Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got some problems


  • This topic is locked This topic is locked
28 replies to this topic

#1 Justin B.

Justin B.

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 09 January 2012 - 10:53 AM

Ok so I clicked on something I shouldn't have and not I have been infected by something. I get strange music or news playing at times. I cannot change my firewall settings. I use Microsoft Security Essentials and that will scan the files and says it found something but when it gets done scanning it drops back to it's main page as if I have not started the scan. GMER crashes so I cannot post a log from that. Below I have done what I can and posted a DDS and attached the attach files. Let me know what else I can do. Thanks in advance, I really appreciate all the help you people give.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Justin at 7:06:07 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.1065 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Soluto\soluto.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Aerofoil\Aerofoil.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\EPC\Toolbar\EPSIBar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\GRVSA.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
C:\Program Files\Droid Explorer\SDK\tools\adb.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\program files\digital line detect\dlg.exe
C:\Program Files\VMware\VMware Player\vmware-ufad.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\justin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Livedrive] "c:\program files\livedrive\Livedrive.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\users\justin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\justin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aerofoil.lnk - c:\program files\aerofoil\Aerofoil.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\epsito~1.lnk - c:\epc\toolbar\EPSIBar.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.15.1 8.8.4.4
TCP: Interfaces\{16DD62EF-8C84-439C-8184-20812BCA7FDD} : DhcpNameServer = 192.168.77.254
TCP: Interfaces\{17B42FC3-E177-490D-B39B-9A40278E6B66} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{7AB12650-3475-4F43-8262-49635B2FF679} : NameServer = 208.67.222.222,208.67.222.123
TCP: Interfaces\{7AB12650-3475-4F43-8262-49635B2FF679} : DhcpNameServer = 192.168.15.1 8.8.4.4
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309} : NameServer = 208.67.222.222,208.67.222.123
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}\34963736F60363331393 : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}\34963736F60363331393 : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}\4646D2772747 : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}\742514E44405F4F4241484 : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}\742514E44405F4F4241484 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C346C692-8AE3-4069-8522-37F9F4B640A8} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{C766B7A0-39E9-4B87-9C8F-E67ECC1C7D00} : DhcpNameServer = 192.168.77.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\justin\appdata\roaming\mozilla\firefox\profiles\lr3j76yx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\users\justin\appdata\roaming\mozilla\firefox\profiles\lr3j76yx.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\npackd\com.oracle.jre-1.6.0.24\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\users\justin\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\justin\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\justin\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\justin\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-6-3 40368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-25 64512]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-12-13 51144]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2011-10-16 146904]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R1 MpKsl2c6e926c;MpKsl2c6e926c;c:\programdata\microsoft\microsoft antimalware\definition updates\{a96adced-c49e-409d-92ab-9a7d20706c47}\MpKsl2c6e926c.sys [2012-1-8 29904]
R1 MpKsldc057236;MpKsldc057236;c:\programdata\microsoft\microsoft antimalware\definition updates\{a96adced-c49e-409d-92ab-9a7d20706c47}\MpKsldc057236.sys [2012-1-9 29904]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-6 30024]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-4-29 26112]
S3 cpuz132;cpuz132;c:\users\justin\appdata\local\temp\cpuz132\cpuz132_x32.sys [2012-1-8 17056]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-8-17 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-8-17 8456]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-8-18 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-8-18 11104]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2012-01-09 14:37:34 818 ----a-w- c:\programdata\bxftaaa.tmp
2012-01-09 14:31:53 820 ----a-w- c:\programdata\odhddaa.tmp
2012-01-09 14:31:16 872 ----a-w- c:\programdata\ywftaaa.tmp
2012-01-09 14:31:13 842 ----a-w- c:\programdata\sdhddaa.tmp
2012-01-09 14:31:08 860 ----a-w- c:\programdata\rdhddaa.tmp
2012-01-09 14:31:03 807 ----a-w- c:\programdata\qdhddaa.tmp
2012-01-09 14:30:58 855 ----a-w- c:\programdata\pdhddaa.tmp
2012-01-09 14:30:24 826 ----a-w- c:\programdata\aktybaa.tmp
2012-01-09 14:30:17 846 ----a-w- c:\programdata\szhpbaa.tmp
2012-01-09 14:30:14 816 ----a-w- c:\programdata\wpfoaaa.tmp
2012-01-09 14:29:44 882 ----a-w- c:\programdata\ektybaa.tmp
2012-01-09 14:29:39 812 ----a-w- c:\programdata\dktybaa.tmp
2012-01-09 14:29:37 844 ----a-w- c:\programdata\wzhpbaa.tmp
2012-01-09 14:29:34 860 ----a-w- c:\programdata\cktybaa.tmp
2012-01-09 14:29:34 848 ----a-w- c:\programdata\aqfoaaa.tmp
2012-01-09 14:29:32 852 ----a-w- c:\programdata\vzhpbaa.tmp
2012-01-09 14:29:29 825 ----a-w- c:\programdata\bktybaa.tmp
2012-01-09 14:29:29 815 ----a-w- c:\programdata\zpfoaaa.tmp
2012-01-09 14:29:27 854 ----a-w- c:\programdata\uzhpbaa.tmp
2012-01-09 14:29:25 823 ----a-w- c:\programdata\ypfoaaa.tmp
2012-01-09 14:29:22 827 ----a-w- c:\programdata\tzhpbaa.tmp
2012-01-09 14:29:20 799 ----a-w- c:\programdata\xpfoaaa.tmp
2012-01-09 14:24:52 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a96adced-c49e-409d-92ab-9a7d20706c47}\MpKsldc057236.sys
2012-01-09 14:24:50 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a96adced-c49e-409d-92ab-9a7d20706c47}\offreg.dll
2012-01-09 05:29:52 834 ----a-w- c:\programdata\acnzbaa.tmp
2012-01-09 05:22:01 829 ----a-w- c:\programdata\cpcoaaa.tmp
2012-01-09 05:07:41 822 ----a-w- c:\programdata\czmvaaa.tmp
2012-01-09 05:00:50 861 ----a-w- c:\programdata\kduvbaa.tmp
2012-01-09 05:00:48 838 ----a-w- c:\programdata\qoqlbaa.tmp
2012-01-09 05:00:28 799 ----a-w- c:\programdata\moqlbaa.tmp
2012-01-09 05:00:18 802 ----a-w- c:\programdata\yymvaaa.tmp
2012-01-09 05:00:10 874 ----a-w- c:\programdata\oduvbaa.tmp
2012-01-09 05:00:05 874 ----a-w- c:\programdata\nduvbaa.tmp
2012-01-09 05:00:00 856 ----a-w- c:\programdata\mduvbaa.tmp
2012-01-09 04:59:55 831 ----a-w- c:\programdata\lduvbaa.tmp
2012-01-09 04:59:51 849 ----a-w- c:\programdata\ecnzbaa.tmp
2012-01-09 04:59:46 857 ----a-w- c:\programdata\dcnzbaa.tmp
2012-01-09 04:59:43 857 ----a-w- c:\programdata\poqlbaa.tmp
2012-01-09 04:59:41 806 ----a-w- c:\programdata\ccnzbaa.tmp
2012-01-09 04:59:36 858 ----a-w- c:\programdata\bcnzbaa.tmp
2012-01-09 04:59:33 877 ----a-w- c:\programdata\noqlbaa.tmp
2012-01-09 04:59:33 826 ----a-w- c:\programdata\bzmvaaa.tmp
2012-01-09 04:59:28 844 ----a-w- c:\programdata\azmvaaa.tmp
2012-01-09 04:59:23 814 ----a-w- c:\programdata\zymvaaa.tmp
2012-01-09 04:54:51 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a96adced-c49e-409d-92ab-9a7d20706c47}\MpKsl2c6e926c.sys
2012-01-09 04:49:50 826 ----a-w- c:\programdata\kfbybaa.tmp
2012-01-09 04:48:02 840 ----a-w- c:\programdata\aekoaaa.tmp
2012-01-09 04:39:19 793 ----a-w- c:\programdata\ikxxsaa.tmp
2012-01-09 04:37:44 812 ----a-w- c:\programdata\cekoaaa.tmp
2012-01-09 04:35:56 833 ----a-w- c:\programdata\ylntaaa.tmp
2012-01-09 04:34:57 843 ----a-w- c:\programdata\isgibaa.tmp
2012-01-09 04:34:45 869 ----a-w- c:\programdata\xlntaaa.tmp
2012-01-09 04:29:54 803 ----a-w- c:\programdata\onkrbaa.tmp
2012-01-09 04:22:51 822 ----a-w- c:\programdata\esgibaa.tmp
2012-01-09 04:20:52 844 ----a-w- c:\programdata\amntaaa.tmp
2012-01-09 04:20:47 889 ----a-w- c:\programdata\snkrbaa.tmp
2012-01-09 04:20:47 848 ----a-w- c:\programdata\pnkrbaa.tmp
2012-01-09 04:19:55 838 ----a-w- c:\programdata\bekoaaa.tmp
2012-01-09 04:19:55 828 ----a-w- c:\programdata\eekoaaa.tmp
2012-01-09 04:16:31 821 ----a-w- c:\programdata\mkxxsaa.tmp
2012-01-09 04:16:26 848 ----a-w- c:\programdata\lkxxsaa.tmp
2012-01-09 04:16:21 858 ----a-w- c:\programdata\kkxxsaa.tmp
2012-01-09 04:16:16 825 ----a-w- c:\programdata\jkxxsaa.tmp
2012-01-09 04:15:49 853 ----a-w- c:\programdata\zlntaaa.tmp
2012-01-09 04:15:37 850 ----a-w- c:\programdata\qnkrbaa.tmp
2012-01-09 04:14:49 806 ----a-w- c:\programdata\fsgibaa.tmp
2012-01-09 04:13:37 845 ----a-w- c:\programdata\rnkrbaa.tmp
2012-01-09 04:13:37 826 ----a-w- c:\programdata\lfbybaa.tmp
2012-01-09 04:12:49 799 ----a-w- c:\programdata\wlntaaa.tmp
2012-01-09 04:12:44 850 ----a-w- c:\programdata\hsgibaa.tmp
2012-01-09 02:03:55 822 ----a-w- c:\programdata\uduetaa.tmp
2012-01-09 02:03:46 812 ----a-w- c:\programdata\sduetaa.tmp
2012-01-09 02:03:06 828 ----a-w- c:\programdata\wduetaa.tmp
2012-01-09 02:03:01 802 ----a-w- c:\programdata\vduetaa.tmp
2012-01-09 02:02:51 801 ----a-w- c:\programdata\tduetaa.tmp
2012-01-08 23:49:31 848 ----a-w- c:\programdata\nfbybaa.tmp
2012-01-08 19:28:35 815 ----a-w- c:\programdata\ofbybaa.tmp
2012-01-08 18:24:05 806 ----a-w- c:\programdata\mfbybaa.tmp
2012-01-08 18:23:31 819 ----a-w- c:\programdata\dekoaaa.tmp
2012-01-08 18:23:25 856 ----a-w- c:\programdata\gsgibaa.tmp
2012-01-08 15:23:05 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a96adced-c49e-409d-92ab-9a7d20706c47}\mpengine.dll
2012-01-08 09:14:02 838 ----a-w- c:\programdata\spooeaa.tmp
2012-01-08 09:06:22 834 ----a-w- c:\programdata\wpooeaa.tmp
2012-01-08 09:06:17 851 ----a-w- c:\programdata\vpooeaa.tmp
2012-01-08 09:06:12 804 ----a-w- c:\programdata\upooeaa.tmp
2012-01-08 09:06:07 880 ----a-w- c:\programdata\tpooeaa.tmp
2012-01-08 07:50:52 850 ----a-w- c:\programdata\ecjjcaa.tmp
2012-01-08 07:36:43 839 ----a-w- c:\programdata\axftaaa.tmp
2012-01-08 07:22:31 812 ----a-w- c:\programdata\dcjjcaa.tmp
2012-01-08 06:34:07 844 ----a-w- c:\programdata\bcjjcaa.tmp
2012-01-08 06:22:41 892 ----a-w- c:\programdata\pibcdaa.tmp
2012-01-08 06:16:37 842 ----a-w- c:\programdata\kdqdhaa.tmp
2012-01-08 06:15:57 844 ----a-w- c:\programdata\odqdhaa.tmp
2012-01-08 06:15:47 861 ----a-w- c:\programdata\mdqdhaa.tmp
2012-01-08 06:15:42 839 ----a-w- c:\programdata\ldqdhaa.tmp
2012-01-08 05:33:15 849 ----a-w- c:\programdata\gntcdaa.tmp
2012-01-08 05:11:45 775 ----a-w- c:\programdata\cxftaaa.tmp
2012-01-08 04:45:27 822 ----a-w- c:\programdata\mibcdaa.tmp
2012-01-08 04:44:47 853 ----a-w- c:\programdata\qibcdaa.tmp
2012-01-08 04:44:37 834 ----a-w- c:\programdata\oibcdaa.tmp
2012-01-08 04:44:32 826 ----a-w- c:\programdata\nibcdaa.tmp
2012-01-08 04:43:29 834 ----a-w- c:\programdata\cntcdaa.tmp
2012-01-08 04:43:19 802 ----a-w- c:\programdata\acjjcaa.tmp
2012-01-08 04:42:44 803 ----a-w- c:\programdata\fntcdaa.tmp
2012-01-08 04:42:39 835 ----a-w- c:\programdata\entcdaa.tmp
2012-01-08 04:42:34 896 ----a-w- c:\programdata\dntcdaa.tmp
2012-01-08 04:42:34 828 ----a-w- c:\programdata\gpcoaaa.tmp
2012-01-08 04:42:29 865 ----a-w- c:\programdata\fpcoaaa.tmp
2012-01-08 04:42:29 832 ----a-w- c:\programdata\ccjjcaa.tmp
2012-01-08 04:41:24 869 ----a-w- c:\programdata\epcoaaa.tmp
2012-01-08 04:41:20 793 ----a-w- c:\programdata\dpcoaaa.tmp
2012-01-08 04:41:16 822 ----a-w- c:\programdata\zwftaaa.tmp
2012-01-08 01:02:42 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-08 01:02:42 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-08 01:02:42 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-08 01:02:41 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-15 11:03:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 02:02:17 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 02:01:30 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:01:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:01:22 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 02:01:21 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 01:56:08 -------- d-----w- c:\users\justin\appdata\roaming\Soluto
2011-12-13 16:54:17 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-12-13 16:54:08 -------- d-----w- c:\program files\Soluto
2011-12-13 16:52:22 -------- d-----w- c:\programdata\Soluto
.
==================== Find3M ====================
.
2012-01-08 01:04:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-25 14:22:38 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 7:11:15.08 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 10 January 2012 - 12:18 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Justin B.

Justin B.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 10 January 2012 - 10:07 AM

Hey Gringo,

Thanks for the reply. Disabled Microsoft Security Essentials as directed and then I downloaded combofix. Combofix never stops running, I let it go last night for about 7 hours and it just stayed at the screen where it says: Scanning for infected files... This doesn't take more than 10 minutes however scan times for badly infected machines can easily double. I just gave it another try letting it run for an hour after I removed Ad-aware as I wasn't sure it was totally disabled and still no go. I am also getting some browser redirects. Other than that, I would say my start times for the computer have increased and coming out of sleep mode produced the blue screen of death once, and I got a pop-up window saying my recycle bin was corrupt and asking if it could be deleted. Is there anything else I can try?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 10 January 2012 - 12:14 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Justin B.

Justin B.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 10 January 2012 - 12:40 PM

Ok I ran Tdsskiller it detected 2 things 1 was a possible and one was an infection. The infection was 'cured' and the possible was skipped. I hit the reboot button and copied the log file and will paste it down below. I still had a pop-up about the recycling bin being corrupt when I rebooted. I have not played around to see if there are other problems popping up. I am a little afraid to use it other than for fixing this.


09:32:32.0784 5832 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
09:32:33.0384 5832 ============================================================
09:32:33.0384 5832 Current date / time: 2012/01/10 09:32:33.0384
09:32:33.0384 5832 SystemInfo:
09:32:33.0384 5832
09:32:33.0385 5832 OS Version: 6.1.7601 ServicePack: 1.0
09:32:33.0385 5832 Product type: Workstation
09:32:33.0385 5832 ComputerName: DIABLO
09:32:33.0385 5832 UserName: Justin
09:32:33.0385 5832 Windows directory: C:\Windows
09:32:33.0385 5832 System windows directory: C:\Windows
09:32:33.0385 5832 Processor architecture: Intel x86
09:32:33.0385 5832 Number of processors: 2
09:32:33.0385 5832 Page size: 0x1000
09:32:33.0386 5832 Boot type: Normal boot
09:32:33.0386 5832 ============================================================
09:32:35.0747 5832 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
09:32:35.0913 5832 Initialize success
09:32:38.0713 5160 ============================================================
09:32:38.0713 5160 Scan started
09:32:38.0713 5160 Mode: Manual;
09:32:38.0713 5160 ============================================================
09:32:40.0552 5160 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:32:40.0556 5160 1394ohci - ok
09:32:41.0192 5160 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:32:41.0197 5160 ACPI - ok
09:32:41.0526 5160 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:32:41.0527 5160 AcpiPmi - ok
09:32:41.0928 5160 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:32:41.0935 5160 adp94xx - ok
09:32:42.0248 5160 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:32:42.0253 5160 adpahci - ok
09:32:42.0574 5160 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:32:42.0577 5160 adpu320 - ok
09:32:42.0969 5160 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:32:42.0974 5160 AFD - ok
09:32:43.0337 5160 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:32:43.0339 5160 agp440 - ok
09:32:43.0723 5160 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:32:43.0725 5160 aic78xx - ok
09:32:44.0654 5160 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:32:44.0655 5160 aliide - ok
09:32:45.0358 5160 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:32:45.0360 5160 amdagp - ok
09:32:45.0961 5160 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:32:45.0963 5160 amdide - ok
09:32:46.0993 5160 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:32:47.0027 5160 AmdK8 - ok
09:32:47.0689 5160 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:32:47.0692 5160 AmdPPM - ok
09:32:48.0250 5160 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:32:48.0254 5160 amdsata - ok
09:32:49.0311 5160 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:32:49.0315 5160 amdsbs - ok
09:32:49.0583 5160 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:32:49.0583 5160 amdxata - ok
09:32:50.0075 5160 androidusb (db0feb51dfa00543bf381d2014550fa3) C:\Windows\system32\Drivers\androidusb.sys
09:32:50.0077 5160 androidusb - ok
09:32:51.0012 5160 AnyDVD (a198fd45dfe819c1f9a7bed90339842f) C:\Windows\system32\Drivers\AnyDVD.sys
09:32:51.0013 5160 AnyDVD - ok
09:32:51.0590 5160 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:32:51.0593 5160 ApfiltrService - ok
09:32:52.0216 5160 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:32:52.0217 5160 AppID - ok
09:32:52.0992 5160 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:32:52.0996 5160 arc - ok
09:32:53.0717 5160 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:32:53.0719 5160 arcsas - ok
09:32:54.0395 5160 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:32:54.0397 5160 AsyncMac - ok
09:32:54.0698 5160 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:32:54.0699 5160 atapi - ok
09:32:55.0231 5160 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:32:55.0260 5160 b06bdrv - ok
09:32:55.0737 5160 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:32:55.0740 5160 b57nd60x - ok
09:32:56.0479 5160 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:32:56.0490 5160 Beep - ok
09:32:57.0137 5160 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:32:57.0138 5160 blbdrive - ok
09:32:57.0677 5160 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:32:57.0679 5160 bowser - ok
09:32:58.0251 5160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:32:58.0253 5160 BrFiltLo - ok
09:32:59.0173 5160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:32:59.0174 5160 BrFiltUp - ok
09:32:59.0855 5160 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:32:59.0857 5160 BridgeMP - ok
09:33:00.0539 5160 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:33:00.0546 5160 Brserid - ok
09:33:01.0390 5160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:33:01.0392 5160 BrSerWdm - ok
09:33:01.0839 5160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:33:01.0840 5160 BrUsbMdm - ok
09:33:02.0155 5160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:33:02.0157 5160 BrUsbSer - ok
09:33:02.0603 5160 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
09:33:02.0604 5160 BthEnum - ok
09:33:02.0931 5160 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:33:02.0933 5160 BTHMODEM - ok
09:33:03.0531 5160 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
09:33:03.0533 5160 BthPan - ok
09:33:03.0857 5160 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
09:33:03.0862 5160 BTHPORT - ok
09:33:04.0180 5160 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
09:33:04.0182 5160 BTHUSB - ok
09:33:04.0359 5160 catchme - ok
09:33:04.0616 5160 CbFs (57fe44bc153f7a1c6883abef1ad3adaa) C:\Windows\system32\drivers\cbfs.sys
09:33:04.0617 5160 Suspicious file (Forged): C:\Windows\system32\drivers\cbfs.sys. Real md5: 57fe44bc153f7a1c6883abef1ad3adaa, Fake md5: a975187f3c8867f8d00a698a5282672b
09:33:04.0618 5160 CbFs ( Rootkit.Win32.ZAccess.aml ) - infected
09:33:04.0618 5160 CbFs - detected Rootkit.Win32.ZAccess.aml (0)
09:33:05.0128 5160 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:33:05.0130 5160 cdfs - ok
09:33:05.0442 5160 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:33:05.0444 5160 cdrom - ok
09:33:05.0735 5160 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:33:05.0738 5160 circlass - ok
09:33:05.0983 5160 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:33:05.0987 5160 CLFS - ok
09:33:06.0207 5160 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:33:06.0209 5160 CmBatt - ok
09:33:06.0380 5160 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:33:06.0381 5160 cmdide - ok
09:33:06.0472 5160 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:33:06.0477 5160 CNG - ok
09:33:06.0661 5160 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:33:06.0661 5160 Compbatt - ok
09:33:06.0725 5160 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:33:06.0726 5160 CompositeBus - ok
09:33:06.0862 5160 connctfy - ok
09:33:07.0001 5160 connctfyMP - ok
09:33:07.0330 5160 cpuz132 (c5e7e8ca0d76a13a568901b6b304c3ba) C:\Users\Justin\AppData\Local\Temp\cpuz132\cpuz132_x32.sys
09:33:07.0332 5160 cpuz132 - ok
09:33:07.0546 5160 cpuz135 - ok
09:33:07.0716 5160 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:33:07.0717 5160 crcdisk - ok
09:33:07.0933 5160 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
09:33:07.0933 5160 dc3d - ok
09:33:08.0160 5160 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:33:08.0161 5160 DfsC - ok
09:33:08.0509 5160 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:33:08.0510 5160 discache - ok
09:33:08.0694 5160 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:33:08.0696 5160 Disk - ok
09:33:08.0913 5160 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
09:33:08.0916 5160 Dot4 - ok
09:33:09.0122 5160 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
09:33:09.0124 5160 Dot4Print - ok
09:33:09.0300 5160 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
09:33:09.0301 5160 dot4usb - ok
09:33:09.0491 5160 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:33:09.0492 5160 drmkaud - ok
09:33:09.0798 5160 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:33:09.0803 5160 DXGKrnl - ok
09:33:10.0196 5160 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:33:10.0328 5160 ebdrv - ok
09:33:10.0555 5160 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
09:33:10.0557 5160 ElbyCDIO - ok
09:33:10.0743 5160 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:33:10.0765 5160 elxstor - ok
09:33:11.0001 5160 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
09:33:11.0005 5160 epmntdrv - ok
09:33:11.0406 5160 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:33:11.0407 5160 ErrDev - ok
09:33:11.0555 5160 esihdrv - ok
09:33:11.0756 5160 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
09:33:11.0759 5160 EuGdiDrv - ok
09:33:11.0978 5160 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:33:11.0981 5160 exfat - ok
09:33:12.0191 5160 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:33:12.0194 5160 fastfat - ok
09:33:12.0469 5160 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:33:12.0470 5160 fdc - ok
09:33:12.0631 5160 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:33:12.0632 5160 FileInfo - ok
09:33:12.0811 5160 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:33:12.0812 5160 Filetrace - ok
09:33:12.0996 5160 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:33:12.0999 5160 flpydisk - ok
09:33:13.0201 5160 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:33:13.0204 5160 FltMgr - ok
09:33:13.0570 5160 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:33:13.0573 5160 FsDepends - ok
09:33:13.0785 5160 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:33:13.0786 5160 Fs_Rec - ok
09:33:13.0975 5160 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\Windows\system32\drivers\ftdibus.sys
09:33:13.0977 5160 FTDIBUS - ok
09:33:14.0243 5160 FTSER2K (596d31583ce332b5514520d74837f434) C:\Windows\system32\drivers\ftser2k.sys
09:33:14.0245 5160 FTSER2K - ok
09:33:14.0433 5160 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:33:14.0437 5160 fvevol - ok
09:33:14.0613 5160 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:33:14.0616 5160 gagp30kx - ok
09:33:14.0851 5160 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
09:33:14.0854 5160 grmnusb - ok
09:33:15.0579 5160 hcmon (1db5002c16f4df11fd062bd4a277aa24) C:\Windows\system32\drivers\hcmon.sys
09:33:15.0581 5160 hcmon - ok
09:33:15.0957 5160 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:33:15.0959 5160 hcw85cir - ok
09:33:16.0296 5160 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:33:16.0298 5160 HDAudBus - ok
09:33:16.0612 5160 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:33:16.0613 5160 HidBatt - ok
09:33:16.0764 5160 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:33:16.0766 5160 HidBth - ok
09:33:16.0817 5160 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:33:16.0819 5160 HidIr - ok
09:33:16.0996 5160 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:33:16.0998 5160 HidUsb - ok
09:33:17.0125 5160 hotcore3 (d308726110a6011514dcdfc6e3fc21f2) C:\Windows\system32\drivers\hotcore3.sys
09:33:17.0126 5160 hotcore3 - ok
09:33:17.0423 5160 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:33:17.0425 5160 HpSAMD - ok
09:33:17.0908 5160 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:33:17.0965 5160 HSF_DPV - ok
09:33:18.0233 5160 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:33:18.0238 5160 HSXHWAZL - ok
09:33:18.0510 5160 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:33:18.0517 5160 HTTP - ok
09:33:18.0816 5160 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:33:18.0817 5160 hwpolicy - ok
09:33:19.0117 5160 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:33:19.0119 5160 i8042prt - ok
09:33:19.0566 5160 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
09:33:19.0567 5160 iaStor - ok
09:33:19.0800 5160 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:33:19.0805 5160 iaStorV - ok
09:33:20.0118 5160 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:33:20.0121 5160 iirsp - ok
09:33:20.0410 5160 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:33:20.0411 5160 intelide - ok
09:33:20.0608 5160 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:33:20.0610 5160 intelppm - ok
09:33:20.0894 5160 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:33:20.0897 5160 IpFilterDriver - ok
09:33:20.0987 5160 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:33:20.0990 5160 IPMIDRV - ok
09:33:21.0052 5160 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:33:21.0056 5160 IPNAT - ok
09:33:21.0092 5160 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:33:21.0095 5160 IRENUM - ok
09:33:21.0167 5160 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:33:21.0169 5160 isapnp - ok
09:33:21.0228 5160 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:33:21.0258 5160 iScsiPrt - ok
09:33:21.0417 5160 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:33:21.0417 5160 kbdclass - ok
09:33:21.0515 5160 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:33:21.0516 5160 kbdhid - ok
09:33:21.0875 5160 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
09:33:21.0876 5160 KSecDD - ok
09:33:22.0055 5160 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
09:33:22.0056 5160 KSecPkg - ok
09:33:22.0219 5160 Lbd - ok
09:33:22.0309 5160 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:33:22.0311 5160 lltdio - ok
09:33:22.0364 5160 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:33:22.0367 5160 LSI_FC - ok
09:33:22.0393 5160 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:33:22.0395 5160 LSI_SAS - ok
09:33:22.0526 5160 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:33:22.0530 5160 LSI_SAS2 - ok
09:33:22.0555 5160 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:33:22.0558 5160 LSI_SCSI - ok
09:33:22.0590 5160 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:33:22.0596 5160 luafv - ok
09:33:22.0670 5160 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:33:22.0672 5160 mdmxsdk - ok
09:33:22.0729 5160 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:33:22.0732 5160 megasas - ok
09:33:22.0778 5160 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:33:22.0783 5160 MegaSR - ok
09:33:23.0026 5160 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:33:23.0027 5160 Modem - ok
09:33:23.0424 5160 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:33:23.0425 5160 monitor - ok
09:33:23.0622 5160 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:33:23.0623 5160 mouclass - ok
09:33:23.0843 5160 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:33:23.0844 5160 mouhid - ok
09:33:24.0052 5160 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:33:24.0053 5160 mountmgr - ok
09:33:24.0304 5160 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
09:33:24.0306 5160 MpFilter - ok
09:33:24.0496 5160 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:33:24.0501 5160 mpio - ok
09:33:24.0696 5160 MpKsl0f3adfcc - ok
09:33:24.0884 5160 MpKsl17c004df - ok
09:33:25.0384 5160 MpKsl224bfea7 - ok
09:33:25.0595 5160 MpKsl3b11097a - ok
09:33:25.0762 5160 MpKsl3dd3d993 - ok
09:33:26.0085 5160 MpKsl4317d116 - ok
09:33:26.0331 5160 MpKsl43682eba - ok
09:33:26.0539 5160 MpKsl4edfc3a3 - ok
09:33:26.0740 5160 MpKsl7cd3cfa2 - ok
09:33:27.0029 5160 MpKsl84b2482f - ok
09:33:27.0429 5160 MpKsl934b9187 - ok
09:33:27.0944 5160 MpKsl9ac36d20 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B71AFFB8-8A96-4F56-9E1C-79BC56C7F801}\MpKsl9ac36d20.sys
09:33:27.0945 5160 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B71AFFB8-8A96-4F56-9E1C-79BC56C7F801}\MpKsl9ac36d20.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582
09:33:27.0945 5160 MpKsl9ac36d20 ( ForgedFile.Multi.Generic ) - warning
09:33:27.0945 5160 MpKsl9ac36d20 - detected ForgedFile.Multi.Generic (1)
09:33:28.0145 5160 MpKsl9d00bdc4 - ok
09:33:28.0407 5160 MpKsla0c38b90 - ok
09:33:28.0730 5160 MpKsla185e644 - ok
09:33:28.0941 5160 MpKsla93ba40e - ok
09:33:29.0096 5160 MpKslbc5193bf - ok
09:33:29.0297 5160 MpKslbe094f66 - ok
09:33:29.0465 5160 MpKslbfbc2dfb - ok
09:33:29.0886 5160 MpKslc17ec0cf - ok
09:33:30.0165 5160 MpKslc87be778 - ok
09:33:30.0431 5160 MpKsldc057236 - ok
09:33:30.0676 5160 MpKslee7d1544 - ok
09:33:31.0056 5160 MpKslf95d740c - ok
09:33:31.0387 5160 MpKslfa069cd4 - ok
09:33:31.0635 5160 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:33:31.0636 5160 MpNWMon - ok
09:33:32.0032 5160 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:33:32.0034 5160 mpsdrv - ok
09:33:32.0389 5160 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:33:32.0391 5160 MRxDAV - ok
09:33:32.0576 5160 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:33:32.0580 5160 mrxsmb - ok
09:33:32.0870 5160 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:33:32.0874 5160 mrxsmb10 - ok
09:33:33.0273 5160 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:33:33.0274 5160 mrxsmb20 - ok
09:33:33.0560 5160 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:33:33.0562 5160 msahci - ok
09:33:33.0738 5160 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:33:33.0740 5160 msdsm - ok
09:33:33.0993 5160 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:33:33.0994 5160 Msfs - ok
09:33:34.0192 5160 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:33:34.0194 5160 mshidkmdf - ok
09:33:34.0421 5160 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:33:34.0422 5160 msisadrv - ok
09:33:34.0794 5160 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:33:34.0795 5160 MSKSSRV - ok
09:33:35.0162 5160 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:33:35.0165 5160 MSPCLOCK - ok
09:33:35.0632 5160 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:33:35.0633 5160 MSPQM - ok
09:33:35.0861 5160 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:33:35.0864 5160 MsRPC - ok
09:33:36.0176 5160 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:33:36.0177 5160 mssmbios - ok
09:33:36.0419 5160 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:33:36.0421 5160 MSTEE - ok
09:33:36.0528 5160 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:33:36.0529 5160 MTConfig - ok
09:33:36.0771 5160 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:33:36.0773 5160 Mup - ok
09:33:36.0868 5160 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:33:36.0873 5160 NativeWifiP - ok
09:33:36.0958 5160 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:33:36.0979 5160 NDIS - ok
09:33:37.0192 5160 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:33:37.0194 5160 NdisCap - ok
09:33:37.0473 5160 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:33:37.0474 5160 NdisTapi - ok
09:33:37.0777 5160 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:33:37.0778 5160 Ndisuio - ok
09:33:38.0101 5160 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:33:38.0104 5160 NdisWan - ok
09:33:38.0547 5160 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:33:38.0548 5160 NDProxy - ok
09:33:38.0845 5160 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:33:38.0846 5160 NetBIOS - ok
09:33:39.0114 5160 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:33:39.0117 5160 NetBT - ok
09:33:39.0724 5160 netw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\netw5v32.sys
09:33:39.0903 5160 netw5v32 - ok
09:33:40.0144 5160 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:33:40.0146 5160 nfrd960 - ok
09:33:40.0267 5160 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:33:40.0271 5160 NisDrv - ok
09:33:40.0576 5160 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
09:33:40.0577 5160 NPF - ok
09:33:40.0647 5160 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:33:40.0648 5160 Npfs - ok
09:33:40.0733 5160 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:33:40.0734 5160 nsiproxy - ok
09:33:40.0847 5160 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:33:40.0884 5160 Ntfs - ok
09:33:41.0127 5160 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:33:41.0129 5160 NuidFltr - ok
09:33:41.0362 5160 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:33:41.0363 5160 Null - ok
09:33:41.0696 5160 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:33:41.0894 5160 nvlddmkm - ok
09:33:42.0111 5160 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:33:42.0114 5160 nvraid - ok
09:33:42.0210 5160 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:33:42.0216 5160 nvstor - ok
09:33:42.0341 5160 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:33:42.0343 5160 nv_agp - ok
09:33:42.0409 5160 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
09:33:42.0416 5160 OEM02Dev - ok
09:33:42.0458 5160 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
09:33:42.0460 5160 OEM02Vfx - ok
09:33:42.0529 5160 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:33:42.0532 5160 ohci1394 - ok
09:33:42.0671 5160 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:33:42.0672 5160 Parport - ok
09:33:42.0766 5160 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:33:42.0767 5160 partmgr - ok
09:33:42.0883 5160 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:33:42.0886 5160 Parvdm - ok
09:33:43.0093 5160 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:33:43.0097 5160 pci - ok
09:33:43.0167 5160 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:33:43.0168 5160 pciide - ok
09:33:43.0253 5160 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:33:43.0259 5160 pcmcia - ok
09:33:43.0490 5160 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:33:43.0492 5160 pcw - ok
09:33:43.0755 5160 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:33:43.0780 5160 PEAUTH - ok
09:33:44.0135 5160 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
09:33:44.0137 5160 Point32 - ok
09:33:44.0384 5160 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:33:44.0388 5160 PptpMiniport - ok
09:33:44.0597 5160 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:33:44.0601 5160 Processor - ok
09:33:44.0745 5160 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:33:44.0750 5160 Psched - ok
09:33:44.0920 5160 pwdrvio (81ac2b3fa0e3b4d7fa03d7463abe2094) C:\Windows\system32\pwdrvio.sys
09:33:44.0925 5160 pwdrvio - ok
09:33:45.0032 5160 pwdspio (2d88214f6b54567eab0a6c42915aa600) C:\Windows\system32\pwdspio.sys
09:33:45.0040 5160 pwdspio - ok
09:33:45.0140 5160 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
09:33:45.0142 5160 PxHelp20 - ok
09:33:45.0245 5160 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:33:45.0311 5160 ql2300 - ok
09:33:45.0490 5160 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:33:45.0494 5160 ql40xx - ok
09:33:45.0562 5160 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:33:45.0570 5160 QWAVEdrv - ok
09:33:45.0636 5160 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:33:45.0638 5160 RasAcd - ok
09:33:45.0705 5160 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:33:45.0707 5160 RasAgileVpn - ok
09:33:45.0827 5160 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:33:45.0829 5160 Rasl2tp - ok
09:33:46.0045 5160 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:33:46.0049 5160 RasPppoe - ok
09:33:46.0209 5160 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:33:46.0210 5160 RasSstp - ok
09:33:46.0304 5160 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:33:46.0307 5160 rdbss - ok
09:33:46.0428 5160 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:33:46.0431 5160 rdpbus - ok
09:33:46.0517 5160 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:33:46.0518 5160 RDPCDD - ok
09:33:46.0621 5160 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:33:46.0622 5160 RDPENCDD - ok
09:33:46.0740 5160 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:33:46.0742 5160 RDPREFMP - ok
09:33:46.0979 5160 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
09:33:46.0982 5160 RDPWD - ok
09:33:47.0208 5160 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:33:47.0211 5160 rdyboost - ok
09:33:47.0457 5160 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
09:33:47.0459 5160 RFCOMM - ok
09:33:47.0671 5160 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:33:47.0674 5160 rimmptsk - ok
09:33:47.0764 5160 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:33:47.0765 5160 rimsptsk - ok
09:33:47.0889 5160 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:33:47.0890 5160 rismxdp - ok
09:33:48.0021 5160 RMCAST (906dcfc5ebf4ec0433f8d4fffb0ba334) C:\Windows\system32\DRIVERS\RMCAST.sys
09:33:48.0025 5160 RMCAST - ok
09:33:48.0314 5160 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
09:33:48.0322 5160 RsFx0103 - ok
09:33:48.0577 5160 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:33:48.0580 5160 rspndr - ok
09:33:48.0860 5160 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:33:48.0863 5160 sbp2port - ok
09:33:49.0033 5160 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:33:49.0036 5160 scfilter - ok
09:33:49.0341 5160 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
09:33:49.0344 5160 sdbus - ok
09:33:49.0688 5160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:33:49.0690 5160 secdrv - ok
09:33:49.0950 5160 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:33:49.0953 5160 Serenum - ok
09:33:50.0019 5160 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:33:50.0022 5160 Serial - ok
09:33:50.0083 5160 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:33:50.0087 5160 sermouse - ok
09:33:50.0194 5160 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:33:50.0198 5160 sffdisk - ok
09:33:50.0269 5160 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:33:50.0271 5160 sffp_mmc - ok
09:33:50.0336 5160 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:33:50.0340 5160 sffp_sd - ok
09:33:50.0536 5160 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:33:50.0538 5160 sfloppy - ok
09:33:50.0763 5160 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:33:50.0765 5160 sisagp - ok
09:33:50.0846 5160 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:33:50.0847 5160 SiSRaid2 - ok
09:33:50.0932 5160 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:33:50.0934 5160 SiSRaid4 - ok
09:33:50.0963 5160 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:33:50.0965 5160 Smb - ok
09:33:51.0037 5160 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\Windows\system32\DRIVERS\snapman.sys
09:33:51.0039 5160 snapman - ok
09:33:51.0106 5160 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:33:51.0107 5160 spldr - ok
09:33:51.0240 5160 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:33:51.0244 5160 srv - ok
09:33:51.0323 5160 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:33:51.0327 5160 srv2 - ok
09:33:51.0394 5160 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:33:51.0396 5160 srvnet - ok
09:33:51.0479 5160 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
09:33:51.0481 5160 sscdbus - ok
09:33:51.0553 5160 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
09:33:51.0554 5160 sscdmdfl - ok
09:33:51.0729 5160 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
09:33:51.0733 5160 sscdmdm - ok
09:33:51.0997 5160 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
09:33:52.0000 5160 sscdserd - ok
09:33:52.0245 5160 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:33:52.0247 5160 stexstor - ok
09:33:52.0336 5160 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
09:33:52.0340 5160 STHDA - ok
09:33:52.0430 5160 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
09:33:52.0431 5160 StillCam - ok
09:33:52.0485 5160 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:33:52.0486 5160 swenum - ok
09:33:52.0572 5160 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\Windows\system32\DRIVERS\tap0801.sys
09:33:52.0574 5160 tap0801 - ok
09:33:52.0676 5160 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
09:33:52.0710 5160 Tcpip - ok
09:33:52.0765 5160 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
09:33:52.0774 5160 TCPIP6 - ok
09:33:52.0839 5160 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:33:52.0840 5160 tcpipreg - ok
09:33:52.0912 5160 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:33:52.0914 5160 TDPIPE - ok
09:33:52.0985 5160 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\Windows\system32\DRIVERS\tdrpman.sys
09:33:52.0990 5160 tdrpman - ok
09:33:53.0020 5160 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
09:33:53.0021 5160 TDTCP - ok
09:33:53.0080 5160 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:33:53.0082 5160 tdx - ok
09:33:53.0148 5160 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:33:53.0149 5160 TermDD - ok
09:33:53.0216 5160 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
09:33:53.0217 5160 tifsfilter - ok
09:33:53.0297 5160 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
09:33:53.0302 5160 timounter - ok
09:33:53.0369 5160 tmpreflt (2c3405f2b6e69bfc1c93e212111f7363) C:\Windows\system32\DRIVERS\tmpreflt.sys
09:33:53.0371 5160 tmpreflt - ok
09:33:53.0449 5160 tmtdi (a47253f1ed6894aec980430f12b90266) C:\Windows\system32\DRIVERS\tmtdi.sys
09:33:53.0450 5160 tmtdi - ok
09:33:53.0482 5160 tmxpflt (d240dfb9dc1d6a9bdeae57352c16da78) C:\Windows\system32\drivers\TmXPFlt.sys
09:33:53.0483 5160 tmxpflt - ok
09:33:53.0584 5160 truecrypt (1592a0c126cf28b6d22d16ffe15a8a0d) C:\Windows\system32\drivers\truecrypt.sys
09:33:53.0586 5160 truecrypt - ok
09:33:53.0673 5160 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:33:53.0676 5160 tssecsrv - ok
09:33:53.0967 5160 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:33:53.0969 5160 TsUsbFlt - ok
09:33:54.0090 5160 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:33:54.0094 5160 tunnel - ok
09:33:54.0219 5160 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:33:54.0221 5160 uagp35 - ok
09:33:54.0296 5160 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:33:54.0303 5160 udfs - ok
09:33:54.0419 5160 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:33:54.0423 5160 uliagpkx - ok
09:33:54.0512 5160 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:33:54.0515 5160 umbus - ok
09:33:54.0601 5160 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:33:54.0605 5160 UmPass - ok
09:33:54.0701 5160 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:33:54.0704 5160 usbccgp - ok
09:33:54.0786 5160 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:33:54.0789 5160 usbcir - ok
09:33:54.0863 5160 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
09:33:54.0865 5160 usbehci - ok
09:33:54.0928 5160 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:33:54.0932 5160 usbhub - ok
09:33:55.0001 5160 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
09:33:55.0004 5160 usbohci - ok
09:33:55.0114 5160 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:33:55.0117 5160 usbprint - ok
09:33:55.0257 5160 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:33:55.0260 5160 usbscan - ok
09:33:55.0419 5160 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:33:55.0424 5160 USBSTOR - ok
09:33:55.0533 5160 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:33:55.0535 5160 usbuhci - ok
09:33:55.0604 5160 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
09:33:55.0606 5160 usb_rndisx - ok
09:33:55.0751 5160 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
09:33:55.0754 5160 VClone - ok
09:33:55.0840 5160 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:33:55.0848 5160 vdrvroot - ok
09:33:55.0949 5160 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:33:55.0951 5160 vga - ok
09:33:56.0010 5160 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:33:56.0012 5160 VgaSave - ok
09:33:56.0102 5160 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:33:56.0108 5160 vhdmp - ok
09:33:56.0192 5160 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:33:56.0194 5160 viaagp - ok
09:33:56.0264 5160 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:33:56.0268 5160 ViaC7 - ok
09:33:56.0420 5160 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:33:56.0422 5160 viaide - ok
09:33:56.0678 5160 vmci (33c6f2e02662a7900cac6ab2607e9f88) C:\Windows\system32\Drivers\vmci.sys
09:33:56.0680 5160 vmci - ok
09:33:56.0768 5160 vmkbd (852d9499d01d75b024d497a306dbb76d) C:\Windows\system32\drivers\VMkbd.sys
09:33:56.0770 5160 vmkbd - ok
09:33:56.0878 5160 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
09:33:56.0881 5160 VMnetAdapter - ok
09:33:56.0938 5160 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
09:33:56.0939 5160 VMnetBridge - ok
09:33:57.0025 5160 VMnetuserif (c3837c0c499aa62f2a2ac8dbf5015817) C:\Windows\system32\drivers\vmnetuserif.sys
09:33:57.0026 5160 VMnetuserif - ok
09:33:57.0142 5160 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\Windows\system32\Drivers\vmusb.sys
09:33:57.0147 5160 vmusb - ok
09:33:57.0327 5160 vmx86 (4e53d280de6d5d523e39fbbddff0e819) C:\Windows\system32\Drivers\vmx86.sys
09:33:57.0340 5160 vmx86 - ok
09:33:57.0414 5160 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:33:57.0416 5160 volmgr - ok
09:33:57.0507 5160 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:33:57.0514 5160 volmgrx - ok
09:33:57.0603 5160 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:33:57.0610 5160 volsnap - ok
09:33:57.0688 5160 vsapint (21cb7a2c11b741254be16bb59ec4ca1f) C:\Windows\system32\DRIVERS\vsapint.sys
09:33:57.0694 5160 vsapint - ok
09:33:57.0746 5160 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:33:57.0749 5160 vsmraid - ok
09:33:58.0095 5160 vstor2-ws60 (476a052b3ce506ed63a94018f3e979d5) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
09:33:58.0099 5160 vstor2-ws60 - ok
09:33:58.0264 5160 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:33:58.0267 5160 vwifibus - ok
09:33:58.0351 5160 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:33:58.0354 5160 WacomPen - ok
09:33:58.0543 5160 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:58.0545 5160 WANARP - ok
09:33:58.0556 5160 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:33:58.0557 5160 Wanarpv6 - ok
09:33:58.0726 5160 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:33:58.0730 5160 Wd - ok
09:33:58.0798 5160 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:33:58.0804 5160 Wdf01000 - ok
09:33:58.0908 5160 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:33:58.0909 5160 WfpLwf - ok
09:33:58.0956 5160 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:33:58.0957 5160 WIMMount - ok
09:33:59.0057 5160 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:33:59.0074 5160 winachsf - ok
09:33:59.0446 5160 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:33:59.0450 5160 WinUsb - ok
09:33:59.0593 5160 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:33:59.0594 5160 WmiAcpi - ok
09:33:59.0677 5160 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:33:59.0678 5160 ws2ifsl - ok
09:33:59.0790 5160 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:33:59.0794 5160 WudfPf - ok
09:33:59.0857 5160 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:33:59.0861 5160 WUDFRd - ok
09:33:59.0931 5160 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
09:33:59.0932 5160 XAudio - ok
09:34:00.0181 5160 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:34:00.0198 5160 \Device\Harddisk0\DR0 - ok
09:34:00.0273 5160 Boot (0x1200) (9ff4d97faa005f186d9f9411cbf74e02) \Device\Harddisk0\DR0\Partition0
09:34:00.0275 5160 \Device\Harddisk0\DR0\Partition0 - ok
09:34:00.0282 5160 Boot (0x1200) (9b373fae03eeb37ee32914ebc98d5c25) \Device\Harddisk0\DR0\Partition1
09:34:00.0283 5160 \Device\Harddisk0\DR0\Partition1 - ok
09:34:00.0286 5160 ============================================================
09:34:00.0286 5160 Scan finished
09:34:00.0286 5160 ============================================================
09:34:00.0307 5636 Detected object count: 2
09:34:00.0307 5636 Actual detected object count: 2
09:34:23.0202 5636 Backup copy found, using it..
09:34:23.0211 5636 C:\Windows\system32\drivers\cbfs.sys - will be cured on reboot
09:34:25.0611 5636 CbFs ( Rootkit.Win32.ZAccess.aml ) - User select action: Cure
09:34:25.0612 5636 MpKsl9ac36d20 ( ForgedFile.Multi.Generic ) - skipped by user
09:34:25.0612 5636 MpKsl9ac36d20 ( ForgedFile.Multi.Generic ) - User select action: Skip
09:34:28.0854 1836 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 10 January 2012 - 01:12 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Justin B.

Justin B.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 10 January 2012 - 02:29 PM

Ok when I was reading your last reply, the computer started playing some internet radio or something. I heard some talk about a car engine or something but I couldn't understand what it was. Anyways I rebooted into safemode and ran combofix and it hung at the same place again. I rebooted to get networking support as I had chosen safemode without networking, tried to reply to you and somehow my browser kept closing. I didn't try firefox or IE.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 10 January 2012 - 06:31 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Justin B.

Justin B.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 10 January 2012 - 07:40 PM

Ok here is the log file from aswMBR


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-10 16:36:25
-----------------------------
16:36:25.243 OS Version: Windows 6.1.7601 Service Pack 1
16:36:25.243 Number of processors: 2 586 0xF0B
16:36:25.245 ComputerName: DIABLO UserName: Justin
16:36:51.123 Initialize success
16:37:00.862 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:37:00.870 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
16:37:00.940 Disk 0 MBR read successfully
16:37:00.946 Disk 0 MBR scan
16:37:00.953 Disk 0 Windows 7 default MBR code
16:37:00.961 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
16:37:00.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20481 MB offset 160650
16:37:00.998 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 279458 MB offset 42106365
16:37:01.003 Disk 0 Partition - 00 0F Extended LBA 5226 MB offset 614438055
16:37:01.061 Disk 0 Partition - 00 05 Extended 2559 MB offset 614438117
16:37:01.067 Disk 0 Partition 4 00 1B Hidd FAT32 MSDOS5.0 2559 MB offset 614438118
16:37:01.090 Disk 0 scanning sectors +625142448
16:37:01.543 Disk 0 scanning C:\Windows\system32\drivers
16:37:26.074 Service scanning
16:37:31.245 Modules scanning
16:38:33.481 Disk 0 trace - called modules:
16:38:33.521 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:38:33.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8743e030]
16:38:33.533 3 CLASSPNP.SYS[8cbd759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86694030]
16:38:33.539 Scan finished successfully
16:38:42.602 Disk 0 MBR has been saved successfully to "C:\Users\Justin\Desktop\MBR.dat"
16:38:42.750 The log file has been saved successfully to "C:\Users\Justin\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 10 January 2012 - 07:46 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Justin B.

Justin B.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 10 January 2012 - 09:59 PM

Here is the OLT log:


OTL logfile created on: 1/10/2012 6:51:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Justin\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 45.08% Memory free
7.00 Gb Paging File | 4.58 Gb Available in Paging File | 65.41% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 272.91 Gb Total Space | 46.06 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 15.55 Gb Free Space | 77.73% Space Free | Partition Type: NTFS

Computer Name: DIABLO | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\config\systemprofile\AppData\Local\cmg.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files\Aerofoil\Aerofoil.exe ()
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Windows\System32\msdt.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\EPC\Toolbar\EPSIBar.exe (Tamara)
PRC - C:\Windows\System32\GRVSA.exe (GenRad Limited)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Aerofoil\Aerofoil.exe ()
MOD - C:\Windows\System32\APOMngr.dll ()
MOD - C:\Windows\System32\CmdRtr.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (stllssvr) -- File not found
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- File not found
SRV - (Bonjour Service) -- File not found
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe (Apache Software Foundation)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (DroidExplorerService) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe (Ryan Conrad)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (CbFs) -- C:\Windows\System32\drivers\cbfs.sys (EldoS Corporation)
DRV - (MpKsl9ac36d20) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B71AFFB8-8A96-4F56-9E1C-79BC56C7F801}\MpKsl9ac36d20.sys ()
DRV - (cpuz132) -- C:\Users\Justin\AppData\Local\Temp\cpuz132\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.skip-search.com/?cfg=2-82-0-n14K

IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Justin\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Justin\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Justin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 20:07:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/18 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/09 01:06:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 17:02:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/19 12:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/11/05 12:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/05 12:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/11/05 12:48:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Justin\AppData\Roaming\Move Networks [2010/01/21 18:22:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/18 14:20:51 | 000,000,000 | ---D | M]

[2009/12/10 09:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2009/12/10 09:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/06/20 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/01/18 13:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/01/06 07:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\lr3j76yx.default\extensions
[2012/01/04 20:34:50 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\lr3j76yx.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/10/26 19:50:29 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\lr3j76yx.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/12 08:15:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\lr3j76yx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/06 20:24:02 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\lr3j76yx.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/03/19 09:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Sunbird\Profiles\b9xgib37.default\extensions
[2010/01/06 16:15:38 | 000,000,000 | ---D | M] (Provider for Google Calendar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Sunbird\Profiles\b9xgib37.default\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
[2012/01/07 20:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 17:02:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/23 18:58:08 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/02/23 18:58:08 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/09/01 20:26:51 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 18:37:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 17:05:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\16.0.912.75\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Justin\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Justin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Justin\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Justin\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Proxy Switchy! = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: Poppit = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2009/04/15 14:29:09 | 000,305,236 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10511 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000..\Run: [Livedrive] "C:\Program Files\Livedrive\Livedrive.exe" File not found
O4 - Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16DD62EF-8C84-439C-8184-20812BCA7FDD}: DhcpNameServer = 192.168.77.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17B42FC3-E177-490D-B39B-9A40278E6B66}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB12650-3475-4F43-8262-49635B2FF679}: DhcpNameServer = 192.168.15.1 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB12650-3475-4F43-8262-49635B2FF679}: NameServer = 208.67.222.222,208.67.222.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54A199A-B16B-420A-B7E1-B48650030309}: NameServer = 208.67.222.222,208.67.222.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C346C692-8AE3-4069-8522-37F9F4B640A8}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C766B7A0-39E9-4B87-9C8F-E67ECC1C7D00}: DhcpNameServer = 192.168.77.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/20 13:04:41 | 000,000,000 | ---D | M] - C:\AUTOTECH -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = 2Ma] -- "C:\Windows\system32\config\systemprofile\AppData\Local\cmg.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKU\.DEFAULT\...exe [@ = 2Ma] -- "C:\Windows\system32\config\systemprofile\AppData\Local\cmg.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKU\S-1-5-18\...exe [@ = 2Ma] -- "C:\Windows\system32\config\systemprofile\AppData\Local\cmg.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 18:48:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/01/10 16:35:41 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/01/10 10:22:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/10 09:43:13 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Settings
[2012/01/10 09:31:53 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2012/01/10 09:30:07 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\CrashDumps
[2012/01/09 21:58:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/09 21:58:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/09 21:58:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/09 21:58:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/09 21:57:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 07:05:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\dds.scr
[2012/01/07 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Justin\Documents\CDRWIN 8
[2012/01/07 07:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/01/04 07:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/12/25 00:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/12/24 23:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Npackd
[2011/12/24 01:41:30 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/12/16 15:55:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/15 03:04:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:04:03 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:04:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:04:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:04:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:03:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 18:02:17 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 18:02:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 18:01:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 18:01:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 18:01:22 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 18:01:21 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 17:56:08 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Soluto
[2011/12/13 08:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[328 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[328 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 18:52:58 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/01/10 18:49:50 | 000,129,446 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/10 18:49:47 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 18:49:47 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 18:49:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012/01/10 18:45:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/10 18:44:33 | 000,010,042 | -HS- | M] () -- C:\ProgramData\gle3rn0yq21234m0i646t1
[2012/01/10 18:41:49 | 000,129,446 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/10 18:41:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/10 18:41:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/10 18:41:32 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 16:38:42 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/01/10 16:36:01 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/01/10 09:35:10 | 000,146,904 | ---- | M] (EldoS Corporation) -- C:\Windows\System32\drivers\cbfs.sys
[2012/01/10 09:31:58 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2012/01/10 07:14:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104208033-1838766708-3798221974-1000UA.job
[2012/01/10 07:05:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/10 06:58:11 | 000,020,552 | ---- | M] () -- C:\Windows\System32\.rsp
[2012/01/10 06:58:11 | 000,006,516 | ---- | M] () -- C:\Windows\System32\.lck
[2012/01/10 06:58:10 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/10 06:09:22 | 558,331,519 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/09 20:48:49 | 000,000,000 | ---- | M] () -- C:\Users\Justin\defogger_reenable
[2012/01/09 08:14:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104208033-1838766708-3798221974-1000Core.job
[2012/01/09 07:13:45 | 000,302,592 | ---- | M] () -- C:\Users\Justin\Desktop\cjwr0igv.exe
[2012/01/09 07:05:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\dds.scr
[2012/01/08 21:31:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/08 21:02:13 | 000,001,022 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/08 20:57:57 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012/01/08 06:54:38 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/08 02:14:24 | 000,733,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/08 02:14:24 | 000,148,920 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/07 17:04:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/07 17:03:03 | 000,001,851 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/07 09:42:49 | 000,748,516 | ---- | M] () -- C:\Users\Justin\Desktop\reaver-1.3.tar.gz
[2012/01/07 07:41:39 | 000,000,307 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/07 07:40:07 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/01/05 12:20:00 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/05 12:20:00 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/04 07:14:21 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011/12/26 02:15:51 | 000,428,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/25 04:56:13 | 000,005,286 | ---- | M] () -- C:\Users\Justin\Desktop\National Electrical Code 2008 Edition - Shortcut.lnk
[2011/12/25 04:31:46 | 000,099,193 | ---- | M] () -- C:\Users\Justin\Desktop\electrical_symbol.pdf
[2011/12/25 03:02:49 | 012,406,784 | ---- | M] () -- C:\Users\Justin\Desktop\Ad-Aware96Install.msi
[2011/12/25 00:39:23 | 000,313,454 | ---- | M] () -- C:\Users\Justin\Desktop\times_temps-web.jpg
[2011/12/25 00:39:01 | 000,148,205 | ---- | M] () -- C:\Users\Justin\Desktop\JLD612Manual.pdf
[2011/12/21 21:16:26 | 008,865,811 | ---- | M] () -- C:\Users\Justin\Desktop\03 - Old Fashioned Morphine.mp3
[2011/12/21 04:02:30 | 000,515,200 | ---- | M] () -- C:\Users\Justin\Desktop\ElecPermit-Residential.pdf
[2011/12/18 20:29:23 | 000,167,485 | ---- | M] () -- C:\Users\Justin\Desktop\Thickness ruler_v4_0.4i_2.pdf
[2011/12/12 06:49:28 | 002,336,464 | ---- | M] () -- C:\Users\Justin\Desktop\NPS_RP_Manual_v2.pdf
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[328 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[328 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 16:38:42 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/01/10 09:42:44 | 000,010,042 | -HS- | C] () -- C:\ProgramData\gle3rn0yq21234m0i646t1
[2012/01/09 21:58:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/09 21:58:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/09 21:58:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/09 21:58:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/09 21:58:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/09 20:48:49 | 000,000,000 | ---- | C] () -- C:\Users\Justin\defogger_reenable
[2012/01/09 07:13:28 | 000,302,592 | ---- | C] () -- C:\Users\Justin\Desktop\cjwr0igv.exe
[2012/01/08 21:02:13 | 000,001,022 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/07 09:42:45 | 000,748,516 | ---- | C] () -- C:\Users\Justin\Desktop\reaver-1.3.tar.gz
[2012/01/07 07:40:17 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/07 07:40:07 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/01/04 07:14:21 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011/12/25 04:56:13 | 000,005,286 | ---- | C] () -- C:\Users\Justin\Desktop\National Electrical Code 2008 Edition - Shortcut.lnk
[2011/12/25 04:31:42 | 000,099,193 | ---- | C] () -- C:\Users\Justin\Desktop\electrical_symbol.pdf
[2011/12/25 03:02:22 | 012,406,784 | ---- | C] () -- C:\Users\Justin\Desktop\Ad-Aware96Install.msi
[2011/12/25 00:39:22 | 000,313,454 | ---- | C] () -- C:\Users\Justin\Desktop\times_temps-web.jpg
[2011/12/25 00:38:57 | 000,148,205 | ---- | C] () -- C:\Users\Justin\Desktop\JLD612Manual.pdf
[2011/12/24 20:10:17 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011/12/21 21:13:56 | 008,865,811 | ---- | C] () -- C:\Users\Justin\Desktop\03 - Old Fashioned Morphine.mp3
[2011/12/21 04:02:30 | 000,515,200 | ---- | C] () -- C:\Users\Justin\Desktop\ElecPermit-Residential.pdf
[2011/12/18 20:29:14 | 000,167,485 | ---- | C] () -- C:\Users\Justin\Desktop\Thickness ruler_v4_0.4i_2.pdf
[2011/12/16 15:56:01 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/16 15:56:00 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/13 12:22:23 | 000,020,552 | ---- | C] () -- C:\Windows\System32\.rsp
[2011/12/13 12:22:23 | 000,006,516 | ---- | C] () -- C:\Windows\System32\.lck
[2011/12/13 08:54:35 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/12 06:49:28 | 002,336,464 | ---- | C] () -- C:\Users\Justin\Desktop\NPS_RP_Manual_v2.pdf
[2011/10/29 19:49:05 | 000,007,602 | ---- | C] () -- C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
[2011/08/18 13:31:08 | 000,910,920 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/08/18 13:31:08 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/08/18 13:30:36 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/08/17 14:41:18 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/08/17 14:41:17 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/08/17 14:41:17 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/08/17 14:41:17 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/08/17 14:41:17 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/08/17 06:18:37 | 000,000,079 | ---- | C] () -- C:\Users\Justin\AppData\Local\CrystalDiskMark30.ini
[2011/07/31 22:41:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/07/31 22:41:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/07/23 12:50:03 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
[2011/06/10 03:18:50 | 000,050,318 | ---- | C] () -- C:\Windows\System32\.exe
[2011/06/02 06:56:24 | 002,616,320 | ---- | C] () -- C:\Windows\expl.dat
[2011/06/02 06:56:24 | 000,286,720 | ---- | C] () -- C:\Windows\System32\winl.dat
[2011/06/02 06:56:24 | 000,020,992 | ---- | C] () -- C:\Windows\System32\svch.dat
[2011/03/27 16:42:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/27 16:42:23 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/27 16:42:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/27 16:42:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/21 04:00:32 | 000,134,078 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2010/11/18 14:16:33 | 000,220,547 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/11/18 14:16:33 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/14 11:46:35 | 000,138,056 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\PnkBstrK.sys
[2010/10/26 23:48:49 | 000,000,701 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\init.dll
[2010/10/26 23:48:49 | 000,000,006 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\SYSTEM32.dll
[2010/10/26 23:48:39 | 000,000,701 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\sound.dll
[2010/10/26 23:47:42 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/10/26 23:47:29 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/13 23:06:28 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/05 17:50:39 | 000,001,188 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/04 14:05:25 | 000,000,028 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/10 09:43:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\W32mkrc.dll
[2010/03/10 09:43:51 | 000,038,400 | ---- | C] () -- C:\Windows\System32\OC25JPN.DLL
[2010/03/10 09:43:51 | 000,014,256 | ---- | C] () -- C:\Windows\System32\VAJP2.DLL
[2010/03/10 09:43:50 | 000,000,491 | ---- | C] () -- C:\Windows\NSFASTW.INI
[2010/02/28 22:42:16 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2009/12/29 17:11:05 | 000,119,808 | ---- | C] () -- C:\Windows\System32\ICOMP.EXE
[2009/12/18 15:21:10 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/11/27 14:12:43 | 000,105,472 | ---- | C] () -- C:\Windows\PreConvert.dll
[2009/11/12 14:23:36 | 000,221,124 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2009/11/12 14:23:36 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2009/11/02 00:48:10 | 000,008,192 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/22 22:25:57 | 000,129,446 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/22 22:25:51 | 000,129,446 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/22 22:09:14 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/08/19 16:03:32 | 000,000,702 | ---- | C] () -- C:\Windows\NewsRover.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,428,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,733,568 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,148,920 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/06/16 07:03:55 | 000,006,769 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\PrimoPDFSet.xml
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/03 23:32:41 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2009/06/03 23:32:40 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2009/06/03 23:32:40 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/23 21:18:47 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/11 08:54:21 | 000,000,000 | ---- | C] () -- C:\Windows\mozver.dat
[2009/05/07 19:22:59 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2009/02/18 02:33:04 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/02/11 15:22:52 | 000,026,340 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\UserTile.png
[2009/01/09 23:32:12 | 000,000,142 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2008/11/20 13:04:42 | 000,000,035 | ---- | C] () -- C:\Windows\atechloc.ini
[2008/11/20 13:04:33 | 000,000,083 | ---- | C] () -- C:\Windows\atech.ini
[2008/09/11 03:46:10 | 000,000,027 | ---- | C] () -- C:\Windows\MP32SWF.INI
[2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2008/04/20 23:49:30 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/20 22:51:15 | 000,127,150 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\nvModes.001
[2008/04/20 22:23:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/04/20 22:08:43 | 000,127,150 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\nvModes.dat
[2008/02/06 15:17:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/06 07:39:10 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/06 07:35:40 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/02/06 07:35:39 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/02/06 07:35:39 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/02/06 07:24:29 | 000,001,199 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/03 15:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:D6CEB739CBF5A7AE
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DCE70D73
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A2C6D38F

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 10 January 2012 - 10:23 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000..\Run: [Livedrive] "C:\Program Files\Livedrive\Livedrive.exe" File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O37 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-21-1104208033-1838766708-3798221974-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
    @Alternate Data Stream - 24 bytes -> C:\Windows:D6CEB739CBF5A7AE
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DCE70D73
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A2C6D38F
    [2011/06/10 03:18:50 | 000,050,318 | ---- | C] () -- C:\Windows\System32\.exe
    [2012/01/10 18:44:33 | 000,010,042 | -HS- | M] () -- C:\ProgramData\gle3rn0yq21234m0i646t1
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Justin B.

Justin B.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 10 January 2012 - 11:32 PM

Well I ran that fix, OLT did it's thing took about 30 minutes then prompted for a reboot which i said yes to. Then after the reboot I got a logfile which i was going to post up here however in testing the system I started hearing internet radio or something and chrome crashed. Then several write delayed errors popped up. I forget what program but something was trying to say I had problems with my Hard drive, gpu, memory etc. It rebooted and now I cannot launch any programs.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 11 January 2012 - 12:10 AM

try and run combofix once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Justin B.

Justin B.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 11 January 2012 - 12:45 AM

Well my entire desktop is missing as well as everything in the start menu. I was able to get a command prompt and navigate my way to my download folder and run combofix (I was in safemode) but it got stuck where it did before. Everything seams to be missing however I can find most of my data in dos. Any chance if I backup just my data now I will copy over a virus? It's going to be a little more difficult in dos... :-/ I sure hope I can save most of my data.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users