Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Antivirus 2012


  • This topic is locked This topic is locked
33 replies to this topic

#1 Criminalicious

Criminalicious

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 22 December 2011 - 11:28 PM

Falling victim to Open Cloud AV a month or two ago, that little escapade eventually led to me reinstalling Vista on my computer and losing some important programs. So, honestly, I'd rather live with the messed up browser than have to wipe my computer again. Anyways, I got this stupid "Vista Antivirus 2012" yesterday. I took care of it with rkill MBAM, but it seems the browser hijacking has not stopped. I really don't appreciate the redirects to women's health articles. Also, I've got two BlueScreen errors since the infection.

Thanks,
Dylan

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Dylan at 18:31:58 on 2011-12-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1434 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\System32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MozillaAgent] c:\windows\temp\_ex-68.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{6F3758E6-0F14-43A9-A5B3-96C3F93EDF56} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dylan\appdata\roaming\mozilla\firefox\profiles\hppcy6n3.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2011-10-29 25896]
R2 5689;5689;c:\windows\temp\5689.sys [2011-12-22 138752]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-29 176128]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-10-29 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-29 135664]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-29 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-22 22216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-22 366152]
.
=============== Created Last 30 ================
.
2011-12-22 07:01:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-22 07:01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-22 06:24:04 315392 ----a-w- c:\users\dylan\appdata\local\kmr.exe
2011-12-20 18:48:20 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{650d7cc2-6c4a-4a84-9afa-f7086e090f78}\mpengine.dll
2011-12-19 23:31:18 -------- d-----w- c:\programdata\WEBREG
2011-12-19 23:29:19 -------- d-----w- c:\users\dylan\appdata\local\HP
2011-12-19 23:27:28 321536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
2011-12-19 23:26:08 -------- d-----w- c:\users\dylan\appdata\roaming\HpUpdate
2011-12-19 23:25:59 -------- d-----w- c:\program files\Coupons
2011-12-19 23:17:09 -------- d-----w- c:\program files\common files\HP
2011-12-19 23:15:36 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-12-19 23:12:09 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2011-12-19 23:10:29 -------- d-----w- c:\program files\HP
2011-12-19 23:08:41 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll
2011-12-19 23:08:41 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-12-19 23:08:41 261432 ----a-w- c:\windows\system32\hpzids01.dll
2011-12-19 23:08:40 966656 ----a-w- c:\windows\system32\hpost_p02a.dll
2011-12-19 23:08:40 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-12-19 23:08:40 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-12-18 02:44:50 -------- d-----r- c:\program files\Skype
2011-12-16 21:12:18 -------- d-----w- C:\Temp
2011-12-16 04:57:52 245459 ----a-w- c:\users\dylan\Fallen_Earth_20110728.exe
2011-12-16 00:32:05 922460208 ----a-w- c:\users\dylan\War_Rock_10182011_G1_Xfire.exe
2011-12-15 23:51:59 -------- d-----w- c:\program files\iPod
2011-12-15 23:51:57 -------- d-----w- c:\program files\iTunes
2011-12-15 23:50:12 -------- d-----w- c:\program files\Pando Networks
2011-12-15 23:36:42 -------- d-----w- c:\program files\GamersFirst
2011-12-15 04:08:58 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 04:08:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 04:08:54 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 04:08:47 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-27 03:41:47 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-11-27 03:41:15 -------- d-----w- c:\program files\common files\BioWare
.
==================== Find3M ====================
.
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-30 03:08:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-30 03:01:23 5 --sh--r- c:\windows\system32\drivers\taishop.sys
2011-10-30 02:44:48 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-10-30 02:42:20 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-30 02:37:49 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-20 15:55:43 834048 ----a-w- c:\windows\system32\wininet.dll
2011-10-20 14:08:44 389632 ----a-w- c:\windows\system32\html.iec
2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 18:32:28.89 ===============

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-22 19:47:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS545025B9A300 rev.PB2OC64G
Running: gmer.exe; Driver: C:\Users\Dylan\AppData\Local\Temp\pgtoapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89954480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89995900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D202000, 0x263970, 0xE8000020]
.text tdx.sys 8D825000 16 Bytes [00, 00, 00, 00, 00, 00, 8B, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH 0x0; PUSH DWORD [EBP+0x10]}
.text tdx.sys 8D825011 7 Bytes [75, 14, 6A, 2B, FF, 75, 0C] {JNZ 0x16; PUSH 0x2b; PUSH DWORD [EBP+0xc]}
.text tdx.sys 8D825019 22 Bytes [75, 08, FF, 15, 84, 51, 83, ...]
.text tdx.sys 8D825030 105 Bytes [55, 8B, EC, 8B, 45, 1C, 33, ...]
.text tdx.sys 8D82509A 49 Bytes [EC, 0F, B7, 45, 20, 6A, 00, ...]
.text ...
? C:\Windows\system32\DRIVERS\tdx.sys suspicious PE modification
? C:\Users\Dylan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtProtectVirtualMemory 774A4B84 5 Bytes JMP 0122000A
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtWriteVirtualMemory 774A54C4 5 Bytes JMP 0123000A
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!KiUserExceptionDispatcher 774A5BF8 5 Bytes JMP 0121000A
.text C:\Windows\System32\ping.exe[4616] ntdll.dll!NtCreateProcess 774A42E4 5 Bytes JMP 0088000A
.text C:\Windows\System32\ping.exe[4616] ntdll.dll!NtCreateProcessEx 774A42F4 5 Bytes JMP 008D000A
.text C:\Windows\System32\ping.exe[4616] ntdll.dll!NtProtectVirtualMemory 774A4B84 5 Bytes JMP 0071000A
.text C:\Windows\System32\ping.exe[4616] ntdll.dll!NtWriteVirtualMemory 774A54C4 5 Bytes JMP 0072000A
.text C:\Windows\System32\ping.exe[4616] ntdll.dll!NtCreateUserProcess 774A5654 5 Bytes JMP 008E000A
.text C:\Windows\System32\ping.exe[4616] ntdll.dll!KiUserExceptionDispatcher 774A5BF8 5 Bytes JMP 0070000A
.text C:\Windows\System32\ping.exe[4616] USER32.dll!WindowFromPoint 76C0884F 5 Bytes JMP 0093000A
.text C:\Windows\System32\ping.exe[4616] USER32.dll!GetForegroundWindow 76C132C4 5 Bytes JMP 0094000A
.text C:\Windows\System32\ping.exe[4616] USER32.dll!GetCursorPos 76C20B88 5 Bytes JMP 0092000A
.text C:\Windows\System32\ping.exe[4616] ole32.dll!CoCreateInstance 76A89F3E 5 Bytes JMP 0091000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4888] ntdll.dll!LdrLoadDll 774693A8 5 Bytes JMP 5DD83690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5336] USER32.dll!SetWindowLongA 76C0E7CD 5 Bytes JMP 5E14CCFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5336] USER32.dll!SetWindowLongW 76C113B4 5 Bytes JMP 5E14CC8C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5336] USER32.dll!GetWindowInfo 76C1428E 5 Bytes JMP 5DEFE78C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5336] USER32.dll!TrackPopupMenu 76C214F3 5 Bytes JMP 5DEFED49 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp [8D82FE58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\tdx \Device\Udp [8D82FE58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\tdx \Device\RawIp [8D82FE58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB46548$\1262574399 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\@ 2048 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\bckfg.tmp 814 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\keywords 258 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\L 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\L\qnbwvoto 72192 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\00000001.@ 1536 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\80000032.@ 97792 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3FLXJMH\atbkg[1].png 121 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3FLXJMH\ac12[1].gif 197 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVPWGDIW\01[1].htm 602 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVPWGDIW\if[1].htm 940 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVPWGDIW\AC90GPNCAFPKQBUCAJP1ULNCA4S3F8UCAKVM2THCARMXGY1CA8W45VZCAOYZ17PCACK3CBLCAJ3TM0ZCAE6YTK5CA14IQK2CAMM944ECAPL6X1KCAZOVQ96CA4AX5UYCA2ZB27D 5054 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVPWGDIW\AZI0R0BCAAXBE0CCAPM6YNZCAAVYVQHCAAYQGJHCAKV2H4OCAK8BU2ICAQ40ZM5CAZXY78BCAGFJ4Z5CA9B0NRSCAQTWC97CANP2CDOCAVNM5NOCAUTGFT9CA7XTWN1CAD0WRL2 4466 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVPWGDIW\afr[1].htm 3116 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0AN0Q7LY.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KB3H7XCC.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KRBYWXYY.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UJ3P1LCR.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by Criminalicious, 23 December 2011 - 02:52 PM.


BC AdBot (Login to Remove)

 


#2 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 26 December 2011 - 10:33 PM

UPDATE: While casually using the internet, I was randomly directed to a page that I thought was just another add, but it actually ended up installing the same virus again. Terminated it once more using Rkill, and I'm currently using MBAM to get rid of it.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 29 December 2011 - 12:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434079 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 30 December 2011 - 11:56 PM

Falling victim to Open Cloud AV a month or two ago, that little escapade eventually led to me reinstalling Vista on my computer and losing some important programs. So, honestly, I'd rather live with the messed up browser than have to wipe my computer again. Anyways, I got this stupid "Vista Antivirus 2012" yesterday. I took care of it with rkill MBAM, but it seems the browser hijacking has not stopped. I really don't appreciate the redirects to certain articles. Also, while casually using the internet, I was randomly directed to a page that I thought was just another add, but it actually ended up installing the same virus again. Terminated it once more using Rkill, and MBAM.

Thanks,
Dylan

NEW DDS and GMER

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Dylan at 17:51:01 on 2011-12-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1445 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{6F3758E6-0F14-43A9-A5B3-96C3F93EDF56} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dylan\appdata\roaming\mozilla\firefox\profiles\hppcy6n3.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2011-10-29 25896]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-29 176128]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-10-29 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-29 135664]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-29 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-22 22216]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-22 366152]
.
=============== Created Last 30 ================
.
2011-12-27 21:30:03 -------- d-----w- c:\users\dylan\appdata\roaming\SPORE
2011-12-27 21:27:48 -------- d-----w- c:\programdata\Electronic Arts
2011-12-27 21:27:00 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-12-27 21:26:16 -------- d-----w- c:\users\dylan\appdata\local\Downloaded Installations
2011-12-22 07:01:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-22 07:01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-20 18:48:20 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{650d7cc2-6c4a-4a84-9afa-f7086e090f78}\mpengine.dll
2011-12-19 23:31:18 -------- d-----w- c:\programdata\WEBREG
2011-12-19 23:29:19 -------- d-----w- c:\users\dylan\appdata\local\HP
2011-12-19 23:27:28 321536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
2011-12-19 23:26:08 -------- d-----w- c:\users\dylan\appdata\roaming\HpUpdate
2011-12-19 23:25:59 -------- d-----w- c:\program files\Coupons
2011-12-19 23:17:09 -------- d-----w- c:\program files\common files\HP
2011-12-19 23:15:36 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-12-19 23:12:09 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2011-12-19 23:10:29 -------- d-----w- c:\program files\HP
2011-12-19 23:08:41 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll
2011-12-19 23:08:41 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-12-19 23:08:41 261432 ----a-w- c:\windows\system32\hpzids01.dll
2011-12-19 23:08:40 966656 ----a-w- c:\windows\system32\hpost_p02a.dll
2011-12-19 23:08:40 309760 ----a-w- c:\windows\system32\difxapi.dll
2011-12-19 23:08:40 307200 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-12-18 02:44:50 -------- d-----r- c:\program files\Skype
2011-12-16 21:12:18 -------- d-----w- C:\Temp
2011-12-16 04:57:52 245459 ----a-w- c:\users\dylan\Fallen_Earth_20110728.exe
2011-12-16 00:32:05 922460208 ----a-w- c:\users\dylan\War_Rock_10182011_G1_Xfire.exe
2011-12-15 23:51:59 -------- d-----w- c:\program files\iPod
2011-12-15 23:51:57 -------- d-----w- c:\program files\iTunes
2011-12-15 23:50:12 -------- d-----w- c:\program files\Pando Networks
2011-12-15 23:36:42 -------- d-----w- c:\program files\GamersFirst
2011-12-15 04:08:58 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 04:08:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 04:08:54 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 04:08:47 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-12-23 19:40:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-30 03:01:23 5 --sh--r- c:\windows\system32\drivers\taishop.sys
2011-10-30 02:44:48 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-10-30 02:42:20 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-30 02:37:49 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-20 15:55:43 834048 ----a-w- c:\windows\system32\wininet.dll
2011-10-20 14:08:44 389632 ----a-w- c:\windows\system32\html.iec
2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 17:52:18.70 ===============

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-30 21:47:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-0 Hitachi_HTS545025B9A300 rev.PB2OC64G
Running: gmer.exe; Driver: C:\Users\Dylan\AppData\Local\Temp\pgtoapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x89950480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x89991900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D407000, 0x263970, 0xE8000020]
? C:\Users\Dylan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 77454B84 5 Bytes JMP 00BF000A
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory 774554C4 5 Bytes JMP 00E0000A
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!KiUserExceptionDispatcher 77455BF8 5 Bytes JMP 00BE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4272] ntdll.dll!LdrLoadDll 774193A8 5 Bytes JMP 62B63690 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4760] USER32.dll!SetWindowLongA 7758E7CD 5 Bytes JMP 62F2CCFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4760] USER32.dll!SetWindowLongW 775913B4 5 Bytes JMP 62F2CC8C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4760] USER32.dll!GetWindowInfo 7759428E 5 Bytes JMP 62CDE78C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4760] USER32.dll!TrackPopupMenu 775A14F3 5 Bytes JMP 62CDED49 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\System32\ping.exe[4808] ntdll.dll!NtCreateProcess 774542E4 5 Bytes JMP 008A000A
.text C:\Windows\System32\ping.exe[4808] ntdll.dll!NtCreateProcessEx 774542F4 5 Bytes JMP 008B000A
.text C:\Windows\System32\ping.exe[4808] ntdll.dll!NtProtectVirtualMemory 77454B84 5 Bytes JMP 0085000A
.text C:\Windows\System32\ping.exe[4808] ntdll.dll!NtWriteVirtualMemory 774554C4 5 Bytes JMP 0086000A
.text C:\Windows\System32\ping.exe[4808] ntdll.dll!NtCreateUserProcess 77455654 5 Bytes JMP 008C000A
.text C:\Windows\System32\ping.exe[4808] ntdll.dll!KiUserExceptionDispatcher 77455BF8 5 Bytes JMP 0078000A
.text C:\Windows\System32\ping.exe[4808] USER32.dll!WindowFromPoint 7758884F 5 Bytes JMP 009A000A
.text C:\Windows\System32\ping.exe[4808] USER32.dll!GetForegroundWindow 775932C4 5 Bytes JMP 009B000A
.text C:\Windows\System32\ping.exe[4808] USER32.dll!GetCursorPos 775A0B88 5 Bytes JMP 0099000A
.text C:\Windows\System32\ping.exe[4808] ole32.dll!CoCreateInstance 772F9F3E 5 Bytes JMP 0090000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\tdx \Device\Tcp [8E240E58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\tdx \Device\Udp [8E240E58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\tdx \Device\RawIp [8E240E58] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x20 0x91 0x9D 0x8B ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB46548$\1262574399 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\@ 2048 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\bckfg.tmp 849 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\keywords 223 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\L 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\L\qnbwvoto 72192 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U 0 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB46548$\4224667163\U\80000032.@ 77312 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3C51HC\A1N4R6VCAWHHXZ6CAWH8E4JCAO5V1QOCA9PBWHFCAWX6YI5CAWZJCFWCA9UX05XCACOI1F1CA29GLK2CA4F0AEKCA9W2O0ZCAJA683NCAFJ4RSGCAXJ89LYCAW1TZXXCAR8OGAA 4499 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3C51HC\FiveminCookieCache[1].ashx 62 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3C51HC\nonSecureAnonymousFramework[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG3C51HC\218059294@Bottom3[1].htm 573 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\like[10].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\like[11].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\like[7].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\like[8].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\like[9].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\4651[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\ss7618[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\likebox[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\load[5].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\2-womens_300x250[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\iframe3.htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\ie7fix[2].js 493 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCWDHOXJ\e3.htm 717 bytes

---- EOF - GMER 1.0.15 ----

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 03 January 2012 - 12:26 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 04 January 2012 - 12:50 AM

Greetings, Gringo. We've met before, and we ended up settling to completely reset my computer. I appreciate your help, but I'm really not sure about using combofix, I think it's what screwed up my computer the last time I had a malware problem. Your thoughts?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 04 January 2012 - 01:01 AM

It was the virus that did it but lets use this first


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 January 2012 - 12:33 AM

AWESOME, looks like the problem has been resolved! Thanks so much, Gringo. You're the cyberspace equivalent of Batman. A dozen kudos and a thousand thank yous! I really appreciate your, help sir, best wishes from me to you.

--Dylan

Here's the TDSS killer file just in case you'd like to see it.
22:17:26.0941 2608 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:17:27.0419 2608 ============================================================
22:17:27.0419 2608 Current date / time: 2012/01/04 22:17:27.0419
22:17:27.0419 2608 SystemInfo:
22:17:27.0419 2608
22:17:27.0420 2608 OS Version: 6.0.6002 ServicePack: 2.0
22:17:27.0420 2608 Product type: Workstation
22:17:27.0420 2608 ComputerName: DYLAN-PC
22:17:27.0420 2608 UserName: Dylan
22:17:27.0420 2608 Windows directory: C:\Windows
22:17:27.0420 2608 System windows directory: C:\Windows
22:17:27.0420 2608 Processor architecture: Intel x86
22:17:27.0420 2608 Number of processors: 2
22:17:27.0420 2608 Page size: 0x1000
22:17:27.0420 2608 Boot type: Normal boot
22:17:27.0420 2608 ============================================================
22:17:31.0130 2608 Initialize success
22:17:38.0822 4828 ============================================================
22:17:38.0822 4828 Scan started
22:17:38.0822 4828 Mode: Manual;
22:17:38.0822 4828 ============================================================
22:17:41.0631 4828 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:17:41.0641 4828 ACPI - ok
22:17:41.0768 4828 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:17:41.0786 4828 adp94xx - ok
22:17:41.0988 4828 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:17:42.0006 4828 adpahci - ok
22:17:42.0151 4828 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:17:42.0169 4828 adpu160m - ok
22:17:42.0229 4828 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:17:42.0246 4828 adpu320 - ok
22:17:42.0388 4828 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:17:42.0394 4828 AFD - ok
22:17:42.0700 4828 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
22:17:42.0721 4828 AgereSoftModem - ok
22:17:43.0139 4828 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:17:43.0187 4828 agp440 - ok
22:17:43.0519 4828 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:17:43.0529 4828 aic78xx - ok
22:17:43.0737 4828 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:17:43.0754 4828 aliide - ok
22:17:43.0900 4828 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:17:43.0902 4828 amdagp - ok
22:17:43.0985 4828 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:17:44.0001 4828 amdide - ok
22:17:44.0094 4828 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:17:44.0096 4828 AmdK7 - ok
22:17:44.0175 4828 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:17:44.0185 4828 AmdK8 - ok
22:17:44.0300 4828 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:17:44.0302 4828 arc - ok
22:17:44.0433 4828 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:17:44.0435 4828 arcsas - ok
22:17:44.0545 4828 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:44.0546 4828 AsyncMac - ok
22:17:44.0621 4828 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:17:44.0621 4828 atapi - ok
22:17:45.0266 4828 atikmdag (53df058c7115b3e6259954d2a2dbf8e9) C:\Windows\system32\DRIVERS\atikmdag.sys
22:17:45.0365 4828 atikmdag - ok
22:17:45.0659 4828 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:17:45.0660 4828 AtiPcie - ok
22:17:46.0142 4828 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:17:46.0183 4828 Beep - ok
22:17:46.0346 4828 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:17:46.0380 4828 blbdrive - ok
22:17:46.0543 4828 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:17:46.0545 4828 bowser - ok
22:17:46.0714 4828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:17:46.0725 4828 BrFiltLo - ok
22:17:46.0791 4828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:17:46.0804 4828 BrFiltUp - ok
22:17:46.0937 4828 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:17:46.0940 4828 Brserid - ok
22:17:47.0160 4828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:17:47.0175 4828 BrSerWdm - ok
22:17:47.0304 4828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:17:47.0317 4828 BrUsbMdm - ok
22:17:47.0347 4828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:17:47.0349 4828 BrUsbSer - ok
22:17:47.0492 4828 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:17:47.0502 4828 BTHMODEM - ok
22:17:47.0633 4828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:17:47.0651 4828 cdfs - ok
22:17:47.0838 4828 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:17:47.0842 4828 cdrom - ok
22:17:47.0983 4828 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:17:47.0998 4828 circlass - ok
22:17:48.0138 4828 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:17:48.0144 4828 CLFS - ok
22:17:48.0333 4828 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:48.0344 4828 CmBatt - ok
22:17:48.0407 4828 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:17:48.0409 4828 cmdide - ok
22:17:48.0487 4828 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:17:48.0488 4828 Compbatt - ok
22:17:49.0212 4828 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:17:49.0212 4828 crcdisk - ok
22:17:49.0271 4828 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:17:49.0272 4828 Crusoe - ok
22:17:49.0468 4828 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:17:49.0470 4828 DfsC - ok
22:17:49.0649 4828 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:17:49.0659 4828 disk - ok
22:17:49.0876 4828 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:17:49.0895 4828 Dot4 - ok
22:17:49.0932 4828 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:17:49.0933 4828 Dot4Print - ok
22:17:50.0160 4828 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:17:50.0161 4828 dot4usb - ok
22:17:50.0327 4828 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:17:50.0345 4828 drmkaud - ok
22:17:50.0538 4828 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:50.0542 4828 DXGKrnl - ok
22:17:50.0806 4828 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:17:50.0818 4828 E1G60 - ok
22:17:50.0904 4828 EagleXNt - ok
22:17:51.0063 4828 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:17:51.0069 4828 Ecache - ok
22:17:51.0203 4828 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:17:51.0211 4828 elxstor - ok
22:17:51.0420 4828 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:17:51.0465 4828 ErrDev - ok
22:17:51.0557 4828 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:17:51.0568 4828 exfat - ok
22:17:51.0730 4828 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:17:51.0734 4828 fastfat - ok
22:17:52.0229 4828 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:17:52.0230 4828 fdc - ok
22:17:52.0524 4828 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:17:52.0538 4828 FileInfo - ok
22:17:52.0590 4828 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:17:52.0592 4828 Filetrace - ok
22:17:52.0722 4828 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:52.0724 4828 flpydisk - ok
22:17:52.0884 4828 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:17:52.0903 4828 FltMgr - ok
22:17:53.0123 4828 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:17:53.0124 4828 Fs_Rec - ok
22:17:53.0243 4828 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:17:53.0244 4828 FwLnk - ok
22:17:53.0301 4828 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:17:53.0311 4828 gagp30kx - ok
22:17:53.0452 4828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:17:53.0453 4828 GEARAspiWDM - ok
22:17:53.0707 4828 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:17:53.0733 4828 HdAudAddService - ok
22:17:54.0058 4828 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:17:54.0070 4828 HDAudBus - ok
22:17:54.0524 4828 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:17:54.0526 4828 HidBth - ok
22:17:54.0696 4828 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:17:54.0715 4828 HidIr - ok
22:17:54.0892 4828 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:17:54.0903 4828 HidUsb - ok
22:17:55.0187 4828 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:17:55.0189 4828 HpCISSs - ok
22:17:55.0372 4828 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:17:55.0394 4828 HTTP - ok
22:17:55.0590 4828 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:17:55.0596 4828 i2omp - ok
22:17:55.0891 4828 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:17:55.0909 4828 i8042prt - ok
22:17:56.0022 4828 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:17:56.0043 4828 iaStorV - ok
22:17:56.0178 4828 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:17:56.0200 4828 iirsp - ok
22:17:56.0464 4828 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
22:17:56.0480 4828 IntcAzAudAddService - ok
22:17:56.0941 4828 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:17:56.0960 4828 intelide - ok
22:17:57.0281 4828 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:57.0306 4828 intelppm - ok
22:17:57.0468 4828 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:57.0470 4828 IpFilterDriver - ok
22:17:57.0586 4828 IpInIp - ok
22:17:57.0684 4828 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:17:57.0695 4828 IPMIDRV - ok
22:17:57.0769 4828 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:17:57.0790 4828 IPNAT - ok
22:17:57.0906 4828 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:17:57.0908 4828 IRENUM - ok
22:17:57.0959 4828 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:17:57.0976 4828 isapnp - ok
22:17:58.0102 4828 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:17:58.0104 4828 iScsiPrt - ok
22:17:58.0220 4828 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:17:58.0222 4828 iteatapi - ok
22:17:58.0286 4828 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:17:58.0287 4828 iteraid - ok
22:17:58.0372 4828 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:17:58.0374 4828 kbdclass - ok
22:17:58.0454 4828 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:17:58.0456 4828 kbdhid - ok
22:17:58.0626 4828 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:17:58.0634 4828 KSecDD - ok
22:17:58.0756 4828 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:58.0757 4828 lltdio - ok
22:17:58.0870 4828 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:17:58.0873 4828 LSI_FC - ok
22:17:58.0976 4828 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:17:58.0978 4828 LSI_SAS - ok
22:17:59.0078 4828 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:17:59.0081 4828 LSI_SCSI - ok
22:17:59.0184 4828 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:17:59.0187 4828 luafv - ok
22:17:59.0244 4828 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
22:17:59.0246 4828 MBAMProtector - ok
22:17:59.0337 4828 MBAMSwissArmy - ok
22:17:59.0428 4828 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:17:59.0430 4828 megasas - ok
22:18:00.0180 4828 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:18:00.0334 4828 MegaSR - ok
22:18:00.0458 4828 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:18:00.0459 4828 Modem - ok
22:18:00.0566 4828 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:18:00.0566 4828 monitor - ok
22:18:00.0584 4828 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:18:00.0586 4828 mouclass - ok
22:18:00.0637 4828 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:18:00.0639 4828 mouhid - ok
22:18:00.0739 4828 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:18:00.0740 4828 MountMgr - ok
22:18:00.0927 4828 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:18:00.0952 4828 mpio - ok
22:18:01.0117 4828 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:18:01.0140 4828 mpsdrv - ok
22:18:01.0219 4828 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:18:01.0221 4828 Mraid35x - ok
22:18:01.0316 4828 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:18:01.0324 4828 MRxDAV - ok
22:18:01.0391 4828 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:18:01.0393 4828 mrxsmb - ok
22:18:01.0703 4828 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:18:01.0734 4828 mrxsmb10 - ok
22:18:02.0117 4828 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:18:02.0145 4828 mrxsmb20 - ok
22:18:02.0318 4828 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
22:18:02.0319 4828 msahci - ok
22:18:02.0390 4828 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:18:02.0393 4828 msdsm - ok
22:18:02.0706 4828 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:18:02.0707 4828 Msfs - ok
22:18:02.0882 4828 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:18:02.0883 4828 msisadrv - ok
22:18:03.0071 4828 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:18:03.0088 4828 MSKSSRV - ok
22:18:03.0238 4828 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:18:03.0262 4828 MSPCLOCK - ok
22:18:03.0297 4828 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:18:03.0298 4828 MSPQM - ok
22:18:03.0467 4828 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:18:03.0486 4828 MsRPC - ok
22:18:03.0644 4828 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:18:03.0644 4828 mssmbios - ok
22:18:03.0739 4828 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:18:03.0753 4828 MSTEE - ok
22:18:03.0926 4828 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:18:03.0943 4828 Mup - ok
22:18:04.0162 4828 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:18:04.0178 4828 NativeWifiP - ok
22:18:04.0366 4828 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:18:04.0399 4828 NDIS - ok
22:18:04.0549 4828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:18:04.0551 4828 NdisTapi - ok
22:18:04.0748 4828 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:18:04.0750 4828 Ndisuio - ok
22:18:04.0909 4828 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:18:04.0922 4828 NdisWan - ok
22:18:05.0154 4828 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:18:05.0180 4828 NDProxy - ok
22:18:06.0771 4828 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:18:06.0790 4828 NetBIOS - ok
22:18:07.0803 4828 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:18:07.0831 4828 netbt - ok
22:18:08.0436 4828 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:18:08.0472 4828 nfrd960 - ok
22:18:09.0160 4828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:18:09.0266 4828 Npfs - ok
22:18:09.0881 4828 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:18:09.0883 4828 nsiproxy - ok
22:18:10.0043 4828 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:18:10.0079 4828 Ntfs - ok
22:18:10.0362 4828 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:18:10.0384 4828 ntrigdigi - ok
22:18:10.0609 4828 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:18:10.0616 4828 Null - ok
22:18:10.0813 4828 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:18:10.0828 4828 nvraid - ok
22:18:11.0027 4828 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:18:11.0029 4828 nvstor - ok
22:18:11.0535 4828 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:18:11.0592 4828 nv_agp - ok
22:18:11.0994 4828 NwlnkFlt - ok
22:18:12.0085 4828 NwlnkFwd - ok
22:18:12.0883 4828 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:18:12.0900 4828 ohci1394 - ok
22:18:13.0489 4828 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:18:13.0507 4828 Parport - ok
22:18:13.0928 4828 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:18:13.0945 4828 partmgr - ok
22:18:14.0671 4828 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:18:14.0691 4828 Parvdm - ok
22:18:15.0129 4828 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:18:15.0143 4828 pci - ok
22:18:15.0663 4828 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
22:18:15.0664 4828 pciide - ok
22:18:15.0927 4828 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:18:15.0950 4828 pcmcia - ok
22:18:17.0181 4828 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:18:17.0636 4828 PEAUTH - ok
22:18:18.0730 4828 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:18:18.0751 4828 PptpMiniport - ok
22:18:19.0839 4828 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
22:18:19.0841 4828 Processor - ok
22:18:20.0923 4828 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:18:20.0925 4828 PSched - ok
22:18:21.0580 4828 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:18:21.0604 4828 PxHelp20 - ok
22:18:22.0562 4828 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:18:23.0077 4828 ql2300 - ok
22:18:23.0885 4828 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:18:23.0906 4828 ql40xx - ok
22:18:24.0959 4828 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:18:24.0985 4828 QWAVEdrv - ok
22:18:25.0585 4828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:18:25.0603 4828 RasAcd - ok
22:18:26.0074 4828 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:26.0076 4828 Rasl2tp - ok
22:18:26.0865 4828 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:26.0890 4828 RasPppoe - ok
22:18:27.0758 4828 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:18:27.0782 4828 RasSstp - ok
22:18:28.0144 4828 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:18:28.0164 4828 rdbss - ok
22:18:28.0405 4828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:28.0406 4828 RDPCDD - ok
22:18:28.0486 4828 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:18:28.0494 4828 rdpdr - ok
22:18:28.0651 4828 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:18:28.0652 4828 RDPENCDD - ok
22:18:28.0736 4828 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:18:28.0740 4828 RDPWD - ok
22:18:29.0511 4828 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:18:29.0715 4828 rspndr - ok
22:18:30.0936 4828 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:18:31.0022 4828 RTL8169 - ok
22:18:32.0319 4828 RTL8187Se (68f6a5488432f4c8d73e9a9d405f11d6) C:\Windows\system32\DRIVERS\RTL8187Se.sys
22:18:32.0566 4828 RTL8187Se - ok
22:18:33.0051 4828 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
22:18:33.0052 4828 RtlProt - ok
22:18:33.0542 4828 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
22:18:33.0569 4828 RTSTOR - ok
22:18:33.0896 4828 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:18:33.0928 4828 sbp2port - ok
22:18:34.0442 4828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:18:34.0469 4828 secdrv - ok
22:18:34.0940 4828 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:18:34.0961 4828 Serenum - ok
22:18:35.0416 4828 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:18:35.0445 4828 Serial - ok
22:18:35.0790 4828 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:18:35.0792 4828 sermouse - ok
22:18:36.0090 4828 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:18:36.0091 4828 sffdisk - ok
22:18:36.0158 4828 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:18:36.0160 4828 sffp_mmc - ok
22:18:36.0262 4828 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:18:36.0263 4828 sffp_sd - ok
22:18:36.0314 4828 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:18:36.0316 4828 sfloppy - ok
22:18:36.0527 4828 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:18:36.0641 4828 sisagp - ok
22:18:37.0373 4828 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:18:37.0375 4828 SiSRaid2 - ok
22:18:37.0486 4828 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:18:37.0488 4828 SiSRaid4 - ok
22:18:37.0553 4828 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:18:37.0555 4828 Smb - ok
22:18:37.0679 4828 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:18:37.0680 4828 spldr - ok
22:18:37.0753 4828 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:18:37.0768 4828 srv - ok
22:18:37.0883 4828 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:18:37.0886 4828 srv2 - ok
22:18:37.0929 4828 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:18:37.0932 4828 srvnet - ok
22:18:38.0074 4828 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:18:38.0075 4828 swenum - ok
22:18:38.0152 4828 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:18:38.0154 4828 Symc8xx - ok
22:18:38.0412 4828 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:18:38.0436 4828 Sym_hi - ok
22:18:38.0557 4828 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:18:38.0559 4828 Sym_u3 - ok
22:18:38.0702 4828 SynTP (8fe2c9649ffe62143965f8d16b08be28) C:\Windows\system32\DRIVERS\SynTP.sys
22:18:38.0704 4828 SynTP - ok
22:18:38.0977 4828 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:18:39.0011 4828 Tcpip - ok
22:18:39.0288 4828 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:18:39.0294 4828 Tcpip6 - ok
22:18:39.0629 4828 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:18:39.0654 4828 tcpipreg - ok
22:18:39.0866 4828 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:18:39.0866 4828 tdcmdpst - ok
22:18:40.0313 4828 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:18:40.0316 4828 TDPIPE - ok
22:18:40.0573 4828 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:18:40.0577 4828 TDTCP - ok
22:18:41.0065 4828 tdx (02357d46a465b5e2c6d0bbf41694a5f8) C:\Windows\system32\DRIVERS\tdx.sys
22:18:41.0066 4828 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.sys. Real md5: 02357d46a465b5e2c6d0bbf41694a5f8, Fake md5: 76b06eb8a01fc8624d699e7045303e54
22:18:41.0067 4828 tdx ( Rootkit.Win32.ZAccess.aml ) - infected
22:18:41.0067 4828 tdx - detected Rootkit.Win32.ZAccess.aml (0)
22:18:41.0385 4828 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:18:41.0386 4828 TermDD - ok
22:18:41.0835 4828 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:18:41.0862 4828 tos_sps32 - ok
22:18:42.0276 4828 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:42.0373 4828 tssecsrv - ok
22:18:42.0728 4828 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:18:42.0730 4828 tunmp - ok
22:18:43.0151 4828 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
22:18:43.0194 4828 tunnel - ok
22:18:43.0416 4828 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:18:43.0417 4828 TVALZ - ok
22:18:43.0556 4828 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:18:43.0577 4828 uagp35 - ok
22:18:44.0003 4828 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:18:44.0032 4828 udfs - ok
22:18:44.0471 4828 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:18:44.0473 4828 uliagpkx - ok
22:18:44.0654 4828 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:18:44.0686 4828 uliahci - ok
22:18:45.0012 4828 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:18:45.0049 4828 UlSata - ok
22:18:45.0267 4828 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:18:45.0270 4828 ulsata2 - ok
22:18:45.0385 4828 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:18:45.0387 4828 umbus - ok
22:18:45.0919 4828 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:18:45.0940 4828 USBAAPL - ok
22:18:46.0149 4828 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:46.0173 4828 usbccgp - ok
22:18:46.0410 4828 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:18:46.0430 4828 usbcir - ok
22:18:46.0550 4828 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:18:46.0583 4828 usbehci - ok
22:18:47.0113 4828 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:18:47.0149 4828 usbhub - ok
22:18:47.0296 4828 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:18:47.0319 4828 usbohci - ok
22:18:47.0366 4828 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:18:47.0368 4828 usbprint - ok
22:18:48.0171 4828 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:18:48.0190 4828 usbscan - ok
22:18:48.0870 4828 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:48.0872 4828 USBSTOR - ok
22:18:48.0929 4828 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:18:48.0950 4828 usbuhci - ok
22:18:49.0306 4828 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:18:49.0310 4828 usbvideo - ok
22:18:49.0836 4828 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:49.0866 4828 vga - ok
22:18:50.0249 4828 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:18:50.0250 4828 VgaSave - ok
22:18:50.0808 4828 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:18:50.0829 4828 viaagp - ok
22:18:51.0159 4828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:18:51.0200 4828 ViaC7 - ok
22:18:51.0323 4828 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:18:51.0325 4828 viaide - ok
22:18:51.0416 4828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:18:51.0442 4828 volmgr - ok
22:18:51.0794 4828 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:18:51.0820 4828 volmgrx - ok
22:18:52.0093 4828 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:18:52.0120 4828 volsnap - ok
22:18:52.0288 4828 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:18:52.0291 4828 vsmraid - ok
22:18:52.0800 4828 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:18:52.0837 4828 WacomPen - ok
22:18:53.0157 4828 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:53.0212 4828 Wanarp - ok
22:18:53.0218 4828 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:53.0220 4828 Wanarpv6 - ok
22:18:53.0954 4828 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:18:53.0975 4828 Wd - ok
22:18:54.0246 4828 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:18:54.0297 4828 Wdf01000 - ok
22:18:54.0928 4828 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:18:54.0954 4828 WmiAcpi - ok
22:18:55.0265 4828 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:18:55.0267 4828 ws2ifsl - ok
22:18:55.0832 4828 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:55.0873 4828 WUDFRd - ok
22:18:55.0987 4828 XDva391 - ok
22:18:56.0228 4828 ZSMC303 (b53430a93fef17b08ac3a9f245b9720f) C:\Windows\system32\Drivers\usbVM303.sys
22:18:56.0236 4828 ZSMC303 - ok
22:18:56.0279 4828 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:18:56.0369 4828 \Device\Harddisk0\DR0 - ok
22:18:56.0390 4828 Boot (0x1200) (b13f474a0005656d3301300e7d414d05) \Device\Harddisk0\DR0\Partition0
22:18:56.0395 4828 \Device\Harddisk0\DR0\Partition0 - ok
22:18:56.0396 4828 ============================================================
22:18:56.0396 4828 Scan finished
22:18:56.0396 4828 ============================================================
22:18:56.0416 5060 Detected object count: 1
22:18:56.0416 5060 Actual detected object count: 1
22:19:13.0804 5060 Backup copy found, using it..
22:19:13.0815 5060 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
22:19:36.0320 5060 tdx ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
22:20:53.0380 2816 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 05 January 2012 - 12:56 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 January 2012 - 08:56 PM

Here you go:

OTL logfile created on: 1/5/2012 6:49:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dylan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 57.32% Memory free
5.73 Gb Paging File | 4.49 Gb Available in Paging File | 78.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.67 Gb Total Space | 132.17 Gb Free Space | 59.35% Space Free | Partition Type: NTFS

Computer Name: DYLAN-PC | User Name: Dylan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dylan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\VM303_STI.EXE (Vimicro)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3398.36836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3398.36818__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3398.36876__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3398.36889__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3398.36827__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3398.36871__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3398.36875__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3398.36909__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3398.36827__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3398.36864__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3398.36839__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3398.36828__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3398.36884__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3398.36843__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3398.36838__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3398.36908__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3398.36869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3398.36862__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3398.36907__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3398.36842__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3398.36863__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3398.36868__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3398.36870__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3010.30489__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3010.30504__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3010.30523__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3010.30487__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3010.30488__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3010.30539__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3010.30503__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3010.30495__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3010.30503__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3010.30495__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3010.30511__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3010.30523__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3010.30502__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3010.30513__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3010.30526__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3010.30512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3010.30525__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3010.30518__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3010.30516__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3398.36914__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3010.30509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3010.30522__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3010.30515__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3010.30512__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3010.30517__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3010.30514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3010.30511__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3010.30502__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3398.36814__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3398.36823__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3398.36832__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3398.36903__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3398.36902__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3398.36816__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3398.36818__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3398.36816__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3398.36814__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3010.30492__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3010.30507__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3010.30497__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3010.30512__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3010.30500__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3010.30511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3010.30510__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3010.30518__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3398.36903__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation )
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ZSMC303) VIMICRO USB PC Camera (VC0303) -- C:\Windows\System32\drivers\usbVM303.sys (Vimicro Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1904164414-2984044250-484335120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-1904164414-2984044250-484335120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-1904164414-2984044250-484335120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1904164414-2984044250-484335120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1904164414-2984044250-484335120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 16:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 16:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/15 16:50:13 | 000,000,204 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 16:22:00 | 000,000,000 | ---D | M]

[2011/10/29 19:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dylan\AppData\Roaming\Mozilla\Extensions
[2011/11/29 21:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dylan\AppData\Roaming\Mozilla\Firefox\Profiles\hppcy6n3.default\extensions
[2012/01/03 22:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DYLAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HPPCY6N3.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/11/20 21:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 18:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 18:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1904164414-2984044250-484335120-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1904164414-2984044250-484335120-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3758E6-0F14-43A9-A5B3-96C3F93EDF56}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 18:48:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dylan\Desktop\OTL.exe
[2012/01/04 22:17:09 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dylan\Desktop\tdsskiller.exe
[2012/01/03 23:07:42 | 000,000,000 | ---D | C] -- C:\Users\Dylan\Documents\Symantec
[2012/01/03 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012/01/03 22:19:55 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Local\ID Vault
[2012/01/03 22:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Roaming\ID Vault
[2012/01/03 22:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Constant Guard Protection Suite
[2012/01/03 22:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/12/30 17:50:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dylan\Desktop\dds(1).scr
[2011/12/27 14:30:37 | 000,000,000 | ---D | C] -- C:\Users\Dylan\Documents\My Spore Creations
[2011/12/27 14:30:03 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Roaming\SPORE
[2011/12/27 14:29:41 | 000,000,000 | RH-D | C] -- C:\Users\Dylan\AppData\Roaming\SecuROM
[2011/12/27 14:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/12/27 14:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/12/27 14:26:16 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Local\Downloaded Installations
[2011/12/27 12:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/12/22 15:30:46 | 000,000,000 | ---D | C] -- C:\Users\Dylan\Desktop\gmer
[2011/12/22 07:24:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/22 00:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/22 00:01:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/22 00:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/21 23:39:38 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dylan\Desktop\mbam-setup.exe
[2011/12/19 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/12/19 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Local\HP
[2011/12/19 16:29:13 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Roaming\HP
[2011/12/19 16:26:08 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Roaming\HpUpdate
[2011/12/19 16:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/12/19 16:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/12/19 16:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/12/19 16:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/12/19 16:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/12/19 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/12/19 16:12:09 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l696.dll
[2011/12/19 16:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/12/19 16:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/12/19 16:08:41 | 000,737,280 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p02a.dll
[2011/12/19 16:08:41 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2011/12/19 16:08:41 | 000,261,432 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2011/12/19 16:08:40 | 000,966,656 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p02a.dll
[2011/12/19 16:08:40 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/12/19 16:08:40 | 000,307,200 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p02a.dll
[2011/12/17 19:45:12 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Roaming\Skype
[2011/12/17 19:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/17 19:44:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/12/17 19:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/12/16 14:12:18 | 000,000,000 | ---D | C] -- C:\Temp
[2011/12/16 13:47:02 | 000,000,000 | ---D | C] -- C:\Users\Dylan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2011/12/15 16:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/15 16:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/15 16:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/15 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/12/15 16:49:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/15 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2011/12/14 21:09:08 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 21:09:07 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 21:09:06 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 21:09:02 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 21:09:02 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 21:09:02 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 21:09:01 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 21:09:01 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/12/14 21:09:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 21:09:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 21:08:58 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 21:08:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 21:08:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2012/01/05 18:49:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dylan\Desktop\OTL.exe
[2012/01/05 18:29:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/05 18:29:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/05 18:29:01 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/01/05 18:29:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/01/05 18:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 18:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/05 18:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/05 18:29:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/05 18:29:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/05 18:29:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/01/05 18:29:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/04 22:23:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 22:23:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 22:23:30 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 22:17:16 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dylan\Desktop\tdsskiller.exe
[2012/01/04 22:05:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/04 22:05:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/04 21:05:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/04 21:05:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/03 22:31:10 | 000,000,914 | ---- | M] () -- C:\Users\Dylan\Desktop\Norton Installation Files.lnk
[2012/01/03 20:05:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/03 20:05:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/03 19:05:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/03 19:05:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/01 15:04:53 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/01 15:04:53 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/31 19:49:26 | 519,355,917 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/30 17:50:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dylan\Desktop\dds(1).scr
[2011/12/27 18:12:22 | 000,000,136 | ---- | M] () -- C:\Users\Dylan\Application Data\Microsoft\Internet Explorer\Quick Launch\SPORE™ - Shortcut.lnk
[2011/12/27 14:27:56 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/12/27 14:27:00 | 000,001,216 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg
[2011/12/27 13:00:01 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/26 20:27:53 | 000,011,864 | -HS- | M] () -- C:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/26 20:27:52 | 000,011,864 | -HS- | M] () -- C:\Users\Dylan\AppData\Local\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/24 21:56:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0F7yo876.com.b
[2011/12/24 12:49:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\JQ8n04.dat
[2011/12/23 12:40:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/22 15:29:59 | 000,294,216 | R--- | M] () -- C:\Users\Dylan\Desktop\gmer.zip
[2011/12/22 15:24:31 | 000,000,000 | ---- | M] () -- C:\Users\Dylan\defogger_reenable
[2011/12/22 07:26:23 | 000,410,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/22 00:01:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/21 23:59:56 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dylan\Desktop\mbam-setup.exe
[2011/12/21 23:36:11 | 001,008,141 | ---- | M] () -- C:\Users\Dylan\Desktop\iExplore(1).exe
[2011/12/21 23:29:08 | 000,009,640 | -HS- | M] () -- C:\ProgramData\2r15ur3y88y875
[2011/12/21 23:29:07 | 000,009,640 | -HS- | M] () -- C:\Users\Dylan\AppData\Local\2r15ur3y88y875
[2011/12/19 16:31:12 | 000,220,608 | ---- | M] () -- C:\Windows\hpoins35.dat
[2011/12/19 16:24:14 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 16:21:07 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 16:20:45 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 16:20:21 | 000,001,983 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/17 19:44:51 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/17 15:26:26 | 000,083,002 | ---- | M] () -- C:\Users\Dylan\AppData\Roaming\icarus-dxdiag.xml
[2011/12/16 13:11:09 | 1073,837,364 | ---- | M] () -- C:\Users\Dylan\Fallen_Earth.7z
[2011/12/15 22:53:40 | 000,245,459 | ---- | M] () -- C:\Users\Dylan\Fallen_Earth_20110728.exe
[2011/12/15 17:50:55 | 922,460,208 | ---- | M] () -- C:\Users\Dylan\War_Rock_10182011_G1_Xfire.exe
[2011/12/15 16:52:44 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/01/03 22:31:10 | 000,000,914 | ---- | C] () -- C:\Users\Dylan\Desktop\Norton Installation Files.lnk
[2011/12/27 18:12:22 | 000,000,136 | ---- | C] () -- C:\Users\Dylan\Application Data\Microsoft\Internet Explorer\Quick Launch\SPORE™ - Shortcut.lnk
[2011/12/27 14:27:56 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011/12/27 14:27:00 | 000,001,216 | ---- | C] () -- C:\Windows\System32\ealregsnapshot1.reg
[2011/12/27 12:59:02 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/12/27 12:59:02 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/26 20:25:46 | 000,011,864 | -HS- | C] () -- C:\Users\Dylan\AppData\Local\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/26 20:25:46 | 000,011,864 | -HS- | C] () -- C:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
[2011/12/24 21:56:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0F7yo876.com.b
[2011/12/24 12:49:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\JQ8n04.dat
[2011/12/24 12:49:45 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/24 12:49:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/24 12:49:44 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/24 12:49:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/24 12:49:41 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/24 12:49:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/24 12:49:39 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/24 12:49:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/24 12:49:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/24 12:49:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/24 12:49:35 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/24 12:49:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/24 12:49:34 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/24 12:49:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/24 12:49:32 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/24 12:49:31 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/24 12:49:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/24 12:49:29 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/24 12:49:28 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/24 12:49:27 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/24 12:49:26 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/24 12:49:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/24 12:49:22 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/24 12:49:21 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/24 12:49:21 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/24 12:49:20 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/24 12:49:19 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/24 12:49:18 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/24 12:49:16 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/24 12:49:15 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/24 12:49:14 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/24 12:49:13 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/24 12:49:13 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/24 12:49:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/24 12:49:10 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/24 12:49:09 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/24 12:49:09 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/24 12:49:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/24 12:49:07 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/24 12:49:05 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/24 12:49:03 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/24 12:49:02 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/24 12:49:01 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/24 12:49:00 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/24 12:48:59 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/24 12:48:58 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/24 12:48:57 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/24 12:48:55 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/22 15:29:44 | 000,294,216 | R--- | C] () -- C:\Users\Dylan\Desktop\gmer.zip
[2011/12/22 15:24:31 | 000,000,000 | ---- | C] () -- C:\Users\Dylan\defogger_reenable
[2011/12/22 00:01:16 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/21 23:35:45 | 001,008,141 | ---- | C] () -- C:\Users\Dylan\Desktop\iExplore(1).exe
[2011/12/21 23:24:05 | 000,009,640 | -HS- | C] () -- C:\Users\Dylan\AppData\Local\2r15ur3y88y875
[2011/12/21 23:24:05 | 000,009,640 | -HS- | C] () -- C:\ProgramData\2r15ur3y88y875
[2011/12/19 16:25:24 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/12/19 16:24:14 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/19 16:21:07 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/19 16:20:45 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2011/12/19 16:20:21 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/19 16:09:33 | 000,220,608 | ---- | C] () -- C:\Windows\hpoins35.dat
[2011/12/19 16:09:33 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat
[2011/12/17 19:44:51 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/17 15:26:26 | 000,083,002 | ---- | C] () -- C:\Users\Dylan\AppData\Roaming\icarus-dxdiag.xml
[2011/12/15 22:32:22 | 519,355,917 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/15 21:57:52 | 1073,837,364 | ---- | C] () -- C:\Users\Dylan\Fallen_Earth.7z
[2011/12/15 21:57:52 | 000,245,459 | ---- | C] () -- C:\Users\Dylan\Fallen_Earth_20110728.exe
[2011/12/15 17:32:05 | 922,460,208 | ---- | C] () -- C:\Users\Dylan\War_Rock_10182011_G1_Xfire.exe
[2011/12/15 16:52:44 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/01 15:26:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/01 15:26:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/10/29 20:13:28 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/10/29 20:10:34 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2011/10/29 20:01:23 | 000,000,005 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2011/10/29 19:55:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/10/29 19:52:17 | 000,000,916 | ---- | C] () -- C:\Windows\System32\tosmreg.dat
[2011/10/29 19:44:48 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/10/29 19:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/29 19:37:49 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2011/10/29 19:36:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/10/29 19:36:43 | 000,184,751 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/05/04 19:32:16 | 001,240,142 | ---- | C] () -- C:\Windows\ROnce.exe
[2009/05/03 21:04:45 | 000,209,040 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/05/03 21:04:45 | 000,204,944 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/05/03 21:04:45 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/05/03 21:04:45 | 000,196,752 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/05/03 21:04:45 | 000,192,656 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/05/03 21:04:45 | 000,024,720 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/05/03 19:15:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,410,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 06 January 2012 - 01:38 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O4 - HKLM..\Run: [] File not found
    [2011/12/26 20:27:53 | 000,011,864 | -HS- | M] () -- C:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
    [2011/12/26 20:27:52 | 000,011,864 | -HS- | M] () -- C:\Users\Dylan\AppData\Local\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3
    [2011/12/24 21:56:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0F7yo876.com.b
    [2011/12/21 23:29:08 | 000,009,640 | -HS- | M] () -- C:\ProgramData\2r15ur3y88y875
    [2011/12/21 23:29:07 | 000,009,640 | -HS- | M] () -- C:\Users\Dylan\AppData\Local\2r15ur3y88y875
      
    :files
    C:\windows\tasks\At*.job
    C:\Windows\System32\0F7yo876.com.b  
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 06 January 2012 - 07:48 PM

Everything seems to be running just fine! :thumbsup:

Here's the log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\ProgramData\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3 moved successfully.
C:\Users\Dylan\AppData\Local\dd36rm417bn1dh83kl0kjq27l5kl3207o3jv40n0318j3 moved successfully.
C:\Windows\System32\0F7yo876.com.b moved successfully.
C:\ProgramData\2r15ur3y88y875 moved successfully.
C:\Users\Dylan\AppData\Local\2r15ur3y88y875 moved successfully.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At10.job moved successfully.
C:\windows\tasks\At11.job moved successfully.
C:\windows\tasks\At12.job moved successfully.
C:\windows\tasks\At13.job moved successfully.
C:\windows\tasks\At14.job moved successfully.
C:\windows\tasks\At15.job moved successfully.
C:\windows\tasks\At16.job moved successfully.
C:\windows\tasks\At17.job moved successfully.
C:\windows\tasks\At18.job moved successfully.
C:\windows\tasks\At19.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At20.job moved successfully.
C:\windows\tasks\At21.job moved successfully.
C:\windows\tasks\At22.job moved successfully.
C:\windows\tasks\At23.job moved successfully.
C:\windows\tasks\At24.job moved successfully.
C:\windows\tasks\At25.job moved successfully.
C:\windows\tasks\At26.job moved successfully.
C:\windows\tasks\At27.job moved successfully.
C:\windows\tasks\At28.job moved successfully.
C:\windows\tasks\At29.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At30.job moved successfully.
C:\windows\tasks\At31.job moved successfully.
C:\windows\tasks\At32.job moved successfully.
C:\windows\tasks\At33.job moved successfully.
C:\windows\tasks\At34.job moved successfully.
C:\windows\tasks\At35.job moved successfully.
C:\windows\tasks\At36.job moved successfully.
C:\windows\tasks\At37.job moved successfully.
C:\windows\tasks\At38.job moved successfully.
C:\windows\tasks\At39.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
C:\windows\tasks\At40.job moved successfully.
C:\windows\tasks\At41.job moved successfully.
C:\windows\tasks\At42.job moved successfully.
C:\windows\tasks\At43.job moved successfully.
C:\windows\tasks\At44.job moved successfully.
C:\windows\tasks\At45.job moved successfully.
C:\windows\tasks\At46.job moved successfully.
C:\windows\tasks\At47.job moved successfully.
C:\windows\tasks\At48.job moved successfully.
C:\windows\tasks\At5.job moved successfully.
C:\windows\tasks\At6.job moved successfully.
C:\windows\tasks\At7.job moved successfully.
C:\windows\tasks\At8.job moved successfully.
C:\windows\tasks\At9.job moved successfully.
File\Folder C:\Windows\System32\0F7yo876.com.b not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dylan\Desktop\cmd.bat deleted successfully.
C:\Users\Dylan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dylan
->Temp folder emptied: 1414143203 bytes
->Temporary Internet Files folder emptied: 33310052 bytes
->FireFox cache emptied: 187235135 bytes
->Flash cache emptied: 30693 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 135792119 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,689.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Dylan

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Dylan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_165359

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 06 January 2012 - 08:27 PM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • Log From ESET Online Scanner
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Criminalicious

Criminalicious
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 07 January 2012 - 02:08 AM

Allright, still not having any problems, which is great! The little colored shield next to some programs disappeared after using TFC, but I think they'll come back after a reboot.
Here's the MBAM log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Dylan :: DYLAN-PC [administrator]

1/6/2012 9:47:51 PM
mbam-log-2012-01-06 (21-47-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174984
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ad25a734344da346aad16e7f5acfd8e2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-07 07:06:53
# local_time=2012-01-07 12:06:53 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 66 100 1422928 162520165 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134314
# found=1
# cleaned=0
# scan_time=7375
C:\Users\Dylan\War_Rock_10182011_G1_Xfire.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:29 AM

Posted 07 January 2012 - 02:12 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Dylan\War_Rock_10182011_G1_Xfire.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users