Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Highjack


  • This topic is locked This topic is locked
27 replies to this topic

#1 icashootnstar

icashootnstar

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 08 December 2011 - 09:02 PM

OK. I blew it. I thought I would run a few apps to eradicate the pop-up and redirect hell on my own. I now know that was a bad idea.

Unfortunately, I am now confronting the following issues and don't know where to begin:
I am unable to run both

Windows Update- Message is "Windows could not search for new updates" Error code 80096001. Most recent check and Updates indstalled indicate "Never" but I have run them in the past.
and

MSE updates- Message says "Virus and spyware definitions update failed" etc. Error code 0x80096001

Explorer hangs and restarts.
Search no longer finds anything in Outlook.
Runtime errors.

In an ironic twist, I haven't had any redirects lately, though I can't be sure if everything is completely gone or not.

I hope I haven't mucked it up beyond repair!


Thanks,
Shannon


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Shannon at 12:54:24 on 2011-12-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1579 [GMT -10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ShadowExplorer\sesvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\StuffIt Deluxe 12\ArcNameService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Anagram Technologies\Copy2Contact\Copy2Contact.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page =
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\lcdmon.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FileOpenBroker] c:\program files\fileopen\services\FileOpenBroker32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\copy2c~1.lnk - c:\program files\anagram technologies\copy2contact\Copy2Contact.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Options - file://c:\program files\siber systems\ai roboform\RoboFormComOptions.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
Trusted Zone: adoptsoft.com
Trusted Zone: adoptsoft.com\hic
Trusted Zone: adoptsoft.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: myadoptionportal.com\www
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} - hxxp://smartdownload.riverdeep.net/new/launcher.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28-11263/webex/ieatgpc1.cab
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{8FF45579-7E59-4698-B245-8C6485DF977E} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{B08B4A3F-6ACC-4C01-B9DB-47E2CF0AC755} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{B08B4A3F-6ACC-4C01-B9DB-47E2CF0AC755}\84F6E6F6C657C65784F445A5F4E454 : DhcpNameServer = 208.67.222.222 208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shannon\appdata\roaming\mozilla\firefox\profiles\t2cq0n15.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 MpKsl72040faa;MpKsl72040faa;c:\programdata\microsoft\microsoft antimalware\definition updates\{92c118b9-a89c-4b4b-8bb8-209b0409633b}\MpKsl72040faa.sys [2011-12-7 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-6-3 73728]
R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManagerSvc32.exe [2011-10-21 213376]
R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2010-1-26 9216]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-29 135664]
S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2009-5-24 18944]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-29 135664]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-12 471296]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-2 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
.
=============== Created Last 30 ================
.
2011-12-07 19:33:27 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{92c118b9-a89c-4b4b-8bb8-209b0409633b}\MpKsl72040faa.sys
2011-12-07 19:33:26 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{92c118b9-a89c-4b4b-8bb8-209b0409633b}\offreg.dll
2011-12-06 22:13:51 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{92c118b9-a89c-4b4b-8bb8-209b0409633b}\mpengine.dll
2011-12-06 01:01:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 01:01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-05 18:00:27 -------- d-----w- c:\windows\SoftwareDistribution.old
2011-12-05 16:08:44 -------- d-----w- c:\windows\system32\catroot2
2011-12-05 04:16:25 -------- d-----w- c:\windows\system32\CatRoot2_2011124182823
2011-12-04 20:23:29 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-12-04 20:23:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-03 07:51:54 -------- d-----w- c:\users\shannon\appdata\roaming\SUPERAntiSpyware.com
2011-12-03 07:51:04 -------- d-----w- c:\programdata\!SASCORE
2011-12-03 07:51:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-03 07:51:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-03 07:50:50 -------- d-----w- c:\programdata\SUPERSetup
2011-12-03 07:38:35 -------- d-----w- c:\users\shannon\appdata\roaming\Auslogics
2011-12-03 07:32:47 -------- d-----w- c:\program files\Auslogics
2011-11-30 20:24:28 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8a740a51-1abc-4d1c-902b-8bb9c1556e45}\gapaengine.dll
2011-11-30 18:33:53 -------- d-----w- c:\users\shannon\appdata\local\temp
2011-11-29 19:40:29 -------- d-----w- c:\program files\IObit Malware Fighter
2011-11-08 22:55:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 22:55:01 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-08 22:54:59 2341888 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-12-06 22:13:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 17:44:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 21:22:36 73 ----a-w- c:\windows\system32\ssprs.dll
2011-10-26 21:22:36 205 ----a-w- c:\windows\system32\lsprst7.dll
2011-10-26 21:22:36 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-10-26 21:22:36 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-10-26 21:22:36 1025 ----a-w- c:\windows\system32\clauth1.dll
.
============= FINISH: 12:55:04.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 11 December 2011 - 02:52 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 icashootnstar

icashootnstar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 December 2011 - 03:57 AM

Thank you for helping! The following is my ComboFix log:

ComboFix 11-12-10.01 - Shannon 12/10/2011 22:39:43.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1285 [GMT -10:00]
Running from: c:\users\Shannon\Desktop\Maintenance\Malware Scanners\ComboFix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Shannon\AppData\Roaming\inst.exe
c:\users\Shannon\g2mdlhlpx.exe
c:\users\Shannon\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 08:48 . 2011-12-11 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-07 19:33 . 2011-12-07 19:33 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C118B9-A89C-4B4B-8BB8-209B0409633B}\MpKsl72040faa.sys
2011-12-07 19:33 . 2011-12-07 19:33 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C118B9-A89C-4B4B-8BB8-209B0409633B}\offreg.dll
2011-12-06 22:13 . 2011-11-30 12:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C118B9-A89C-4B4B-8BB8-209B0409633B}\mpengine.dll
2011-12-06 01:01 . 2011-12-06 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-06 01:01 . 2011-09-01 03:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 16:08 . 2011-12-06 06:30 -------- d-----w- c:\windows\system32\catroot2
2011-12-05 04:16 . 2011-12-05 04:21 -------- d-----w- c:\windows\system32\CatRoot2_2011124182823
2011-12-04 20:23 . 2011-12-04 20:23 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-04 20:23 . 2011-12-04 20:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-03 07:51 . 2011-12-03 07:51 -------- d-----w- c:\users\Shannon\AppData\Roaming\SUPERAntiSpyware.com
2011-12-03 07:51 . 2011-12-03 07:51 -------- d-----w- c:\programdata\!SASCORE
2011-12-03 07:51 . 2011-12-03 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-03 07:51 . 2011-12-03 07:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-03 07:50 . 2011-12-03 07:50 -------- d-----w- c:\programdata\SUPERSetup
2011-12-03 07:38 . 2011-12-03 07:38 -------- d-----w- c:\users\Shannon\AppData\Roaming\Auslogics
2011-12-03 07:32 . 2011-12-03 07:32 -------- d-----w- c:\program files\Auslogics
2011-12-02 19:42 . 2011-12-02 19:42 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-11-30 20:24 . 2011-10-05 03:22 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A740A51-1ABC-4D1C-902B-8BB9C1556E45}\gapaengine.dll
2011-11-30 18:33 . 2011-12-11 08:48 -------- d-----w- c:\users\Shannon\AppData\Local\temp
2011-11-29 19:40 . 2011-11-30 20:03 -------- d-----w- c:\program files\IObit Malware Fighter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 22:13 . 2009-10-02 20:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 12:21 . 2010-03-11 18:05 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-21 17:44 . 2011-06-12 23:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 16:03 . 2011-11-08 22:55 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37 . 2011-11-08 22:54 2341888 ----a-w- c:\windows\system32\win32k.sys
2007-06-22 04:38 . 2007-06-22 04:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-22 04:38 . 2007-06-22 04:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-22 04:38 . 2007-06-22 04:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-22 04:38 . 2007-06-22 04:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-22 04:39 . 2007-06-22 04:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-22 04:39 . 2007-06-22 04:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-22 04:39 . 2007-06-22 04:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-22 04:39 . 2007-06-22 04:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-22 04:40 . 2007-06-22 04:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-03 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-16 997920]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-06-27 775952]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-02 1821576]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2011-10-22 724352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Copy2Contact.lnk - c:\program files\Anagram Technologies\Copy2Contact\Copy2Contact.exe [2010-9-17 4460320]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0d97c105;MpKsl0d97c105; [x]
R1 MpKsl11a7cb7e;MpKsl11a7cb7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1101AA45-FDEF-4B85-92AE-6721F8BD050A}\MpKsl11a7cb7e.sys [x]
R1 MpKsl18d32dd4;MpKsl18d32dd4; [x]
R1 MpKsl1f97e749;MpKsl1f97e749; [x]
R1 MpKsl7138d5d0;MpKsl7138d5d0; [x]
R1 MpKsl735e3a4a;MpKsl735e3a4a; [x]
R1 MpKsl7b326832;MpKsl7b326832; [x]
R1 MpKsl867d9de1;MpKsl867d9de1; [x]
R1 MpKsl8bb5fe2e;MpKsl8bb5fe2e; [x]
R1 MpKsl92333591;MpKsl92333591; [x]
R1 MpKsla9f0ad78;MpKsla9f0ad78; [x]
R1 MpKslafb79fab;MpKslafb79fab; [x]
R1 MpKslbcb8f513;MpKslbcb8f513; [x]
R1 MpKslc57b636e;MpKslc57b636e; [x]
R1 MpKslcbac367f;MpKslcbac367f; [x]
R1 MpKsle92bbf95;MpKsle92bbf95; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 135664]
R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\Drivers\busbcrw.sys [2006-10-27 18944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 135664]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-07-24 471296]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-28 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 208944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2008-12-17 47360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S1 MpKsl72040faa;MpKsl72040faa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C118B9-A89C-4B4B-8BB8-209B0409633B}\MpKsl72040faa.sys [2011-12-07 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-12-03 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-21 73728]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe [2011-10-22 213376]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2010-01-24 9216]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL72040FAA
*NewlyCreated* - PXDIRFOG
*Deregistered* - FileOpenWebPublisherScreenHookDriver
*Deregistered* - pxdirfog
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 18:42]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 18:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en
uInternet Settings,ProxyOverride = *.local
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Options - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: adoptsoft.com
Trusted Zone: adoptsoft.com\hic
Trusted Zone: adoptsoft.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: myadoptionportal.com\www
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} - hxxp://smartdownload.riverdeep.net/new/launcher.cab
FF - ProfilePath - c:\users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\t2cq0n15.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:1c,f2,29,42,3d,52,d7,27,cc,6a,89,ba,3d,b1,7e,96,99,b7,5a,d3,e0,
07,f4,97,b8,ff,17,9a,44,5e,45,7d,49,48,96,ba,ee,99,35,af,7f,60,ac,90,dc,0a,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:1c,f2,29,42,3d,52,d7,27,cc,6a,89,ba,3d,b1,7e,96,99,b7,5a,d3,e0,
07,f4,97,b8,ff,17,9a,44,5e,45,7d,49,48,96,ba,ee,99,35,af,7f,60,ac,90,dc,0a,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-10 22:50:57
ComboFix-quarantined-files.txt 2011-12-11 08:50
ComboFix2.txt 2011-11-30 18:54
.
Pre-Run: 104,678,195,200 bytes free
Post-Run: 104,769,159,168 bytes free
.
- - End Of File - - 0CA94C3C984D1CD4BA4F7D7E620082E6


All of the symptoms remain.

Again, thank you for taking the time to assist me!

Shannon

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 11 December 2011 - 05:30 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 icashootnstar

icashootnstar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 December 2011 - 05:51 AM

Here you go:

00:49:28.0024 1920 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
00:49:29.0147 1920 ============================================================
00:49:29.0147 1920 Current date / time: 2011/12/11 00:49:29.0147
00:49:29.0147 1920 SystemInfo:
00:49:29.0147 1920
00:49:29.0147 1920 OS Version: 6.1.7601 ServicePack: 1.0
00:49:29.0147 1920 Product type: Workstation
00:49:29.0147 1920 ComputerName: SHANNON-PC
00:49:29.0147 1920 UserName: Shannon
00:49:29.0147 1920 Windows directory: C:\Windows
00:49:29.0147 1920 System windows directory: C:\Windows
00:49:29.0147 1920 Processor architecture: Intel x86
00:49:29.0147 1920 Number of processors: 2
00:49:29.0147 1920 Page size: 0x1000
00:49:29.0147 1920 Boot type: Normal boot
00:49:29.0147 1920 ============================================================
00:49:30.0910 1920 Initialize success
00:49:53.0889 4252 ============================================================
00:49:53.0889 4252 Scan started
00:49:53.0889 4252 Mode: Manual;
00:49:53.0889 4252 ============================================================
00:49:58.0990 4252 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:49:59.0005 4252 1394ohci - ok
00:49:59.0161 4252 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:49:59.0177 4252 ACPI - ok
00:49:59.0193 4252 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:49:59.0208 4252 AcpiPmi - ok
00:49:59.0349 4252 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:49:59.0364 4252 adp94xx - ok
00:49:59.0380 4252 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:49:59.0395 4252 adpahci - ok
00:49:59.0411 4252 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:49:59.0427 4252 adpu320 - ok
00:49:59.0536 4252 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:49:59.0551 4252 AFD - ok
00:49:59.0598 4252 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:49:59.0598 4252 agp440 - ok
00:49:59.0629 4252 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:49:59.0629 4252 aic78xx - ok
00:49:59.0661 4252 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:49:59.0661 4252 aliide - ok
00:49:59.0676 4252 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:49:59.0676 4252 amdagp - ok
00:49:59.0723 4252 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:49:59.0723 4252 amdide - ok
00:49:59.0754 4252 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:49:59.0754 4252 AmdK8 - ok
00:49:59.0770 4252 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:49:59.0770 4252 AmdPPM - ok
00:49:59.0801 4252 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:49:59.0801 4252 amdsata - ok
00:49:59.0832 4252 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:49:59.0832 4252 amdsbs - ok
00:49:59.0863 4252 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:49:59.0863 4252 amdxata - ok
00:49:59.0926 4252 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:49:59.0926 4252 AppID - ok
00:50:00.0019 4252 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:50:00.0019 4252 arc - ok
00:50:00.0035 4252 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:50:00.0035 4252 arcsas - ok
00:50:00.0097 4252 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:50:00.0097 4252 AsyncMac - ok
00:50:00.0144 4252 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:50:00.0144 4252 atapi - ok
00:50:00.0253 4252 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:50:00.0285 4252 b06bdrv - ok
00:50:00.0347 4252 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:50:00.0363 4252 b57nd60x - ok
00:50:00.0409 4252 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:50:00.0409 4252 Beep - ok
00:50:00.0534 4252 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:50:00.0550 4252 blbdrive - ok
00:50:00.0675 4252 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:50:00.0675 4252 bowser - ok
00:50:00.0768 4252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:50:00.0784 4252 BrFiltLo - ok
00:50:00.0909 4252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:50:00.0909 4252 BrFiltUp - ok
00:50:01.0111 4252 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:50:01.0127 4252 Brserid - ok
00:50:01.0158 4252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:50:01.0174 4252 BrSerWdm - ok
00:50:01.0267 4252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:50:01.0283 4252 BrUsbMdm - ok
00:50:01.0345 4252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:50:01.0345 4252 BrUsbSer - ok
00:50:01.0486 4252 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
00:50:01.0486 4252 BthEnum - ok
00:50:01.0673 4252 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:50:01.0673 4252 BTHMODEM - ok
00:50:01.0829 4252 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
00:50:01.0845 4252 BthPan - ok
00:50:02.0047 4252 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
00:50:02.0079 4252 BTHPORT - ok
00:50:02.0203 4252 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
00:50:02.0219 4252 BTHUSB - ok
00:50:02.0328 4252 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
00:50:02.0344 4252 btwavdt - ok
00:50:02.0453 4252 busbcrw (8c6c7b22ca8fc0f8cef6b84d5ea7d78e) C:\Windows\system32\Drivers\busbcrw.sys
00:50:02.0469 4252 busbcrw - ok
00:50:02.0796 4252 catchme - ok
00:50:02.0905 4252 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:50:02.0921 4252 cdfs - ok
00:50:02.0983 4252 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
00:50:02.0983 4252 cdrom - ok
00:50:03.0015 4252 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:50:03.0030 4252 circlass - ok
00:50:03.0124 4252 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:50:03.0155 4252 CLFS - ok
00:50:03.0186 4252 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:50:03.0186 4252 CmBatt - ok
00:50:03.0295 4252 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:50:03.0295 4252 cmdide - ok
00:50:03.0389 4252 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
00:50:03.0436 4252 CNG - ok
00:50:03.0607 4252 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:50:03.0607 4252 Compbatt - ok
00:50:03.0748 4252 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:50:03.0763 4252 CompositeBus - ok
00:50:03.0951 4252 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:50:03.0951 4252 crcdisk - ok
00:50:04.0075 4252 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
00:50:04.0075 4252 dc3d - ok
00:50:04.0216 4252 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:50:04.0216 4252 DfsC - ok
00:50:04.0419 4252 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:50:04.0434 4252 discache - ok
00:50:04.0575 4252 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:50:04.0575 4252 Disk - ok
00:50:04.0699 4252 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:50:04.0699 4252 drmkaud - ok
00:50:04.0887 4252 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:50:04.0949 4252 DXGKrnl - ok
00:50:05.0479 4252 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:50:05.0573 4252 ebdrv - ok
00:50:05.0713 4252 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:50:05.0729 4252 elxstor - ok
00:50:05.0807 4252 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:50:05.0823 4252 ErrDev - ok
00:50:05.0869 4252 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:50:05.0885 4252 exfat - ok
00:50:05.0916 4252 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:50:05.0932 4252 fastfat - ok
00:50:05.0963 4252 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:50:05.0963 4252 fdc - ok
00:50:05.0994 4252 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:50:06.0010 4252 FileInfo - ok
00:50:06.0166 4252 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:50:06.0166 4252 Filetrace - ok
00:50:06.0213 4252 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:50:06.0213 4252 flpydisk - ok
00:50:06.0291 4252 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:50:06.0291 4252 FltMgr - ok
00:50:06.0369 4252 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:50:06.0369 4252 FsDepends - ok
00:50:06.0509 4252 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:50:06.0509 4252 Fs_Rec - ok
00:50:06.0649 4252 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:50:06.0649 4252 fvevol - ok
00:50:06.0712 4252 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:50:06.0727 4252 gagp30kx - ok
00:50:06.0759 4252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:50:06.0774 4252 GEARAspiWDM - ok
00:50:06.0930 4252 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:50:06.0930 4252 hcw85cir - ok
00:50:07.0055 4252 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:50:07.0071 4252 HDAudBus - ok
00:50:07.0227 4252 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:50:07.0227 4252 HidBatt - ok
00:50:07.0367 4252 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:50:07.0383 4252 HidBth - ok
00:50:07.0429 4252 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:50:07.0445 4252 HidIr - ok
00:50:07.0507 4252 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:50:07.0507 4252 HidUsb - ok
00:50:07.0585 4252 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:50:07.0585 4252 HpSAMD - ok
00:50:07.0726 4252 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:50:07.0757 4252 HTTP - ok
00:50:07.0882 4252 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:50:07.0897 4252 hwpolicy - ok
00:50:07.0960 4252 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:50:07.0960 4252 i8042prt - ok
00:50:08.0069 4252 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
00:50:08.0069 4252 iaStor - ok
00:50:08.0147 4252 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:50:08.0178 4252 iaStorV - ok
00:50:08.0506 4252 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:50:08.0506 4252 iirsp - ok
00:50:08.0709 4252 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:50:08.0709 4252 intelide - ok
00:50:08.0802 4252 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:50:08.0802 4252 intelppm - ok
00:50:08.0927 4252 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:50:08.0943 4252 IpFilterDriver - ok
00:50:09.0052 4252 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:50:09.0067 4252 IPMIDRV - ok
00:50:09.0099 4252 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:50:09.0099 4252 IPNAT - ok
00:50:09.0114 4252 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:50:09.0114 4252 IRENUM - ok
00:50:09.0177 4252 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:50:09.0177 4252 isapnp - ok
00:50:09.0255 4252 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:50:09.0270 4252 iScsiPrt - ok
00:50:09.0301 4252 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
00:50:09.0301 4252 kbdclass - ok
00:50:09.0395 4252 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
00:50:09.0395 4252 kbdhid - ok
00:50:09.0473 4252 ksaud (019e5c48240c3a6bc56de171711734c9) C:\Windows\system32\drivers\ksaud.sys
00:50:09.0504 4252 ksaud - ok
00:50:09.0582 4252 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
00:50:09.0582 4252 KSecDD - ok
00:50:09.0660 4252 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
00:50:09.0660 4252 KSecPkg - ok
00:50:09.0738 4252 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:50:09.0738 4252 lltdio - ok
00:50:09.0816 4252 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:50:09.0816 4252 LSI_FC - ok
00:50:09.0925 4252 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:50:09.0925 4252 LSI_SAS - ok
00:50:10.0066 4252 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:50:10.0081 4252 LSI_SAS2 - ok
00:50:10.0175 4252 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:50:10.0191 4252 LSI_SCSI - ok
00:50:10.0284 4252 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:50:10.0284 4252 luafv - ok
00:50:10.0393 4252 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:50:10.0393 4252 megasas - ok
00:50:10.0549 4252 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:50:10.0581 4252 MegaSR - ok
00:50:10.0690 4252 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:50:10.0690 4252 Modem - ok
00:50:10.0815 4252 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:50:10.0815 4252 monitor - ok
00:50:10.0939 4252 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:50:10.0939 4252 mouclass - ok
00:50:11.0064 4252 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:50:11.0064 4252 mouhid - ok
00:50:11.0127 4252 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:50:11.0127 4252 mountmgr - ok
00:50:11.0345 4252 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
00:50:11.0345 4252 MpFilter - ok
00:50:11.0485 4252 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:50:11.0485 4252 mpio - ok
00:50:11.0563 4252 MpKsl0d97c105 - ok
00:50:11.0797 4252 MpKsl11a7cb7e - ok
00:50:11.0922 4252 MpKsl18d32dd4 - ok
00:50:12.0016 4252 MpKsl1f97e749 - ok
00:50:12.0172 4252 MpKsl7138d5d0 - ok
00:50:12.0343 4252 MpKsl72040faa (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92C118B9-A89C-4B4B-8BB8-209B0409633B}\MpKsl72040faa.sys
00:50:12.0343 4252 MpKsl72040faa - ok
00:50:12.0499 4252 MpKsl735e3a4a - ok
00:50:12.0577 4252 MpKsl7b326832 - ok
00:50:12.0640 4252 MpKsl867d9de1 - ok
00:50:12.0905 4252 MpKsl8bb5fe2e - ok
00:50:13.0077 4252 MpKsl92333591 - ok
00:50:13.0201 4252 MpKsla9f0ad78 - ok
00:50:13.0389 4252 MpKslafb79fab - ok
00:50:13.0513 4252 MpKslbcb8f513 - ok
00:50:13.0701 4252 MpKslc57b636e - ok
00:50:13.0841 4252 MpKslcbac367f - ok
00:50:13.0966 4252 MpKsle92bbf95 - ok
00:50:14.0137 4252 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:50:14.0137 4252 MpNWMon - ok
00:50:14.0325 4252 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:50:14.0340 4252 mpsdrv - ok
00:50:14.0512 4252 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:50:14.0512 4252 MRxDAV - ok
00:50:14.0683 4252 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:50:14.0683 4252 mrxsmb - ok
00:50:14.0855 4252 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:50:14.0871 4252 mrxsmb10 - ok
00:50:15.0073 4252 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:50:15.0089 4252 mrxsmb20 - ok
00:50:15.0214 4252 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:50:15.0214 4252 msahci - ok
00:50:15.0448 4252 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:50:15.0448 4252 msdsm - ok
00:50:15.0697 4252 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:50:15.0713 4252 Msfs - ok
00:50:15.0947 4252 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:50:15.0963 4252 mshidkmdf - ok
00:50:16.0119 4252 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:50:16.0119 4252 msisadrv - ok
00:50:16.0181 4252 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:50:16.0181 4252 MSKSSRV - ok
00:50:16.0290 4252 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:50:16.0306 4252 MSPCLOCK - ok
00:50:16.0368 4252 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:50:16.0368 4252 MSPQM - ok
00:50:16.0555 4252 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:50:16.0571 4252 MsRPC - ok
00:50:16.0696 4252 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:50:16.0711 4252 mssmbios - ok
00:50:16.0805 4252 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:50:16.0805 4252 MSTEE - ok
00:50:16.0977 4252 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:50:16.0977 4252 MTConfig - ok
00:50:17.0101 4252 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:50:17.0101 4252 Mup - ok
00:50:17.0289 4252 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:50:17.0289 4252 NativeWifiP - ok
00:50:17.0632 4252 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:50:17.0757 4252 NDIS - ok
00:50:17.0881 4252 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:50:17.0881 4252 NdisCap - ok
00:50:18.0022 4252 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:50:18.0022 4252 NdisTapi - ok
00:50:18.0225 4252 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:50:18.0240 4252 Ndisuio - ok
00:50:18.0412 4252 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:50:18.0412 4252 NdisWan - ok
00:50:18.0615 4252 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:50:18.0630 4252 NDProxy - ok
00:50:18.0755 4252 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:50:18.0755 4252 NetBIOS - ok
00:50:18.0895 4252 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:50:18.0911 4252 NetBT - ok
00:50:19.0488 4252 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
00:50:19.0582 4252 netw5v32 - ok
00:50:19.0769 4252 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:50:19.0769 4252 nfrd960 - ok
00:50:19.0956 4252 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:50:19.0956 4252 NisDrv - ok
00:50:20.0112 4252 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:50:20.0112 4252 Npfs - ok
00:50:20.0159 4252 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:50:20.0159 4252 nsiproxy - ok
00:50:20.0362 4252 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:50:20.0393 4252 Ntfs - ok
00:50:20.0471 4252 NuidFltr (28613c245d9f26190dcee18430a4ebbe) C:\Windows\system32\DRIVERS\NuidFltr.sys
00:50:20.0471 4252 NuidFltr - ok
00:50:20.0518 4252 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:50:20.0518 4252 Null - ok
00:50:21.0594 4252 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:50:21.0922 4252 nvlddmkm - ok
00:50:22.0234 4252 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:50:22.0234 4252 nvraid - ok
00:50:22.0483 4252 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:50:22.0530 4252 nvstor - ok
00:50:22.0639 4252 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:50:22.0655 4252 nv_agp - ok
00:50:22.0827 4252 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
00:50:22.0827 4252 OEM02Dev - ok
00:50:22.0967 4252 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
00:50:22.0967 4252 OEM02Vfx - ok
00:50:23.0139 4252 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:50:23.0154 4252 ohci1394 - ok
00:50:23.0404 4252 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:50:23.0404 4252 Parport - ok
00:50:23.0513 4252 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
00:50:23.0513 4252 partmgr - ok
00:50:23.0685 4252 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:50:23.0685 4252 Parvdm - ok
00:50:23.0747 4252 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:50:23.0763 4252 pci - ok
00:50:23.0841 4252 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:50:23.0856 4252 pciide - ok
00:50:23.0934 4252 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:50:23.0934 4252 pcmcia - ok
00:50:24.0059 4252 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
00:50:24.0059 4252 pcouffin - ok
00:50:24.0168 4252 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:50:24.0168 4252 pcw - ok
00:50:24.0418 4252 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:50:24.0449 4252 PEAUTH - ok
00:50:24.0714 4252 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
00:50:24.0730 4252 pfc - ok
00:50:25.0057 4252 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
00:50:25.0057 4252 Point32 - ok
00:50:25.0182 4252 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:50:25.0182 4252 PptpMiniport - ok
00:50:25.0307 4252 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:50:25.0323 4252 Processor - ok
00:50:25.0447 4252 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:50:25.0447 4252 Psched - ok
00:50:25.0697 4252 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
00:50:25.0697 4252 PxHelp20 - ok
00:50:25.0978 4252 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:50:26.0009 4252 ql2300 - ok
00:50:26.0165 4252 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:50:26.0181 4252 ql40xx - ok
00:50:26.0399 4252 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:50:26.0399 4252 QWAVEdrv - ok
00:50:26.0555 4252 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:50:26.0555 4252 RasAcd - ok
00:50:26.0711 4252 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:50:26.0711 4252 RasAgileVpn - ok
00:50:26.0836 4252 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:50:26.0836 4252 Rasl2tp - ok
00:50:26.0898 4252 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:50:26.0914 4252 RasPppoe - ok
00:50:26.0961 4252 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:50:26.0961 4252 RasSstp - ok
00:50:27.0054 4252 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:50:27.0070 4252 rdbss - ok
00:50:27.0195 4252 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:50:27.0195 4252 rdpbus - ok
00:50:27.0319 4252 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:50:27.0319 4252 RDPCDD - ok
00:50:27.0507 4252 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:50:27.0522 4252 RDPENCDD - ok
00:50:27.0647 4252 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:50:27.0663 4252 RDPREFMP - ok
00:50:27.0803 4252 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
00:50:27.0803 4252 RDPWD - ok
00:50:28.0006 4252 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:50:28.0053 4252 rdyboost - ok
00:50:28.0146 4252 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
00:50:28.0162 4252 RFCOMM - ok
00:50:28.0209 4252 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:50:28.0209 4252 rimmptsk - ok
00:50:28.0271 4252 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:50:28.0271 4252 rimsptsk - ok
00:50:28.0333 4252 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
00:50:28.0333 4252 RimUsb - ok
00:50:28.0396 4252 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
00:50:28.0396 4252 RimVSerPort - ok
00:50:28.0458 4252 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:50:28.0458 4252 rismxdp - ok
00:50:28.0521 4252 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
00:50:28.0536 4252 ROOTMODEM - ok
00:50:28.0567 4252 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:50:28.0567 4252 rspndr - ok
00:50:28.0817 4252 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:50:28.0817 4252 SASDIFSV - ok
00:50:28.0911 4252 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:50:28.0911 4252 SASKUTIL - ok
00:50:29.0004 4252 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:50:29.0004 4252 sbp2port - ok
00:50:29.0082 4252 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:50:29.0082 4252 scfilter - ok
00:50:29.0191 4252 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
00:50:29.0191 4252 sdbus - ok
00:50:29.0332 4252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:50:29.0332 4252 secdrv - ok
00:50:29.0425 4252 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:50:29.0425 4252 Serenum - ok
00:50:29.0535 4252 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:50:29.0535 4252 Serial - ok
00:50:29.0644 4252 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:50:29.0644 4252 sermouse - ok
00:50:29.0815 4252 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:50:29.0815 4252 sffdisk - ok
00:50:29.0956 4252 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:50:29.0956 4252 sffp_mmc - ok
00:50:30.0018 4252 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:50:30.0018 4252 sffp_sd - ok
00:50:30.0081 4252 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:50:30.0081 4252 sfloppy - ok
00:50:30.0237 4252 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:50:30.0237 4252 sisagp - ok
00:50:30.0283 4252 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:50:30.0299 4252 SiSRaid2 - ok
00:50:30.0424 4252 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:50:30.0424 4252 SiSRaid4 - ok
00:50:30.0486 4252 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:50:30.0486 4252 Smb - ok
00:50:30.0595 4252 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:50:30.0595 4252 spldr - ok
00:50:30.0736 4252 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:50:30.0767 4252 srv - ok
00:50:30.0829 4252 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:50:30.0861 4252 srv2 - ok
00:50:30.0892 4252 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:50:30.0892 4252 srvnet - ok
00:50:30.0970 4252 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
00:50:30.0970 4252 sscdbus - ok
00:50:31.0063 4252 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
00:50:31.0063 4252 sscdmdfl - ok
00:50:31.0157 4252 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
00:50:31.0157 4252 sscdmdm - ok
00:50:31.0360 4252 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
00:50:31.0360 4252 sscdserd - ok
00:50:31.0547 4252 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:50:31.0547 4252 stexstor - ok
00:50:31.0781 4252 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
00:50:31.0797 4252 STHDA - ok
00:50:31.0937 4252 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:50:31.0953 4252 swenum - ok
00:50:32.0171 4252 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
00:50:32.0171 4252 SynTP - ok
00:50:32.0358 4252 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
00:50:32.0405 4252 Tcpip - ok
00:50:32.0592 4252 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
00:50:32.0592 4252 TCPIP6 - ok
00:50:32.0655 4252 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:50:32.0670 4252 tcpipreg - ok
00:50:32.0779 4252 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:50:32.0779 4252 TDPIPE - ok
00:50:32.0857 4252 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
00:50:32.0857 4252 TDTCP - ok
00:50:32.0904 4252 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:50:32.0920 4252 tdx - ok
00:50:32.0951 4252 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:50:32.0951 4252 TermDD - ok
00:50:33.0029 4252 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:50:33.0029 4252 tssecsrv - ok
00:50:33.0076 4252 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:50:33.0076 4252 TsUsbFlt - ok
00:50:33.0154 4252 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:50:33.0169 4252 tunnel - ok
00:50:33.0310 4252 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:50:33.0310 4252 uagp35 - ok
00:50:33.0528 4252 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:50:33.0544 4252 udfs - ok
00:50:33.0731 4252 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:50:33.0731 4252 uliagpkx - ok
00:50:33.0918 4252 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
00:50:33.0918 4252 umbus - ok
00:50:34.0012 4252 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:50:34.0012 4252 UmPass - ok
00:50:34.0168 4252 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:50:34.0168 4252 usbccgp - ok
00:50:34.0293 4252 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:50:34.0293 4252 usbcir - ok
00:50:34.0495 4252 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
00:50:34.0495 4252 usbehci - ok
00:50:34.0636 4252 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:50:34.0683 4252 usbhub - ok
00:50:34.0870 4252 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
00:50:34.0870 4252 usbohci - ok
00:50:34.0979 4252 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:50:34.0979 4252 usbprint - ok
00:50:35.0119 4252 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:50:35.0135 4252 usbscan - ok
00:50:35.0197 4252 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:50:35.0197 4252 USBSTOR - ok
00:50:35.0369 4252 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
00:50:35.0369 4252 usbuhci - ok
00:50:35.0525 4252 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:50:35.0541 4252 vdrvroot - ok
00:50:35.0697 4252 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:50:35.0697 4252 vga - ok
00:50:35.0821 4252 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:50:35.0821 4252 VgaSave - ok
00:50:36.0024 4252 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:50:36.0024 4252 vhdmp - ok
00:50:36.0243 4252 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:50:36.0243 4252 viaagp - ok
00:50:36.0414 4252 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:50:36.0414 4252 ViaC7 - ok
00:50:36.0523 4252 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:50:36.0523 4252 viaide - ok
00:50:36.0586 4252 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:50:36.0601 4252 volmgr - ok
00:50:36.0804 4252 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:50:36.0820 4252 volmgrx - ok
00:50:36.0913 4252 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:50:36.0913 4252 volsnap - ok
00:50:36.0945 4252 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:50:36.0945 4252 vsmraid - ok
00:50:36.0991 4252 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:50:36.0991 4252 vwifibus - ok
00:50:37.0054 4252 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:50:37.0054 4252 WacomPen - ok
00:50:37.0147 4252 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:50:37.0163 4252 WANARP - ok
00:50:37.0163 4252 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:50:37.0163 4252 Wanarpv6 - ok
00:50:37.0225 4252 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:50:37.0241 4252 Wd - ok
00:50:37.0350 4252 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:50:37.0397 4252 Wdf01000 - ok
00:50:37.0475 4252 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:50:37.0475 4252 WfpLwf - ok
00:50:37.0584 4252 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:50:37.0584 4252 WIMMount - ok
00:50:37.0771 4252 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
00:50:37.0771 4252 WinUsb - ok
00:50:37.0865 4252 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:50:37.0865 4252 WmiAcpi - ok
00:50:37.0974 4252 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:50:37.0974 4252 ws2ifsl - ok
00:50:38.0099 4252 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:50:38.0099 4252 WSDPrintDevice - ok
00:50:38.0193 4252 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
00:50:38.0193 4252 WSDScan - ok
00:50:38.0302 4252 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:50:38.0317 4252 WudfPf - ok
00:50:38.0380 4252 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:50:38.0380 4252 WUDFRd - ok
00:50:38.0473 4252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:50:38.0489 4252 \Device\Harddisk0\DR0 - ok
00:50:38.0505 4252 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
00:50:38.0505 4252 \Device\Harddisk1\DR1 - ok
00:50:38.0520 4252 Boot (0x1200) (f83a9893583016602e324b6e146570af) \Device\Harddisk0\DR0\Partition0
00:50:38.0520 4252 \Device\Harddisk0\DR0\Partition0 - ok
00:50:38.0520 4252 Boot (0x1200) (f145ad6b42b139067e11ce638297d395) \Device\Harddisk0\DR0\Partition1
00:50:38.0520 4252 \Device\Harddisk0\DR0\Partition1 - ok
00:50:38.0520 4252 Boot (0x1200) (334e0081fd33b7bcf5a5a24c21a51d2f) \Device\Harddisk1\DR1\Partition0
00:50:38.0520 4252 \Device\Harddisk1\DR1\Partition0 - ok
00:50:38.0520 4252 ============================================================
00:50:38.0520 4252 Scan finished
00:50:38.0520 4252 ============================================================
00:50:38.0536 5904 Detected object count: 0
00:50:38.0536 5904 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 11 December 2011 - 11:28 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 icashootnstar

icashootnstar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 12 December 2011 - 12:42 AM

My log is below. After running aswMBR, a window opened saying "This computer is not running genuine Windows" and offered to resolve it online now. I cancelled out of the window.

I also have a new symptom. When previewing some Outlook emails, I get a message saying "A program has attachment...Changes to this file will be lost unless you save your changes to another file by clicking the File Tab in the other program and then clicking Save As."
I do not have any other program open at the time.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-11 08:41:58
-----------------------------
08:41:58.671 OS Version: Windows 6.1.7601 Service Pack 1
08:41:58.671 Number of processors: 2 586 0x1706
08:41:58.671 ComputerName: SHANNON-PC UserName: Shannon
08:42:10.699 Initialize success
08:43:41.721 AVAST engine defs: 11121102
08:44:15.698 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:44:15.698 Disk 0 Vendor: ST932042 DE14 Size: 305245MB BusType: 3
08:44:16.010 Disk 0 MBR read successfully
08:44:16.010 Disk 0 MBR scan
08:44:16.025 Disk 0 Windows 7 default MBR code
08:44:16.103 Disk 0 scanning sectors +625139712
08:44:16.758 Disk 0 scanning C:\Windows\system32\drivers
08:46:18.735 Service scanning
08:46:19.390 Service MpKsl72040faa C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92C118B9-A89C-4B4B-8BB8-209B0409633B}\MpKsl72040faa.sys **LOCKED** 32
08:46:19.406 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
08:46:20.092 Modules scanning
08:49:27.246 Disk 0 trace - called modules:
08:49:27.277 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
08:49:27.792 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e8f848]
08:49:27.807 3 CLASSPNP.SYS[8b98659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8612f030]
08:49:28.962 AVAST engine scan C:\Windows
08:51:57.396 AVAST engine scan C:\Windows\system32
09:15:57.169 AVAST engine scan C:\Windows\system32\drivers
09:20:34.599 AVAST engine scan C:\Users\Shannon
13:02:30.439 AVAST engine scan C:\ProgramData
13:07:45.887 Scan finished successfully
19:39:06.814 Disk 0 MBR has been saved successfully to "C:\Users\Shannon\Desktop\MBR.dat"
19:39:06.814 The log file has been saved successfully to "C:\Users\Shannon\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 12 December 2011 - 12:44 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 icashootnstar

icashootnstar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 12 December 2011 - 02:45 AM

fixTDS produced the message "backdoor.Tideserv has not been found on your computer".
The new aswMBR log follows:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-11 20:33:52
-----------------------------
20:33:52.628 OS Version: Windows 6.1.7601 Service Pack 1
20:33:52.628 Number of processors: 2 586 0x1706
20:33:52.628 ComputerName: SHANNON-PC UserName: Shannon
20:33:53.517 Initialize success
20:33:56.123 AVAST engine defs: 11121102
20:34:00.849 The log file has been saved successfully to "C:\Users\Shannon\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-11 20:33:52
-----------------------------
20:33:52.628 OS Version: Windows 6.1.7601 Service Pack 1
20:33:52.628 Number of processors: 2 586 0x1706
20:33:52.628 ComputerName: SHANNON-PC UserName: Shannon
20:33:53.517 Initialize success
20:33:56.123 AVAST engine defs: 11121102
20:34:00.849 The log file has been saved successfully to "C:\Users\Shannon\Desktop\aswMBR.txt"
20:34:08.176 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:34:08.176 Disk 0 Vendor: ST932042 DE14 Size: 305245MB BusType: 3
20:34:08.269 Disk 0 MBR read successfully
20:34:08.269 Disk 0 MBR scan
20:34:08.285 Disk 0 Windows 7 default MBR code
20:34:08.301 Disk 0 scanning sectors +625139712
20:34:08.410 Disk 0 scanning C:\Windows\system32\drivers
20:34:22.512 Service scanning
20:34:26.069 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:34:26.927 Modules scanning
20:34:38.331 AVAST engine scan C:\Windows
20:34:42.402 AVAST engine scan C:\Windows\system32
20:37:13.286 AVAST engine scan C:\Windows\system32\drivers
20:37:27.981 AVAST engine scan C:\Users\Shannon
21:02:35.120 AVAST engine scan C:\ProgramData
21:04:41.542 Scan finished successfully
21:21:14.936 Disk 0 MBR has been saved successfully to "C:\Users\Shannon\Desktop\MBR.dat"
21:21:14.936 The log file has been saved successfully to "C:\Users\Shannon\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 12 December 2011 - 02:50 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 icashootnstar

icashootnstar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 12 December 2011 - 03:39 AM

Done! Here you go. (FYI- I changed the boot drive back to C: because the first time I restarted it just hung there with a flat cursor.)

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 12 December 2011 - 03:48 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 icashootnstar

icashootnstar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 12 December 2011 - 03:58 AM

OTL logfile created on: 12/11/2011 10:53:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shannon\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.09% Memory free
5.99 Gb Paging File | 4.70 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 97.48 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.74 Gb Free Space | 47.38% Space Free | Partition Type: NTFS
Drive G: | 3.74 Gb Total Space | 3.61 Gb Free Space | 96.75% Space Free | Partition Type: FAT32
Drive H: | 1863.01 Gb Total Space | 1661.97 Gb Free Space | 89.21% Space Free | Partition Type: NTFS

Computer Name: SHANNON-PC | User Name: Shannon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Shannon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe (FileOpen Systems Inc.)
PRC - C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Anagram Technologies\Copy2Contact\Copy2Contact.exe (Anagram Technologies)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\StuffIt Deluxe 12\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (FileOpenManagerSvc) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe (FileOpen Systems Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\StuffIt Deluxe 12\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (busbcrw) -- C:\Windows\System32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search?hl=en
IE - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/10/22 11:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 09:42:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 10:23:29 | 000,000,000 | ---D | M]

[2010/06/03 15:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Extensions
[2009/02/01 10:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2011/12/05 12:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\t2cq0n15.default\extensions
[2011/01/10 12:42:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\t2cq0n15.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 15:53:02 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\t2cq0n15.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011/12/05 12:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/04 10:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2011/12/04 10:23:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/12/10 22:48:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 99
O7 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..Trusted Domains: adoptsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..Trusted Domains: adoptsoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..Trusted Domains: adoptsoft.com ([hic] https in Trusted sites)
O15 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..Trusted Domains: adoptsoft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3155779940-1253244901-3724951479-1000\..Trusted Domains: myadoptionportal.com ([www] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3356DB7C-58A7-11D4-AA5C-006097314BF8} http://smartdownload.riverdeep.net/new/launcher.cab (LaunchObj Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28-11263/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF45579-7E59-4698-B245-8C6485DF977E}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B08B4A3F-6ACC-4C01-B9DB-47E2CF0AC755}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 11:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 22:51:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shannon\Desktop\OTL.exe
[2011/12/11 19:57:38 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Shannon\Desktop\FixTDSS.exe
[2011/12/11 08:41:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Shannon\Desktop\aswMBR.exe
[2011/12/11 00:48:46 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shannon\Desktop\tdsskiller.exe
[2011/12/10 22:51:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/10 22:50:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/10 22:37:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/10 22:37:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/10 22:37:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/05 15:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/05 15:01:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/05 15:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/05 09:51:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/12/05 08:00:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution.old
[2011/12/05 06:08:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/12/04 18:16:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\CatRoot2_2011124182823
[2011/12/04 16:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2011/12/04 10:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/12/04 10:23:29 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/04 10:23:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/04 10:23:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/04 10:23:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/02 21:51:54 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/02 21:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/02 21:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/12/02 21:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/02 21:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/02 21:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2011/12/02 21:38:35 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Auslogics
[2011/12/02 21:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/12/02 21:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/11/30 08:33:53 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\temp
[2011/11/30 07:13:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/30 07:11:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 09:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Malware Fighter
[2011/11/16 22:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2008/12/16 18:53:15 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Shannon\AppData\Roaming\pcouffin.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/11 22:51:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shannon\Desktop\OTL.exe
[2011/12/11 22:51:14 | 000,000,524 | ---- | M] () -- C:\Users\Shannon\Desktop\Unknown Highjack.website
[2011/12/11 22:42:18 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 22:42:18 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 22:39:25 | 000,668,044 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/11 22:39:25 | 000,124,540 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/11 22:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 22:34:46 | 2414,395,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 21:21:14 | 000,000,512 | ---- | M] () -- C:\Users\Shannon\Desktop\MBR.dat
[2011/12/11 19:57:38 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Shannon\Desktop\FixTDSS.exe
[2011/12/11 08:41:34 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Shannon\Desktop\aswMBR.exe
[2011/12/11 00:48:46 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shannon\Desktop\tdsskiller.exe
[2011/12/10 22:48:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/08 12:50:31 | 000,000,000 | ---- | M] () -- C:\Users\Shannon\defogger_reenable
[2011/12/07 09:33:37 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/06 12:19:39 | 000,000,666 | ---- | M] () -- C:\Users\Shannon\Desktop\Search The Knowledge Base.website
[2011/12/06 12:13:41 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/12/06 12:12:36 | 000,000,442 | ---- | M] () -- C:\Users\Shannon\Desktop\Manually Update Essentials.website
[2011/12/06 10:14:43 | 000,082,944 | ---- | M] () -- C:\Users\Shannon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 20:05:22 | 000,000,459 | ---- | M] () -- C:\Users\Shannon\Desktop\How do I install or uninstall Internet Explorer 9.website
[2011/12/05 20:02:18 | 000,000,597 | ---- | M] () -- C:\Users\Shannon\Desktop\80096001 - Microsoft Answers.website
[2011/12/05 15:01:29 | 000,001,097 | ---- | M] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/05 09:57:14 | 000,000,459 | ---- | M] () -- C:\Users\Shannon\Desktop\Download Update for Windows 7 (KB2533552) - Microsoft Download Center - Download Details.website
[2011/12/05 09:54:33 | 000,000,609 | ---- | M] () -- C:\Users\Shannon\Desktop\windows 7 check for updates 80096001 - Google Search.website
[2011/12/04 10:23:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/04 10:23:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/04 10:23:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/04 10:23:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/02 10:01:17 | 000,664,567 | ---- | M] () -- C:\Users\Shannon\Documents\111202bookmark.htm
[2011/12/02 09:06:52 | 000,004,820 | ---- | M] () -- C:\c2cpersonal.dat
[2011/12/01 13:31:23 | 000,000,366 | ---- | M] () -- C:\Users\Shannon\Desktop\How can i disinfect my pc from cloudav 2012 virus - TechSpot OpenBoards.website
[2011/12/01 12:51:20 | 000,943,282 | ---- | M] () -- C:\Users\Shannon\Desktop\LinkedInStudyGuide.pdf
[2011/12/01 09:28:49 | 000,000,418 | ---- | M] () -- C:\Users\Shannon\Desktop\YellowBridge Chinese Flashcards for Chinese Textbooks.website
[2011/11/30 10:32:59 | 000,009,327 | ---- | M] () -- C:\Users\Shannon\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011/11/28 07:35:54 | 000,012,062 | -HS- | M] () -- C:\ProgramData\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
[2011/11/28 07:35:53 | 000,012,062 | -HS- | M] () -- C:\Users\Shannon\AppData\Local\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
[2011/11/21 07:44:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/11 19:39:06 | 000,000,512 | ---- | C] () -- C:\Users\Shannon\Desktop\MBR.dat
[2011/12/10 22:37:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/10 22:37:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/10 22:37:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/10 22:37:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/10 22:37:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/10 22:36:54 | 000,000,524 | ---- | C] () -- C:\Users\Shannon\Desktop\Unknown Highjack.website
[2011/12/08 12:50:31 | 000,000,000 | ---- | C] () -- C:\Users\Shannon\defogger_reenable
[2011/12/06 12:12:36 | 000,000,442 | ---- | C] () -- C:\Users\Shannon\Desktop\Manually Update Essentials.website
[2011/12/06 11:56:57 | 000,000,666 | ---- | C] () -- C:\Users\Shannon\Desktop\Search The Knowledge Base.website
[2011/12/05 20:05:22 | 000,000,459 | ---- | C] () -- C:\Users\Shannon\Desktop\How do I install or uninstall Internet Explorer 9.website
[2011/12/05 15:01:29 | 000,001,097 | ---- | C] () -- C:\Users\Shannon\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/05 09:57:24 | 000,000,597 | ---- | C] () -- C:\Users\Shannon\Desktop\80096001 - Microsoft Answers.website
[2011/12/05 09:57:14 | 000,000,459 | ---- | C] () -- C:\Users\Shannon\Desktop\Download Update for Windows 7 (KB2533552) - Microsoft Download Center - Download Details.website
[2011/12/05 06:12:00 | 000,000,609 | ---- | C] () -- C:\Users\Shannon\Desktop\windows 7 check for updates 80096001 - Google Search.website
[2011/12/02 10:01:10 | 000,664,567 | ---- | C] () -- C:\Users\Shannon\Documents\111202bookmark.htm
[2011/12/02 09:06:52 | 000,004,820 | ---- | C] () -- C:\c2cpersonal.dat
[2011/12/01 13:31:23 | 000,000,366 | ---- | C] () -- C:\Users\Shannon\Desktop\How can i disinfect my pc from cloudav 2012 virus - TechSpot OpenBoards.website
[2011/12/01 12:51:20 | 000,943,282 | ---- | C] () -- C:\Users\Shannon\Desktop\LinkedInStudyGuide.pdf
[2011/12/01 09:28:49 | 000,000,418 | ---- | C] () -- C:\Users\Shannon\Desktop\YellowBridge Chinese Flashcards for Chinese Textbooks.website
[2011/11/27 21:58:17 | 000,012,062 | -HS- | C] () -- C:\Users\Shannon\AppData\Local\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
[2011/11/27 21:58:17 | 000,012,062 | -HS- | C] () -- C:\ProgramData\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
[2011/11/27 11:30:30 | 000,009,327 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011/10/26 11:22:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011/10/26 11:22:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011/10/26 11:22:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011/05/05 14:05:39 | 000,348,160 | ---- | C] () -- C:\Users\Shannon\AppData\Local\filesync.metadata
[2011/02/16 12:51:33 | 000,027,233 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\Personal Address Book.ADR
[2010/09/14 11:57:57 | 000,082,944 | ---- | C] () -- C:\Users\Shannon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 10:24:51 | 000,000,469 | ---- | C] () -- C:\Windows\System32\gmsblist.dll
[2010/02/27 23:42:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/27 23:14:08 | 000,021,412 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/01/24 22:38:42 | 000,042,280 | ---- | C] () -- C:\Windows\System32\wacomwucoinst3.dll
[2009/12/06 16:20:10 | 000,038,482 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\Microsoft Excel.ADR
[2009/12/06 00:38:15 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/06 00:38:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 18:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:33:53 | 000,376,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 16:05:48 | 000,668,044 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 16:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 16:05:48 | 000,124,540 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 16:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 16:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 16:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 13:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 13:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 11:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/30 11:28:28 | 000,262,144 | ---- | C] () -- C:\Windows\FileList.exe
[2009/02/02 23:31:48 | 000,294,912 | ---- | C] () -- C:\Windows\AppStreamRes1033.dll
[2009/01/07 09:28:25 | 000,004,576 | ---- | C] () -- C:\Windows\pixcache.ini
[2008/12/30 10:59:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/12/27 22:19:49 | 000,005,816 | ---- | C] () -- C:\Windows\System32\casigmgr32s.dll
[2008/12/25 09:57:34 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2008/12/23 16:21:23 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/21 12:13:22 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/12/16 19:14:06 | 000,001,338 | ---- | C] () -- C:\Windows\ntbackup.ini
[2008/12/16 18:53:15 | 000,007,887 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\pcouffin.cat
[2008/12/16 18:53:15 | 000,001,144 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\pcouffin.inf
[2008/12/14 12:17:28 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2008/12/14 12:03:15 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pxhpinst.exe
[2008/12/12 22:18:00 | 000,022,350 | R--- | C] () -- C:\Windows\System32\kschimp.ini
[2008/12/10 07:06:23 | 000,027,525 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\nvModes.001
[2008/12/09 21:14:00 | 000,027,525 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\nvModes.dat
[2008/12/09 19:35:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/02 09:34:49 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/12/02 09:34:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/12/02 01:46:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/03 13:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2002/10/15 12:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Shannon\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 12 December 2011 - 07:32 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 143 bytes -> C:\Users\Shannon\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty  
    [2011/11/28 07:35:54 | 000,012,062 | -HS- | M] () -- C:\ProgramData\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
    [2011/11/28 07:35:53 | 000,012,062 | -HS- | M] () -- C:\Users\Shannon\AppData\Local\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 icashootnstar

icashootnstar
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 13 December 2011 - 12:34 AM

Hi,
Sorry for the late reply. It appears that there was a problem with the BleepingComputer site.

The update issues for both Windows and Essentials remain and I continue to get the “This computer is not running genuine Windows” message. IE is still hanging. Search still does not produce. But I have not gotten any Outlook messages or runtime errors lately.

It was necessary to run your last set of instructions a second time because I lost the log contents when I copied the contents and wasn't able to get on the site. (I didn't know that the file wouldn't save itself.) Here is the log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\Users\Shannon\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty deleted successfully.
File C:\ProgramData\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620 not found.
File C:\Users\Shannon\AppData\Local\72bs46l7510qqd65su81o88bl5bo5ucy5anfmc57ymk620 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shannon\Desktop\cmd.bat deleted successfully.
C:\Users\Shannon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shannon
->Temp folder emptied: 81407 bytes
->Temporary Internet Files folder emptied: 13329856 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3164114 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Shannon
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Shannon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12122011_185719

Files\Folders moved on Reboot...
C:\Users\Shannon\AppData\Local\Temp\VGXFE0C.tmp moved successfully.
File\Folder C:\Users\Shannon\AppData\Local\Temp\~DF238DCB726E270F37.TMP not found!
File\Folder C:\Users\Shannon\AppData\Local\Temp\~DF23A5F846C5E5BE45.TMP not found!
File\Folder C:\Users\Shannon\AppData\Local\Temp\~DF5EE0FB8B2D998560.TMP not found!
File\Folder C:\Users\Shannon\AppData\Local\Temp\~DF8926625B7FBAAFAD.TMP not found!
File\Folder C:\Users\Shannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4SN1US2Q\page__pid__2504852[1].htm not found!
C:\Users\Shannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Shannon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...



Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users