Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect causing havoc


  • This topic is locked This topic is locked
23 replies to this topic

#1 hurst88

hurst88

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 25 December 2011 - 03:26 PM

Okay guys I'm fairly certain that I'm infected with Google Redirect and it has been causing a host of problems. Firstly it redirects all links I click on in firefox to spam websites, sometimes opening several of them. It infected me with a fake anti-virus that I was able to remove. It caused all my programs to ask what specific program they wanted to open with; which I was also able to curtail. I can no longer even open Chrome, it just says a problem has occurred. The redirecting persists and it has also started to cause my computer to randomly shut down so I haven't been able to run GMER because it takes to long too scan. I've tried everything to fully remove this problem (malwarebytes, avast, ad-ware, FixTDSS, TDSSKiller) and nothing has done the job completely. So I was hoping you guys might have some help!

Here are my logs from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Adam Hurst at 15:24:39 on 2011-12-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2943 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Users\Adam Hurst\Downloads\gw7vohzz.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [AdobeBridge]
uRun: [Akamai NetSession Interface] "C:\Users\Adam Hurst\AppData\Local\Akamai\netsession_win.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5DDD2CD9-4395-47A6-8762-070D5E5EAE4E} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5DDD2CD9-4395-47A6-8762-070D5E5EAE4E}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5DDD2CD9-4395-47A6-8762-070D5E5EAE4E}\7594E4F553144443 : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{5DDD2CD9-4395-47A6-8762-070D5E5EAE4E}\D4F6F63756 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-2 2152152]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110419.002\IDSviA64.sys [2011-4-19 476792]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-24 44768]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-2-1 844320]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-11 135664]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
S2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-21 132656]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-11 135664]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-24 19:22:37 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-12-24 19:19:29 -------- d-----w- C:\Users\Adam Hurst\AppData\Local\adaware
2011-12-24 19:19:28 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2011-12-24 19:19:26 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2011-12-24 19:19:09 -------- d-----w- C:\Program Files (x86)\adawaretb
2011-12-24 19:19:03 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-12-24 18:59:13 -------- d-----w- C:\Program Files\CCleaner
2011-12-24 18:27:55 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-24 18:27:54 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-24 18:27:49 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-24 18:27:43 -------- d-----w- C:\ProgramData\AVAST Software


------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2011 7:01:43 AM
System Uptime: 12/24/2011 2:52:40 PM (1 hours ago)
.
Motherboard: Gateway | | SJV50TR
Processor: AMD Turion™ II Ultra Dual-Core Mobile M600 | Socket S1G3 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 208.596 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Network Dispatch Driver
Device ID: ROOT\LEGACY_SYMTDI\0000
Manufacturer:
Name: Symantec Network Dispatch Driver
PNP Device ID: ROOT\LEGACY_SYMTDI\0000
Service: SYMTDI
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP39: 11/29/2011 1:39:35 AM - Scheduled Checkpoint
RP40: 12/12/2011 12:47:32 AM - Scheduled Checkpoint
RP41: 12/18/2011 1:33:55 PM - Restore Operation
RP42: 12/20/2011 6:23:40 PM - Installed Ad-Aware
RP43: 12/20/2011 6:24:28 PM - Installed Ad-Aware
RP44: 12/20/2011 6:34:15 PM - Installed AVG 2012
RP45: 12/20/2011 6:34:48 PM - Installed AVG 2012
RP46: 12/23/2011 12:21:05 AM - Restore Operation
RP47: 12/24/2011 2:17:24 PM - Installed Ad-Aware
RP48: 12/24/2011 2:18:16 PM - Installed Ad-Aware
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.1 MUI
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD USB Filter Driver
Apple Application Support
Apple Software Update
avast! Free Antivirus
AviSynth 2.5
Backup Manager Basic
BitZipper 2010
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
CyberLink PowerDVD 8
Diablo II
DivX Setup
ffdshow [rev 2583] [2009-01-05]
File Type Assistant
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Update Helper
Haali Media Splitter
Identity Card
Java™ 6 Update 24
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
Norton Internet Security
Octoshape add-in for Adobe Flash Player
Photo Gallery Builder
Picasa 3
QuickTime
RAR File Open Knife - Free Opener
Realtek USB 2.0 Card Reader
SecureW2 EAP Suite 2.0.2 for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ShowRoom for PowerPoint
Sothink Movie DVD Maker
Swiff Player 1.7.2
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
VC80CRTRedist - 8.0.50727.4053
Video Web Camera
WebSlingPlayer ActiveX
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
12/24/2011 2:56:22 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/24/2011 2:53:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/24/2011 2:53:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/24/2011 2:53:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/24/2011 2:53:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/24/2011 2:53:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SYMTDI Wanarpv6
12/24/2011 2:53:11 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/24/2011 2:53:11 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/24/2011 2:53:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/24/2011 2:51:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
12/24/2011 2:51:41 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 2:51:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
12/24/2011 2:49:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/24/2011 2:48:36 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/24/2011 2:47:58 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
12/24/2011 2:47:58 PM, Error: atikmdag [43029] - Display is not active
12/24/2011 2:46:46 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 2:46:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
12/24/2011 2:46:16 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 2:45:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/24/2011 2:21:43 PM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2011 2:14:51 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/24/2011 2:14:51 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
12/24/2011 1:27:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/24/2011 1:16:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SYMTDI Wanarpv6
12/22/2011 3:38:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/22/2011 11:29:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
12/20/2011 5:02:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 5:02:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/20/2011 5:02:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/20/2011 5:02:35 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/20/2011 5:02:35 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/20/2011 5:01:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIM SYMTDI tdx vwififlt Wanarpv6 WfpLwf
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/20/2011 5:01:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2011 5:03:59 PM, Error: Service Control Manager [7038] - The Winmgmt service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/18/2011 5:03:59 PM, Error: Service Control Manager [7038] - The ProfSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/18/2011 5:03:59 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not start due to a logon failure.
12/18/2011 5:01:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/18/2011 2:36:04 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/18/2011 2:07:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2011 2:05:59 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
.

BC AdBot (Login to Remove)

 


#2 hurst88

hurst88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 25 December 2011 - 08:20 PM

The fake anti-virus is back and is called "Win 7 Antispyware 2012"

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 31 December 2011 - 03:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434442 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 hurst88

hurst88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 01 January 2012 - 11:34 PM

Still having the same problems :/

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 02 January 2012 - 08:08 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

Since you didn't updated logs with helpbot's request, we need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 hurst88

hurst88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 03 January 2012 - 01:58 PM

Still having the same issues. Here are your requested logs:

OTL logfile created on: 1/3/2012 1:21:58 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam Hurst\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 61.16% Memory free
7.49 Gb Paging File | 5.73 Gb Available in Paging File | 76.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 206.79 Gb Free Space | 72.24% Space Free | Partition Type: NTFS

Computer Name: ADAMHURST-PC | User Name: Adam Hurst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/03 01:20:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Hurst\Downloads\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Adam Hurst\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/02 07:49:14 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/27 02:16:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/14 18:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/03 17:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/11/20 18:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/24 17:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/03 23:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/27 22:50:46 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/27 02:16:24 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/06 10:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/20 18:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/06/03 23:59:14 | 000,013,096 | ---- | M] () -- c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 23:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2009/02/02 19:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/30 02:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/12/24 14:22:23 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/14 21:16:13 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/02 07:49:14 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/10/10 19:28:18 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 19:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/17 18:37:51 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/10/29 15:19:31 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/10/29 15:19:31 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/10/29 15:19:31 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/29 15:19:31 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/30 12:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 05:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 12:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 12:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/12/24 14:22:36 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/14 13:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110419.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/17 02:06:34 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/02/17 02:06:34 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/31 14:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/12/23 02:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/12/23 02:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/24 13:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 00:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/23 11:22:32 | 000,000,000 | ---D | M]

[2011/02/17 18:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Extensions
[2011/12/24 14:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions
[2011/04/27 22:01:00 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2011/12/24 14:19:26 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/04/10 12:59:44 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/12/23 00:28:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/31 10:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/27 02:16:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/21 20:18:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 15:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2011/10/05 19:48:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/27 02:16:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Adam Hurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AVG Safe Search = C:\Users\Adam Hurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Adam Hurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Adam Hurst\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DDD2CD9-4395-47A6-8762-070D5E5EAE4E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = l???] -- Reg Error: Key error. File not found



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 10:54:50 | 000,000,000 | R--D | C] -- C:\Users\Adam Hurst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/12/25 20:17:59 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Users\Adam Hurst\AppData\Local\jrb.exe
[2011/12/25 20:17:59 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Users\Adam Hurst\AppData\Local\hup.exe
[2011/12/25 20:17:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/24 14:22:37 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/24 14:19:29 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\AppData\Local\adaware
[2011/12/24 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/12/24 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/12/24 14:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/12/24 14:19:03 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/24 14:06:55 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam Hurst\Desktop\aae.com.exe
[2011/12/24 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/24 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/24 13:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/24 13:28:00 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/24 13:28:00 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/24 13:27:56 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/24 13:27:55 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/24 13:27:55 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/24 13:27:54 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/24 13:27:54 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/24 13:27:49 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/24 13:27:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/24 13:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/24 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/22 12:00:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/12/20 18:35:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/20 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/12/20 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/12/20 18:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/20 18:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/20 18:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/20 18:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/15 05:19:19 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\111
[2011/12/15 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\capstonepresentation
[2011/12/15 00:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiff Player
[2011/12/15 00:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX
[2011/12/14 23:17:47 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\sites
[2011/12/14 22:56:22 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\Word
[2011/12/13 10:54:30 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\portfolio
[2011/12/09 00:34:22 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\inscpae
[2011/12/04 13:58:02 | 000,000,000 | ---D | C] -- C:\Windows\system64

========== Files - Modified Within 30 Days ==========

[2012/01/03 01:24:47 | 001,168,246 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008030.006\Cat.DB
[2012/01/03 01:23:18 | 000,302,592 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\617fhw0g.exe
[2012/01/03 01:17:53 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/03 01:17:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 01:17:49 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 14:23:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 14:23:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/31 10:55:43 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/31 10:55:43 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/31 10:53:42 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 10:52:26 | 000,011,552 | -HS- | M] () -- C:\Users\Adam Hurst\AppData\Local\0jy58p86k5m0
[2011/12/26 18:52:25 | 000,002,059 | ---- | M] () -- C:\Users\Adam Hurst\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/26 14:17:59 | 000,011,548 | -HS- | M] () -- C:\ProgramData\0jy58p86k5m0
[2011/12/24 14:51:11 | 000,000,000 | ---- | M] () -- C:\Users\Adam Hurst\AppData\Local\{9E0D86C5-10C2-4AC2-99B8-02668953EB20}
[2011/12/24 14:47:16 | 000,000,000 | ---- | M] () -- C:\Users\Adam Hurst\AppData\Local\{B3EDF81D-1CE7-407A-87D0-A5660183635D}
[2011/12/24 14:22:37 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/24 14:19:05 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/24 14:06:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam Hurst\Desktop\aae.com.exe
[2011/12/24 14:02:30 | 000,121,478 | ---- | M] () -- C:\Users\Adam Hurst\Documents\cc_20111224_140216.reg
[2011/12/24 13:59:16 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/24 13:28:01 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/24 13:27:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/24 11:05:25 | 000,029,184 | ---- | M] () -- C:\Windows\SysWow64\R3t8a2.com
[2011/12/23 00:19:06 | 000,011,818 | -HS- | M] () -- C:\Users\Adam Hurst\AppData\Local\lpimos2h3dbd2qke1jux3u611j6e
[2011/12/23 00:19:06 | 000,011,818 | -HS- | M] () -- C:\ProgramData\lpimos2h3dbd2qke1jux3u611j6e
[2011/12/18 18:35:50 | 000,009,222 | -HS- | M] () -- C:\Users\Adam Hurst\AppData\Local\5o48ru8o10a702
[2011/12/18 18:35:50 | 000,009,222 | -HS- | M] () -- C:\ProgramData\5o48ru8o10a702
[2011/12/18 16:01:42 | 000,108,497 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\OSU.jpg
[2011/12/15 09:33:29 | 027,230,885 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\CapstonePresentation.pdf
[2011/12/15 06:53:55 | 020,051,978 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Portfolio-Adam Hurst.pdf
[2011/12/15 06:16:57 | 000,141,775 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\18.jpg
[2011/12/15 06:13:12 | 000,099,819 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\17.jpg
[2011/12/15 05:42:37 | 023,797,213 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\presentation.pdf
[2011/12/15 01:16:23 | 000,474,103 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\1.pdf
[2011/12/15 00:12:16 | 001,974,908 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Right-facing-Arrow-icon.jpg
[2011/12/15 00:00:12 | 000,001,076 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Swiff Player.lnk
[2011/12/14 23:18:19 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/14 23:18:19 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009(341).dat
[2011/12/14 23:18:19 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009(340).dat
[2011/12/14 03:14:47 | 033,967,117 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Laredo.wmv
[2011/12/14 02:28:43 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/13 20:13:33 | 011,326,694 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Band Of Horses - Laredo (Acoustic)(Live On Q TV).mp3
[2011/12/11 20:09:34 | 000,005,568 | -HS- | M] () -- C:\Users\Adam Hurst\AppData\Local\54e0w245m2huy6u70n6ac
[2011/12/11 20:09:34 | 000,005,568 | -HS- | M] () -- C:\ProgramData\54e0w245m2huy6u70n6ac
[2011/12/11 12:37:02 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/10 01:08:33 | 000,000,112 | ---- | M] () -- C:\ProgramData\VwtumLVE6.dat
[2011/12/10 00:58:55 | 000,012,528 | -HS- | M] () -- C:\Users\Adam Hurst\AppData\Local\xtkyvq2w2hcu8gfj0iss0k137v7s
[2011/12/10 00:58:55 | 000,012,528 | -HS- | M] () -- C:\ProgramData\xtkyvq2w2hcu8gfj0iss0k137v7s
[2011/12/09 00:36:49 | 021,423,755 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Inscapefinal2.jpg
[2011/12/09 00:35:59 | 003,930,834 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\INSCAPEfinal3.jpg
[2011/12/09 00:35:23 | 004,165,430 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\inscapefinal1.jpg
[2011/12/04 14:46:32 | 000,011,890 | -HS- | M] () -- C:\Users\Adam Hurst\AppData\Local\6l06kf7v14v033
[2011/12/04 14:46:32 | 000,011,890 | -HS- | M] () -- C:\ProgramData\6l06kf7v14v033

========== Files Created - No Company Name ==========

[2012/01/03 01:23:18 | 000,302,592 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\617fhw0g.exe
[2011/12/25 20:18:04 | 000,011,552 | -HS- | C] () -- C:\Users\Adam Hurst\AppData\Local\0jy58p86k5m0
[2011/12/25 20:18:04 | 000,011,548 | -HS- | C] () -- C:\ProgramData\0jy58p86k5m0
[2011/12/24 14:50:11 | 000,000,000 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Local\{9E0D86C5-10C2-4AC2-99B8-02668953EB20}
[2011/12/24 14:45:46 | 000,000,000 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Local\{B3EDF81D-1CE7-407A-87D0-A5660183635D}
[2011/12/24 14:20:23 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/24 14:20:23 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/24 14:19:05 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/24 14:02:22 | 000,121,478 | ---- | C] () -- C:\Users\Adam Hurst\Documents\cc_20111224_140216.reg
[2011/12/24 13:59:16 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/24 13:28:01 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/24 13:27:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/24 11:05:36 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\R3t8a2.com
[2011/12/18 17:10:56 | 000,009,222 | -HS- | C] () -- C:\Users\Adam Hurst\AppData\Local\5o48ru8o10a702
[2011/12/18 17:10:56 | 000,009,222 | -HS- | C] () -- C:\ProgramData\5o48ru8o10a702
[2011/12/18 16:01:40 | 000,108,497 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\OSU.jpg
[2011/12/16 23:05:58 | 000,011,818 | -HS- | C] () -- C:\Users\Ad

Edited by hurst88, 03 January 2012 - 01:59 PM.


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 03 January 2012 - 09:55 PM

Hello, hurst88.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case ). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.















Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 hurst88

hurst88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 04 January 2012 - 02:51 AM

Here it is, first notice is that the redirecting seems to, for the moment, stopped but it does that every once in awhile and then starts up again.

ComboFix 12-01-03.08 - Adam Hurst 01/04/2012 0:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.1923 [GMT -5:00]
Running from: c:\users\Adam Hurst\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adam Hurst\AppData\Local\hup.exe
c:\users\Adam Hurst\AppData\Local\jrb.exe
c:\users\Adam Hurst\AppData\Local\TempDIR
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\R3t8a2.com
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 05:57 . 2012-01-04 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 01:17 . 2011-12-26 01:17 -------- d-----w- c:\windows\Sun
2011-12-24 19:22 . 2011-12-24 19:22 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-24 19:19 . 2011-12-24 19:19 -------- d-----w- c:\users\Adam Hurst\AppData\Local\adaware
2011-12-24 19:19 . 2012-01-04 07:12 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-12-24 19:19 . 2011-12-24 19:19 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-12-24 19:19 . 2011-12-24 19:19 -------- d-----w- c:\program files (x86)\adawaretb
2011-12-24 19:19 . 2011-12-02 12:49 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-24 18:59 . 2011-12-24 18:59 -------- d-----w- c:\program files\CCleaner
2011-12-24 18:28 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-24 18:28 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-24 18:27 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-24 18:27 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-24 18:27 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-24 18:27 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-24 18:27 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-24 18:27 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-24 18:27 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-24 18:27 . 2011-12-24 18:27 -------- d-----w- c:\programdata\AVAST Software
2011-12-24 18:27 . 2011-12-24 18:27 -------- d-----w- c:\program files\AVAST Software
2011-12-22 17:00 . 2011-12-22 17:00 -------- d-----w- C:\$AVG
2011-12-20 23:35 . 2011-12-20 23:35 -------- d--h--w- c:\programdata\Common Files
2011-12-20 23:35 . 2011-12-23 07:44 -------- d-----w- c:\programdata\AVG2012
2011-12-20 23:34 . 2011-12-20 23:34 -------- d-----w- c:\program files (x86)\AVG
2011-12-20 23:28 . 2011-12-22 16:45 -------- d-----w- c:\programdata\MFAData
2011-12-20 23:25 . 2011-12-20 23:26 -------- d-----w- c:\programdata\Lavasoft
2011-12-20 23:25 . 2011-12-20 23:25 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-15 05:00 . 2011-12-23 07:50 -------- d-----w- c:\program files (x86)\GlobFX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 03:50 . 2011-07-09 22:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 00:28 . 2011-10-11 00:28 561800 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\cchpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Adam Hurst\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-24 2152152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-17 132656]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-24 17152]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110419.002\IDSvia64.sys [2011-03-14 476792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 15:11]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 15:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF20763.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-01-04 02:31:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 07:31
.
Pre-Run: 224,153,042,944 bytes free
Post-Run: 223,502,090,240 bytes free
.
- - End Of File - - A62B358A3A480D92FA4178ABCF1B0B98

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 04 January 2012 - 06:26 AM

Hello, hurst88.


Step 1

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 2



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

File::
C:\Users\Adam Hurst\AppData\Local\0jy58p86k5m0
C:\ProgramData\0jy58p86k5m0
C:\Windows\SysWow64\R3t8a2.com
C:\Users\Adam Hurst\AppData\Local\lpimos2h3dbd2qke1jux3u611j6e
C:\ProgramData\lpimos2h3dbd2qke1jux3u611j6e
C:\Users\Adam Hurst\AppData\Local\5o48ru8o10a702
C:\ProgramData\5o48ru8o10a702
C:\Users\Adam Hurst\AppData\Local\54e0w245m2huy6u70n6ac
C:\ProgramData\54e0w245m2huy6u70n6ac
C:\Users\Adam Hurst\AppData\Local\xtkyvq2w2hcu8gfj0iss0k137v7s
C:\ProgramData\xtkyvq2w2hcu8gfj0iss0k137v7s
C:\Users\Adam Hurst\AppData\Local\6l06kf7v14v033
C:\ProgramData\6l06kf7v14v033
C:\Users\Adam Hurst\Desktop\617fhw0g.exe
AtJob::
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 hurst88

hurst88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 04 January 2012 - 03:31 PM

14:44:01.0487 2304 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:44:01.0763 2304 ============================================================
14:44:01.0763 2304 Current date / time: 2012/01/04 14:44:01.0763
14:44:01.0764 2304 SystemInfo:
14:44:01.0764 2304
14:44:01.0764 2304 OS Version: 6.1.7600 ServicePack: 0.0
14:44:01.0764 2304 Product type: Workstation
14:44:01.0764 2304 ComputerName: ADAMHURST-PC
14:44:01.0765 2304 UserName: Adam Hurst
14:44:01.0765 2304 Windows directory: C:\Windows
14:44:01.0765 2304 System windows directory: C:\Windows
14:44:01.0765 2304 Running under WOW64
14:44:01.0765 2304 Processor architecture: Intel x64
14:44:01.0765 2304 Number of processors: 2
14:44:01.0765 2304 Page size: 0x1000
14:44:01.0765 2304 Boot type: Normal boot
14:44:01.0765 2304 ============================================================
14:44:03.0001 2304 Initialize success
14:44:36.0042 4904 ============================================================
14:44:36.0042 4904 Scan started
14:44:36.0042 4904 Mode: Manual;
14:44:36.0042 4904 ============================================================
14:44:36.0654 4904 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:44:36.0661 4904 1394ohci - ok
14:44:36.0725 4904 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:44:36.0744 4904 ACPI - ok
14:44:36.0766 4904 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:44:36.0769 4904 AcpiPmi - ok
14:44:36.0825 4904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:36.0848 4904 adp94xx - ok
14:44:36.0890 4904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:44:36.0899 4904 adpahci - ok
14:44:36.0946 4904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:44:36.0953 4904 adpu320 - ok
14:44:37.0161 4904 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
14:44:37.0183 4904 AFD - ok
14:44:37.0232 4904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:44:37.0235 4904 agp440 - ok
14:44:37.0306 4904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:44:37.0310 4904 aliide - ok
14:44:37.0344 4904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:44:37.0347 4904 amdide - ok
14:44:37.0380 4904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:44:37.0384 4904 AmdK8 - ok
14:44:37.0438 4904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:44:37.0440 4904 AmdPPM - ok
14:44:37.0485 4904 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
14:44:37.0486 4904 amdsata - ok
14:44:37.0610 4904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:37.0616 4904 amdsbs - ok
14:44:37.0742 4904 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
14:44:37.0743 4904 amdxata - ok
14:44:37.0805 4904 ApfiltrService (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:44:37.0809 4904 ApfiltrService - ok
14:44:37.0849 4904 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:44:37.0853 4904 AppID - ok
14:44:37.0947 4904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:44:37.0952 4904 arc - ok
14:44:37.0984 4904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:44:37.0989 4904 arcsas - ok
14:44:38.0052 4904 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
14:44:38.0053 4904 aswFsBlk - ok
14:44:38.0103 4904 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
14:44:38.0105 4904 aswMonFlt - ok
14:44:38.0137 4904 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
14:44:38.0139 4904 aswRdr - ok
14:44:38.0186 4904 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
14:44:38.0195 4904 aswSnx - ok
14:44:38.0240 4904 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
14:44:38.0245 4904 aswSP - ok
14:44:38.0280 4904 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
14:44:38.0282 4904 aswTdi - ok
14:44:38.0355 4904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:38.0356 4904 AsyncMac - ok
14:44:38.0393 4904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:44:38.0394 4904 atapi - ok
14:44:38.0484 4904 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
14:44:38.0543 4904 athr - ok
14:44:38.0613 4904 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
14:44:38.0615 4904 AtiHdmiService - ok
14:44:38.0828 4904 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
14:44:38.0987 4904 atikmdag - ok
14:44:39.0023 4904 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:44:39.0024 4904 AtiPcie - ok
14:44:39.0100 4904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:44:39.0120 4904 b06bdrv - ok
14:44:39.0160 4904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:44:39.0167 4904 b57nd60a - ok
14:44:39.0230 4904 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:44:39.0281 4904 BCM43XX - ok
14:44:39.0330 4904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:44:39.0332 4904 Beep - ok
14:44:39.0466 4904 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
14:44:39.0472 4904 BHDrvx64 - ok
14:44:39.0546 4904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:44:39.0549 4904 blbdrive - ok
14:44:39.0624 4904 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
14:44:39.0628 4904 bowser - ok
14:44:39.0667 4904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:44:39.0670 4904 BrFiltLo - ok
14:44:39.0694 4904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:44:39.0697 4904 BrFiltUp - ok
14:44:39.0740 4904 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:44:39.0744 4904 BridgeMP - ok
14:44:39.0792 4904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:44:39.0801 4904 Brserid - ok
14:44:39.0825 4904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:44:39.0830 4904 BrSerWdm - ok
14:44:39.0853 4904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:44:39.0856 4904 BrUsbMdm - ok
14:44:39.0878 4904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:44:39.0881 4904 BrUsbSer - ok
14:44:39.0901 4904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:44:39.0904 4904 BTHMODEM - ok
14:44:39.0915 4904 catchme - ok
14:44:39.0965 4904 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
14:44:39.0974 4904 CAXHWAZL - ok
14:44:40.0102 4904 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
14:44:40.0111 4904 ccHP - ok
14:44:40.0160 4904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:44:40.0165 4904 cdfs - ok
14:44:40.0206 4904 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:44:40.0212 4904 cdrom - ok
14:44:40.0261 4904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:44:40.0266 4904 circlass - ok
14:44:40.0340 4904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:44:40.0360 4904 CLFS - ok
14:44:40.0439 4904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:40.0443 4904 CmBatt - ok
14:44:40.0483 4904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:44:40.0486 4904 cmdide - ok
14:44:40.0547 4904 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:44:40.0568 4904 CNG - ok
14:44:40.0644 4904 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
14:44:40.0667 4904 CnxtHdAudService - ok
14:44:40.0718 4904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:44:40.0719 4904 Compbatt - ok
14:44:40.0746 4904 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:44:40.0748 4904 CompositeBus - ok
14:44:40.0781 4904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:44:40.0783 4904 crcdisk - ok
14:44:40.0853 4904 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
14:44:40.0856 4904 DfsC - ok
14:44:40.0903 4904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:44:40.0905 4904 discache - ok
14:44:40.0961 4904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:44:40.0965 4904 Disk - ok
14:44:40.0971 4904 DKbFltr - ok
14:44:41.0025 4904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:44:41.0027 4904 drmkaud - ok
14:44:41.0093 4904 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
14:44:41.0109 4904 DXGKrnl - ok
14:44:41.0237 4904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:44:41.0337 4904 ebdrv - ok
14:44:41.0439 4904 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:44:41.0447 4904 eeCtrl - ok
14:44:41.0591 4904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:44:41.0615 4904 elxstor - ok
14:44:41.0722 4904 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:44:41.0727 4904 EraserUtilRebootDrv - ok
14:44:41.0791 4904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:44:41.0794 4904 ErrDev - ok
14:44:41.0869 4904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:44:41.0876 4904 exfat - ok
14:44:41.0934 4904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:44:41.0941 4904 fastfat - ok
14:44:41.0982 4904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:44:41.0985 4904 fdc - ok
14:44:42.0037 4904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:44:42.0041 4904 FileInfo - ok
14:44:42.0069 4904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:44:42.0072 4904 Filetrace - ok
14:44:42.0097 4904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:42.0100 4904 flpydisk - ok
14:44:42.0141 4904 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:44:42.0149 4904 FltMgr - ok
14:44:42.0189 4904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:44:42.0193 4904 FsDepends - ok
14:44:42.0237 4904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:44:42.0239 4904 Fs_Rec - ok
14:44:42.0309 4904 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
14:44:42.0316 4904 fvevol - ok
14:44:42.0369 4904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:42.0373 4904 gagp30kx - ok
14:44:42.0438 4904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:44:42.0440 4904 GEARAspiWDM - ok
14:44:42.0558 4904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:44:42.0562 4904 hcw85cir - ok
14:44:42.0599 4904 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:44:42.0621 4904 HdAudAddService - ok
14:44:42.0658 4904 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:42.0662 4904 HDAudBus - ok
14:44:42.0686 4904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:42.0689 4904 HidBatt - ok
14:44:42.0723 4904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:44:42.0728 4904 HidBth - ok
14:44:42.0751 4904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:44:42.0755 4904 HidIr - ok
14:44:42.0817 4904 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:44:42.0819 4904 HidUsb - ok
14:44:42.0864 4904 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:44:42.0867 4904 HpSAMD - ok
14:44:42.0975 4904 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
14:44:43.0023 4904 HSF_DPV - ok
14:44:43.0075 4904 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:44:43.0097 4904 HTTP - ok
14:44:43.0129 4904 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:44:43.0130 4904 hwpolicy - ok
14:44:43.0175 4904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:43.0178 4904 i8042prt - ok
14:44:43.0227 4904 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
14:44:43.0244 4904 iaStorV - ok
14:44:43.0407 4904 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110419.002\IDSvia64.sys
14:44:43.0414 4904 IDSVia64 - ok
14:44:43.0688 4904 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:44:43.0863 4904 igfx - ok
14:44:43.0916 4904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:44:43.0919 4904 iirsp - ok
14:44:43.0976 4904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:44:43.0979 4904 intelide - ok
14:44:44.0003 4904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:44:44.0007 4904 intelppm - ok
14:44:44.0037 4904 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:44.0041 4904 IpFilterDriver - ok
14:44:44.0065 4904 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:44:44.0070 4904 IPMIDRV - ok
14:44:44.0095 4904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:44:44.0100 4904 IPNAT - ok
14:44:44.0151 4904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:44:44.0154 4904 IRENUM - ok
14:44:44.0185 4904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:44:44.0188 4904 isapnp - ok
14:44:44.0233 4904 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:44.0241 4904 iScsiPrt - ok
14:44:44.0299 4904 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:44:44.0304 4904 k57nd60a - ok
14:44:44.0342 4904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:44.0344 4904 kbdclass - ok
14:44:44.0380 4904 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:44.0384 4904 kbdhid - ok
14:44:44.0423 4904 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:44:44.0427 4904 KSecDD - ok
14:44:44.0478 4904 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
14:44:44.0485 4904 KSecPkg - ok
14:44:44.0512 4904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:44:44.0515 4904 ksthunk - ok
14:44:44.0575 4904 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
14:44:44.0579 4904 L1E - ok
14:44:44.0725 4904 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
14:44:44.0728 4904 Lavasoft Kernexplorer - ok
14:44:44.0795 4904 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:44:44.0798 4904 Lbd - ok
14:44:44.0847 4904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:44:44.0851 4904 lltdio - ok
14:44:44.0901 4904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:44.0904 4904 LSI_FC - ok
14:44:44.0932 4904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:44.0935 4904 LSI_SAS - ok
14:44:44.0969 4904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:44.0972 4904 LSI_SAS2 - ok
14:44:45.0004 4904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:45.0008 4904 LSI_SCSI - ok
14:44:45.0047 4904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:44:45.0052 4904 luafv - ok
14:44:45.0101 4904 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:44:45.0104 4904 mdmxsdk - ok
14:44:45.0143 4904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:44:45.0147 4904 megasas - ok
14:44:45.0196 4904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:45.0206 4904 MegaSR - ok
14:44:45.0249 4904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:44:45.0251 4904 Modem - ok
14:44:45.0304 4904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:44:45.0306 4904 monitor - ok
14:44:45.0354 4904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:44:45.0356 4904 mouclass - ok
14:44:45.0392 4904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:44:45.0396 4904 mouhid - ok
14:44:45.0436 4904 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:44:45.0440 4904 mountmgr - ok
14:44:45.0485 4904 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:44:45.0491 4904 mpio - ok
14:44:45.0525 4904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:44:45.0530 4904 mpsdrv - ok
14:44:45.0564 4904 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:44:45.0570 4904 MRxDAV - ok
14:44:45.0633 4904 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:45.0639 4904 mrxsmb - ok
14:44:45.0677 4904 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:45.0685 4904 mrxsmb10 - ok
14:44:45.0741 4904 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:45.0751 4904 mrxsmb20 - ok
14:44:45.0797 4904 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:44:45.0799 4904 msahci - ok
14:44:45.0843 4904 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:44:45.0849 4904 msdsm - ok
14:44:45.0894 4904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:44:45.0897 4904 Msfs - ok
14:44:45.0928 4904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:45.0931 4904 mshidkmdf - ok
14:44:45.0964 4904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:44:45.0965 4904 msisadrv - ok
14:44:46.0010 4904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:46.0012 4904 MSKSSRV - ok
14:44:46.0042 4904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:46.0045 4904 MSPCLOCK - ok
14:44:46.0069 4904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:44:46.0072 4904 MSPQM - ok
14:44:46.0116 4904 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:44:46.0138 4904 MsRPC - ok
14:44:46.0174 4904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:46.0178 4904 mssmbios - ok
14:44:46.0233 4904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:44:46.0249 4904 MSTEE - ok
14:44:46.0385 4904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:46.0388 4904 MTConfig - ok
14:44:46.0460 4904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:44:46.0462 4904 Mup - ok
14:44:46.0513 4904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:46.0522 4904 NativeWifiP - ok
14:44:46.0628 4904 NAVENG - ok
14:44:46.0649 4904 NAVEX15 - ok
14:44:46.0780 4904 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:44:46.0796 4904 NDIS - ok
14:44:46.0853 4904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:46.0856 4904 NdisCap - ok
14:44:46.0892 4904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:46.0895 4904 NdisTapi - ok
14:44:46.0927 4904 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:46.0931 4904 Ndisuio - ok
14:44:46.0979 4904 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:46.0986 4904 NdisWan - ok
14:44:47.0020 4904 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:44:47.0024 4904 NDProxy - ok
14:44:47.0065 4904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:44:47.0067 4904 NetBIOS - ok
14:44:47.0100 4904 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:44:47.0106 4904 NetBT - ok
14:44:47.0177 4904 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
14:44:47.0202 4904 netr28x - ok
14:44:47.0240 4904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:47.0244 4904 nfrd960 - ok
14:44:47.0296 4904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:44:47.0300 4904 Npfs - ok
14:44:47.0340 4904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:44:47.0342 4904 nsiproxy - ok
14:44:47.0439 4904 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
14:44:47.0458 4904 Ntfs - ok
14:44:47.0532 4904 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
14:44:47.0534 4904 NTIDrvr - ok
14:44:47.0567 4904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:44:47.0568 4904 Null - ok
14:44:47.0614 4904 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
14:44:47.0620 4904 nvraid - ok
14:44:47.0651 4904 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
14:44:47.0658 4904 nvstor - ok
14:44:47.0691 4904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:44:47.0697 4904 nv_agp - ok
14:44:47.0742 4904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:44:47.0747 4904 ohci1394 - ok
14:44:47.0806 4904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:44:47.0811 4904 Parport - ok
14:44:47.0853 4904 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:44:47.0857 4904 partmgr - ok
14:44:47.0904 4904 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:44:47.0910 4904 pci - ok
14:44:47.0946 4904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:44:47.0949 4904 pciide - ok
14:44:47.0990 4904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:47.0998 4904 pcmcia - ok
14:44:48.0038 4904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:44:48.0041 4904 pcw - ok
14:44:48.0092 4904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:44:48.0118 4904 PEAUTH - ok
14:44:48.0194 4904 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:48.0197 4904 PptpMiniport - ok
14:44:48.0240 4904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:44:48.0244 4904 Processor - ok
14:44:48.0317 4904 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:44:48.0322 4904 Psched - ok
14:44:48.0409 4904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:44:48.0469 4904 ql2300 - ok
14:44:48.0504 4904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:48.0509 4904 ql40xx - ok
14:44:48.0547 4904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:44:48.0551 4904 QWAVEdrv - ok
14:44:48.0589 4904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:48.0593 4904 RasAcd - ok
14:44:48.0635 4904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:48.0639 4904 RasAgileVpn - ok
14:44:48.0682 4904 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:48.0687 4904 Rasl2tp - ok
14:44:48.0719 4904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:48.0724 4904 RasPppoe - ok
14:44:48.0780 4904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:48.0785 4904 RasSstp - ok
14:44:48.0824 4904 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:48.0833 4904 rdbss - ok
14:44:48.0867 4904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:48.0870 4904 rdpbus - ok
14:44:48.0912 4904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:48.0915 4904 RDPCDD - ok
14:44:48.0958 4904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:44:48.0960 4904 RDPENCDD - ok
14:44:48.0995 4904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:44:48.0997 4904 RDPREFMP - ok
14:44:49.0027 4904 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:44:49.0034 4904 RDPWD - ok
14:44:49.0077 4904 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:44:49.0084 4904 rdyboost - ok
14:44:49.0161 4904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:49.0164 4904 rspndr - ok
14:44:49.0238 4904 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
14:44:49.0246 4904 RSUSBSTOR - ok
14:44:49.0295 4904 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:44:49.0300 4904 sbp2port - ok
14:44:49.0337 4904 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:49.0341 4904 scfilter - ok
14:44:49.0386 4904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:44:49.0389 4904 secdrv - ok
14:44:49.0422 4904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:44:49.0425 4904 Serenum - ok
14:44:49.0458 4904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:44:49.0462 4904 Serial - ok
14:44:49.0494 4904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:44:49.0496 4904 sermouse - ok
14:44:49.0530 4904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:44:49.0533 4904 sffdisk - ok
14:44:49.0554 4904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:44:49.0556 4904 sffp_mmc - ok
14:44:49.0579 4904 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:44:49.0582 4904 sffp_sd - ok
14:44:49.0603 4904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:49.0605 4904 sfloppy - ok
14:44:49.0670 4904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:49.0673 4904 SiSRaid2 - ok
14:44:49.0694 4904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:49.0697 4904 SiSRaid4 - ok
14:44:49.0725 4904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:44:49.0729 4904 Smb - ok
14:44:49.0772 4904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:44:49.0774 4904 spldr - ok
14:44:49.0894 4904 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
14:44:49.0915 4904 SRTSP - ok
14:44:49.0961 4904 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
14:44:49.0962 4904 SRTSPX - ok
14:44:50.0033 4904 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
14:44:50.0056 4904 srv - ok
14:44:50.0111 4904 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
14:44:50.0133 4904 srv2 - ok
14:44:50.0189 4904 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:44:50.0211 4904 SrvHsfHDA - ok
14:44:50.0296 4904 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:44:50.0355 4904 SrvHsfV92 - ok
14:44:50.0415 4904 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:44:50.0449 4904 SrvHsfWinac - ok
14:44:50.0495 4904 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:50.0501 4904 srvnet - ok
14:44:50.0554 4904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:44:50.0558 4904 stexstor - ok
14:44:50.0597 4904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:44:50.0599 4904 swenum - ok
14:44:50.0725 4904 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
14:44:50.0744 4904 SymEFA - ok
14:44:50.0801 4904 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:44:50.0805 4904 SymEvent - ok
14:44:50.0829 4904 SYMFW - ok
14:44:50.0866 4904 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
14:44:50.0868 4904 SymIM - ok
14:44:50.0904 4904 SYMNDISV - ok
14:44:51.0025 4904 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
14:44:51.0030 4904 SYMTDI - ok
14:44:51.0156 4904 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
14:44:51.0186 4904 Tcpip - ok
14:44:51.0278 4904 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:51.0299 4904 TCPIP6 - ok
14:44:51.0342 4904 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:51.0345 4904 tcpipreg - ok
14:44:51.0384 4904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:44:51.0386 4904 TDPIPE - ok
14:44:51.0408 4904 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:44:51.0411 4904 TDTCP - ok
14:44:51.0450 4904 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:44:51.0452 4904 tdx - ok
14:44:51.0486 4904 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:44:51.0489 4904 TermDD - ok
14:44:51.0555 4904 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:51.0558 4904 tssecsrv - ok
14:44:51.0600 4904 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:51.0605 4904 tunnel - ok
14:44:51.0641 4904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:51.0645 4904 uagp35 - ok
14:44:51.0702 4904 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
14:44:51.0704 4904 UBHelper - ok
14:44:51.0750 4904 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:44:51.0760 4904 udfs - ok
14:44:51.0808 4904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:44:51.0813 4904 uliagpkx - ok
14:44:51.0855 4904 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:44:51.0859 4904 umbus - ok
14:44:51.0884 4904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:44:51.0889 4904 UmPass - ok
14:44:51.0968 4904 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
14:44:51.0972 4904 USBAAPL64 - ok
14:44:52.0008 4904 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:52.0013 4904 usbccgp - ok
14:44:52.0051 4904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:44:52.0060 4904 usbcir - ok
14:44:52.0130 4904 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
14:44:52.0134 4904 usbehci - ok
14:44:52.0179 4904 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
14:44:52.0182 4904 usbfilter - ok
14:44:52.0232 4904 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:52.0242 4904 usbhub - ok
14:44:52.0277 4904 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:44:52.0281 4904 usbohci - ok
14:44:52.0316 4904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:52.0320 4904 usbprint - ok
14:44:52.0375 4904 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:52.0380 4904 USBSTOR - ok
14:44:52.0406 4904 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:52.0411 4904 usbuhci - ok
14:44:52.0479 4904 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
14:44:52.0486 4904 usbvideo - ok
14:44:52.0535 4904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:44:52.0537 4904 vdrvroot - ok
14:44:52.0577 4904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:52.0581 4904 vga - ok
14:44:52.0615 4904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:44:52.0619 4904 VgaSave - ok
14:44:52.0663 4904 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:44:52.0670 4904 vhdmp - ok
14:44:52.0704 4904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:44:52.0708 4904 viaide - ok
14:44:52.0756 4904 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:44:52.0760 4904 volmgr - ok
14:44:52.0808 4904 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:44:52.0818 4904 volmgrx - ok
14:44:52.0887 4904 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:44:52.0895 4904 volsnap - ok
14:44:52.0936 4904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:52.0943 4904 vsmraid - ok
14:44:52.0982 4904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:44:52.0986 4904 vwifibus - ok
14:44:53.0027 4904 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:44:53.0032 4904 vwififlt - ok
14:44:53.0069 4904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:44:53.0073 4904 WacomPen - ok
14:44:53.0114 4904 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:53.0119 4904 WANARP - ok
14:44:53.0128 4904 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:53.0133 4904 Wanarpv6 - ok
14:44:53.0224 4904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:44:53.0227 4904 Wd - ok
14:44:53.0281 4904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:44:53.0304 4904 Wdf01000 - ok
14:44:53.0376 4904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:53.0379 4904 WfpLwf - ok
14:44:53.0409 4904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:44:53.0411 4904 WIMMount - ok
14:44:53.0480 4904 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
14:44:53.0515 4904 winachsf - ok
14:44:53.0613 4904 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
14:44:53.0617 4904 WinUsb - ok
14:44:53.0679 4904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:44:53.0681 4904 WmiAcpi - ok
14:44:53.0758 4904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:53.0762 4904 ws2ifsl - ok
14:44:53.0836 4904 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:44:53.0842 4904 WudfPf - ok
14:44:53.0890 4904 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:53.0897 4904 WUDFRd - ok
14:44:53.0950 4904 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
14:44:53.0954 4904 XAudio - ok
14:44:53.0988 4904 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:44:54.0063 4904 \Device\Harddisk0\DR0 - ok
14:44:54.0071 4904 Boot (0x1200) (b85dedc5b891f04021bba4888bea4d77) \Device\Harddisk0\DR0\Partition0
14:44:54.0075 4904 \Device\Harddisk0\DR0\Partition0 - ok
14:44:54.0086 4904 Boot (0x1200) (8d2a2d91c93c5dd892658b36ea2bff84) \Device\Harddisk0\DR0\Partition1
14:44:54.0091 4904 \Device\Harddisk0\DR0\Partition1 - ok
14:44:54.0092 4904 ============================================================
14:44:54.0092 4904 Scan finished
14:44:54.0092 4904 ============================================================
14:44:54.0116 4116 Detected object count: 0
14:44:54.0116 4116 Actual detected object count: 0
14:50:04.0345 4912 Deinitialize success

----------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 12-01-03.08 - Adam Hurst 01/04/2012 14:51:49.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2496 [GMT -5:00]
Running from: c:\users\Adam Hurst\Desktop\ComboFix.exe
Command switches used :: c:\users\Adam Hurst\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\0jy58p86k5m0"
"c:\programdata\54e0w245m2huy6u70n6ac"
"c:\programdata\5o48ru8o10a702"
"c:\programdata\6l06kf7v14v033"
"c:\programdata\lpimos2h3dbd2qke1jux3u611j6e"
"c:\programdata\xtkyvq2w2hcu8gfj0iss0k137v7s"
"c:\users\Adam Hurst\AppData\Local\0jy58p86k5m0"
"c:\users\Adam Hurst\AppData\Local\54e0w245m2huy6u70n6ac"
"c:\users\Adam Hurst\AppData\Local\5o48ru8o10a702"
"c:\users\Adam Hurst\AppData\Local\6l06kf7v14v033"
"c:\users\Adam Hurst\AppData\Local\lpimos2h3dbd2qke1jux3u611j6e"
"c:\users\Adam Hurst\AppData\Local\xtkyvq2w2hcu8gfj0iss0k137v7s"
"c:\users\Adam Hurst\Desktop\617fhw0g.exe"
"c:\windows\SysWow64\R3t8a2.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0jy58p86k5m0
c:\programdata\54e0w245m2huy6u70n6ac
c:\programdata\5o48ru8o10a702
c:\programdata\6l06kf7v14v033
c:\programdata\lpimos2h3dbd2qke1jux3u611j6e
c:\programdata\xtkyvq2w2hcu8gfj0iss0k137v7s
c:\users\Adam Hurst\AppData\Local\0jy58p86k5m0
c:\users\Adam Hurst\AppData\Local\54e0w245m2huy6u70n6ac
c:\users\Adam Hurst\AppData\Local\5o48ru8o10a702
c:\users\Adam Hurst\AppData\Local\6l06kf7v14v033
c:\users\Adam Hurst\AppData\Local\lpimos2h3dbd2qke1jux3u611j6e
c:\users\Adam Hurst\AppData\Local\xtkyvq2w2hcu8gfj0iss0k137v7s
c:\users\Adam Hurst\Desktop\617fhw0g.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 19:57 . 2012-01-04 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 01:17 . 2011-12-26 01:17 -------- d-----w- c:\windows\Sun
2011-12-24 19:22 . 2011-12-24 19:22 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-24 19:19 . 2011-12-24 19:19 -------- d-----w- c:\users\Adam Hurst\AppData\Local\adaware
2011-12-24 19:19 . 2012-01-04 07:12 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-12-24 19:19 . 2011-12-24 19:19 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-12-24 19:19 . 2011-12-24 19:19 -------- d-----w- c:\program files (x86)\adawaretb
2011-12-24 19:19 . 2011-12-02 12:49 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-24 18:59 . 2011-12-24 18:59 -------- d-----w- c:\program files\CCleaner
2011-12-24 18:28 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-24 18:28 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-24 18:27 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-24 18:27 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-24 18:27 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-24 18:27 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-24 18:27 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-24 18:27 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-24 18:27 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-24 18:27 . 2011-12-24 18:27 -------- d-----w- c:\programdata\AVAST Software
2011-12-24 18:27 . 2011-12-24 18:27 -------- d-----w- c:\program files\AVAST Software
2011-12-22 17:00 . 2011-12-22 17:00 -------- d-----w- C:\$AVG
2011-12-20 23:35 . 2011-12-20 23:35 -------- d--h--w- c:\programdata\Common Files
2011-12-20 23:35 . 2011-12-23 07:44 -------- d-----w- c:\programdata\AVG2012
2011-12-20 23:34 . 2011-12-20 23:34 -------- d-----w- c:\program files (x86)\AVG
2011-12-20 23:28 . 2011-12-22 16:45 -------- d-----w- c:\programdata\MFAData
2011-12-20 23:25 . 2011-12-20 23:26 -------- d-----w- c:\programdata\Lavasoft
2011-12-20 23:25 . 2011-12-20 23:25 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-15 05:00 . 2011-12-23 07:50 -------- d-----w- c:\program files (x86)\GlobFX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 03:50 . 2011-07-09 22:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 00:28 . 2011-10-11 00:28 561800 ----a-w- c:\windows\system32\drivers\NISx64\1008030.006\cchpx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-04_07.11.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-02-01 15:39 . 2012-01-04 06:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-01 15:39 . 2012-01-04 07:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 15:39 . 2012-01-04 06:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 15:39 . 2012-01-04 07:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-04 06:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-04 07:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-17 23:07 . 2012-01-03 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-17 23:07 . 2012-01-04 07:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-17 23:07 . 2012-01-03 18:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-17 23:07 . 2012-01-04 07:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-17 23:07 . 2012-01-04 07:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-17 23:07 . 2012-01-03 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-18 12:03 . 2012-01-04 07:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 12:03 . 2012-01-03 18:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 12:03 . 2012-01-03 18:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-18 12:03 . 2012-01-04 07:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-04 19:16 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-04 07:09 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-18 03:36 . 2012-01-04 19:16 334418 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:54 . 2012-01-04 07:09 4096000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-04 19:16 4096000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-04 19:16 2523136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-04 07:09 2523136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-11-29 19:15 86696 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-11-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Adam Hurst\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-11-14 197288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-24 2152152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-17 132656]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-24 17152]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110419.002\IDSvia64.sys [2011-03-14 476792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 99917594
*NewlyCreated* - WS2IFSL
*Deregistered* - 99917594
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 15:11]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 15:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
Completion time: 2012-01-04 14:59:10
ComboFix-quarantined-files.txt 2012-01-04 19:59
ComboFix2.txt 2012-01-04 07:31
.
Pre-Run: 223,103,844,352 bytes free
Post-Run: 223,037,374,464 bytes free
.
- - End Of File - - 37159B913BE69101917BAA0D9201A9B4

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 05 January 2012 - 06:22 AM

How is your computer running at this point? Have you had any redirects since running Combofix?

Also, please run OTL again. This time, set the "File Age" to 60 days then press Run Scan. Please post the resulting log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 hurst88

hurst88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 07 January 2012 - 02:01 PM

I have not noticed anymore redirecting thankfully! Here is the new requested OTL log. Is there a way to tell what was infected or what still is?

OTL logfile created on: 1/7/2012 12:50:28 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam Hurst\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 61.02% Memory free
7.49 Gb Paging File | 6.02 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.27 Gb Total Space | 206.56 Gb Free Space | 72.16% Space Free | Partition Type: NTFS

Computer Name: ADAMHURST-PC | User Name: Adam Hurst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/03 01:20:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Hurst\Desktop\OTL.exe
PRC - [2011/12/24 14:22:24 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/24 14:22:23 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/27 02:16:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/03 17:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/24 17:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/03 23:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/27 02:16:24 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/06 10:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/03 23:59:14 | 000,013,096 | ---- | M] () -- c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 23:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
MOD - [2009/02/02 19:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/30 02:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/12/24 14:22:23 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/14 21:16:13 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/02 07:49:14 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/10/10 19:28:18 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 19:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/17 18:37:51 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/10/29 15:19:31 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/10/29 15:19:31 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/10/29 15:19:31 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/10/29 15:19:31 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/30 12:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 05:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 12:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 12:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/12/24 14:22:36 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/14 13:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110419.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/02/17 02:06:34 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/02/17 02:06:34 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27360211i4b6l0470z115a4421x67o


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1662658828-42692388-1902533966-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
IE - HKU\S-1-5-21-1662658828-42692388-1902533966-1001\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKU\S-1-5-21-1662658828-42692388-1902533966-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1662658828-42692388-1902533966-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/31 14:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/12/23 02:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/12/23 02:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/24 13:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 00:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/23 11:22:32 | 000,000,000 | ---D | M]

[2011/02/17 18:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Extensions
[2011/12/24 14:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions
[2011/04/27 22:01:00 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2011/12/24 14:19:26 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/04/10 12:59:44 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/12/23 00:28:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Adam Hurst\AppData\Roaming\Mozilla\Firefox\Profiles\hz671due.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/01/03 13:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/27 02:16:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/21 20:18:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 15:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2011/10/05 19:48:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/27 02:16:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Adam Hurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AVG Safe Search = C:\Users\Adam Hurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Adam Hurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/01/04 14:57:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1662658828-42692388-1902533966-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1662658828-42692388-1902533966-1001..\Run: [Akamai NetSession Interface] C:\Users\Adam Hurst\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1662658828-42692388-1902533966-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1662658828-42692388-1902533966-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DDD2CD9-4395-47A6-8762-070D5E5EAE4E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 14:43:14 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam Hurst\Desktop\tdsskiller.exe
[2012/01/04 02:11:48 | 000,000,000 | R--D | C] -- C:\Users\Adam Hurst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/01/04 00:43:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/04 00:43:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/04 00:43:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/04 00:43:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/04 00:43:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 00:40:23 | 004,368,790 | R--- | C] (Swearware) -- C:\Users\Adam Hurst\Desktop\ComboFix.exe
[2012/01/03 01:20:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adam Hurst\Desktop\OTL.exe
[2011/12/25 20:17:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/24 14:22:37 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/24 14:19:29 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\AppData\Local\adaware
[2011/12/24 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/12/24 14:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/12/24 14:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/12/24 14:19:03 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/12/24 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/24 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/24 13:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/24 13:28:00 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/12/24 13:28:00 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/12/24 13:27:56 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/12/24 13:27:55 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/12/24 13:27:55 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/12/24 13:27:54 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/12/24 13:27:54 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/12/24 13:27:49 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/12/24 13:27:49 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/24 13:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/24 13:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/22 12:00:08 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/20 18:35:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/20 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/12/20 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/12/20 18:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/12/20 18:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/20 18:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/20 18:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/12/15 05:19:19 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\111
[2011/12/15 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\capstonepresentation
[2011/12/15 00:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiff Player
[2011/12/15 00:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX
[2011/12/14 23:17:47 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\sites
[2011/12/14 22:56:22 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\Word
[2011/12/13 10:54:30 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\portfolio
[2011/12/09 00:34:22 | 000,000,000 | ---D | C] -- C:\Users\Adam Hurst\Desktop\inscpae

========== Files - Modified Within 30 Days ==========

[2012/01/07 12:53:33 | 001,168,246 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1008030.006\Cat.DB
[2012/01/07 12:46:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/07 11:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 22:47:13 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/06 18:46:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 14:57:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/04 14:43:16 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam Hurst\Desktop\tdsskiller.exe
[2012/01/04 02:19:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 02:19:11 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 02:09:32 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 00:40:25 | 004,368,790 | R--- | M] (Swearware) -- C:\Users\Adam Hurst\Desktop\ComboFix.exe
[2012/01/03 15:06:51 | 000,264,197 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Resume-AdamHurst.jpg
[2012/01/03 15:04:06 | 000,001,456 | ---- | M] () -- C:\Users\Adam Hurst\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/03 13:28:49 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/03 13:28:49 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/03 01:20:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Hurst\Desktop\OTL.exe
[2011/12/26 18:52:25 | 000,002,059 | ---- | M] () -- C:\Users\Adam Hurst\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/24 14:51:11 | 000,000,000 | ---- | M] () -- C:\Users\Adam Hurst\AppData\Local\{9E0D86C5-10C2-4AC2-99B8-02668953EB20}
[2011/12/24 14:47:16 | 000,000,000 | ---- | M] () -- C:\Users\Adam Hurst\AppData\Local\{B3EDF81D-1CE7-407A-87D0-A5660183635D}
[2011/12/24 14:22:37 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/24 14:19:05 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/24 14:02:30 | 000,121,478 | ---- | M] () -- C:\Users\Adam Hurst\Documents\cc_20111224_140216.reg
[2011/12/24 13:59:16 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/24 13:28:01 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/24 13:27:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/18 16:01:42 | 000,108,497 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\OSU.jpg
[2011/12/15 09:33:29 | 027,230,885 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\CapstonePresentation.pdf
[2011/12/15 06:53:55 | 020,051,978 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Portfolio-Adam Hurst.pdf
[2011/12/15 06:16:57 | 000,141,775 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\18.jpg
[2011/12/15 06:13:12 | 000,099,819 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\17.jpg
[2011/12/15 05:42:37 | 023,797,213 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\presentation.pdf
[2011/12/15 01:16:23 | 000,474,103 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\1.pdf
[2011/12/15 00:12:16 | 001,974,908 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Right-facing-Arrow-icon.jpg
[2011/12/15 00:00:12 | 000,001,076 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Swiff Player.lnk
[2011/12/14 23:18:19 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/14 23:18:19 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009(341).dat
[2011/12/14 23:18:19 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009(340).dat
[2011/12/14 03:14:47 | 033,967,117 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Laredo.wmv
[2011/12/13 20:13:33 | 011,326,694 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Band Of Horses - Laredo (Acoustic)(Live On Q TV).mp3
[2011/12/10 01:08:33 | 000,000,112 | ---- | M] () -- C:\ProgramData\VwtumLVE6.dat
[2011/12/09 00:36:49 | 021,423,755 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\Inscapefinal2.jpg
[2011/12/09 00:35:59 | 003,930,834 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\INSCAPEfinal3.jpg
[2011/12/09 00:35:23 | 004,165,430 | ---- | M] () -- C:\Users\Adam Hurst\Desktop\inscapefinal1.jpg

========== Files Created - No Company Name ==========

[2012/01/04 00:43:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/04 00:43:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/04 00:43:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/04 00:43:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/04 00:43:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/03 15:06:43 | 000,264,197 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\Resume-AdamHurst.jpg
[2011/12/24 14:50:11 | 000,000,000 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Local\{9E0D86C5-10C2-4AC2-99B8-02668953EB20}
[2011/12/24 14:45:46 | 000,000,000 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Local\{B3EDF81D-1CE7-407A-87D0-A5660183635D}
[2011/12/24 14:20:23 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/24 14:20:23 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/24 14:19:05 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/24 14:02:22 | 000,121,478 | ---- | C] () -- C:\Users\Adam Hurst\Documents\cc_20111224_140216.reg
[2011/12/24 13:59:16 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/24 13:28:01 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/24 13:27:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/12/18 16:01:40 | 000,108,497 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\OSU.jpg
[2011/12/15 06:53:54 | 020,051,978 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\Portfolio-Adam Hurst.pdf
[2011/12/15 06:16:55 | 000,141,775 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\18.jpg
[2011/12/15 05:45:59 | 027,230,885 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\CapstonePresentation.pdf
[2011/12/15 05:42:32 | 023,797,213 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\presentation.pdf
[2011/12/15 05:24:16 | 000,099,819 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\17.jpg
[2011/12/15 01:16:10 | 000,474,103 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\1.pdf
[2011/12/15 00:12:09 | 001,974,908 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\Right-facing-Arrow-icon.jpg
[2011/12/15 00:00:12 | 000,001,076 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\Swiff Player.lnk
[2011/12/14 02:59:08 | 033,967,117 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\Laredo.wmv
[2011/12/13 19:59:10 | 011,326,694 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\Band Of Horses - Laredo (Acoustic)(Live On Q TV).mp3
[2011/12/10 01:06:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\VwtumLVE6.dat
[2011/12/09 00:36:42 | 021,423,755 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\Inscapefinal2.jpg
[2011/12/09 00:35:50 | 003,930,834 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\INSCAPEfinal3.jpg
[2011/12/09 00:35:09 | 004,165,430 | ---- | C] () -- C:\Users\Adam Hurst\Desktop\inscapefinal1.jpg
[2011/10/12 00:31:20 | 000,000,017 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Local\resmon.resmoncfg
[2011/08/20 22:28:06 | 000,000,000 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Local\{65395EF8-A386-4056-862E-6501E55B7066}
[2011/05/12 00:30:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/26 09:53:12 | 000,000,132 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/06 09:05:58 | 000,001,456 | ---- | C] () -- C:\Users\Adam Hurst\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/02/01 11:01:20 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/02/01 10:42:28 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2010/02/01 10:42:10 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/02/01 10:42:10 | 000,000,150 | ---- | C] () -- C:\Windows\PidList.ini
[2010/02/01 10:20:59 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/01 10:20:15 | 000,001,642 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/29 15:56:57 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/10/29 15:56:57 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/10/29 15:56:57 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/10/29 15:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/15 23:37:42 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\BitZipper
[2011/11/06 21:46:07 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/02 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\com.flashgallerycom.photoGalleryBuilder.BE456FDD426FDC61C9F8B47A33E5FBCFF9D5695C.1
[2011/11/12 15:36:00 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\Philipp Winterberg
[2011/03/17 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\Sling Media
[2011/12/24 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\uTorrent
[2011/06/27 06:51:58 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\WildTangent
[2011/02/23 10:40:51 | 000,000,000 | ---D | M] -- C:\Users\Adam Hurst\AppData\Roaming\XnView
[2009/07/14 00:08:49 | 000,022,212 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 15:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/01/04 14:59:11 | 000,018,015 | ---- | M] () -- C:\ComboFix.txt
[2012/01/04 02:09:32 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 02:09:36 | 4024,811,520 | -HS- | M] () -- C:\pagefile.sys
[2009/12/13 12:27:42 | 000,010,053 | RHS- | M] () -- C:\Patch.rev
[2011/02/18 07:01:58 | 000,000,201 | RHS- | M] () -- C:\Preload.rev
[2012/01/04 14:50:04 | 000,083,146 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_04.01.2012_14.44.01_log.txt
[2011/12/24 13:26:14 | 000,237,490 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_24.12.2011_13.24.18_log.txt
[2011/12/24 14:10:38 | 000,082,092 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_24.12.2011_14.09.45_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/27 02:16:24 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/27 02:16:24 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/27 02:16:24 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Users\Adam Hurst\AppData\Local\hup.exe" -a "firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/11/27 02:16:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Users\Adam Hurst\AppData\Local\hup.exe" -a "firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/12/18 00:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Users\Adam Hurst\AppData\Local\hup.exe" -a "iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/11/27 02:16:24 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/11/27 02:16:24 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/11/27 02:16:24 | 000,713,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\USERS\ADAM HURST\APPDATA\LOCAL\HUP.EXE" -A "FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/11/27 02:16:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\USERS\ADAM HURST\APPDATA\LOCAL\HUP.EXE" -A "FIREFOX.EXE -SAFE-MODE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/12/18 00:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\USERS\ADAM HURST\APPDATA\LOCAL\HUP.EXE" -A "IEXPLORE.EXE

< End of report >

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 08 January 2012 - 08:02 AM

Hello, hurst88.

OK, there is a chance you lose internet after this. THere's some junk in your internet stack from the malware. JUst let me know if you lose it and we'll be able to restore it.





Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 29 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 24
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 2

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....Please set the file age to 90 days and press the RUN scan (NOT quick scan) button
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

Edited by etavares, 08 January 2012 - 08:02 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 hurst88

hurst88
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 11 January 2012 - 10:45 PM

okay here is the log. believe it or not i managed to get another virus today. woooo. No virus' in 5 years and I manage to get two in a month somehow. I did a system restore though and everything APPEARS okay. Although the 10 infections Malwarebytes found is alarming to me.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.01

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Adam Hurst :: ADAMHURST-PC [administrator]

1/11/2012 10:09:24 PM
mbam-log-2012-01-11 (22-09-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305995
Time elapsed: 30 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Adam Hurst\AppData\Local\hup.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Adam Hurst\AppData\Local\hup.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Adam Hurst\AppData\Local\hup.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Qoobox\Quarantine\C\Users\Adam Hurst\AppData\Local\hup.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Adam Hurst\AppData\Local\jrb.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\temp\kwrd.dll.vir (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\SysWOW64\R3t8a2.com.vir (Trojan.Krypt) -> Quarantined and deleted successfully.
C:\Users\Adam Hurst\AppData\Local\Temp\1.6408898958612752E8.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Users\Adam Hurst\AppData\Local\Temp\6.701019014305385E7.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Users\Adam Hurst\AppData\Local\Temp\p9pl392826923649848213.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Users\Adam Hurst\AppData\Local\Temp\vkDm2Fh4e9jtyD.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Adam Hurst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\6e5d04f5-6ecfbcf9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\assembly\temp\U\000000cf.@ (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 PM

Posted 12 January 2012 - 04:54 PM

The files were all disabled by an antivirus...they have a .vir at the end, short of what's in your temp folder. THat's good news as it appears to have been caught. Please post a fresh OTL quick scan so I can see where we are at now.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users