 6984 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
12:29:24.0425 6984 xnacc - ok
12:29:24.0518 6984 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
12:29:24.0581 6984 yukonwlh - ok
12:29:24.0627 6984 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:29:24.0643 6984 \Device\Harddisk0\DR0 - ok
12:29:25.0127 6984 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:29:25.0158 6984 \Device\Harddisk1\DR1 - ok
12:29:25.0173 6984 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
12:29:25.0173 6984 \Device\Harddisk3\DR3 - ok
12:29:25.0189 6984 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk4\DR4
12:29:25.0392 6984 \Device\Harddisk4\DR4 - ok
12:29:25.0392 6984 Boot (0x1200) (48c40e48cd7ebfb32a2dddf45b65d779) \Device\Harddisk0\DR0\Partition0
12:29:25.0392 6984 \Device\Harddisk0\DR0\Partition0 - ok
12:29:25.0407 6984 Boot (0x1200) (bf08484567ed8185cc0378872e1bcef3) \Device\Harddisk1\DR1\Partition0
12:29:25.0407 6984 \Device\Harddisk1\DR1\Partition0 - ok
12:29:25.0407 6984 Boot (0x1200) (a03a4bba18eb49ca42bbe3a9b2a73779) \Device\Harddisk3\DR3\Partition0
12:29:25.0407 6984 \Device\Harddisk3\DR3\Partition0 - ok
12:29:25.0407 6984 Boot (0x1200) (e922fc71e2201b74ae065843b6b5422f) \Device\Harddisk4\DR4\Partition0
12:29:25.0423 6984 \Device\Harddisk4\DR4\Partition0 - ok
12:29:25.0423 6984 ============================================================
12:29:25.0423 6984 Scan finished
12:29:25.0423 6984 ============================================================
12:29:25.0423 6560 Detected object count: 0
12:29:25.0423 6560 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 05 December 2011 - 03:05 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ThatGuyWithAVirus

ThatGuyWithAVirus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 05 December 2011 - 09:22 PM

looks like it found some things
Also, Im no longer able to do my file backup, it says i no longer have permission


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-05 21:06:45
-----------------------------
21:06:45.373 OS Version: Windows 6.0.6002 Service Pack 2
21:06:45.373 Number of processors: 2 586 0xF0D
21:06:45.373 ComputerName: AMER UserName: Mike
21:07:27.087 Initialize success
21:07:42.219 AVAST engine defs: 11120501
21:07:45.589 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:07:45.589 Disk 0 Vendor: TOSHIBA_ DK02 Size: 190782MB BusType: 3
21:07:45.589 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000074
21:07:45.604 Disk 1 Vendor: ( Size: 3832MB BusType: 0
21:07:45.604 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000075
21:07:45.604 Disk 2 Vendor: ( Size: 3832MB BusType: 0
21:07:45.620 Disk 0 MBR read successfully
21:07:45.636 Disk 0 MBR scan
21:07:45.651 Disk 0 Windows VISTA default MBR code
21:07:45.651 Disk 0 scanning sectors +390719920
21:07:45.901 Disk 0 scanning C:\Windows\system32\drivers
21:08:55.118 Service scanning
21:08:56.616 Service MpKslba03560a C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCE4ED33-35CC-40E2-B71F-D7007521C05F}\MpKslba03560a.sys **LOCKED** 32
21:08:57.130 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:08:57.973 Modules scanning
21:09:56.832 Disk 0 trace - called modules:
21:09:56.863 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:09:56.878 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86981aa0]
21:09:56.878 3 CLASSPNP.SYS[8adab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8592d030]
21:09:58.392 AVAST engine scan C:\Windows
21:10:10.996 File: C:\Windows\svcs.exe **INFECTED** Win32:Downloader-LEF [Trj]
21:10:18.890 AVAST engine scan C:\Windows\system32
21:17:32.088 AVAST engine scan C:\Windows\system32\drivers
21:17:59.466 AVAST engine scan C:\Users\Mike
21:20:45.173 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
21:20:45.313 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 05 December 2011 - 09:25 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ThatGuyWithAVirus

ThatGuyWithAVirus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 07 December 2011 - 01:25 AM

Combofix doesn't work even in safe mode. I tried again today twice and it sat there for 4 hours each time doing nothing. I noticed right before it did a system restore point (right after the starting up message) that it said I didn't have the permission to run it. It also told me microsoft security essentials was still running even though I turned off the real time scanning and ended the process in the task manager completely.

Thanks for being so patient thus far, I realize this one is tricky.

Also, for some reason my firewall started again? however, the virus definitions still wont update and i found out that my file backup isn't working either.

Thanks again
-Mike-

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 07 December 2011 - 08:18 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ThatGuyWithAVirus

ThatGuyWithAVirus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 07 December 2011 - 01:23 PM

OTL logfile created on: 12/7/2011 1:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.25% Memory free
6.20 Gb Paging File | 4.69 Gb Available in Paging File | 75.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.78 Gb Total Space | 11.33 Gb Free Space | 6.34% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive G: | 1397.26 Gb Total Space | 566.83 Gb Free Space | 40.57% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 977.22 Gb Free Space | 52.45% Space Free | Partition Type: NTFS

Computer Name: AMER | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\svcs.exe ()
PRC - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
PRC - C:\Program Files\Sony\HotKey Utility\HKWnd.exe (Sony Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (NetworkLog) -- C:\Windows\svcs.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SSUService) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (SplashtopRemoteService) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AresChatServer) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV - (MpKsl881e33c5) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{238E8FC8-41A8-43E9-877F-C2BE0D893669}\MpKsl881e33c5.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TsLwWfF) -- C:\Windows\System32\drivers\TsLwWfF.sys (TamoSoft)
DRV - (CamdAudio) -- C:\Windows\System32\drivers\CamdAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV - (WsAudioDevice_383) -- C:\Windows\System32\drivers\WsAudioDevice_383.sys (Wondershare)
DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\System32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (Nmea) -- C:\Windows\System32\drivers\pctnullport.sys (PCTEL Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (mr7910) -- C:\Windows\System32\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-718646701-126281790-1513491560-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63434

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Demonoid torrent pool"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/27 00:47:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/27 00:47:48 | 000,000,000 | ---D | M]

[2008/09/01 17:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/11/20 22:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\5pu352vq.default\extensions
[2011/08/29 10:42:09 | 000,001,945 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\5pu352vq.default\searchplugins\bing-zugo.xml
[2011/12/01 16:20:22 | 000,002,233 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\5pu352vq.default\searchplugins\demonoid-torrent-pool.xml
[2011/11/09 11:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/21 09:33:59 | 000,000,000 | ---D | M] (Sotfone Tracker) -- C:\Program Files\Mozilla Firefox\extensions\sotfone-tracker@sotfone.ru
[2009/06/29 01:16:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/11/09 11:11:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/30 13:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/05 21:04:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2008/07/21 09:33:59 | 000,000,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2011/11/09 11:11:28 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mike\AppData\Local\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Default = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppMon Utility] C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] C:\Program Files\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll (DivX, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E810BB4-5FD5-44D9-8B70-10B476814C3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3460C8F-8152-46C4-9673-DB614C43A1B1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 04:52:18 | 000,000,080 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{12bf70e2-e70a-11dd-b25c-001a801f4e26}\Shell - "" = AutoRun
O33 - MountPoints2\{199ba55d-eb8d-11de-aec5-001a801f4e26}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\launcher.exe
O33 - MountPoints2\{e4100d29-c06d-11dd-9a70-001a801f4e26}\Shell - "" = AutoRun
O33 - MountPoints2\{e4100d29-c06d-11dd-9a70-001a801f4e26}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\AppLaunch.exe AUTORUN=1
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe -- [2009/01/16 02:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 12:58:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/12/07 02:29:14 | 000,000,000 | ---D | C] -- C:\Windows\Applian Director
[2011/12/07 02:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Director
[2011/12/06 10:36:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/05 21:41:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\American Dad - 705 - Virtual In-Stanity {C_P}.avi
[2011/12/05 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Beavis and Butthead s08e06 The Rat, Spill IMMERSE
[2011/12/05 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Beavis and Butthead s08e07 Doomsday, Dumb Design IMMERSE
[2011/12/05 20:39:48 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
[2011/12/05 07:25:45 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe
[2011/12/04 20:56:54 | 004,327,522 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/12/02 01:13:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
[2011/11/29 10:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/11/28 12:05:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\The Midnight Meat Train {2008 Dvdrip Xvid} - GARDAA
[2011/11/27 01:27:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 01:27:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 01:27:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 01:27:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 01:26:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 00:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/27 00:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/27 00:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/26 06:51:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/11/26 06:51:29 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/11/26 06:51:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/11/26 06:51:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/11/26 06:51:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/11/26 06:51:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/11/26 06:51:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/11/26 06:51:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/11/26 06:51:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/11/26 06:51:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/11/26 06:51:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/11/26 06:51:13 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/11/26 06:51:12 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/11/26 06:51:12 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/11/26 06:51:12 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/11/26 06:51:12 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/11/26 06:50:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/11/26 06:50:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/11/26 06:50:32 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/11/26 06:50:31 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/11/26 06:50:26 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/11/26 06:50:25 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/11/26 06:50:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/11/26 06:50:24 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/11/26 06:50:23 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/11/26 06:50:23 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/11/26 06:50:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/11/26 06:49:55 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/11/26 06:49:55 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/11/26 06:49:23 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/25 01:07:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Profiles
[2011/11/24 19:57:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/11/24 19:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/11/24 19:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/11/24 05:25:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/11/24 05:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/24 05:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/24 05:25:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/24 05:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/22 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\IDM
[2011/11/22 11:38:08 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\DMCache
[2011/11/22 11:38:05 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/11/22 11:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/11/22 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2011/11/20 00:49:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\PrimoPDF
[2011/11/20 00:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011/11/17 00:48:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\A97DB
[2011/11/17 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\XJJJ6ddWK8fR9
[2011/11/17 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\fTTXXqjjUCkIBzN
[2011/11/17 00:48:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\AE5A9
[2011/11/17 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\NgRRZZ9hYXw
[2011/11/17 00:48:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SzPPNNyA1uvSo
[2011/11/17 00:48:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\my1uDD2bF4pm5sJ
[2011/11/12 14:15:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Eyedea Most Complete Discography
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 13:04:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 13:04:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 12:58:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/12/07 12:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718646701-126281790-1513491560-1002UA.job
[2011/12/07 07:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718646701-126281790-1513491560-1002Core.job
[2011/12/07 02:33:26 | 000,237,568 | ---- | M] () -- C:\Windows\System32\rmc_rtspdl.dll
[2011/12/07 02:33:26 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe
[2011/12/07 02:29:15 | 000,001,766 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Applian Director.lnk
[2011/12/07 01:27:19 | 000,241,620 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\nvModes.001
[2011/12/07 01:04:43 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/07 01:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 16:45:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/06 15:43:47 | 000,012,288 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 21:20:45 | 000,000,512 | ---- | M] () -- C:\Users\Mike\Desktop\MBR.dat
[2011/12/05 20:54:05 | 346,954,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/05 20:40:40 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Mike\Desktop\aswMBR.exe
[2011/12/05 07:26:35 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mike\Desktop\tdsskiller.exe
[2011/12/05 00:49:01 | 000,001,356 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2011/12/04 20:57:02 | 004,327,522 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/12/03 13:25:37 | 000,606,112 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 13:25:37 | 000,106,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/02 01:17:59 | 000,294,216 | ---- | M] () -- C:\Users\Mike\Desktop\gmer.zip
[2011/12/02 01:13:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.scr
[2011/12/02 01:13:11 | 000,000,000 | ---- | M] () -- C:\Users\Mike\defogger_reenable
[2011/12/02 01:12:23 | 000,050,477 | ---- | M] () -- C:\Users\Mike\Desktop\Defogger.exe
[2011/11/30 06:39:10 | 003,771,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/20 09:18:45 | 000,508,928 | ---- | M] () -- C:\Windows\svcs.exe
[2011/11/19 10:45:41 | 000,007,382 | -HS- | M] () -- C:\Users\Mike\Desktop\Folder.jpg
[2011/11/19 10:45:41 | 000,002,026 | -HS- | M] () -- C:\Users\Mike\Desktop\AlbumArtSmall.jpg
[2011/11/17 16:03:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/07 02:29:15 | 000,001,766 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Applian Director.lnk
[2011/12/05 21:20:45 | 000,000,512 | ---- | C] () -- C:\Users\Mike\Desktop\MBR.dat
[2011/12/05 20:54:05 | 346,954,682 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/02 01:18:47 | 000,302,592 | ---- | C] () -- C:\Users\Mike\Desktop\gmer.exe
[2011/12/02 01:17:44 | 000,294,216 | ---- | C] () -- C:\Users\Mike\Desktop\gmer.zip
[2011/12/02 01:13:11 | 000,000,000 | ---- | C] () -- C:\Users\Mike\defogger_reenable
[2011/12/02 01:12:17 | 000,050,477 | ---- | C] () -- C:\Users\Mike\Desktop\Defogger.exe
[2011/11/30 01:31:22 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS5.lnk
[2011/11/30 01:27:26 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2011/11/29 10:35:00 | 000,001,431 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.lnk
[2011/11/29 10:33:31 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/11/29 10:32:31 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/11/29 10:29:11 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.exe.lnk
[2011/11/29 10:28:53 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/11/27 01:27:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 01:27:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 01:27:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 01:27:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 01:27:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 06:51:15 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/11/26 06:51:15 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/11/26 06:51:15 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/11/20 09:18:45 | 000,508,928 | ---- | C] () -- C:\Windows\svcs.exe
[2011/11/20 00:49:04 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/11/19 00:54:22 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2011/11/19 00:41:08 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/29 10:42:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/08/29 10:42:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011/07/06 01:45:13 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/17 23:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\chrtmp
[2010/07/09 12:47:51 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/04 05:31:54 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\VideoConverter_sysquict.dat
[2009/09/02 03:19:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/02 03:19:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/05/04 15:55:42 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/03/02 14:39:08 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\winscp.rnd
[2009/02/10 01:12:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/30 14:01:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/12/30 14:01:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/12/26 23:28:05 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/25 20:41:51 | 000,003,184 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2008/11/25 20:41:10 | 000,013,785 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2008/10/02 13:06:34 | 000,001,356 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2008/06/05 09:24:49 | 000,399,736 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/05/26 19:57:27 | 000,007,799 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\UserTile.png
[2008/05/26 19:41:23 | 000,000,493 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/05/26 19:35:57 | 000,000,285 | ---- | C] () -- C:\Windows\EReg072.dat
[2008/03/05 15:41:58 | 000,024,840 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/01/13 23:39:24 | 000,187,904 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2008/01/13 23:39:23 | 000,641,021 | ---- | C] () -- C:\Windows\unins000.exe
[2008/01/13 23:39:23 | 000,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/01/13 23:39:23 | 000,001,661 | ---- | C] () -- C:\Windows\unins000.dat
[2007/12/25 10:15:46 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/12/24 23:13:30 | 000,012,288 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/24 22:37:05 | 000,241,620 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\nvModes.001
[2007/12/24 22:37:04 | 000,241,620 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\nvModes.dat
[2007/12/24 21:32:19 | 000,000,098 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\wklnhst.dat
[2007/09/01 04:17:24 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/08/20 13:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/08/20 13:57:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/20 13:16:46 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/08/20 13:12:05 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/14 14:02:02 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/06/14 14:02:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007/06/14 14:01:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/04/16 05:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,771,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,112 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,106,040 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/25 16:26:22 | 000,085,851 | -H-- | C] () -- C:\Users\Mike\AppData\Roaming\Mikelog.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 07 December 2011 - 02:41 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
    O33 - MountPoints2\{12bf70e2-e70a-11dd-b25c-001a801f4e26}\Shell - "" = AutoRun
    O33 - MountPoints2\{199ba55d-eb8d-11de-aec5-001a801f4e26}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\launcher.exe
    O33 - MountPoints2\{e4100d29-c06d-11dd-9a70-001a801f4e26}\Shell - "" = AutoRun
    O33 - MountPoints2\{e4100d29-c06d-11dd-9a70-001a801f4e26}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\AppLaunch.exe AUTORUN=1
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe -- [2009/01/16 02:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
    @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51
    @Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DFC5A2B2   
    PRC - C:\Windows\svcs.exe ()  
    SRV - (NetworkLog) -- C:\Windows\svcs.exe ()
    [2011/08/29 10:42:09 | 000,001,945 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\5pu352vq.default\searchplugins\bing-zugo.xml
    [2008/07/21 09:33:59 | 000,000,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
    [2011/11/09 11:11:28 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2011/11/17 00:48:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\A97DB
    [2011/11/17 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\XJJJ6ddWK8fR9
    [2011/11/17 00:48:21 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\fTTXXqjjUCkIBzN
    [2011/11/17 00:48:19 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\AE5A9
    [2011/11/17 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\NgRRZZ9hYXw
    [2011/11/17 00:48:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SzPPNNyA1uvSo
    [2011/11/17 00:48:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\my1uDD2bF4pm5sJ
    [2011/12/07 01:04:43 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/11/20 09:18:45 | 000,508,928 | ---- | M] () -- C:\Windows\svcs.exe
    [2011/11/20 09:18:45 | 000,508,928 | ---- | C] () -- C:\Windows\svcs.exe
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ThatGuyWithAVirus

ThatGuyWithAVirus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 08 December 2011 - 01:57 AM

Okay, so pretty much at this point, I still cant run a file backup, my virus definitions won't update, and it still blue screens, but not at as rapid a rate as before. The redirect notices from malwarebytes have also slowed.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12bf70e2-e70a-11dd-b25c-001a801f4e26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12bf70e2-e70a-11dd-b25c-001a801f4e26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{199ba55d-eb8d-11de-aec5-001a801f4e26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{199ba55d-eb8d-11de-aec5-001a801f4e26}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4100d29-c06d-11dd-9a70-001a801f4e26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4100d29-c06d-11dd-9a70-001a801f4e26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4100d29-c06d-11dd-9a70-001a801f4e26}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4100d29-c06d-11dd-9a70-001a801f4e26}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\AppLaunch.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Setup.exe not found.
Unable to delete ADS C:\ProgramData\TEMP:1CE11B51 .
Unable to delete ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} .
Unable to delete ADS C:\ProgramData\TEMP:2B11E0DF .
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
No active process named svcs.exe was found!
Error: No service named NetworkLog was found to stop!
Service\Driver key NetworkLog not found.
File C:\Windows\svcs.exe not found.
File C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\5pu352vq.default\searchplugins\bing-zugo.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\twitter.xml not found.
Folder C:\Users\Mike\AppData\Roaming\A97DB\ not found.
Folder C:\Users\Mike\AppData\Roaming\XJJJ6ddWK8fR9\ not found.
Folder C:\Users\Mike\AppData\Roaming\fTTXXqjjUCkIBzN\ not found.
Folder C:\Users\Mike\AppData\Roaming\AE5A9\ not found.
Folder C:\Users\Mike\AppData\Roaming\NgRRZZ9hYXw\ not found.
Folder C:\Users\Mike\AppData\Roaming\SzPPNNyA1uvSo\ not found.
Folder C:\Users\Mike\AppData\Roaming\my1uDD2bF4pm5sJ\ not found.
File C:\Windows\System32\Ikeext.etl not found.
File C:\Windows\svcs.exe not found.
File C:\Windows\svcs.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mike\Desktop\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 80127239 bytes
->Temporary Internet Files folder emptied: 387289428 bytes
->Java cache emptied: 1120127 bytes
->FireFox cache emptied: 50586777 bytes
->Google Chrome cache emptied: 284346092 bytes
->Apple Safari cache emptied: 968704 bytes
->Opera cache emptied: 124816 bytes
->Flash cache emptied: 2333165 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 564338886 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,308.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mcx1

User: Mike
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12072011_191532

Files\Folders moved on Reboot...
File\Folder C:\Windows\registration.tmp\New Folder not found!

Registry entries deleted on Reboot...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 08 December 2011 - 09:44 AM

Hello


try and run combofix now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ThatGuyWithAVirus

ThatGuyWithAVirus
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 09 December 2011 - 01:04 PM

Still a no go on combofix, last night i was treated to a real nice trojan massacre. Right now it says that
Microsofy Security Essentials cannot turn on because "The specified service does not exist as an installed service",
its blocking malwarebytes on startup,
filebackup still wont run,
"One or more of the following windows services are not running : Base filtering engine, IPsec Policy Agent, IKE and AuthIP IPsec Keyring Modules
It made windows explorer my default browser (Compared to firefox)
It blue screened twice
I recieved a popup on windows saying my TCP/IP Command Failed With this in the details
Problem signature:
Problem Event Name: APPCRASH
Application Name: ping.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47919130
Fault Module Name: SHLWAPI.dll
Fault Module Version: 6.0.6002.18393
Fault Module Timestamp: 4d39b5cc
Exception Code: c0000005
Exception Offset: 0001e7bf
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: b9e0
Additional Information 2: 07e822832de79137001879399a74c30e
Additional Information 3: 938d
Additional Information 4: 8a99d662af64f214fd26fd24fa056801





And After I ran malwarebytes and killed what it saw, it fed me this report



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8332

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/9/2011 2:21:26 AM
mbam-log-2011-12-09 (02-21-26).txt

Scan type: Quick scan
Objects scanned: 193198
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\Users\Mike\AppData\Local\hwo.exe (Trojan.Agent) -> 4212 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Mike\AppData\Local\hwo.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Mike\AppData\Local\hwo.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Mike\AppData\Local\hwo.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Mike\AppData\Local\hwo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mike\AppData\Local\Temp\206.8852.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mike\AppData\Local\Temp\215.2291.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Mike\local settings\application data\hwo.exe (Trojan.Agent) -> Quarantined and deleted successfully.



Thanks for being patient with whatever is going on
-Mike-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users