Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore Virus -- I think


  • This topic is locked This topic is locked
7 replies to this topic

#1 DosEquis153

DosEquis153

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 13 December 2011 - 01:32 AM

I was removing my AVG full version for MSE and whilst the installation I was connected to our home wireless network browsing. Suddenly received multiple errors concerning my System32/<random numbers> (Could of been the actual virus pop ups I'm not sure) systematically my desktop icons began to disappear followed by all the content in my start menu and C:\ drive. The size of the partition is still all there but just hidden I am assuming. After sleeping on it, I went in under Safe Mode w/ Networking and was able to access my MSE user interface by right clicking the C:\ and scanning (Everything else still hidden)... I was blocked from Updating MSE but using the <Help> from the blocked message, I was able to access the internet browser and locate MByte Anti-Malware from this site. I was able to run a scan and removed a few malware programs... here is the log

___________________________________________________________________________________________________
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org


Database version: 8363

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

12/12/2011 9:35:34 PM
mbam-log-2011-12-12 (21-35-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 338193
Time elapsed: 41 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YPfdbKQmYWnOqAL.exe (Trojan.Agent) -> Value: YPfdbKQmYWnOqAL.exe -> No action taken.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\ypfdbkqmywnoqal.exe (Trojan.Agent) -> No action taken.
c:\programdata\y5pl7yabwiuamj.exe (Trojan.Agent) -> No action taken.

___________________________________________________________________________________________________________________________

Action was taken and they were removed. It's the small victories right? I was then able to update MSE and run a full scan. I failed to Save As the log unless it is auto-saved to somewhere of general knowledge that I can pull it up from.

The following is my DDS.txt log

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 23:58:12 on 2011-12-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1311 [GMT -6:00]
.
AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\VisionTek\XG6 3D Mouse\S3dmcplsti.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [S3DMCPLSTI] "%ProgramFiles%\VisionTek\XG6 3D Mouse\S3dmcplsti.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBRADYAMgAtADgAOQAyADIAUgAtAEYARABYAE8ANAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANwA3ADAANAA5ADcAOQA5ADUALQBQAEwAKwA5AC0AVQA5ADAAKwAxAC0AWABPADMANgArADEALQBEADMAOAAxAEwAKwA1AC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADQAMQAyADIALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=2"&"ver=9.0.894
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8FA9A0FF-782D-4142-93F8-9EBB407D3542} : DhcpNameServer = 192.168.1.1
STS: {D573AB53-B97F-427A-BDED-1F0ACE51996D} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2009-10-1 21728]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslf72077ac;MpKslf72077ac;c:\programdata\microsoft\microsoft antimalware\definition updates\{11205b06-c0d6-4cd0-ae74-1831616e5fc1}\MpKslf72077ac.sys [2011-12-12 29904]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-10-1 25896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 366152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-1 1153368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2011-9-14 28672]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-12-13 03:37:30 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11205b06-c0d6-4cd0-ae74-1831616e5fc1}\MpKslf72077ac.sys
2011-12-13 03:37:27 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11205b06-c0d6-4cd0-ae74-1831616e5fc1}\offreg.dll
2011-12-13 02:47:27 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes
2011-12-13 02:47:23 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 02:47:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 02:47:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-13 02:30:44 6823496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11205b06-c0d6-4cd0-ae74-1831616e5fc1}\mpengine.dll
2011-12-10 22:24:59 6823496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-09 02:34:32 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{efd89fb0-d827-494f-a994-cdb1626b4c22}\gapaengine.dll
2011-12-09 02:22:19 -------- d--h--w- c:\program files\Microsoft Security Client
2011-12-09 02:21:51 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-05 04:01:39 677136 ---ha-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-12-03 02:25:32 -------- d--h--w- c:\programdata\CanonIJFAX
.
==================== Find3M ====================
.
2011-12-03 20:13:20 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-28 08:00:00 74752 ---ha-w- c:\windows\system32\ff_vfw.dll
2011-10-24 19:29:02 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ---ha-w- c:\windows\system32\QuickTime.qts
2011-10-03 11:06:03 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-09-20 21:02:55 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 13:44:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2007-01-06 12:09:26 208896 ---ha-w- c:\program files\common files\VistaRunApp.exe
.
============= FINISH: 23:58:53.92 ===============

I'll be attaching just the Attach.txt for tonight as my GMER is still running and I need to get to bed so work sucks to a lesser degree but I'll check in the morning and either double post underneath with the attached GMER or edit the post and attach if that is possible. Thanks in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 PM

Posted 13 December 2011 - 02:41 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Action was taken and they were removed. It's the small victories right? I was then able to update MSE and run a full scan. I failed to Save As the log unless it is auto-saved to somewhere of general knowledge that I can pull it up from.

For right now lets not worry about the MSE log file.

But I would like to see the GMER log file when you get a chance to post it / it's finished running.

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 DosEquis153

DosEquis153
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 13 December 2011 - 11:06 AM

Thanks for the fast response Agent ST!

I'm at work currently but I did get a chance to email my GMER to myself so I could post it. It's attached now. I wont be home until late but I'll download and run the programs you've provided tonight.

Attached Files

  • Attached File  atk.txt   481.86KB   2 downloads


#4 DosEquis153

DosEquis153
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 14 December 2011 - 12:34 AM

TDDS Killer Report

________________________________________________________________________________________________________________

23:19:04.0119 2908 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
23:19:04.0557 2908 ============================================================
23:19:04.0557 2908 Current date / time: 2011/12/13 23:19:04.0557
23:19:04.0557 2908 SystemInfo:
23:19:04.0557 2908
23:19:04.0557 2908 OS Version: 6.0.6002 ServicePack: 2.0
23:19:04.0557 2908 Product type: Workstation
23:19:04.0557 2908 ComputerName: DONOVAN-PC
23:19:04.0557 2908 UserName: Administrator
23:19:04.0557 2908 Windows directory: C:\Windows
23:19:04.0557 2908 System windows directory: C:\Windows
23:19:04.0557 2908 Processor architecture: Intel x86
23:19:04.0557 2908 Number of processors: 2
23:19:04.0557 2908 Page size: 0x1000
23:19:04.0557 2908 Boot type: Normal boot
23:19:04.0557 2908 ============================================================
23:19:05.0557 2908 Initialize success
23:19:06.0692 3728 ============================================================
23:19:06.0692 3728 Scan started
23:19:06.0692 3728 Mode: Manual;
23:19:06.0692 3728 ============================================================
23:19:07.0647 3728 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:19:07.0665 3728 ACPI - ok
23:19:07.0730 3728 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:19:07.0736 3728 adp94xx - ok
23:19:07.0769 3728 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:19:07.0773 3728 adpahci - ok
23:19:07.0793 3728 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:19:07.0795 3728 adpu160m - ok
23:19:07.0811 3728 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:19:07.0814 3728 adpu320 - ok
23:19:07.0905 3728 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:19:07.0926 3728 AFD - ok
23:19:07.0937 3728 Scan interrupted by user!
23:19:07.0937 3728 Scan interrupted by user!
23:19:07.0937 3728 Scan interrupted by user!
23:19:07.0937 3728 ============================================================
23:19:07.0937 3728 Scan finished
23:19:07.0937 3728 ============================================================
23:19:07.0944 2308 Detected object count: 0
23:19:07.0944 2308 Actual detected object count: 0
23:19:16.0388 1424 ============================================================
23:19:16.0388 1424 Scan started
23:19:16.0388 1424 Mode: Manual; SigCheck; TDLFS;
23:19:16.0388 1424 ============================================================
23:19:16.0841 1424 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:19:16.0982 1424 ACPI - ok
23:19:17.0013 1424 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:19:17.0060 1424 adp94xx - ok
23:19:17.0107 1424 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:19:17.0123 1424 adpahci - ok
23:19:17.0138 1424 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:19:17.0169 1424 adpu160m - ok
23:19:17.0248 1424 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:19:17.0279 1424 adpu320 - ok
23:19:17.0326 1424 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:19:17.0419 1424 AFD - ok
23:19:17.0451 1424 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:19:17.0498 1424 agp440 - ok
23:19:17.0576 1424 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:19:17.0607 1424 aic78xx - ok
23:19:17.0623 1424 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:19:17.0654 1424 aliide - ok
23:19:17.0685 1424 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:19:17.0701 1424 amdagp - ok
23:19:17.0716 1424 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:19:17.0732 1424 amdide - ok
23:19:17.0779 1424 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:19:17.0888 1424 AmdK7 - ok
23:19:17.0951 1424 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:19:18.0013 1424 AmdK8 - ok
23:19:18.0044 1424 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:19:18.0076 1424 arc - ok
23:19:18.0091 1424 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:19:18.0107 1424 arcsas - ok
23:19:18.0248 1424 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:18.0326 1424 AsyncMac - ok
23:19:18.0357 1424 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:19:18.0373 1424 atapi - ok
23:19:18.0404 1424 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:19:18.0482 1424 Beep - ok
23:19:18.0544 1424 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:19:18.0607 1424 blbdrive - ok
23:19:18.0685 1424 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:19:18.0716 1424 bowser - ok
23:19:18.0748 1424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:19:18.0888 1424 BrFiltLo - ok
23:19:18.0934 1424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:19:19.0005 1424 BrFiltUp - ok
23:19:19.0044 1424 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:19:19.0294 1424 Brserid - ok
23:19:19.0476 1424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:19:19.0636 1424 BrSerWdm - ok
23:19:19.0674 1424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:19:19.0750 1424 BrUsbMdm - ok
23:19:19.0840 1424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:19:19.0936 1424 BrUsbSer - ok
23:19:19.0999 1424 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:19:20.0061 1424 BTHMODEM - ok
23:19:20.0092 1424 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:19:20.0170 1424 cdfs - ok
23:19:20.0249 1424 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:19:20.0342 1424 cdrom - ok
23:19:20.0420 1424 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:19:20.0499 1424 circlass - ok
23:19:20.0545 1424 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:19:20.0608 1424 CLFS - ok
23:19:20.0655 1424 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:19:20.0670 1424 cmdide - ok
23:19:20.0686 1424 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
23:19:20.0702 1424 Compbatt - ok
23:19:20.0717 1424 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:19:20.0749 1424 crcdisk - ok
23:19:20.0889 1424 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:19:20.0967 1424 Crusoe - ok
23:19:21.0014 1424 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:19:21.0061 1424 DfsC - ok
23:19:21.0139 1424 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:19:21.0202 1424 disk - ok
23:19:21.0295 1424 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:19:21.0327 1424 drmkaud - ok
23:19:21.0530 1424 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:19:21.0561 1424 DXGKrnl - ok
23:19:21.0670 1424 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:19:21.0780 1424 E1G60 - ok
23:19:21.0842 1424 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:19:21.0905 1424 Ecache - ok
23:19:21.0952 1424 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:19:21.0967 1424 elxstor - ok
23:19:22.0608 1424 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:19:22.0702 1424 ErrDev - ok
23:19:23.0092 1424 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:19:23.0217 1424 exfat - ok
23:19:23.0780 1424 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:19:23.0888 1424 fastfat - ok
23:19:24.0673 1424 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:19:24.0798 1424 fdc - ok
23:19:25.0480 1424 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:19:25.0574 1424 FileInfo - ok
23:19:25.0636 1424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:19:25.0730 1424 Filetrace - ok
23:19:25.0792 1424 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:19:25.0917 1424 flpydisk - ok
23:19:26.0074 1424 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:19:26.0292 1424 FltMgr - ok
23:19:26.0636 1424 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:19:26.0746 1424 Fs_Rec - ok
23:19:26.0777 1424 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:19:26.0808 1424 gagp30kx - ok
23:19:26.0808 1424 GMSIPCI - ok
23:19:26.0933 1424 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
23:19:27.0027 1424 hamachi - ok
23:19:27.0089 1424 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:19:27.0308 1424 HdAudAddService - ok
23:19:27.0585 1424 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:19:27.0699 1424 HDAudBus - ok
23:19:27.0920 1424 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:19:28.0013 1424 HidBth - ok
23:19:28.0090 1424 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:19:28.0177 1424 HidIr - ok
23:19:28.0263 1424 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:19:28.0296 1424 HidUsb - ok
23:19:28.0398 1424 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:19:28.0429 1424 HpCISSs - ok
23:19:28.0476 1424 HTCAND32 - ok
23:19:28.0507 1424 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:19:28.0661 1424 HTTP - ok
23:19:28.0782 1424 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:19:28.0795 1424 i2omp - ok
23:19:28.0873 1424 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:28.0910 1424 i8042prt - ok
23:19:28.0942 1424 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:19:29.0017 1424 iaStorV - ok
23:19:29.0178 1424 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:19:29.0193 1424 iirsp - ok
23:19:29.0338 1424 IntcAzAudAddService (f6548a004e94996877d43b33ffcf20e3) C:\Windows\system32\drivers\RTKVHDA.sys
23:19:29.0415 1424 IntcAzAudAddService - ok
23:19:29.0526 1424 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:19:29.0557 1424 intelide - ok
23:19:29.0635 1424 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:19:29.0670 1424 intelppm - ok
23:19:29.0728 1424 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:29.0775 1424 IpFilterDriver - ok
23:19:29.0782 1424 IpInIp - ok
23:19:29.0979 1424 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:19:30.0037 1424 IPMIDRV - ok
23:19:30.0144 1424 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:19:30.0195 1424 IPNAT - ok
23:19:30.0248 1424 iPodDrv - ok
23:19:30.0275 1424 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:19:30.0303 1424 IRENUM - ok
23:19:30.0457 1424 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:19:30.0508 1424 isapnp - ok
23:19:30.0584 1424 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:19:30.0637 1424 iScsiPrt - ok
23:19:30.0759 1424 ISODrive (4871d582ac62422594b46f79a8243029) C:\Program Files\UltraISO\drivers\ISODrive.sys
23:19:30.0854 1424 ISODrive ( UnsignedFile.Multi.Generic ) - warning
23:19:30.0854 1424 ISODrive - detected UnsignedFile.Multi.Generic (1)
23:19:31.0067 1424 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:19:31.0085 1424 iteatapi - ok
23:19:31.0140 1424 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:19:31.0245 1424 iteraid - ok
23:19:31.0365 1424 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:31.0385 1424 kbdclass - ok
23:19:31.0415 1424 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:19:31.0531 1424 kbdhid - ok
23:19:31.0607 1424 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:19:31.0692 1424 KSecDD - ok
23:19:31.0857 1424 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\Windows\system32\DRIVERS\libusb0.sys
23:19:32.0018 1424 libusb0 - ok
23:19:32.0149 1424 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:19:32.0282 1424 lltdio - ok
23:19:32.0413 1424 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:19:32.0432 1424 LSI_FC - ok
23:19:32.0491 1424 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:19:32.0549 1424 LSI_SAS - ok
23:19:32.0654 1424 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:19:32.0680 1424 LSI_SCSI - ok
23:19:32.0720 1424 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:19:32.0776 1424 luafv - ok
23:19:32.0864 1424 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
23:19:32.0909 1424 MBAMProtector - ok
23:19:32.0941 1424 MBAMSwissArmy - ok
23:19:33.0034 1424 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:19:33.0073 1424 megasas - ok
23:19:33.0123 1424 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:19:33.0155 1424 MegaSR - ok
23:19:33.0179 1424 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:19:33.0224 1424 Modem - ok
23:19:33.0288 1424 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:19:33.0322 1424 monitor - ok
23:19:33.0357 1424 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:19:33.0381 1424 mouclass - ok
23:19:33.0446 1424 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:19:33.0495 1424 mouhid - ok
23:19:33.0523 1424 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:19:33.0544 1424 MountMgr - ok
23:19:33.0612 1424 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:19:33.0671 1424 MpFilter - ok
23:19:33.0770 1424 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:19:33.0790 1424 mpio - ok
23:19:33.0945 1424 MpKsl1f77be13 - ok
23:19:33.0961 1424 MpKsl6e62d16a - ok
23:19:34.0040 1424 MpKsl7cc1b855 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11205B06-C0D6-4CD0-AE74-1831616E5FC1}\MpKsl7cc1b855.sys
23:19:34.0064 1424 MpKsl7cc1b855 - ok
23:19:34.0099 1424 MpKsl8085b032 - ok
23:19:34.0202 1424 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:19:34.0233 1424 MpNWMon - ok
23:19:34.0265 1424 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:19:34.0343 1424 mpsdrv - ok
23:19:34.0358 1424 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:19:34.0374 1424 Mraid35x - ok
23:19:34.0421 1424 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:19:34.0515 1424 MRxDAV - ok
23:19:34.0640 1424 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:34.0718 1424 mrxsmb - ok
23:19:34.0780 1424 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:34.0858 1424 mrxsmb10 - ok
23:19:34.0952 1424 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:34.0999 1424 mrxsmb20 - ok
23:19:35.0046 1424 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:19:35.0077 1424 msahci - ok
23:19:35.0108 1424 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:19:35.0140 1424 msdsm - ok
23:19:35.0186 1424 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:19:35.0249 1424 Msfs - ok
23:19:35.0327 1424 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:19:35.0343 1424 msisadrv - ok
23:19:35.0405 1424 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:19:35.0483 1424 MSKSSRV - ok
23:19:35.0515 1424 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:35.0546 1424 MSPCLOCK - ok
23:19:35.0577 1424 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:19:35.0593 1424 MSPQM - ok
23:19:35.0640 1424 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:19:35.0702 1424 MsRPC - ok
23:19:35.0827 1424 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:19:35.0843 1424 mssmbios - ok
23:19:35.0874 1424 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:19:35.0921 1424 MSTEE - ok
23:19:35.0952 1424 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:19:35.0968 1424 Mup - ok
23:19:36.0077 1424 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:19:36.0124 1424 NativeWifiP - ok
23:19:36.0327 1424 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:19:36.0390 1424 NDIS - ok
23:19:36.0483 1424 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:36.0546 1424 NdisTapi - ok
23:19:36.0577 1424 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:36.0593 1424 Ndisuio - ok
23:19:36.0671 1424 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:36.0718 1424 NdisWan - ok
23:19:36.0921 1424 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:19:36.0999 1424 NDProxy - ok
23:19:37.0077 1424 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:19:37.0124 1424 NetBIOS - ok
23:19:37.0171 1424 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:19:37.0233 1424 netbt - ok
23:19:37.0452 1424 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:19:37.0468 1424 nfrd960 - ok
23:19:37.0718 1424 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:19:37.0765 1424 NisDrv - ok
23:19:37.0811 1424 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:19:37.0952 1424 Npfs - ok
23:19:37.0983 1424 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:19:38.0046 1424 nsiproxy - ok
23:19:38.0046 1424 NTACCESS - ok
23:19:38.0202 1424 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:19:38.0343 1424 Ntfs - ok
23:19:38.0483 1424 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:19:38.0546 1424 ntrigdigi - ok
23:19:38.0561 1424 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:19:38.0608 1424 Null - ok
23:19:38.0671 1424 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
23:19:38.0827 1424 NVENETFD - ok
23:19:39.0171 1424 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:19:40.0233 1424 nvlddmkm - ok
23:19:40.0374 1424 NVNET (d02b697f105de7f7e3e0b115d8bfb8f3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:19:40.0436 1424 NVNET - ok
23:19:40.0546 1424 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:19:40.0577 1424 nvraid - ok
23:19:40.0718 1424 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:19:40.0733 1424 nvstor - ok
23:19:40.0811 1424 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
23:19:40.0858 1424 nvstor32 - ok
23:19:41.0046 1424 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:19:41.0108 1424 nv_agp - ok
23:19:41.0202 1424 NwlnkFlt - ok
23:19:41.0233 1424 NwlnkFwd - ok
23:19:41.0296 1424 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:19:41.0374 1424 ohci1394 - ok
23:19:41.0421 1424 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:19:41.0483 1424 Parport - ok
23:19:41.0577 1424 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:19:41.0608 1424 partmgr - ok
23:19:41.0686 1424 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:19:41.0733 1424 Parvdm - ok
23:19:41.0843 1424 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:19:41.0858 1424 pci - ok
23:19:41.0890 1424 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:19:41.0921 1424 pciide - ok
23:19:42.0077 1424 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:19:42.0171 1424 pcmcia - ok
23:19:42.0483 1424 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:19:42.0561 1424 PEAUTH - ok
23:19:42.0655 1424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:19:42.0702 1424 PptpMiniport - ok
23:19:42.0749 1424 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:19:42.0811 1424 Processor - ok
23:19:42.0874 1424 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:19:42.0921 1424 PSched - ok
23:19:43.0077 1424 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:19:43.0233 1424 ql2300 - ok
23:19:43.0390 1424 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:19:43.0436 1424 ql40xx - ok
23:19:43.0468 1424 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:19:43.0530 1424 QWAVEdrv - ok
23:19:43.0530 1424 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:19:43.0593 1424 RasAcd - ok
23:19:43.0640 1424 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:43.0686 1424 Rasl2tp - ok
23:19:43.0827 1424 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:43.0890 1424 RasPppoe - ok
23:19:43.0936 1424 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:19:43.0983 1424 RasSstp - ok
23:19:44.0061 1424 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:19:44.0155 1424 rdbss - ok
23:19:44.0280 1424 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:44.0311 1424 RDPCDD - ok
23:19:44.0390 1424 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:19:44.0436 1424 rdpdr - ok
23:19:44.0436 1424 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:19:44.0499 1424 RDPENCDD - ok
23:19:44.0546 1424 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:19:44.0593 1424 RDPWD - ok
23:19:44.0671 1424 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
23:19:44.0749 1424 RimUsb - ok
23:19:44.0827 1424 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:19:44.0858 1424 rspndr - ok
23:19:44.0936 1424 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:19:45.0030 1424 RTL8023xp - ok
23:19:45.0108 1424 RTL8187 (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
23:19:45.0218 1424 RTL8187 - ok
23:19:45.0311 1424 RTL85n86 (ef4e51bf08b4d772c1caafcf48628679) C:\Windows\system32\DRIVERS\RTL85n86.sys
23:19:45.0358 1424 RTL85n86 - ok
23:19:45.0436 1424 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
23:19:45.0452 1424 RtlProt - ok
23:19:45.0499 1424 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:19:45.0546 1424 sbp2port - ok
23:19:45.0608 1424 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
23:19:45.0640 1424 SCMNdisP - ok
23:19:45.0733 1424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:19:45.0811 1424 secdrv - ok
23:19:45.0952 1424 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
23:19:45.0983 1424 Serenum - ok
23:19:46.0046 1424 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
23:19:46.0155 1424 Serial - ok
23:19:46.0249 1424 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:19:46.0280 1424 sermouse - ok
23:19:46.0296 1424 SetupNTGLM7X - ok
23:19:46.0436 1424 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:19:46.0577 1424 sffdisk - ok
23:19:46.0608 1424 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:19:46.0671 1424 sffp_mmc - ok
23:19:46.0765 1424 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:19:46.0858 1424 sffp_sd - ok
23:19:47.0155 1424 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:19:47.0280 1424 sfloppy - ok
23:19:47.0358 1424 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:19:47.0374 1424 sisagp - ok
23:19:47.0421 1424 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:19:47.0436 1424 SiSRaid2 - ok
23:19:47.0499 1424 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:19:47.0515 1424 SiSRaid4 - ok
23:19:47.0655 1424 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:19:47.0718 1424 Smb - ok
23:19:48.0061 1424 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:19:48.0093 1424 spldr - ok
23:19:48.0155 1424 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
23:19:48.0155 1424 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
23:19:48.0155 1424 sptd ( LockedFile.Multi.Generic ) - warning
23:19:48.0155 1424 sptd - detected LockedFile.Multi.Generic (1)
23:19:48.0280 1424 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:19:48.0327 1424 srv - ok
23:19:48.0421 1424 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:19:48.0483 1424 srv2 - ok
23:19:48.0640 1424 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:48.0686 1424 srvnet - ok
23:19:48.0811 1424 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:19:48.0843 1424 swenum - ok
23:19:48.0874 1424 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:19:48.0905 1424 Symc8xx - ok
23:19:48.0952 1424 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:19:48.0983 1424 Sym_hi - ok
23:19:49.0015 1424 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:19:49.0046 1424 Sym_u3 - ok
23:19:49.0265 1424 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
23:19:49.0358 1424 Tcpip - ok
23:19:49.0499 1424 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:49.0546 1424 Tcpip6 - ok
23:19:49.0593 1424 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
23:19:49.0655 1424 tcpipreg - ok
23:19:49.0811 1424 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:19:49.0843 1424 TDPIPE - ok
23:19:49.0890 1424 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:19:49.0921 1424 TDTCP - ok
23:19:50.0015 1424 tdx (1f07ca2ef89e72705ede7a310647ce44) C:\Windows\system32\DRIVERS\tdx.sys
23:19:50.0030 1424 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 1f07ca2ef89e72705ede7a310647ce44, Fake md5: f2aba484838dae323d07ad3fe7adc98c
23:19:50.0030 1424 tdx ( ForgedFile.Multi.Generic ) - warning
23:19:50.0030 1424 tdx - detected ForgedFile.Multi.Generic (1)
23:19:50.0108 1424 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:19:50.0140 1424 TermDD - ok
23:19:50.0202 1424 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:50.0233 1424 tssecsrv - ok
23:19:50.0343 1424 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:19:50.0390 1424 tunmp - ok
23:19:50.0436 1424 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:50.0561 1424 tunnel - ok
23:19:50.0593 1424 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:19:50.0608 1424 uagp35 - ok
23:19:50.0671 1424 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:19:50.0702 1424 udfs - ok
23:19:50.0858 1424 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:19:50.0874 1424 uliagpkx - ok
23:19:50.0921 1424 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:19:50.0952 1424 uliahci - ok
23:19:50.0999 1424 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:19:51.0030 1424 UlSata - ok
23:19:51.0077 1424 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:19:51.0124 1424 ulsata2 - ok
23:19:51.0249 1424 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:19:51.0280 1424 umbus - ok
23:19:51.0343 1424 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
23:19:51.0390 1424 UMPass - ok
23:19:51.0452 1424 USBAAPL - ok
23:19:51.0483 1424 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:51.0577 1424 usbccgp - ok
23:19:51.0686 1424 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:19:51.0780 1424 usbcir - ok
23:19:51.0843 1424 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:51.0874 1424 usbehci - ok
23:19:51.0983 1424 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:52.0061 1424 usbhub - ok
23:19:52.0108 1424 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:19:52.0155 1424 usbohci - ok
23:19:52.0186 1424 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
23:19:52.0249 1424 usbprint - ok
23:19:52.0296 1424 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:52.0327 1424 USBSTOR - ok
23:19:52.0499 1424 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:19:52.0577 1424 usbuhci - ok
23:19:52.0765 1424 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:52.0796 1424 vga - ok
23:19:52.0921 1424 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:19:52.0968 1424 VgaSave - ok
23:19:53.0015 1424 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:19:53.0030 1424 viaagp - ok
23:19:53.0140 1424 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:19:53.0218 1424 ViaC7 - ok
23:19:53.0358 1424 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:19:53.0374 1424 viaide - ok
23:19:53.0405 1424 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:19:53.0436 1424 volmgr - ok
23:19:53.0483 1424 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:19:53.0515 1424 volmgrx - ok
23:19:53.0655 1424 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:19:53.0671 1424 volsnap - ok
23:19:53.0765 1424 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:19:53.0780 1424 vsmraid - ok
23:19:53.0858 1424 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:19:53.0921 1424 WacomPen - ok
23:19:53.0999 1424 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:54.0030 1424 Wanarp - ok
23:19:54.0046 1424 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:54.0093 1424 Wanarpv6 - ok
23:19:54.0327 1424 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:19:54.0343 1424 Wd - ok
23:19:54.0390 1424 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:19:54.0452 1424 Wdf01000 - ok
23:19:54.0515 1424 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
23:19:54.0577 1424 WmiAcpi - ok
23:19:54.0718 1424 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:19:54.0765 1424 WpdUsb - ok
23:19:54.0936 1424 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:54.0983 1424 ws2ifsl - ok
23:19:55.0186 1424 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:19:55.0218 1424 WSDPrintDevice - ok
23:19:55.0296 1424 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
23:19:55.0327 1424 WSDScan - ok
23:19:55.0421 1424 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:55.0515 1424 WUDFRd - ok
23:19:55.0546 1424 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:19:57.0155 1424 \Device\Harddisk0\DR0 - ok
23:19:57.0155 1424 Boot (0x1200) (99b46214fd7787883299b28a3f284344) \Device\Harddisk0\DR0\Partition0
23:19:57.0155 1424 \Device\Harddisk0\DR0\Partition0 - ok
23:19:57.0155 1424 ============================================================
23:19:57.0155 1424 Scan finished
23:19:57.0155 1424 ============================================================
23:19:57.0155 2960 Detected object count: 3
23:19:57.0155 2960 Actual detected object count: 3
23:20:05.0593 2960 ISODrive ( UnsignedFile.Multi.Generic ) - skipped by user
23:20:05.0593 2960 ISODrive ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:20:05.0593 2960 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:20:05.0593 2960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:20:05.0593 2960 tdx ( ForgedFile.Multi.Generic ) - skipped by user
23:20:05.0593 2960 tdx ( ForgedFile.Multi.Generic ) - User select action: Skip
23:20:13.0874 3364 Deinitialize success
________________________________________________________________________________________________________________

OTL Report

OTL logfile created on: 12/13/2011 11:22:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 66.95% Memory free
6.22 Gb Paging File | 5.22 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 216.06 Gb Free Space | 46.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DONOVAN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 23:19:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/11/14 23:39:56 | 001,036,344 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/07 21:44:48 | 000,841,832 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 20:54:52 | 000,378,472 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/04 21:31:48 | 004,710,400 | -H-- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/24 08:41:02 | 000,946,176 | -H-- | M] () -- C:\Program Files\VisionTek\XG6 3D Mouse\S3dmcplsti.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/14 23:39:54 | 000,420,920 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 23:39:53 | 003,702,840 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 23:38:16 | 000,122,952 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 23:38:15 | 000,222,280 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 23:38:14 | 001,746,504 | -H-- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/11/24 08:41:02 | 000,946,176 | -H-- | M] () -- C:\Program Files\VisionTek\XG6 3D Mouse\S3dmcplsti.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/07 13:08:02 | 001,045,256 | -H-- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/07 20:54:52 | 000,378,472 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/13 23:13:39 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11205B06-C0D6-4CD0-AE74-1831616E5FC1}\MpKsl7cc1b855.sys -- (MpKsl7cc1b855)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 15:25:24 | 000,065,024 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/07 23:14:00 | 010,690,024 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/23 01:17:06 | 001,170,464 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009/10/01 20:44:29 | 000,721,904 | -H-- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/04 17:43:40 | 000,213,024 | -H-- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/30 17:12:56 | 000,282,144 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2009/04/10 23:06:26 | 000,019,968 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/10 22:45:56 | 000,072,192 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/22 06:42:58 | 000,051,200 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/26 14:07:54 | 000,073,728 | -H-- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/01/20 20:23:21 | 000,016,896 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/26 01:46:00 | 000,288,768 | -H-- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2007/04/23 09:50:50 | 000,025,896 | -H-- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/03/20 10:33:28 | 000,028,672 | -H-- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/01/19 02:20:54 | 000,021,728 | -H-- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/11/02 01:30:56 | 000,429,056 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_0\
CHR - Extension: Poppit = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/09/17 08:34:56 | 000,437,796 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15060 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S3DMCPLSTI] C:\Program Files\VisionTek\XG6 3D Mouse\S3dmcplsti.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA9A0FF-782D-4142-93F8-9EBB407D3542}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - File not found
O22 - SharedTaskScheduler: {D573AB53-B97F-427A-BDED-1F0ACE51996D} - KcschmucStr - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c3074b0d-aefd-11de-a04b-001d92ed85d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c3074b0d-aefd-11de-a04b-001d92ed85d6}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{c796f54f-4580-11df-8c0a-001d92ed85d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c796f54f-4580-11df-8c0a-001d92ed85d6}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 23:19:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/12/13 23:18:55 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011/12/12 23:57:28 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.pif
[2011/12/12 20:47:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/12/12 20:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/12 20:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/12 20:47:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/12 20:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/12 00:05:20 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/08 20:54:32 | 000,157,472 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/08 20:54:32 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/08 20:54:32 | 000,145,184 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/08 20:22:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/08 20:21:51 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/12/02 20:25:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2011/12/02 20:22:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series
[2011/12/02 20:22:24 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011/12/02 20:22:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/11/24 11:17:54 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Documents\Electronic Arts
[2011/11/24 11:05:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Electronic Arts
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 23:19:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/12/13 23:18:55 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011/12/13 23:13:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 23:13:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 23:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/12 23:57:26 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.pif
[2011/12/12 23:49:39 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\urpjeg5i.exe
[2011/12/12 23:47:35 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011/12/12 23:47:18 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011/12/12 20:47:24 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 19:24:58 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/12/12 00:28:31 | 000,000,625 | -H-- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/12 00:07:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\y5Pl7YABWiuamj
[2011/12/12 00:05:22 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~y5Pl7YABWiuamj
[2011/12/12 00:05:22 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~y5Pl7YABWiuamjr
[2011/12/12 00:05:21 | 000,000,601 | -H-- | M] () -- C:\Users\Administrator\Desktop\System Fix.lnk
[2011/12/11 16:41:42 | 238,824,372 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/11 07:59:59 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/12/11 07:49:59 | 000,000,328 | -H-- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/12/08 20:24:23 | 000,002,154 | -H-- | M] () -- C:\Windows\epplauncher.mif
[2011/12/08 20:23:25 | 000,642,004 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/08 20:23:25 | 000,119,156 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/08 04:10:10 | 000,000,305 | -H-- | M] () -- C:\Windows\wininit.ini
[2011/12/06 18:20:56 | 000,185,344 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/03 14:13:20 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/15 14:29:56 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/12 23:49:39 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\urpjeg5i.exe
[2011/12/12 23:47:35 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011/12/12 23:47:21 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011/12/12 20:47:24 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 00:28:31 | 000,000,625 | -H-- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/12 00:05:22 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~y5Pl7YABWiuamj
[2011/12/12 00:05:22 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~y5Pl7YABWiuamjr
[2011/12/12 00:05:21 | 000,000,601 | -H-- | C] () -- C:\Users\Administrator\Desktop\System Fix.lnk
[2011/12/12 00:05:16 | 000,000,456 | -H-- | C] () -- C:\ProgramData\y5Pl7YABWiuamj
[2011/12/11 16:41:42 | 238,824,372 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/08 20:24:23 | 000,002,154 | -H-- | C] () -- C:\Windows\epplauncher.mif
[2011/10/30 16:00:16 | 000,175,616 | -H-- | C] () -- C:\Windows\System32\unrar.dll
[2011/10/30 16:00:15 | 000,650,752 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/10/30 16:00:15 | 000,243,200 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/30 16:00:15 | 000,074,752 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/09/15 18:52:25 | 000,000,305 | -H-- | C] () -- C:\Windows\wininit.ini
[2011/02/24 22:47:46 | 000,043,520 | -H-- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/02/01 09:34:16 | 000,000,023 | -H-- | C] () -- C:\Windows\BlendSettings.ini
[2011/01/30 20:50:08 | 000,000,032 | -H-- | C] () -- C:\Windows\CD_Start.INI
[2010/12/15 23:54:00 | 000,866,304 | -H-- | C] () -- C:\Windows\System32\D2NT.dll
[2010/12/06 07:58:56 | 002,496,715 | -H-- | C] () -- C:\Windows\System32\abgx360.exe
[2010/09/11 17:06:54 | 000,000,127 | -H-- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/19 11:50:22 | 000,000,090 | -H-- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/03/02 23:34:01 | 000,000,262 | -H-- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/16 12:35:26 | 000,323,584 | -H-- | C] () -- C:\Windows\System32\FoxImager.dll
[2009/10/20 08:39:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 08:39:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 08:39:11 | 000,072,192 | -H-- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2009/10/11 20:24:01 | 000,185,344 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 21:16:21 | 000,021,840 | -H-- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/01 21:16:21 | 000,017,212 | -H-- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/10/01 21:16:21 | 000,012,067 | -H-- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/10/01 21:04:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/01 20:32:03 | 000,000,376 | -H-- | C] () -- C:\Windows\ODBC.INI
[2009/10/01 19:18:21 | 000,003,276 | RH-- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/10/01 18:33:01 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2007/01/06 06:09:26 | 000,208,896 | -H-- | C] () -- C:\Program Files\Common Files\VistaRunApp.exe
[2006/11/02 10:10:16 | 000,080,912 | -H-- | C] () -- C:\Windows\System32\sherlock2.exe
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,257,152 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,642,004 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,119,156 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/04/15 09:09:02 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\S3Dmouse.dll
[1996/04/03 13:33:26 | 000,005,248 | -H-- | C] () -- C:\Windows\System32\giveio.sys

< End of report >

________________________________________________________________________________________________________________

OTL Extras Report

OTL Extras logfile created on: 12/13/2011 11:22:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 66.95% Memory free
6.22 Gb Paging File | 5.22 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 216.06 Gb Free Space | 46.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DONOVAN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03607F58-38E4-42BB-BD2A-4B4D9064F3EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0564ACAF-3A6E-412A-98C3-FA7CBFA6D178}" = lport=10244 | protocol=6 | dir=in | app=system |
"{09A2BC8D-8AB4-4A16-A218-7800DCA8D7CF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FC5B587-7586-4D55-BF8F-6A8B1F0E79FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{1747A8CD-EB27-45A5-AA96-54A27CBE4177}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{18E3EFAB-741C-4B36-89A5-35B543BFACFE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{194AB965-88E8-46FA-A16E-014280CB7126}" = lport=3390 | protocol=6 | dir=in | app=system |
"{22D21F25-DC96-4BBF-B74F-883B0FCC8776}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{26C431FE-1C0B-40F0-9827-2BA50014A3C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{32849439-A33E-4B66-9F53-D6EC7C84177E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35FCAB6D-2620-442B-85AE-7CD6768B8CCC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3737C0D9-B522-4901-847B-F27420EE06F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39900F6E-B475-4DAA-8E29-A528543B76C2}" = rport=139 | protocol=6 | dir=out | app=system |
"{45D8A806-2AEA-40F4-9323-7DBC0B8466E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4900FFE6-5686-4F00-8558-D14AD3BCFF5D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{497E3DF2-D3A4-424F-A3A2-AD4EC3B4B88F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4D053542-E4B3-4A4B-BCC0-859E9E89D3E1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{50477F98-91DA-420D-BDEB-141DF2E4E450}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5073A339-FA27-4742-9278-34C9E5424508}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55E869A0-01F0-45D2-97A3-2EAB6A7250A0}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DBDD68E-9735-4B16-85FB-1C4CDFE6399B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{661397F0-9EFE-450B-B4A5-69B0B2957C9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A9914D4-9AC7-46C5-8DCB-455E5BA0C8FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{6AC4D3A6-5F91-45E5-B630-C9C268319208}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{720D0C86-5354-4FD7-BCE1-0F77D40B589C}" = rport=138 | protocol=17 | dir=out | app=system |
"{73034267-4B44-47F6-9B2B-735091D17F20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75C14470-1821-4E7B-A7A2-47E5CA2593F8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{7E519B5E-93B6-4A49-BF3E-E73635680C94}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1D9D48C-BDD7-4743-9545-F9F965F32AB6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A305973E-29A7-481A-B1D9-2BAA401BA305}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A4E8EE92-5D83-43CC-9A6C-0593EA5FE15A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A575A4E1-3E02-4540-A4F6-1B62B0E62A4E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA176284-7203-444D-B2F3-1F5CD7525B28}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AECEDE40-1AC7-4223-8A63-965D8FFE8726}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2880A88-A6DC-4394-AA66-A79C3CF48E97}" = lport=7845 | protocol=17 | dir=in | name=zzz |
"{C1AB1080-FC05-4F59-829E-31F0CB997CA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6797CEB-78DB-4407-B1DD-CCF44810DEC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C88EE90A-259A-44E7-9905-DCAA1C10E373}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C8D163F8-ED19-4B4C-A062-49E0DEBD5B75}" = lport=6112 | protocol=6 | dir=in | name=battle.net |
"{D7D3A084-3E8B-48B4-9FD1-CA05D3490422}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D9B3DAFE-9954-41DB-8A8F-E5CC14D2EC57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DCFDF3F5-B713-4A4B-8C4D-C1B745893B30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DD3B99D3-D0A5-48D1-914A-92674B47B559}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DD8FCB6C-3B61-43B3-AFA1-2AF454B8AC0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E70E5891-A969-495A-B47D-B46F357E886F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EEBD4FE3-3652-4A9A-94BE-9263D16E7986}" = lport=138 | protocol=17 | dir=in | app=system |
"{F2AA086A-3AFF-4936-B32B-2AC489E47623}" = rport=10244 | protocol=6 | dir=out | app=system |
"{F4A1B8DD-1AB5-431D-8542-AAA2BAAACB5A}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6B2D0DA-3101-4764-B41B-5673443B8360}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F7250F74-9350-46D0-AB6C-A9D0F230BBB5}" = lport=137 | protocol=17 | dir=in | app=system |
"{F9B1E6E0-A01F-4CDE-9C23-1D8B50CBD683}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB00F87A-9AFD-4172-811C-DBF38DF72E55}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBF5689F-BB42-4A05-ABE7-93CD322C423C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD9FE982-AC9E-4BA1-9143-7F7D3CB39825}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FFFD4532-8E1C-44D7-9148-239062640FEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EFA75A-8434-4710-847F-91427ABE1877}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0A7F22E8-0554-40DE-9C76-FAF2AA310C4F}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{1369CFE9-BA6F-4A7F-80D8-9F40CA7C5C0B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1C6992C8-B2D5-47F9-A9FE-5592A28D8B21}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{209320E1-8F02-4087-9EA0-B69A3C4D62CD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{20CFAA08-E703-4D94-8449-EC5D0B28E86F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{240C6727-D490-4661-A6D0-3A2667259476}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26E410FF-D74F-4E8F-B9FA-31F65531EDED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{289456C8-A0C3-4777-90C5-F23AD92F2017}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{291DDD49-53BD-4B1B-8AF2-564FC5362107}" = protocol=6 | dir=out | app=system |
"{2A371424-BDEC-44BD-859F-38C824BDD8DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E97B584-F8B8-4964-97B8-EA3D4B5D4993}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{36430BD9-64A7-4091-9716-11C769037D0C}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\cbqnk8ew.bt0\60eovcbe.h9e\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{3BAAAECB-0388-4CAA-864E-F78A2AC63E38}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{41D141C6-B7B8-4BB8-8CA7-4254FFC81483}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{438C0C2B-7483-47E1-945F-E434A226CCAD}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\cbqnk8ew.bt0\60eovcbe.h9e\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{44EBD15F-FF4B-438B-956F-24BB75EFF001}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4966D856-93B4-4CE9-A28C-FD715670D0A5}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe |
"{49AA3D5B-028C-49CA-8233-2C43E9402C15}" = protocol=17 | dir=in | app=c:\program files\deep silver\sacred 2 - fallen angel\system\sacred2.exe |
"{51A37EEE-B617-4282-9F30-B88EC0F87174}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{52303A20-1A58-4C59-BB87-6148CC9FE589}" = protocol=58 | dir=in | app=system |
"{5397D206-30B0-4250-8318-82A69CB79416}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{54912518-CEBB-4EFA-88B0-4F27D3580913}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56D155CD-9E93-460E-96B0-738310827615}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5766016B-B543-414D-B9AD-F56D4166851D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5882399E-8ECD-4CA6-B31A-56F286AF6CDD}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{671D82FF-BFDB-45F5-92D7-92720E306FD4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{687DA25F-F244-4460-B983-E7F84892B7AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B3E8BBF-E178-45CC-8611-CD0D5EE48D8E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{759602F6-D816-49B9-A96F-7F950C972325}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{80366A9F-0B8B-44DB-8D99-E1AD5949FEB7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D8AA39F-82D6-4389-A6F2-C72D010BFFE0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9541F5EE-6F38-4957-82FE-092687D9344B}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{97DC589E-643D-436C-965E-FD2B89AA10F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97EFB100-E55F-4233-9AC6-07BB843FC125}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{9EA382DC-2FF9-407A-B15C-05BBDCEA6A21}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"{A25709FC-4A5C-468C-81CD-E7FA98378AFB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A63A1D3C-C6EC-4D51-BA72-70AE9DE7941C}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{AA30D5B0-93F6-4C48-8BE9-EAB93E92DBE7}" = protocol=6 | dir=in | app=c:\program files\deep silver\sacred 2 - fallen angel\system\sacred2.exe |
"{AC65E9AA-506A-471C-884C-76E4FD40C0C4}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{AFC12AAA-F11F-4597-9D5F-24ACA0B83368}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B2A1A5F9-7296-4107-A8E3-0CBF4073C1DC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BBAAA257-0FEC-4C57-817D-2563A07E6CAE}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{BC26CC9D-43B0-4D24-A5C2-562EAD6348EB}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe |
"{BDF317D0-7452-43D0-BF36-44C7AA515A9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BFED2136-37EF-4A77-B064-8E1EB0567F9F}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"{C1098B33-62EF-448B-BD34-E44DD25435F9}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{C13D39AD-0C51-419B-ABE7-8304734B7684}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C14CE9A7-9632-4BD2-AC68-422FDC490397}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{C20D6D4B-495E-4A9B-9989-AD756D28A5B2}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe |
"{C4978431-8A1B-4399-BF16-7F01091EDF13}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C4A01D7E-01DC-46AD-A0C2-EAC0A842902A}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{C7B88C55-85EC-4D25-A7D2-109F39395670}" = protocol=6 | dir=in | app=c:\program files\deep silver\sacred 2 - fallen angel\system\s2gs.exe |
"{CFCE862E-47DA-4DF9-B8FD-4E10882C413B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D14AB8DE-EDEB-455D-8BC3-DEB5CAD90FAA}" = protocol=17 | dir=in | app=c:\program files\deep silver\sacred 2 - fallen angel\system\s2gs.exe |
"{D7279D8B-83F4-45C0-835C-2BD3812EEB4B}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{D89621FF-42B6-4EAB-AECE-265F05AFF737}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{D9D788FC-1730-4CC5-AEDC-C56DEAE95C0C}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"{E3903E95-D5DF-4A7C-972D-DFCA1E6EB81C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E87020AE-9B65-4B74-A71C-A8BB335CFC64}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{EBF3FB38-986B-4A4F-AC93-80B5309D643C}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"{F2EA0086-AADA-4CA3-9BEB-7F5B75AEA7DC}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F463D85A-9B0F-4B90-998D-F6D228386328}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\cbqnk8ew.bt0\60eovcbe.h9e\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{FA0B51D0-D41D-41F2-8367-5A97CA4CAFB2}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\apps\2.0\cbqnk8ew.bt0\60eovcbe.h9e\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{FAF2D252-295A-4265-9A0A-362C35690758}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe |
"{FB2EAAD9-5C6E-46B0-93AF-0745057FCA05}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{316C121E-6B81-4E22-B187-26D9F36F212D}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{5BED98C5-7F79-4363-AA89-02CB360424A0}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{60D342F3-65EF-4C43-BF66-2373FE7AEDCB}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{65458073-B8B6-45D5-BFB9-4F828A84CA3A}C:\program files\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\sacred.exe |
"TCP Query User{68E7EDAB-10A6-45E7-A581-9B9F5B6A3306}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7E436456-5894-422C-AE42-E9C9201AE15A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A8906652-4AA1-4BC7-B43E-0609190674AE}C:\users\administrator\downloads\snes\netplay snes\zsnesw.exe" = protocol=6 | dir=in | app=c:\users\administrator\downloads\snes\netplay snes\zsnesw.exe |
"TCP Query User{B8B8365C-5A3A-4484-B5A3-E361EA38A3D0}C:\program files\zbattle.net\zbattle.net.exe" = protocol=6 | dir=in | app=c:\program files\zbattle.net\zbattle.net.exe |
"TCP Query User{CC52FFD3-9E5A-4F81-844C-436A6BF6278C}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{D43D2C6D-282D-493F-96B9-51C29B983190}C:\users\administrator\downloads\diablo 2\kukbot\redvex2.exe" = protocol=6 | dir=in | app=c:\users\administrator\downloads\diablo 2\kukbot\redvex2.exe |
"TCP Query User{D7212FB8-5169-4FE3-BA4D-8DE8232CDB51}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E6043EE0-91AC-4A3E-A78E-FB56F77E3DAB}C:\users\administrator\desktop\flash mod xbox\auto_xbins_2008.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\flash mod xbox\auto_xbins_2008.exe |
"UDP Query User{46564CAA-211A-4B03-8D74-663959FACDA9}C:\users\administrator\downloads\snes\netplay snes\zsnesw.exe" = protocol=17 | dir=in | app=c:\users\administrator\downloads\snes\netplay snes\zsnesw.exe |
"UDP Query User{5E8A931D-E87E-490F-A2BE-B55F12534E9D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{669D5366-A355-4D8C-8428-6DC5BD29488B}C:\program files\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\sacred.exe |
"UDP Query User{87436463-D4EF-46AB-A605-75CED21C8BB8}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{9CD13B97-FF78-4DE3-BF5D-1473B995E22F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{ABE05A98-E773-4333-A0C1-1847F2A083AE}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{AF5FEEAC-2479-464F-BB3A-B6DD56EB31E7}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{C764FEAA-DFBE-4E27-9D02-C5B1D5F6179B}C:\users\administrator\downloads\diablo 2\kukbot\redvex2.exe" = protocol=17 | dir=in | app=c:\users\administrator\downloads\diablo 2\kukbot\redvex2.exe |
"UDP Query User{C8CC9F23-F16F-4971-837D-0D618A5223CC}C:\users\administrator\desktop\flash mod xbox\auto_xbins_2008.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\flash mod xbox\auto_xbins_2008.exe |
"UDP Query User{D1BF4C08-B7DC-423C-A8C3-BA0E2A874AA4}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{D4212CDD-C34C-428F-9FFA-2F84A7CE1722}C:\program files\zbattle.net\zbattle.net.exe" = protocol=17 | dir=in | app=c:\program files\zbattle.net\zbattle.net.exe |
"UDP Query User{E0347A0F-8C65-41F0-8F05-9C1A3029493E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA
"{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{747DE4AD-5C9C-4F4B-9FA3-B781413945FC}" = KcschmucStr
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{946F6DCB-0AB0-4B9B-916A-858664D9C36A}" = VisionTek XG6 3D Mouse Support Software Version 1.041
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.9.0
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Precision" = EVGA Precision 1.5.1
"UltraISO_is1" = UltraISO Premium V9.0
"uTorrent" = µTorrent
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3076729898-2284289010-2806221457-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2011 2:32:23 AM | Computer Name = Donovan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 12/13/2011 9:24:59 AM | Computer Name = Donovan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 12/13/2011 9:24:59 AM | Computer Name = Donovan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 12/13/2011 9:27:24 AM | Computer Name = Donovan-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc,
exception code 0xc0000005, fault offset 0x0001e7bf, process id 0xea8, application
start time 0x01ccb99a72976bae.

Error - 12/13/2011 9:31:53 AM | Computer Name = Donovan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 12/13/2011 9:31:53 AM | Computer Name = Donovan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 12/13/2011 9:31:53 AM | Computer Name = Donovan-PC | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000374, fault offset 0x000b06fc, process id 0x4fc, application
start time 0x01ccb99b271aafa0.

Error - 12/14/2011 1:14:59 AM | Computer Name = Donovan-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/14/2011 1:25:36 AM | Computer Name = Donovan-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 12/14/2011 1:25:36 AM | Computer Name = Donovan-PC | Source = MsiInstaller | ID = 11606
Description =

[ Media Center Events ]
Error - 11/12/2011 11:40:29 PM | Computer Name = Donovan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 11/12/2011 11:52:00 PM | Computer Name = Donovan-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 11/12/2011 11:52:25 PM | Computer Name = Donovan-PC | Source = Mcx2Svc | ID = 301
Description =

[ System Events ]
Error - 12/13/2011 2:23:38 AM | Computer Name = Donovan-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 12/14/2011 1:13:45 AM | Computer Name = Donovan-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 12/14/2011 1:13:45 AM | Computer Name = Donovan-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/14/2011 1:14:59 AM | Computer Name = Donovan-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/14/2011 1:14:59 AM | Computer Name = Donovan-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/14/2011 1:14:59 AM | Computer Name = Donovan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/14/2011 1:14:59 AM | Computer Name = Donovan-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/14/2011 1:14:59 AM | Computer Name = Donovan-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/14/2011 1:14:59 AM | Computer Name = Donovan-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 12/14/2011 1:15:45 AM | Computer Name = Donovan-PC | Source = WMPNetworkSvc | ID = 866293
Description =


< End of report >

Thanks again for the help Agent ST you the man

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 PM

Posted 15 December 2011 - 12:53 AM

Good Evening DosEquis153!

Thanks for the fast response Agent ST!

You're very welcome!

Thanks for posting the GMER log for me to review.

It looks like you're infected with ZeroAccess.

Which leads me to the following:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Among many things going on with your computer it looks like a rogue anti-virus program has gone ahead and hidden a bunch of your files. We will go ahead and fix this now using a tool called UnHide.exe.

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O3 - HKU\S-1-5-21-3076729898-2284289010-2806221457-500\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O22 - SharedTaskScheduler: {D573AB53-B97F-427A-BDED-1F0ACE51996D} - KcschmucStr - No CLSID value found.
    O33 - MountPoints2\{c3074b0d-aefd-11de-a04b-001d92ed85d6}\Shell - "" = AutoRun
    O33 - MountPoints2\{c3074b0d-aefd-11de-a04b-001d92ed85d6}\Shell\AutoRun\command - "" = K:\Autorun.exe
    O33 - MountPoints2\{c796f54f-4580-11df-8c0a-001d92ed85d6}\Shell - "" = AutoRun
    O33 - MountPoints2\{c796f54f-4580-11df-8c0a-001d92ed85d6}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
    [2011/12/12 00:05:20 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
    [2011/12/12 00:28:31 | 000,000,625 | -H-- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/12 00:07:03 | 000,000,456 | -H-- | M] () -- C:\ProgramData\y5Pl7YABWiuamj
    [2011/12/12 00:05:22 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~y5Pl7YABWiuamj
    [2011/12/12 00:05:22 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~y5Pl7YABWiuamjr
    [2011/12/12 00:05:21 | 000,000,601 | -H-- | M] () -- C:\Users\Administrator\Desktop\System Fix.lnk
    [2011/12/12 00:28:31 | 000,000,625 | -H-- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/12 00:05:22 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~y5Pl7YABWiuamj
    [2011/12/12 00:05:22 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~y5Pl7YABWiuamjr
    [2011/12/12 00:05:21 | 000,000,601 | -H-- | C] () -- C:\Users\Administrator\Desktop\System Fix.lnk
    [2011/12/12 00:05:16 | 000,000,456 | -H-- | C] () -- C:\ProgramData\y5Pl7YABWiuamj
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 DosEquis153

DosEquis153
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 15 December 2011 - 02:29 PM

It looks like you're infected with ZeroAccess.

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Terrible news indeed! I did some research on ZeroAccess today at work and I think I'll just reformat with the installation disc. Quick question before I do so although, would I be able to safely throw alot of my music/downloads/documents/files etc onto a flash drive before so I can put it on the reformatted partition or does the ZeroAccess trojan have a risk of being imbedded in those?

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 PM

Posted 16 December 2011 - 01:45 AM

Good Evening DosEquis153,


It looks like you're infected with ZeroAccess.

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Terrible news indeed! I did some research on ZeroAccess today at work and I think I'll just reformat with the installation disc. Quick question before I do so although, would I be able to safely throw alot of my music/downloads/documents/files etc onto a flash drive before so I can put it on the reformatted partition or does the ZeroAccess trojan have a risk of being imbedded in those?

It's usually a hit or miss with some infections these days. It can really depend on whether the files themselves are already infected.

I usually tell my users the following in regards to what to back-up:

Reformatting a hard disk deletes all data. You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (.exe), screensavers (.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 PM

Posted 22 December 2011 - 11:47 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users