Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected, google keeps redirecting


  • This topic is locked This topic is locked
21 replies to this topic

#1 fishngrega

fishngrega

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 28 December 2011 - 12:27 PM

Here is the beginning of my problem posted in the forum.

I'm running Windows Vista Home Premium
Service Pack 2
64bit OS
Malwarebytes Anti-malware
Avast anti-virus update; now using Panda Cloud anti-virus software

I'm unable to turn on my Windows Security Center.
I recently downloaded the comodo firewall through the forum search for a temporary firewall.
During internet searches I keep getting redirected to bad sites.

On my Malwarebytes vault there's a PUP.BitMiner that I cannot delete.

Thank you for all your help!

Here is my DDS after I ran it.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Barn at 12:16:48 on 2011-12-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1958 [GMT -5:00]
.
AV: Immunet 3.0 *Enabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.marine-rescue.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
mRun: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
mRun: [eRecoveryService]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8092322F-3855-4F6E-A6D2-6FA2DA813EC9} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D65BD27C-D6C5-4FCD-BADE-95DA6CC5A0A9} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{D65BD27C-D6C5-4FCD-BADE-95DA6CC5A0A9} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB-X64: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
mRun-x64: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
mRun-x64: [eRecoveryService]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-28 44768]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-3-3 16384]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-19 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-3-16 240232]
R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-25 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-28 15:50:42 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-12-28 15:50:40 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-12-28 15:49:33 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-28 15:20:33 -------- d-----w- C:\Users\Barn\AppData\Local\Comodo
2011-12-28 15:20:09 -------- d-----w- C:\ProgramData\CPA_VA
2011-12-28 15:13:46 -------- d-----w- C:\ProgramData\Comodo
2011-12-28 15:13:43 -------- d-----w- C:\Program Files\COMODO
2011-12-28 15:13:38 -------- d-----w- C:\Program Files (x86)\Comodo
2011-12-27 19:56:08 -------- d-----w- C:\Users\Barn\AppData\Local\MigWiz
2011-12-22 17:55:45 -------- d-----w- C:\ProgramData\AVAST Software
2011-12-22 17:55:45 -------- d-----w- C:\Program Files\AVAST Software
2011-12-22 14:10:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-21 20:31:53 -------- d-----we C:\Windows\system64
2011-12-20 15:54:14 410656 ----a-w- C:\Windows\System32\nvcpl.cpl
2011-12-20 15:54:14 388640 ----a-w- C:\Windows\System32\nvexpbar.dll
2011-12-20 15:54:14 2088992 ----a-w- C:\Windows\System32\nvcplui.exe
2011-12-20 15:54:14 1071648 ----a-w- C:\Windows\System32\nvcpluir.dll
2011-12-20 15:44:33 -------- d-----w- C:\NVIDIA
2011-12-20 15:38:10 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DAB7D1C-91BA-42AA-8005-A33DCED3F0D6}\mpengine.dll
2011-12-20 14:57:42 -------- d-----w- C:\NV7963764.TMP-nv26025
2011-12-19 23:59:10 42224 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-12-19 23:59:08 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-12-19 23:59:08 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-12-19 23:58:58 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-12-19 23:58:56 389840 ----a-w- C:\Windows\System32\guard64.dll
2011-12-19 23:58:56 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-12-15 19:02:03 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 19:01:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 19:01:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-15 19:01:50 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 19:01:49 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 19:01:48 2764800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-12-21 21:17:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 12:18:16.01 ===============

Attached Files


Edited by fishngrega, 28 December 2011 - 01:02 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 01 January 2012 - 06:23 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 fishngrega

fishngrega
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 03 January 2012 - 03:58 PM

ComboFix 12-01-03.04 - Barn 01/03/2012 15:32:04.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.1829 [GMT -5:00]
Running from: c:\users\Barn\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\odbcad32.exe
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\srrstr.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\system32\termsrv.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMServer
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2012-01-03 20:50 . 2012-01-03 20:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E73A26C-7A67-4A60-A4E1-BAAD219415B0}\offreg.dll
2012-01-03 16:25 . 2012-01-03 16:25 -------- d-----w- c:\users\Barn\AppData\Roaming\Panda Security
2012-01-03 16:21 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E73A26C-7A67-4A60-A4E1-BAAD219415B0}\mpengine.dll
2012-01-03 14:46 . 2012-01-03 14:47 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-28 17:42 . 2011-12-28 17:42 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-12-28 17:42 . 2011-12-28 17:57 -------- d-----w- c:\users\Barn\AppData\Local\panda2_0dn
2011-12-28 17:42 . 2012-01-03 15:02 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-12-28 17:41 . 2011-12-28 17:41 -------- d-----w- c:\programdata\Panda Security
2011-12-28 17:41 . 2011-12-28 17:42 -------- d-----w- c:\program files (x86)\Panda Security
2011-12-28 15:20 . 2011-12-28 15:20 -------- d-----w- c:\users\Barn\AppData\Local\Comodo
2011-12-28 15:20 . 2011-12-28 16:20 -------- d-----w- c:\programdata\CPA_VA
2011-12-28 15:13 . 2011-12-28 15:19 -------- d-----w- c:\programdata\Comodo
2011-12-28 15:13 . 2011-12-28 15:13 -------- d-----w- c:\program files\COMODO
2011-12-28 15:13 . 2011-12-28 15:13 -------- d-----w- c:\program files (x86)\Comodo
2011-12-27 19:56 . 2011-12-27 19:56 -------- d-----w- c:\users\Barn\AppData\Local\MigWiz
2011-12-22 17:55 . 2011-12-28 17:36 -------- d-----w- c:\programdata\AVAST Software
2011-12-22 17:55 . 2011-12-22 17:55 -------- d-----w- c:\program files\AVAST Software
2011-12-22 14:10 . 2011-12-28 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware(7)
2011-12-21 21:17 . 2011-12-21 21:17 -------- d-----w- c:\windows\system32\Macromed
2011-12-20 15:54 . 2008-04-22 00:49 410656 ----a-w- c:\windows\system32\nvcpl.cpl
2011-12-20 15:54 . 2008-04-22 00:49 388640 ----a-w- c:\windows\system32\nvexpbar.dll
2011-12-20 15:54 . 2008-04-22 00:49 2088992 ----a-w- c:\windows\system32\nvcplui.exe
2011-12-20 15:54 . 2008-04-22 00:49 1071648 ----a-w- c:\windows\system32\nvcpluir.dll
2011-12-20 15:44 . 2011-12-20 15:44 -------- d-----w- C:\NVIDIA
2011-12-20 14:57 . 2011-12-20 14:57 -------- d-----w- C:\NV7963764.TMP-nv26025
2011-12-15 19:02 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 19:01 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 19:01 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 19:01 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 19:01 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 19:01 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-02-25 22:05 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 16:26 . 2011-11-30 16:27 32544 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-11-30 16:26 . 2011-11-30 16:26 57120 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-11-23 14:18 . 2011-05-23 12:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29 . 2011-02-25 06:36 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:39 51248 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-05 560688]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"combofix"="c:\combofix\CF10777.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.marine-rescue.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://en.us.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-01-03 15:55:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-03 20:55
.
Pre-Run: 77,421,563,904 bytes free
Post-Run: 76,893,855,744 bytes free
.
- - End Of File - - D98F68A2A73E18F7DFE2EAF09F1001F6

#4 fishngrega

fishngrega
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 03 January 2012 - 04:15 PM

still closes or opens another window...

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 January 2012 - 04:38 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 fishngrega

fishngrega
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 03 January 2012 - 04:56 PM

16:56:48.0912 0976 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:56:49.0194 0976 ============================================================
16:56:49.0194 0976 Current date / time: 2012/01/03 16:56:49.0194
16:56:49.0194 0976 SystemInfo:
16:56:49.0194 0976
16:56:49.0194 0976 OS Version: 6.0.6002 ServicePack: 2.0
16:56:49.0194 0976 Product type: Workstation
16:56:49.0194 0976 ComputerName: BARN-PC
16:56:49.0194 0976 UserName: Barn
16:56:49.0194 0976 Windows directory: C:\Windows
16:56:49.0194 0976 System windows directory: C:\Windows
16:56:49.0194 0976 Running under WOW64
16:56:49.0194 0976 Processor architecture: Intel x64
16:56:49.0194 0976 Number of processors: 2
16:56:49.0194 0976 Page size: 0x1000
16:56:49.0194 0976 Boot type: Normal boot
16:56:49.0194 0976 ============================================================
16:56:50.0066 0976 Initialize success
16:56:51.0927 2160 ============================================================
16:56:51.0927 2160 Scan started
16:56:51.0927 2160 Mode: Manual;
16:56:51.0927 2160 ============================================================
16:56:53.0052 2160 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:56:53.0057 2160 ACPI - ok
16:56:53.0156 2160 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:56:53.0165 2160 adp94xx - ok
16:56:53.0218 2160 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:56:53.0223 2160 adpahci - ok
16:56:53.0256 2160 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:56:53.0259 2160 adpu160m - ok
16:56:53.0284 2160 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:56:53.0287 2160 adpu320 - ok
16:56:53.0360 2160 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:56:53.0467 2160 AFD - ok
16:56:53.0672 2160 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
16:56:53.0691 2160 AgereSoftModem - ok
16:56:53.0734 2160 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:56:53.0736 2160 agp440 - ok
16:56:53.0777 2160 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:56:53.0779 2160 aic78xx - ok
16:56:53.0827 2160 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:56:53.0828 2160 aliide - ok
16:56:53.0850 2160 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:56:53.0851 2160 amdide - ok
16:56:53.0889 2160 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
16:56:53.0890 2160 AmdK8 - ok
16:56:53.0938 2160 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:56:53.0940 2160 arc - ok
16:56:53.0958 2160 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:56:53.0960 2160 arcsas - ok
16:56:54.0007 2160 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:54.0008 2160 AsyncMac - ok
16:56:54.0026 2160 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:56:54.0027 2160 atapi - ok
16:56:54.0173 2160 Beep - ok
16:56:54.0228 2160 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:56:54.0230 2160 blbdrive - ok
16:56:54.0266 2160 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:56:54.0268 2160 bowser - ok
16:56:54.0311 2160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:56:54.0313 2160 BrFiltLo - ok
16:56:54.0324 2160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:56:54.0326 2160 BrFiltUp - ok
16:56:54.0376 2160 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:56:54.0378 2160 Brserid - ok
16:56:54.0398 2160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:56:54.0400 2160 BrSerWdm - ok
16:56:54.0438 2160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:56:54.0439 2160 BrUsbMdm - ok
16:56:54.0459 2160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:56:54.0460 2160 BrUsbSer - ok
16:56:54.0502 2160 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:56:54.0503 2160 BTHMODEM - ok
16:56:54.0541 2160 catchme - ok
16:56:54.0568 2160 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:56:54.0570 2160 cdfs - ok
16:56:54.0620 2160 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:56:54.0622 2160 cdrom - ok
16:56:54.0675 2160 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
16:56:54.0677 2160 circlass - ok
16:56:54.0709 2160 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:56:54.0715 2160 CLFS - ok
16:56:54.0780 2160 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:56:54.0781 2160 cmdide - ok
16:56:54.0793 2160 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
16:56:54.0795 2160 Compbatt - ok
16:56:54.0811 2160 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:56:54.0813 2160 crcdisk - ok
16:56:54.0852 2160 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:56:54.0854 2160 DfsC - ok
16:56:54.0920 2160 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:56:54.0922 2160 disk - ok
16:56:54.0968 2160 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:56:54.0969 2160 drmkaud - ok
16:56:55.0012 2160 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:56:55.0029 2160 DXGKrnl - ok
16:56:55.0102 2160 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:56:55.0105 2160 E1G60 - ok
16:56:55.0161 2160 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:56:55.0164 2160 Ecache - ok
16:56:55.0226 2160 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:56:55.0233 2160 elxstor - ok
16:56:55.0268 2160 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:56:55.0269 2160 ErrDev - ok
16:56:55.0350 2160 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:56:55.0353 2160 exfat - ok
16:56:55.0389 2160 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:56:55.0392 2160 fastfat - ok
16:56:55.0441 2160 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:56:55.0442 2160 fdc - ok
16:56:55.0467 2160 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:56:55.0469 2160 FileInfo - ok
16:56:55.0481 2160 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:56:55.0482 2160 Filetrace - ok
16:56:55.0494 2160 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:56:55.0496 2160 flpydisk - ok
16:56:55.0518 2160 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:56:55.0523 2160 FltMgr - ok
16:56:55.0614 2160 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:56:55.0615 2160 Fs_Rec - ok
16:56:55.0631 2160 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:56:55.0633 2160 gagp30kx - ok
16:56:55.0676 2160 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:56:55.0677 2160 GEARAspiWDM - ok
16:56:55.0742 2160 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
16:56:55.0746 2160 HdAudAddService - ok
16:56:55.0788 2160 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:56:55.0805 2160 HDAudBus - ok
16:56:55.0831 2160 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:56:55.0833 2160 HidBth - ok
16:56:55.0844 2160 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:56:55.0846 2160 HidIr - ok
16:56:55.0894 2160 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:56:55.0896 2160 HidUsb - ok
16:56:55.0947 2160 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:56:55.0949 2160 HpCISSs - ok
16:56:55.0990 2160 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:56:56.0007 2160 HTTP - ok
16:56:56.0044 2160 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:56:56.0045 2160 i2omp - ok
16:56:56.0086 2160 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:56:56.0088 2160 i8042prt - ok
16:56:56.0111 2160 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:56:56.0115 2160 iaStorV - ok
16:56:56.0133 2160 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:56:56.0134 2160 iirsp - ok
16:56:56.0203 2160 ImmunetProtectDriver (edd0022dfca168a95b1dd1ad6dbb8ee2) C:\Windows\system32\DRIVERS\ImmunetProtect.sys
16:56:56.0205 2160 ImmunetProtectDriver - ok
16:56:56.0225 2160 ImmunetSelfProtectDriver (0730300c4088f28cf5d76da5868e4a88) C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
16:56:56.0226 2160 ImmunetSelfProtectDriver - ok
16:56:56.0457 2160 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
16:56:56.0458 2160 int15 - ok
16:56:56.0577 2160 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
16:56:56.0603 2160 IntcAzAudAddService - ok
16:56:56.0665 2160 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:56:56.0666 2160 intelide - ok
16:56:56.0681 2160 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:56:56.0682 2160 intelppm - ok
16:56:56.0742 2160 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:56.0744 2160 IpFilterDriver - ok
16:56:56.0756 2160 IpInIp - ok
16:56:56.0774 2160 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:56:56.0776 2160 IPMIDRV - ok
16:56:56.0793 2160 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:56:56.0795 2160 IPNAT - ok
16:56:56.0848 2160 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:56:56.0849 2160 IRENUM - ok
16:56:56.0983 2160 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:56:56.0985 2160 isapnp - ok
16:56:57.0042 2160 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:56:57.0046 2160 iScsiPrt - ok
16:56:57.0057 2160 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:56:57.0059 2160 iteatapi - ok
16:56:57.0100 2160 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:56:57.0101 2160 iteraid - ok
16:56:57.0116 2160 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:56:57.0117 2160 kbdclass - ok
16:56:57.0143 2160 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:56:57.0145 2160 kbdhid - ok
16:56:57.0183 2160 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
16:56:57.0191 2160 KSecDD - ok
16:56:57.0218 2160 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:56:57.0219 2160 ksthunk - ok
16:56:57.0271 2160 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:56:57.0272 2160 lltdio - ok
16:56:57.0299 2160 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:56:57.0301 2160 LSI_FC - ok
16:56:57.0318 2160 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:56:57.0320 2160 LSI_SAS - ok
16:56:57.0338 2160 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:56:57.0341 2160 LSI_SCSI - ok
16:56:57.0350 2160 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:56:57.0354 2160 luafv - ok
16:56:57.0403 2160 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:56:57.0404 2160 MBAMProtector - ok
16:56:57.0452 2160 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:56:57.0453 2160 megasas - ok
16:56:57.0480 2160 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:56:57.0489 2160 MegaSR - ok
16:56:57.0508 2160 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:56:57.0509 2160 Modem - ok
16:56:57.0558 2160 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:56:57.0559 2160 monitor - ok
16:56:57.0571 2160 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:56:57.0573 2160 mouclass - ok
16:56:57.0636 2160 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:56:57.0637 2160 mouhid - ok
16:56:57.0647 2160 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:56:57.0649 2160 MountMgr - ok
16:56:57.0683 2160 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:56:57.0685 2160 mpio - ok
16:56:57.0704 2160 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:56:57.0706 2160 mpsdrv - ok
16:56:57.0725 2160 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:56:57.0726 2160 Mraid35x - ok
16:56:57.0746 2160 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:56:57.0749 2160 MRxDAV - ok
16:56:57.0775 2160 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:57.0777 2160 mrxsmb - ok
16:56:57.0810 2160 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:57.0815 2160 mrxsmb10 - ok
16:56:57.0828 2160 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:57.0830 2160 mrxsmb20 - ok
16:56:57.0880 2160 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
16:56:57.0881 2160 msahci - ok
16:56:57.0903 2160 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:56:57.0905 2160 msdsm - ok
16:56:57.0929 2160 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:56:57.0931 2160 Msfs - ok
16:56:57.0944 2160 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:56:57.0946 2160 msisadrv - ok
16:56:57.0969 2160 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:56:57.0970 2160 MSKSSRV - ok
16:56:57.0988 2160 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:57.0989 2160 MSPCLOCK - ok
16:56:58.0033 2160 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:56:58.0034 2160 MSPQM - ok
16:56:58.0068 2160 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:56:58.0073 2160 MsRPC - ok
16:56:58.0092 2160 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:56:58.0094 2160 mssmbios - ok
16:56:58.0102 2160 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:56:58.0104 2160 MSTEE - ok
16:56:58.0121 2160 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:56:58.0122 2160 Mup - ok
16:56:58.0170 2160 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:56:58.0174 2160 NativeWifiP - ok
16:56:58.0231 2160 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:56:58.0236 2160 NDIS - ok
16:56:58.0257 2160 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:58.0258 2160 NdisTapi - ok
16:56:58.0276 2160 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:58.0278 2160 Ndisuio - ok
16:56:58.0313 2160 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:58.0316 2160 NdisWan - ok
16:56:58.0327 2160 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:56:58.0329 2160 NDProxy - ok
16:56:58.0345 2160 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:56:58.0347 2160 NetBIOS - ok
16:56:58.0381 2160 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:56:58.0385 2160 netbt - ok
16:56:58.0452 2160 netr28ux (c1c2bc12e315885fb26adf090d700a14) C:\Windows\system32\DRIVERS\netr28ux.sys
16:56:58.0470 2160 netr28ux - ok
16:56:58.0502 2160 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:56:58.0504 2160 nfrd960 - ok
16:56:58.0531 2160 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:56:58.0532 2160 Npfs - ok
16:56:58.0553 2160 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:56:58.0554 2160 nsiproxy - ok
16:56:58.0610 2160 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:56:58.0661 2160 Ntfs - ok
16:56:58.0701 2160 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
16:56:58.0702 2160 NTIDrvr - ok
16:56:58.0720 2160 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:56:58.0721 2160 Null - ok
16:56:58.0772 2160 NVENETFD (4fbdbfcb6fa19d808eeb799dcf90f472) C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:56:58.0777 2160 NVENETFD - ok
16:56:58.0818 2160 NVHDA (73b0abbca290a5709a193c3b6877d34e) C:\Windows\system32\drivers\nvhda64v.sys
16:56:58.0819 2160 NVHDA - ok
16:56:59.0059 2160 nvlddmkm (c47d6b7299ba80a210bcafa81ac978a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:56:59.0254 2160 nvlddmkm - ok
16:56:59.0313 2160 NVNET (4fbdbfcb6fa19d808eeb799dcf90f472) C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:56:59.0319 2160 NVNET - ok
16:56:59.0346 2160 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:56:59.0349 2160 nvraid - ok
16:56:59.0378 2160 nvsmu (61a59fb62864eb3f32d24985a505ce03) C:\Windows\system32\DRIVERS\nvsmu.sys
16:56:59.0379 2160 nvsmu - ok
16:56:59.0410 2160 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:56:59.0412 2160 nvstor - ok
16:56:59.0444 2160 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
16:56:59.0448 2160 nvstor64 - ok
16:56:59.0554 2160 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:56:59.0557 2160 nv_agp - ok
16:56:59.0580 2160 NwlnkFlt - ok
16:56:59.0591 2160 NwlnkFwd - ok
16:56:59.0648 2160 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
16:56:59.0650 2160 ohci1394 - ok
16:56:59.0674 2160 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:56:59.0677 2160 Parport - ok
16:56:59.0705 2160 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:56:59.0707 2160 partmgr - ok
16:56:59.0731 2160 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:56:59.0734 2160 pci - ok
16:56:59.0771 2160 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
16:56:59.0773 2160 pciide - ok
16:56:59.0801 2160 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:56:59.0806 2160 pcmcia - ok
16:56:59.0832 2160 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:56:59.0850 2160 PEAUTH - ok
16:56:59.0934 2160 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:56:59.0937 2160 PptpMiniport - ok
16:56:59.0953 2160 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:56:59.0955 2160 Processor - ok
16:57:00.0008 2160 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:57:00.0010 2160 PSched - ok
16:57:00.0045 2160 PSDFilter (e4f35efd9962a3c80365e029e5acbc92) C:\Windows\system32\DRIVERS\psdfilter.sys
16:57:00.0046 2160 PSDFilter - ok
16:57:00.0063 2160 PSDNServ (41031289856ab4c99a49218e6c4e9f46) C:\Windows\system32\DRIVERS\PSDNServ.sys
16:57:00.0064 2160 PSDNServ - ok
16:57:00.0083 2160 psdvdisk (c33fb61864c5096b0bf4b9dbc01bb5a9) C:\Windows\system32\DRIVERS\PSDVdisk.sys
16:57:00.0084 2160 psdvdisk - ok
16:57:00.0151 2160 PSINAflt (54d6ff8e88be3a7685a9727222ce70ef) C:\Windows\system32\DRIVERS\PSINAflt.sys
16:57:00.0154 2160 PSINAflt - ok
16:57:00.0192 2160 PSINFile (766d87ad1ed444ad5165ffc41f105e01) C:\Windows\system32\DRIVERS\PSINFile.sys
16:57:00.0194 2160 PSINFile - ok
16:57:00.0237 2160 PSINKNC (ea2999d1625874bda628bfb60bc75976) C:\Windows\system32\DRIVERS\psinknc.sys
16:57:00.0239 2160 PSINKNC - ok
16:57:00.0269 2160 PSINProc (fc22ae51a4843921775120af3b7b3588) C:\Windows\system32\DRIVERS\PSINProc.sys
16:57:00.0272 2160 PSINProc - ok
16:57:00.0300 2160 PSINProt (71552a56421e4fda405e27f724ae1b70) C:\Windows\system32\DRIVERS\PSINProt.sys
16:57:00.0302 2160 PSINProt - ok
16:57:00.0355 2160 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:57:00.0383 2160 ql2300 - ok
16:57:00.0415 2160 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:57:00.0417 2160 ql40xx - ok
16:57:00.0443 2160 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:57:00.0444 2160 QWAVEdrv - ok
16:57:00.0456 2160 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:57:00.0458 2160 RasAcd - ok
16:57:00.0509 2160 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:57:00.0512 2160 Rasl2tp - ok
16:57:00.0554 2160 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:57:00.0555 2160 RasPppoe - ok
16:57:00.0575 2160 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:57:00.0577 2160 RasSstp - ok
16:57:00.0613 2160 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:57:00.0618 2160 rdbss - ok
16:57:00.0654 2160 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:57:00.0655 2160 RDPCDD - ok
16:57:00.0690 2160 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:57:00.0694 2160 rdpdr - ok
16:57:00.0710 2160 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:57:00.0711 2160 RDPENCDD - ok
16:57:00.0751 2160 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:57:00.0755 2160 RDPWD - ok
16:57:00.0805 2160 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:57:00.0807 2160 rspndr - ok
16:57:00.0826 2160 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:57:00.0828 2160 sbp2port - ok
16:57:00.0863 2160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:57:00.0865 2160 secdrv - ok
16:57:00.0894 2160 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:57:00.0895 2160 Serenum - ok
16:57:00.0911 2160 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:57:00.0913 2160 Serial - ok
16:57:00.0938 2160 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:57:00.0940 2160 sermouse - ok
16:57:00.0968 2160 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:57:00.0969 2160 sffdisk - ok
16:57:00.0983 2160 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:57:00.0985 2160 sffp_mmc - ok
16:57:01.0003 2160 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:57:01.0004 2160 sffp_sd - ok
16:57:01.0021 2160 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:57:01.0022 2160 sfloppy - ok
16:57:01.0049 2160 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:57:01.0050 2160 SiSRaid2 - ok
16:57:01.0066 2160 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:57:01.0068 2160 SiSRaid4 - ok
16:57:01.0099 2160 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:57:01.0101 2160 Smb - ok
16:57:01.0138 2160 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:57:01.0139 2160 spldr - ok
16:57:01.0173 2160 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:57:01.0182 2160 srv - ok
16:57:01.0215 2160 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:57:01.0218 2160 srv2 - ok
16:57:01.0234 2160 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:57:01.0237 2160 srvnet - ok
16:57:01.0296 2160 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:57:01.0297 2160 swenum - ok
16:57:01.0320 2160 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:57:01.0322 2160 Symc8xx - ok
16:57:01.0340 2160 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:57:01.0342 2160 Sym_hi - ok
16:57:01.0355 2160 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:57:01.0356 2160 Sym_u3 - ok
16:57:01.0464 2160 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
16:57:01.0490 2160 Tcpip - ok
16:57:01.0563 2160 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
16:57:01.0571 2160 Tcpip6 - ok
16:57:01.0598 2160 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:57:01.0600 2160 tcpipreg - ok
16:57:01.0637 2160 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:57:01.0638 2160 TDPIPE - ok
16:57:01.0659 2160 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:57:01.0661 2160 TDTCP - ok
16:57:01.0686 2160 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:57:01.0687 2160 tdx - ok
16:57:01.0710 2160 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:57:01.0712 2160 TermDD - ok
16:57:01.0777 2160 Trufos (110ebba2290fd37f8c0e7f68623ed50c) C:\Windows\system32\DRIVERS\Trufos.sys
16:57:01.0781 2160 Trufos - ok
16:57:01.0821 2160 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:57:01.0822 2160 tssecsrv - ok
16:57:01.0845 2160 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:57:01.0846 2160 tunmp - ok
16:57:01.0860 2160 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
16:57:01.0861 2160 tunnel - ok
16:57:01.0880 2160 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:57:01.0882 2160 uagp35 - ok
16:57:01.0901 2160 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
16:57:01.0902 2160 UBHelper - ok
16:57:01.0944 2160 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:57:01.0949 2160 udfs - ok
16:57:01.0981 2160 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:57:01.0983 2160 uliagpkx - ok
16:57:02.0020 2160 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:57:02.0025 2160 uliahci - ok
16:57:02.0047 2160 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:57:02.0050 2160 UlSata - ok
16:57:02.0074 2160 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:57:02.0077 2160 ulsata2 - ok
16:57:02.0099 2160 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:57:02.0100 2160 umbus - ok
16:57:02.0143 2160 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
16:57:02.0144 2160 UMPass - ok
16:57:02.0172 2160 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:57:02.0175 2160 usbccgp - ok
16:57:02.0195 2160 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:57:02.0197 2160 usbcir - ok
16:57:02.0236 2160 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:57:02.0238 2160 usbehci - ok
16:57:02.0271 2160 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:57:02.0276 2160 usbhub - ok
16:57:02.0291 2160 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
16:57:02.0292 2160 usbohci - ok
16:57:02.0318 2160 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
16:57:02.0320 2160 usbprint - ok
16:57:02.0349 2160 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:57:02.0351 2160 USBSTOR - ok
16:57:02.0377 2160 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:57:02.0379 2160 usbuhci - ok
16:57:02.0423 2160 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:57:02.0425 2160 vga - ok
16:57:02.0444 2160 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:57:02.0445 2160 VgaSave - ok
16:57:02.0467 2160 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:57:02.0468 2160 viaide - ok
16:57:02.0501 2160 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:57:02.0503 2160 volmgr - ok
16:57:02.0541 2160 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:57:02.0547 2160 volmgrx - ok
16:57:02.0583 2160 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:57:02.0588 2160 volsnap - ok
16:57:02.0614 2160 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:57:02.0617 2160 vsmraid - ok
16:57:02.0643 2160 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:57:02.0644 2160 WacomPen - ok
16:57:02.0696 2160 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:02.0698 2160 Wanarp - ok
16:57:02.0704 2160 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:57:02.0705 2160 Wanarpv6 - ok
16:57:02.0728 2160 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:57:02.0730 2160 Wd - ok
16:57:02.0760 2160 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:57:02.0777 2160 Wdf01000 - ok
16:57:02.0835 2160 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:57:02.0837 2160 WmiAcpi - ok
16:57:02.0897 2160 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:57:02.0899 2160 WpdUsb - ok
16:57:02.0927 2160 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:57:02.0928 2160 ws2ifsl - ok
16:57:02.0982 2160 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:57:02.0985 2160 WUDFRd - ok
16:57:03.0027 2160 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
16:57:03.0653 2160 \Device\Harddisk0\DR0 - ok
16:57:03.0667 2160 Boot (0x1200) (5aeabd846252594b6047d0aa0a7ea8db) \Device\Harddisk0\DR0\Partition0
16:57:03.0668 2160 \Device\Harddisk0\DR0\Partition0 - ok
16:57:03.0686 2160 Boot (0x1200) (a83c397280dafa2170148803f2d745be) \Device\Harddisk0\DR0\Partition1
16:57:03.0688 2160 \Device\Harddisk0\DR0\Partition1 - ok
16:57:03.0688 2160 ============================================================
16:57:03.0688 2160 Scan finished
16:57:03.0688 2160 ============================================================
16:57:03.0700 4568 Detected object count: 0
16:57:03.0701 4568 Actual detected object count: 0

Edited by fishngrega, 03 January 2012 - 04:59 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 03 January 2012 - 05:10 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 fishngrega

fishngrega
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 04 January 2012 - 09:30 AM

here's the log

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-04 09:28:59
-----------------------------
09:28:59.105 OS Version: Windows x64 6.0.6002 Service Pack 2
09:28:59.105 Number of processors: 2 586 0x6B02
09:28:59.105 ComputerName: BARN-PC UserName: Barn
09:29:00.252 Initialize success
09:29:23.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
09:29:23.555 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
09:29:23.573 Disk 0 MBR read successfully
09:29:23.578 Disk 0 MBR scan
09:29:23.582 Disk 0 unknown MBR code
09:29:23.589 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18944 MB offset 2048
09:29:23.604 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143143 MB offset 38799360
09:29:23.632 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143156 MB offset 331956224
09:29:23.639 Service scanning
09:29:24.883 Modules scanning
09:29:24.890 Disk 0 trace - called modules:
09:29:24.914 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
09:29:24.922 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004acd210]
09:29:24.929 3 CLASSPNP.SYS[fffffa6000dc4c33] -> nt!IofCallDriver -> [0xfffffa8004763930]
09:29:24.937 5 acpi.sys[fffffa60008f2fde] -> nt!IofCallDriver -> \Device\00000054[0xfffffa8003df9060]
09:29:24.946 Scan finished successfully
09:29:37.524 Disk 0 MBR has been saved successfully to "C:\Users\Barn\Desktop\MBR.dat"
09:29:37.533 The log file has been saved successfully to "C:\Users\Barn\Desktop\aswMBR.txt"

Attached Files


Edited by gringo_pr, 04 January 2012 - 01:09 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 04 January 2012 - 01:10 PM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 fishngrega

fishngrega
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 04 January 2012 - 02:52 PM

new log, said nothing about having an infection...

Attached Files


Edited by fishngrega, 04 January 2012 - 02:52 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 04 January 2012 - 03:47 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 fishngrega

fishngrega
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 04 January 2012 - 04:21 PM

OTL logfile created on: 1/4/2012 3:55:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Barn\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.41% Memory free
7.71 Gb Paging File | 6.03 Gb Available in Paging File | 78.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.79 Gb Total Space | 71.60 Gb Free Space | 51.22% Space Free | Partition Type: NTFS
Drive D: | 139.80 Gb Total Space | 116.36 Gb Free Space | 83.23% Space Free | Partition Type: NTFS

Computer Name: BARN-PC | User Name: Barn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Barn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ImmunetProtectDriver) -- C:\Windows\SysNative\DRIVERS\ImmunetProtect.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ImmunetSelfProtectDriver) -- C:\Windows\SysNative\DRIVERS\ImmunetSelfProtect.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\DRIVERS\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\DRIVERS\psinknc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\DRIVERS\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\DRIVERS\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\DRIVERS\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (Trufos) -- C:\Windows\SysNative\DRIVERS\Trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-56181357-331610374-522509354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-56181357-331610374-522509354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-56181357-331610374-522509354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.marine-rescue.com/
IE - HKU\S-1-5-21-56181357-331610374-522509354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-56181357-331610374-522509354-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-56181357-331610374-522509354-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-56181357-331610374-522509354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/11/14 09:23:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/11/14 15:01:29 | 000,000,000 | ---D | M]

[2011/03/02 16:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barn\AppData\Roaming\Mozilla\Extensions
[2011/12/28 12:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\extensions
[2011/08/11 13:47:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 09:46:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/28 12:42:19 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/12/28 12:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/12/28 12:42:19 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Barn\AppData\Roaming\Mozilla\Firefox\Profiles\9zx44s10.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}

O1 HOSTS File: ([2012/01/03 15:51:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKU\S-1-5-21-56181357-331610374-522509354-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-56181357-331610374-522509354-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-56181357-331610374-522509354-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-56181357-331610374-522509354-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-56181357-331610374-522509354-1001..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-56181357-331610374-522509354-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-56181357-331610374-522509354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-56181357-331610374-522509354-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D65BD27C-D6C5-4FCD-BADE-95DA6CC5A0A9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Barn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Barn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 15:54:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Barn\Desktop\OTL.exe
[2012/01/04 09:57:46 | 000,000,000 | ---D | C] -- C:\Users\Barn\Desktop\2012 TYR IMAGES
[2012/01/04 09:28:34 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Barn\Desktop\aswMBR.exe
[2012/01/03 15:56:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/03 15:56:00 | 000,000,000 | ---D | C] -- C:\Users\Barn\AppData\Local\temp
[2012/01/03 15:51:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/03 15:30:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/03 15:30:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/03 15:30:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/03 15:30:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/03 15:30:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/03 11:25:19 | 000,000,000 | ---D | C] -- C:\Users\Barn\AppData\Roaming\Panda Security
[2012/01/03 11:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2012/01/03 09:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/28 12:57:56 | 000,000,000 | ---D | C] -- C:\Users\Barn\Desktop\virus
[2011/12/28 12:46:39 | 000,000,000 | ---D | C] -- C:\Users\Barn\Desktop\memory card files
[2011/12/28 12:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/12/28 12:42:26 | 000,000,000 | ---D | C] -- C:\Users\Barn\AppData\Local\panda2_0dn
[2011/12/28 12:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2011/12/28 12:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/12/28 12:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/12/28 10:20:33 | 000,000,000 | ---D | C] -- C:\Users\Barn\AppData\Local\Comodo
[2011/12/28 10:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2011/12/28 10:19:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011/12/28 10:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/12/28 10:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/12/28 10:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2011/12/27 14:56:08 | 000,000,000 | ---D | C] -- C:\Users\Barn\AppData\Local\MigWiz
[2011/12/22 12:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/22 12:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/22 09:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware(7)
[2011/12/21 16:17:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/20 10:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/12/20 10:54:14 | 002,088,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcplui.exe
[2011/12/20 10:54:14 | 001,071,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpluir.dll
[2011/12/20 10:54:14 | 000,410,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.cpl
[2011/12/20 10:54:14 | 000,388,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvexpbar.dll
[2011/12/20 10:44:33 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/12/16 09:12:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 09:12:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 09:12:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 09:12:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 09:12:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 09:12:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 09:12:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/16 09:12:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/16 09:12:39 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/16 09:12:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/16 09:12:35 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 14:02:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 14:01:50 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 14:01:49 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/06 15:21:47 | 000,000,000 | ---D | C] -- C:\Users\Barn\Desktop\GIL 12' BROCHURE
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 15:54:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barn\Desktop\OTL.exe
[2012/01/04 14:49:15 | 000,721,836 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 14:49:15 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 14:49:15 | 000,121,786 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/04 14:43:59 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/04 14:43:58 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/04 14:43:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/01/04 14:43:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 14:43:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 14:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 14:39:25 | 000,000,512 | ---- | M] () -- C:\Users\Barn\Desktop\MBR.dat
[2012/01/04 09:28:45 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Barn\Desktop\aswMBR.exe
[2012/01/03 16:53:26 | 000,042,604 | ---- | M] () -- C:\Users\Barn\Desktop\error.JPG
[2012/01/03 16:26:06 | 000,000,768 | ---- | M] () -- C:\Windows\SysWow64\FOXUSER.FPT
[2012/01/03 15:51:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/03 15:16:13 | 000,000,976 | ---- | M] () -- C:\Users\Barn\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/03 12:11:11 | 000,328,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/03 11:49:44 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/03 11:36:45 | 000,000,732 | ---- | M] () -- C:\Users\Barn\AppData\Local\d3d9caps64.dat
[2012/01/03 11:24:23 | 000,000,276 | ---- | M] () -- C:\Windows\SysNative\PSUNCpl.dat
[2012/01/03 11:20:37 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 12:14:39 | 000,000,000 | ---- | M] () -- C:\Users\Barn\defogger_reenable
[2011/12/27 15:50:24 | 000,000,680 | ---- | M] () -- C:\Users\Barn\AppData\Local\d3d9caps.dat
[2011/12/22 09:03:49 | 000,012,506 | -HS- | M] () -- C:\Users\Barn\AppData\Local\f8gc21v4jh6geb
[2011/12/22 09:03:49 | 000,012,506 | -HS- | M] () -- C:\ProgramData\f8gc21v4jh6geb
[2011/12/21 15:43:51 | 000,030,720 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2011/12/21 13:17:57 | 607,318,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/21 12:30:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 09:29:37 | 000,000,512 | ---- | C] () -- C:\Users\Barn\Desktop\MBR.dat
[2012/01/03 16:53:24 | 000,042,604 | ---- | C] () -- C:\Users\Barn\Desktop\error.JPG
[2012/01/03 15:30:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/03 15:30:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/03 15:30:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/03 15:30:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/03 15:30:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/03 12:24:30 | 000,000,976 | ---- | C] () -- C:\Users\Barn\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/03 11:49:44 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/03 11:24:23 | 000,000,276 | ---- | C] () -- C:\Windows\SysNative\PSUNCpl.dat
[2012/01/03 11:20:37 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 12:14:39 | 000,000,000 | ---- | C] () -- C:\Users\Barn\defogger_reenable
[2011/12/27 09:35:21 | 000,000,680 | ---- | C] () -- C:\Users\Barn\AppData\Local\d3d9caps.dat
[2011/12/21 15:31:38 | 000,012,506 | -HS- | C] () -- C:\Users\Barn\AppData\Local\f8gc21v4jh6geb
[2011/12/21 15:31:38 | 000,012,506 | -HS- | C] () -- C:\ProgramData\f8gc21v4jh6geb
[2011/12/21 12:30:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/20 11:13:25 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/12/20 11:13:25 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/03 11:28:43 | 000,000,732 | ---- | C] () -- C:\Users\Barn\AppData\Local\d3d9caps64.dat
[2011/06/23 07:50:06 | 000,000,190 | ---- | C] () -- C:\Users\Barn\AppData\Roaming\wklnhst.dat
[2011/03/16 08:34:57 | 000,004,608 | ---- | C] () -- C:\Users\Barn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 10:19:21 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/02/28 10:19:21 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/28 09:46:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/25 01:42:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/02/25 01:42:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/02/25 01:42:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/02/25 01:42:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/04/30 16:01:10 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/04/30 16:01:10 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/04/30 15:17:41 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/06/14 14:16:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AnexMC.dll
[2002/01/11 01:48:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ANXFTPRO.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 04 January 2012 - 04:36 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
    O4 - HKU\S-1-5-21-56181357-331610374-522509354-1001..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O18:64bit: - Protocol\Handler\belarc - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    [2011/12/22 09:03:49 | 000,012,506 | -HS- | M] () -- C:\Users\Barn\AppData\Local\f8gc21v4jh6geb
    [2011/12/22 09:03:49 | 000,012,506 | -HS- | M] () -- C:\ProgramData\f8gc21v4jh6geb
    [2011/12/21 15:31:38 | 000,012,506 | -HS- | C] () -- C:\Users\Barn\AppData\Local\f8gc21v4jh6geb
    [2011/12/21 15:31:38 | 000,012,506 | -HS- | C] () -- C:\ProgramData\f8gc21v4jh6geb
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 fishngrega

fishngrega
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 04 January 2012 - 05:02 PM

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EmpoweringTechnology deleted successfully.
Registry value HKEY_USERS\S-1-5-21-56181357-331610374-522509354-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\RUN deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
C:\Users\Barn\AppData\Local\f8gc21v4jh6geb moved successfully.
C:\ProgramData\f8gc21v4jh6geb moved successfully.
File C:\Users\Barn\AppData\Local\f8gc21v4jh6geb not found.
File C:\ProgramData\f8gc21v4jh6geb not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Barn\Desktop\cmd.bat deleted successfully.
C:\Users\Barn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Barn
->Temp folder emptied: 34616 bytes
->Temporary Internet Files folder emptied: 6221858 bytes
->Java cache emptied: 31663593 bytes
->FireFox cache emptied: 248072743 bytes
->Flash cache emptied: 60704 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 24011 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17465143 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78374 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 169614378 bytes

Total Files Cleaned = 451.00 mb


[EMPTYJAVA]

User: All Users

User: Barn
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Barn
->Flash cache emptied: 456 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_164407

Files\Folders moved on Reboot...
C:\Users\Barn\AppData\Local\Mozilla\Firefox\Profiles\9zx44s10.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Barn\AppData\Local\Mozilla\Firefox\Profiles\9zx44s10.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Barn\AppData\Local\Mozilla\Firefox\Profiles\9zx44s10.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Barn\AppData\Local\Mozilla\Firefox\Profiles\9zx44s10.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Barn\AppData\Local\Mozilla\Firefox\Profiles\9zx44s10.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Barn\AppData\Local\Mozilla\Firefox\Profiles\9zx44s10.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 04 January 2012 - 05:48 PM

How are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users