Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dfsc.sys infected with Zaccess.e. Please help.


  • This topic is locked This topic is locked
24 replies to this topic

#1 vinralfakyn

vinralfakyn

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 10 January 2012 - 02:06 AM

I have been cleaning my system after it was infected with a lot of TDSS and Trojan viruses. After running TDSSKiller and RKill, i installed MalwareBytes in trial version and Kaspersky Antivirus. After running Kaspersky in full scan, it detected many Trojan viruses, in which one in particular, has not been cured. Here is the DDS log.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by user1 at 14:20:58 on 2012-01-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.63.1033.18.1014.162 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{3B80F11C-DEF4-47FF-ABFB-A81BB5950F14} : NameServer = 8.8.8.8,192.168.254.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-11-1 21504]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-1 21504]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-1 89376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-9 652872]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-9-17 50704]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-9 20464]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user1\downloads\realtemp_360\WinRing0.sys [2011-6-23 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-10 03:08:43 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ffc0a535-02b3-4623-b965-4ae53996fe1d}\offreg.dll
2012-01-09 09:07:48 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-01-09 09:07:47 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-01-09 09:03:54 -------- d-----w- c:\program files\Kaspersky Lab
2012-01-09 09:03:53 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-09 08:14:10 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-09 05:52:28 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-01-09 05:52:28 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2012-01-09 05:52:27 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2012-01-09 05:52:27 163840 ----a-w- c:\windows\system32\SynCOM.dll
2012-01-09 05:52:24 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-01-09 05:52:23 196400 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-01-08 17:43:51 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ffc0a535-02b3-4623-b965-4ae53996fe1d}\mpengine.dll
2011-12-31 19:14:58 -------- d-----w- c:\users\user1\appdata\roaming\Malwarebytes
2011-12-31 19:14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 19:14:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-01-09 08:54:20 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-09 07:48:10 35840 ----a-w- c:\windows\system32\drivers\netbios.sys
2012-01-09 07:12:20 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-09 07:09:02 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2012-01-09 07:04:52 75264 ------w- c:\windows\system32\drivers\dfsc.sys
2011-11-25 14:20:47 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-15 06:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-03-30 04:22:43 61440 ----a-w- c:\program files\RGSGrowBounds.aex
.
============= FINISH: 14:22:03.46 ===============


I ran GMER but the system got a BSOD and has the following dump details:

==================================================
Dump File : Mini011012-02.dmp
Crash Time : 1/10/2012 2:29:54 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xd7c00008
Parameter 2 : 0x00000000
Parameter 3 : 0xb2dae3cb
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : kwdirpog.sys+43cb
Stack Address 3 : kwdirpog.sys+2096
Computer Name :
Full Path : C:\Windows\Minidump\Mini011012-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,416
==================================================

As for Kaspersky, it detected a Rootkit.Win32.ZAccess.e trojan in C:\Windows\System32\drivers\dfsc.sys, but could not disinfect it.
I have been thinking of deleting, but i know deleting system files can crash the system.

Please help.. Thank You..

ps: i replaced my computer name for anonymity..

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 11 January 2012 - 12:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 14 January 2012 - 02:59 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 vinralfakyn

vinralfakyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 16 January 2012 - 12:23 AM

i have trouble running combofix.exe.. maybe i need more RAM as i have closed other programs.. the computer displayed that the program has stopped working.. can i run this on safe mode to free up some RAM?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 16 January 2012 - 12:31 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 vinralfakyn

vinralfakyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 17 January 2012 - 06:58 AM

thank you for following me up.. one of the greatest problems of my laptop is that i cant use the 0 key.. now, it also had the f8 key disabled.. and i cant fix it [any suggestions?].. but i rebooted it using emergency shutdown.. after it shut down [it displayed that the windows had not been able to start since i executed emergency shutdown at boot up due to the failure of f8 key], i selected safe mode option.. i logged on administrator, but the following problems have been found:

1. the combofix at startup of its execution said at console that access denied because lack of administrator rights [which confused me because i logged on as administrator]

2. then it also indicated that the combofix.exe detected active virus scanner, kaspersky, which could not boot up in safe mode because basic drivers are run in safe mode.

3. the computer suddenly turns off at somewhere in the middle of the scan.. there was no blue screen.. just black and no power.. im sure that the power source is not the problem nor the system temperature..

4. i ran it again using emergency shutdown to enable safe mode selection.. this time i selected safe mode with command prompt, hoping tat cmd.exe and console would be in administrator.. after detecting active virus scanners again and lack of admistrator rights [btw, it has no explorer.exe in safe mode with command prompt, which is a bit odd], i ran it again, [it indicated that the recycle bin has been corrupted] and same with sudden turning off..

what should i do?
thank you very much..

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 17 January 2012 - 07:49 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 vinralfakyn

vinralfakyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 18 January 2012 - 06:48 AM

the program has not detected a single malware.. but i also wonder why the infected driver was not listed at the log report..


19:43:24.0028 3084 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
19:43:26.0031 3084 ============================================================
19:43:26.0031 3084 Current date / time: 2012/01/18 19:43:26.0031
19:43:26.0031 3084 SystemInfo:
19:43:26.0031 3084
19:43:26.0032 3084 OS Version: 6.0.6002 ServicePack: 2.0
19:43:26.0032 3084 Product type: Workstation
19:43:26.0032 3084 ComputerName: user1-pc
19:43:26.0032 3084 UserName: user
19:43:26.0032 3084 Windows directory: C:\Windows
19:43:26.0032 3084 System windows directory: C:\Windows
19:43:26.0032 3084 Processor architecture: Intel x86
19:43:26.0032 3084 Number of processors: 2
19:43:26.0032 3084 Page size: 0x1000
19:43:26.0032 3084 Boot type: Normal boot
19:43:26.0032 3084 ============================================================
19:43:44.0431 3084 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:43:44.0945 3084 Drive \Device\Harddisk1\DR2 - Size: 0x3BA00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:43:49.0672 3084 Initialize success
19:44:08.0980 5348 ============================================================
19:44:08.0980 5348 Scan started
19:44:08.0980 5348 Mode: Manual;
19:44:08.0980 5348 ============================================================
19:44:21.0304 5348 .i8042prt - ok
19:44:21.0335 5348 .Npfs - ok
19:44:21.0756 5348 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:44:22.0130 5348 ACPI - ok
19:44:22.0520 5348 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
19:44:22.0536 5348 adfs - ok
19:44:23.0581 5348 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:44:24.0252 5348 adp94xx - ok
19:44:24.0751 5348 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:44:24.0907 5348 adpahci - ok
19:44:25.0284 5348 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:44:25.0304 5348 adpu160m - ok
19:44:25.0749 5348 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:44:25.0784 5348 adpu320 - ok
19:44:26.0369 5348 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:44:26.0479 5348 AFD - ok
19:44:27.0204 5348 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
19:44:27.0294 5348 AgereSoftModem - ok
19:44:27.0624 5348 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:44:27.0629 5348 agp440 - ok
19:44:27.0849 5348 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:44:28.0239 5348 aic78xx - ok
19:44:28.0579 5348 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:44:28.0589 5348 aliide - ok
19:44:28.0834 5348 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:44:28.0854 5348 amdagp - ok
19:44:28.0994 5348 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:44:29.0014 5348 amdide - ok
19:44:29.0054 5348 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:44:29.0434 5348 AmdK7 - ok
19:44:29.0539 5348 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:44:29.0549 5348 AmdK8 - ok
19:44:29.0629 5348 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:44:29.0644 5348 arc - ok
19:44:29.0909 5348 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:44:29.0939 5348 arcsas - ok
19:44:30.0164 5348 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
19:44:30.0179 5348 AsDsm - ok
19:44:30.0359 5348 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
19:44:30.0399 5348 ASMMAP - ok
19:44:30.0419 5348 ASUSProcObsrv - ok
19:44:30.0614 5348 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:30.0629 5348 AsyncMac - ok
19:44:30.0754 5348 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:44:30.0769 5348 atapi - ok
19:44:31.0084 5348 athr (44362605f5fff00c9b7696b47680a8c5) C:\Windows\system32\DRIVERS\athr.sys
19:44:31.0124 5348 athr - ok
19:44:31.0694 5348 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:44:31.0709 5348 Beep - ok
19:44:31.0884 5348 blbdrive - ok
19:44:32.0134 5348 BlueletAudio (5ff9a3f3476d726ae62da82d5da94c36) C:\Windows\system32\DRIVERS\blueletaudio.sys
19:44:32.0139 5348 BlueletAudio - ok
19:44:32.0399 5348 BlueletSCOAudio (bd91afc523fd59f881e1763c38fb772f) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
19:44:32.0409 5348 BlueletSCOAudio - ok
19:44:32.0709 5348 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:44:32.0739 5348 bowser - ok
19:44:33.0009 5348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:44:33.0029 5348 BrFiltLo - ok
19:44:33.0369 5348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:44:33.0389 5348 BrFiltUp - ok
19:44:33.0609 5348 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:44:33.0624 5348 Brserid - ok
19:44:34.0059 5348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:44:34.0084 5348 BrSerWdm - ok
19:44:34.0329 5348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:44:34.0349 5348 BrUsbMdm - ok
19:44:34.0734 5348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:44:34.0774 5348 BrUsbSer - ok
19:44:35.0204 5348 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\Windows\system32\DRIVERS\btnetdrv.sys
19:44:35.0259 5348 BT - ok
19:44:35.0549 5348 btaudio - ok
19:44:36.0054 5348 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\Windows\system32\Drivers\btcusb.sys
19:44:36.0074 5348 Btcsrusb - ok
19:44:36.0269 5348 BTDriver - ok
19:44:36.0484 5348 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:44:36.0509 5348 BthEnum - ok
19:44:36.0734 5348 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\Windows\system32\Drivers\vbtenum.sys
19:44:39.0864 5348 BTHidEnum - ok
19:44:40.0144 5348 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\Windows\system32\Drivers\BTHidMgr.sys
19:44:40.0159 5348 BTHidMgr - ok
19:44:40.0414 5348 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
19:44:40.0434 5348 BTHMODEM - ok
19:44:40.0734 5348 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:44:40.0759 5348 BthPan - ok
19:44:41.0058 5348 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
19:44:41.0090 5348 BTHPORT - ok
19:44:41.0417 5348 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
19:44:41.0464 5348 BTHUSB - ok
19:44:41.0745 5348 BTWDNDIS - ok
19:44:41.0979 5348 btwhid - ok
19:44:42.0462 5348 catchme - ok
19:44:42.0650 5348 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:44:42.0665 5348 cdfs - ok
19:44:42.0837 5348 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:44:42.0884 5348 cdrom - ok
19:44:43.0040 5348 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:44:43.0055 5348 circlass - ok
19:44:43.0164 5348 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:44:43.0196 5348 CLFS - ok
19:44:43.0336 5348 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:44:43.0352 5348 CmBatt - ok
19:44:43.0430 5348 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:44:43.0430 5348 cmdide - ok
19:44:43.0601 5348 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:44:43.0617 5348 Compbatt - ok
19:44:44.0147 5348 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:44:44.0178 5348 crcdisk - ok
19:44:44.0522 5348 CRFILTER (d18893845ae1c5833b5b2ea9b7f5c670) C:\Windows\system32\DRIVERS\CRFILTER.sys
19:44:44.0522 5348 CRFILTER - ok
19:44:44.0724 5348 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:44:44.0740 5348 Crusoe - ok
19:44:45.0146 5348 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:44:45.0208 5348 disk - ok
19:44:45.0536 5348 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:44:45.0536 5348 drmkaud - ok
19:44:45.0972 5348 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:44:46.0066 5348 DXGKrnl - ok
19:44:46.0425 5348 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:44:46.0456 5348 E1G60 - ok
19:44:46.0596 5348 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:44:46.0612 5348 Ecache - ok
19:44:46.0752 5348 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:44:46.0830 5348 elxstor - ok
19:44:47.0376 5348 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:44:47.0392 5348 exfat - ok
19:44:47.0673 5348 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:44:47.0751 5348 fastfat - ok
19:44:48.0063 5348 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:44:48.0078 5348 fdc - ok
19:44:48.0281 5348 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:44:48.0312 5348 FileInfo - ok
19:44:48.0390 5348 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:44:48.0406 5348 Filetrace - ok
19:44:48.0531 5348 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:48.0546 5348 flpydisk - ok
19:44:48.0734 5348 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:44:48.0812 5348 FltMgr - ok
19:44:49.0404 5348 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:44:49.0420 5348 Fs_Rec - ok
19:44:49.0732 5348 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:44:49.0748 5348 gagp30kx - ok
19:44:49.0904 5348 GarenaPEngine - ok
19:44:50.0122 5348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:50.0122 5348 GEARAspiWDM - ok
19:44:50.0262 5348 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
19:44:50.0262 5348 ghaio - ok
19:44:50.0434 5348 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:44:50.0450 5348 HdAudAddService - ok
19:44:50.0574 5348 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:50.0590 5348 HDAudBus - ok
19:44:50.0840 5348 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:44:50.0855 5348 HidBth - ok
19:44:51.0042 5348 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:44:51.0058 5348 HidIr - ok
19:44:51.0292 5348 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:44:51.0292 5348 HidUsb - ok
19:44:51.0573 5348 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:44:51.0588 5348 HpCISSs - ok
19:44:51.0822 5348 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:44:51.0838 5348 HTTP - ok
19:44:51.0932 5348 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:44:51.0932 5348 i2omp - ok
19:44:52.0072 5348 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:52.0072 5348 i8042prt - ok
19:44:52.0290 5348 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
19:44:52.0290 5348 iaStor - ok
19:44:52.0446 5348 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:44:52.0493 5348 iaStorV - ok
19:44:52.0649 5348 IDMWFP (2714bb9e5c05bebf8488207a1b5a5f62) C:\Windows\system32\DRIVERS\idmwfp.sys
19:44:52.0649 5348 IDMWFP - ok
19:44:52.0899 5348 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:44:52.0977 5348 igfx - ok
19:44:53.0164 5348 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:44:53.0180 5348 iirsp - ok
19:44:53.0507 5348 IntcAzAudAddService (4df91f46265709cd0f5ffd8aac26d586) C:\Windows\system32\drivers\RTKVHDA.sys
19:44:53.0570 5348 IntcAzAudAddService - ok
19:44:53.0726 5348 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:44:53.0741 5348 intelide - ok
19:44:53.0913 5348 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:44:53.0928 5348 intelppm - ok
19:44:54.0116 5348 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:54.0131 5348 IpFilterDriver - ok
19:44:54.0318 5348 IpInIp - ok
19:44:54.0365 5348 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:44:54.0428 5348 IPMIDRV - ok
19:44:54.0599 5348 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:44:54.0599 5348 IPNAT - ok
19:44:54.0677 5348 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:44:54.0677 5348 IRENUM - ok
19:44:54.0849 5348 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:44:54.0864 5348 isapnp - ok
19:44:54.0911 5348 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:44:54.0911 5348 iScsiPrt - ok
19:44:55.0145 5348 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:44:55.0161 5348 iteatapi - ok
19:44:55.0395 5348 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:44:55.0426 5348 iteraid - ok
19:44:55.0691 5348 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:55.0707 5348 kbdclass - ok
19:44:55.0988 5348 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:44:56.0019 5348 kbdhid - ok
19:44:56.0222 5348 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:44:56.0237 5348 kbfiltr - ok
19:44:56.0596 5348 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
19:44:56.0643 5348 KL1 - ok
19:44:56.0939 5348 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
19:44:56.0955 5348 kl2 - ok
19:44:57.0298 5348 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
19:44:57.0329 5348 KLIF - ok
19:44:57.0532 5348 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
19:44:57.0548 5348 KLIM6 - ok
19:44:57.0813 5348 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
19:44:57.0828 5348 klmouflt - ok
19:44:58.0250 5348 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:44:58.0265 5348 KSecDD - ok
19:44:58.0640 5348 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:44:58.0655 5348 lltdio - ok
19:44:58.0889 5348 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:44:58.0920 5348 LSI_FC - ok
19:44:59.0170 5348 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:44:59.0186 5348 LSI_SAS - ok
19:44:59.0544 5348 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:44:59.0560 5348 LSI_SCSI - ok
19:44:59.0934 5348 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:44:59.0950 5348 luafv - ok
19:45:00.0246 5348 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:45:00.0324 5348 MBAMProtector - ok
19:45:00.0636 5348 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:45:00.0652 5348 megasas - ok
19:45:00.0839 5348 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:45:00.0855 5348 Modem - ok
19:45:01.0089 5348 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
19:45:01.0104 5348 MODEMCSA - ok
19:45:01.0292 5348 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:45:01.0292 5348 monitor - ok
19:45:01.0432 5348 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:45:01.0448 5348 mouclass - ok
19:45:01.0635 5348 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
19:45:01.0650 5348 moufiltr - ok
19:45:01.0791 5348 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:45:01.0791 5348 mouhid - ok
19:45:01.0962 5348 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:45:01.0962 5348 MountMgr - ok
19:45:02.0087 5348 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:45:02.0103 5348 mpio - ok
19:45:02.0228 5348 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:45:02.0243 5348 mpsdrv - ok
19:45:02.0477 5348 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:45:02.0493 5348 Mraid35x - ok
19:45:02.0664 5348 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:45:02.0680 5348 MRxDAV - ok
19:45:02.0820 5348 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:45:02.0852 5348 mrxsmb - ok
19:45:02.0961 5348 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:45:03.0008 5348 mrxsmb10 - ok
19:45:03.0148 5348 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:45:03.0164 5348 mrxsmb20 - ok
19:45:03.0413 5348 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:45:03.0444 5348 msahci - ok
19:45:03.0569 5348 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:45:03.0585 5348 msdsm - ok
19:45:03.0819 5348 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:45:03.0834 5348 Msfs - ok
19:45:04.0084 5348 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:45:04.0084 5348 msisadrv - ok
19:45:04.0458 5348 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:45:04.0458 5348 MSKSSRV - ok
19:45:04.0786 5348 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:45:04.0802 5348 MSPCLOCK - ok
19:45:05.0036 5348 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:45:05.0036 5348 MSPQM - ok
19:45:05.0098 5348 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:45:05.0129 5348 MsRPC - ok
19:45:05.0316 5348 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:45:05.0316 5348 mssmbios - ok
19:45:05.0582 5348 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:45:05.0613 5348 MSTEE - ok
19:45:05.0878 5348 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
19:45:05.0894 5348 MTsensor - ok
19:45:06.0034 5348 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:45:06.0034 5348 Mup - ok
19:45:06.0159 5348 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:45:06.0174 5348 NativeWifiP - ok
19:45:06.0284 5348 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:45:06.0330 5348 NDIS - ok
19:45:06.0580 5348 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:45:06.0596 5348 NdisTapi - ok
19:45:06.0752 5348 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:45:06.0767 5348 Ndisuio - ok
19:45:06.0845 5348 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:45:06.0861 5348 NdisWan - ok
19:45:07.0110 5348 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:45:07.0142 5348 NDProxy - ok
19:45:07.0422 5348 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:45:07.0454 5348 NetBIOS - ok
19:45:07.0641 5348 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:45:07.0703 5348 netbt - ok
19:45:07.0906 5348 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:45:07.0906 5348 nfrd960 - ok
19:45:07.0968 5348 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
19:45:07.0984 5348 nmwcd - ok
19:45:08.0499 5348 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
19:45:08.0514 5348 nmwcdc - ok
19:45:08.0639 5348 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
19:45:08.0670 5348 NPF - ok
19:45:08.0764 5348 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:45:08.0780 5348 Npfs - ok
19:45:09.0045 5348 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:45:09.0092 5348 nsiproxy - ok
19:45:09.0950 5348 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:45:09.0981 5348 Ntfs - ok
19:45:10.0168 5348 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:45:10.0215 5348 ntrigdigi - ok
19:45:10.0683 5348 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:45:10.0761 5348 Null - ok
19:45:10.0995 5348 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:45:11.0042 5348 nvraid - ok
19:45:11.0541 5348 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:45:11.0666 5348 nvstor - ok
19:45:11.0978 5348 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:45:12.0009 5348 nv_agp - ok
19:45:12.0368 5348 NwlnkFlt - ok
19:45:12.0882 5348 NwlnkFwd - ok
19:45:13.0116 5348 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:45:13.0179 5348 ohci1394 - ok
19:45:13.0662 5348 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:45:13.0694 5348 Parport - ok
19:45:13.0974 5348 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:45:13.0990 5348 partmgr - ok
19:45:14.0364 5348 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:45:14.0380 5348 Parvdm - ok
19:45:14.0676 5348 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:45:14.0723 5348 pccsmcfd - ok
19:45:14.0910 5348 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:45:14.0926 5348 pci - ok
19:45:15.0129 5348 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:45:15.0144 5348 pciide - ok
19:45:15.0566 5348 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:45:15.0581 5348 pcmcia - ok
19:45:16.0049 5348 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:45:16.0065 5348 PEAUTH - ok
19:45:16.0595 5348 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:45:16.0626 5348 PptpMiniport - ok
19:45:17.0048 5348 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:45:17.0063 5348 Processor - ok
19:45:17.0344 5348 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:45:17.0360 5348 PSched - ok
19:45:17.0640 5348 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:45:17.0672 5348 ql2300 - ok
19:45:17.0952 5348 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:45:17.0968 5348 ql40xx - ok
19:45:18.0327 5348 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:45:18.0358 5348 QWAVEdrv - ok
19:45:18.0561 5348 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:45:18.0592 5348 RasAcd - ok
19:45:18.0732 5348 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:18.0748 5348 Rasl2tp - ok
19:45:18.0826 5348 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:18.0842 5348 RasPppoe - ok
19:45:18.0966 5348 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:45:18.0982 5348 RasSstp - ok
19:45:19.0247 5348 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:45:19.0325 5348 rdbss - ok
19:45:19.0746 5348 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:19.0778 5348 RDPCDD - ok
19:45:20.0058 5348 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:45:20.0074 5348 rdpdr - ok
19:45:20.0230 5348 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:45:20.0230 5348 RDPENCDD - ok
19:45:20.0729 5348 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:45:20.0792 5348 RDPWD - ok
19:45:21.0104 5348 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:45:21.0135 5348 RFCOMM - ok
19:45:21.0540 5348 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:45:21.0572 5348 ROOTMODEM - ok
19:45:21.0993 5348 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:45:22.0024 5348 rspndr - ok
19:45:22.0258 5348 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:45:22.0289 5348 RTL8169 - ok
19:45:22.0523 5348 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:45:22.0554 5348 sbp2port - ok
19:45:22.0976 5348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:45:23.0038 5348 secdrv - ok
19:45:23.0428 5348 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
19:45:23.0459 5348 Serenum - ok
19:45:23.0646 5348 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:45:23.0678 5348 Serial - ok
19:45:24.0114 5348 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:45:24.0130 5348 sermouse - ok
19:45:24.0520 5348 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:45:24.0551 5348 sffdisk - ok
19:45:24.0894 5348 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:45:24.0926 5348 sffp_mmc - ok
19:45:25.0206 5348 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:45:25.0222 5348 sffp_sd - ok
19:45:25.0518 5348 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:45:25.0534 5348 sfloppy - ok
19:45:25.0846 5348 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:45:25.0862 5348 sisagp - ok
19:45:26.0080 5348 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:45:26.0096 5348 SiSRaid2 - ok
19:45:26.0142 5348 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:45:26.0174 5348 SiSRaid4 - ok
19:45:26.0392 5348 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:45:26.0408 5348 Smb - ok
19:45:26.0766 5348 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:45:26.0844 5348 SNP2UVC - ok
19:45:27.0063 5348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:45:27.0094 5348 spldr - ok
19:45:27.0141 5348 sptd - ok
19:45:27.0546 5348 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:45:27.0609 5348 srv - ok
19:45:27.0936 5348 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:45:27.0952 5348 srv2 - ok
19:45:28.0139 5348 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:45:28.0155 5348 srvnet - ok
19:45:28.0670 5348 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:45:28.0685 5348 swenum - ok
19:45:29.0091 5348 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:45:29.0153 5348 Symc8xx - ok
19:45:29.0496 5348 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:45:29.0543 5348 Sym_hi - ok
19:45:29.0871 5348 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:45:29.0902 5348 Sym_u3 - ok
19:45:30.0167 5348 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
19:45:30.0183 5348 SynTP - ok
19:45:30.0432 5348 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
19:45:30.0448 5348 Tcpip - ok
19:45:30.0776 5348 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
19:45:30.0807 5348 Tcpip6 - ok
19:45:30.0963 5348 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:45:30.0978 5348 tcpipreg - ok
19:45:31.0041 5348 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:45:31.0056 5348 TDPIPE - ok
19:45:31.0322 5348 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:45:31.0400 5348 TDTCP - ok
19:45:32.0133 5348 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:45:32.0195 5348 tdx - ok
19:45:32.0601 5348 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:45:32.0632 5348 TermDD - ok
19:45:33.0116 5348 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:33.0178 5348 tssecsrv - ok
19:45:33.0521 5348 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:45:33.0537 5348 tunmp - ok
19:45:33.0786 5348 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:45:33.0802 5348 tunnel - ok
19:45:34.0239 5348 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:45:34.0254 5348 uagp35 - ok
19:45:34.0660 5348 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:45:34.0691 5348 udfs - ok
19:45:35.0081 5348 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:45:35.0112 5348 uliagpkx - ok
19:45:35.0362 5348 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:45:35.0393 5348 uliahci - ok
19:45:35.0518 5348 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:45:35.0534 5348 UlSata - ok
19:45:35.0565 5348 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:45:35.0596 5348 ulsata2 - ok
19:45:35.0658 5348 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:45:35.0690 5348 umbus - ok
19:45:35.0830 5348 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:45:35.0846 5348 upperdev - ok
19:45:35.0986 5348 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:36.0002 5348 usbccgp - ok
19:45:36.0189 5348 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:45:36.0220 5348 usbcir - ok
19:45:36.0360 5348 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:45:36.0392 5348 usbehci - ok
19:45:36.0532 5348 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:45:36.0563 5348 usbhub - ok
19:45:36.0844 5348 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:45:36.0875 5348 usbohci - ok
19:45:37.0031 5348 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:45:37.0078 5348 usbprint - ok
19:45:37.0234 5348 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
19:45:37.0250 5348 usbser - ok
19:45:37.0359 5348 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:45:37.0374 5348 UsbserFilt - ok
19:45:37.0608 5348 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:37.0624 5348 USBSTOR - ok
19:45:38.0045 5348 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:45:38.0092 5348 usbuhci - ok
19:45:38.0248 5348 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
19:45:38.0264 5348 usbvideo - ok
19:45:38.0342 5348 VComm (51750b0539986186c6931fc40d171521) C:\Windows\system32\DRIVERS\VComm.sys
19:45:38.0388 5348 VComm - ok
19:45:38.0638 5348 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\Windows\system32\Drivers\VcommMgr.sys
19:45:38.0841 5348 VcommMgr - ok
19:45:38.0950 5348 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:38.0966 5348 vga - ok
19:45:39.0044 5348 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:45:39.0075 5348 VgaSave - ok
19:45:39.0278 5348 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:45:39.0309 5348 viaagp - ok
19:45:39.0512 5348 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:45:39.0543 5348 ViaC7 - ok
19:45:39.0761 5348 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:45:39.0792 5348 viaide - ok
19:45:39.0964 5348 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:45:39.0995 5348 volmgr - ok
19:45:40.0229 5348 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:45:40.0276 5348 volmgrx - ok
19:45:40.0494 5348 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:45:40.0510 5348 volsnap - ok
19:45:40.0697 5348 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:45:40.0728 5348 vsmraid - ok
19:45:40.0900 5348 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:45:40.0931 5348 WacomPen - ok
19:45:41.0181 5348 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:41.0212 5348 Wanarp - ok
19:45:41.0212 5348 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:41.0228 5348 Wanarpv6 - ok
19:45:41.0384 5348 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:45:41.0399 5348 Wd - ok
19:45:41.0508 5348 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:45:41.0540 5348 Wdf01000 - ok
19:45:41.0774 5348 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Users\Lapura\Downloads\RealTemp_360\WinRing0.sys
19:45:41.0867 5348 WinRing0_1_2_0 - ok
19:45:42.0195 5348 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:45:42.0226 5348 WmiAcpi - ok
19:45:42.0382 5348 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:45:42.0398 5348 WpdUsb - ok
19:45:42.0507 5348 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:45:42.0538 5348 ws2ifsl - ok
19:45:42.0678 5348 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:42.0710 5348 WUDFRd - ok
19:45:42.0756 5348 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:45:42.0819 5348 \Device\Harddisk0\DR0 - ok
19:45:42.0834 5348 Boot (0x1200) (eec6f9b7fe0d58201788d336d3726c37) \Device\Harddisk0\DR0\Partition0
19:45:42.0834 5348 \Device\Harddisk0\DR0\Partition0 - ok
19:45:42.0850 5348 Boot (0x1200) (5c06242c71a6002a0694d73faa961530) \Device\Harddisk0\DR0\Partition1
19:45:42.0881 5348 \Device\Harddisk0\DR0\Partition1 - ok
19:45:42.0897 5348 ============================================================
19:45:42.0897 5348 Scan finished
19:45:42.0897 5348 ============================================================
19:45:42.0912 0156 Detected object count: 0
19:45:42.0912 0156 Actual detected object count: 0

Edited by vinralfakyn, 18 January 2012 - 06:49 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 18 January 2012 - 12:29 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 21 January 2012 - 02:22 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 vinralfakyn

vinralfakyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 22 January 2012 - 11:43 PM

i ran it.. and here's the log..


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-23 12:38:58
-----------------------------
12:38:58.382 OS Version: Windows 6.0.6002 Service Pack 2
12:38:58.382 Number of processors: 2 586 0xF0D
12:38:58.382 ComputerName: user-PC UserName: user
12:40:47.126 Initialize success
12:41:07.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:41:07.037 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
12:41:07.053 Disk 0 MBR read successfully
12:41:07.068 Disk 0 MBR scan
12:41:07.068 Disk 0 Windows VISTA default MBR code
12:41:07.084 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61043 MB offset 63
12:41:07.084 Disk 0 Partition - 00 0F Extended LBA 91581 MB offset 125017830
12:41:07.115 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 91581 MB offset 125017893
12:41:07.131 Disk 0 scanning sectors +312576705
12:41:07.209 Disk 0 scanning C:\Windows\system32\drivers
12:41:31.759 Service scanning
12:41:33.865 Service .i8042prt \* **LOCKED** 123
12:41:33.881 Service .Npfs \* **LOCKED** 123
12:41:33.990 Service ASUSProcObsrv E:\I386\AsProcOb.sys **LOCKED** 21
12:41:34.848 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
12:41:34.863 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
12:41:35.035 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
12:41:35.066 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:41:36.392 Modules scanning
12:42:02.219 Disk 0 trace - called modules:
12:42:02.266 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:42:02.282 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862e60a0]
12:42:02.297 3 CLASSPNP.SYS[87b5f8b3] -> nt!IofCallDriver -> [0x853182e8]
12:42:02.313 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8531c028]
12:42:02.328 Scan finished successfully
12:42:19.165 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:42:19.181 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 23 January 2012 - 12:01 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 vinralfakyn

vinralfakyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 24 January 2012 - 10:14 AM

some information i have censored.. here's the otl file log..



OTL logfile created on: 1/24/2012 10:48:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: ------- | Country: ------- | Language: ENP | Date Format: M/d/yyyy

1014.48 Mb Total Physical Memory | 340.79 Mb Available Physical Memory | 33.59% Memory free
2.24 Gb Paging File | 1.11 Gb Available in Paging File | 49.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.61 Gb Total Space | 1.02 Gb Free Space | 1.71% Space Free | Partition Type: NTFS
Drive D: | 89.44 Gb Total Space | 2.23 Gb Free Space | 2.50% Space Free | Partition Type: NTFS

Computer Name: user-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\asus\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ATK Hotkey\MsgTran.dll ()
MOD - C:\Program Files\asus\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\asus\ASUS Data Security Manager\OverlayIconShlExt1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (NMIndexingService) -- File not found
SRV - (aswUpdSv) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_b427739.dll ()
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WinRing0_1_2_0) -- C:\Users\user\Downloads\RealTemp_360\WinRing0.sys (OpenLibSys.org)
DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\asus\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/09/13 12:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/01/08 09:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/01/09 21:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/01/09 21:26:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2011/10/03 21:02:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2011/10/03 21:02:27 | 000,000,000 | ---D | M]

[2011/07/12 00:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/27 09:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/22 22:02:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
[2010/10/05 08:33:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/16 02:06:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/02 03:07:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/17 22:58:08 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2010/04/12 12:30:41 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.374_0\plugin/npUrlAdvisor.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files\Photodex Presenter\npPxPlay.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtual Keyboard = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2011/08/21 15:07:47 | 000,008,158 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com #192.150.22.22
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com #192.150.14.21
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com #192.150.18.247
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com #192.150.22.46
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com #192.150.11.30
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
O1 - Hosts: 127.0.0.1 adobe.activate.com #69.175.22.26
O1 - Hosts: 127.0.0.1 activate.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
O1 - Hosts: 127.0.0.1 ereg.adobe.com #192.150.18.103
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
O1 - Hosts: 127.0.0.1 practivate.adobe.com #192.150.18.54
O1 - Hosts: 127.0.0.1 www.wip3.adobe.com #192.150.8.60
O1 - Hosts: 127.0.0.1 www.wip4.adobe.com #192.150.18.200
O1 - Hosts: 127.0.0.1 www.adobeereg.com #75.125.24.83
O1 - Hosts: 127.0.0.1 adobeereg.com #207.66.2.10
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com #192.150.14.174
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
O1 - Hosts: 137 more lines...
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-949780334-2377647623-2708085185-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\user Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B80F11C-DEF4-47FF-ABFB-A81BB5950F14}: DhcpNameServer = 192.168.254.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/06/12 09:02:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22aedb09-a24e-11dd-9c1c-0022159e64fe}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\Shell\AutoRun\command - "" = J:\uvwara.exe
O33 - MountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\Shell\explore\Command - "" = J:\uvwara.exe
O33 - MountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\Shell\open\Command - "" = J:\uvwara.exe
O33 - MountPoints2\{554399ad-da30-11de-be15-00158307c93e}\Shell - "" = AutoRun
O33 - MountPoints2\{554399ad-da30-11de-be15-00158307c93e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{6f904335-63a8-11df-84d7-00158307c93e}\Shell - "" = AutoRun
O33 - MountPoints2\{6f904335-63a8-11df-84d7-00158307c93e}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\Shell\AutoRun\command - "" = J:\
O33 - MountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\Shell\explore\Command - "" = WScript.exe .\gova.vbs
O33 - MountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\Shell\open\Command - "" = WScript.exe .\gova.vbs
O33 - MountPoints2\{aae22eab-a188-11dd-b792-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aae22eab-a188-11dd-b792-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\Autoplay\Command - "" = H:\smss.exe
O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\AutoRun\command - "" = H:\smss.exe
O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\Explore\Command - "" = H:\smss.exe
O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\Open\Command - "" = H:\smss.exe
O33 - MountPoints2\{c28f263a-0713-11e0-92cd-00158307c93e}\Shell - "" = AutoRun
O33 - MountPoints2\{c28f263a-0713-11e0-92cd-00158307c93e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{c7dccaab-dd5c-11dd-9943-0022159e64fe}\Shell\AutoRun\command - "" = H:\RESTORE\k-1-3542-4232123213-7676767-8888886\JUZZ.exe
O33 - MountPoints2\{c7dccaab-dd5c-11dd-9943-0022159e64fe}\Shell\open\command - "" = H:\RESTORE\k-1-3542-4232123213-7676767-8888886\JUZZ.exe
O33 - MountPoints2\{c88a46fe-bd92-11df-a1fd-00158307c93e}\Shell\Auto\command - "" = rejoice2010.exe
O33 - MountPoints2\{c88a46fe-bd92-11df-a1fd-00158307c93e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoice2010.exe
O33 - MountPoints2\{d8c4e43f-0536-11de-8a51-0022159e64fe}\Shell\AutoRun\command - "" = H:\ur0.com
O33 - MountPoints2\{d8c4e43f-0536-11de-8a51-0022159e64fe}\Shell\open\Command - "" = H:\ur0.com
O33 - MountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\Shell\AutoRun\command - "" = I:\vircure/vircure32.exe
O33 - MountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\Shell\explore\command - "" = I:\vircure/vircure32.exe
O33 - MountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\Shell\open\command - "" = I:\vircure/vircure32.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Windows\System32\
[2012/01/24 22:45:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/23 10:58:28 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/20 17:35:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\com.prezi.PreziDesktop
[2012/01/20 17:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\PreziDesktop3
[2012/01/18 19:34:36 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/01/17 19:29:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/13 09:24:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/13 09:24:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/13 09:24:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/13 09:23:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/13 09:23:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/13 09:13:00 | 004,381,975 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/10 11:44:49 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\gmer
[2012/01/09 17:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/01/09 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/01/09 17:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/09 17:01:52 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/01/09 16:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/09 16:14:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/01 03:14:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/01/01 03:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/01 03:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/24 13:19:19 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2049/12/31 16:00:00 | 001,457,664 | ---- | M] () -- C:\Users\user\Documents\Hosp Waste Mngt PACSSM Conv CAmp AguinaldoQC 4june09.part06.rar
[2049/12/31 16:00:00 | 001,457,664 | ---- | M] () -- C:\Users\user\Documents\Hosp Waste Mngt PACSSM Conv CAmp AguinaldoQC 4june09.part05.rar
[2049/12/31 16:00:00 | 001,457,664 | ---- | M] () -- C:\Users\user\Documents\Hosp Waste Mngt PACSSM Conv CAmp AguinaldoQC 4june09.part04.rar
[2049/12/31 16:00:00 | 001,457,664 | ---- | M] () -- C:\Users\user\Documents\Hosp Waste Mngt PACSSM Conv CAmp AguinaldoQC 4june09.part03.rar
[2049/12/31 16:00:00 | 001,457,664 | ---- | M] () -- C:\Users\user\Documents\Hosp Waste Mngt PACSSM Conv CAmp AguinaldoQC 4june09.part02.rar
[2049/12/31 16:00:00 | 001,457,664 | ---- | M] () -- C:\Users\user\Documents\Hosp Waste Mngt PACSSM Conv CAmp AguinaldoQC 4june09.part01.rar
[2012/01/24 23:02:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-949780334-2377647623-2708085185-1000UA.job
[2012/01/24 22:46:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/24 22:44:48 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 22:44:48 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 22:11:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 18:45:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 18:44:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/24 18:44:34 | 1062,506,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/23 23:01:50 | 000,002,627 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
[2012/01/23 20:36:49 | 000,002,255 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/01/23 17:02:32 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-949780334-2377647623-2708085185-1000Core.job
[2012/01/23 12:42:19 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/23 11:19:08 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/21 13:54:22 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/21 13:54:22 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/20 17:34:19 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\PreziDesktop3.lnk
[2012/01/18 19:35:34 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/01/18 16:43:49 | 000,011,390 | ---- | M] () -- C:\Users\user\gsview32.ini
[2012/01/18 12:00:12 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/17 09:51:19 | 000,036,864 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 06:47:45 | 073,829,755 | ---- | M] () -- C:\Users\user\Documents\report ncmc.pxc
[2012/01/15 06:47:32 | 000,392,562 | ---- | M] () -- C:\Users\user\Documents\report ncmc.psh
[2012/01/13 13:35:36 | 243,976,628 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/13 09:15:42 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/09 21:03:47 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012/01/09 21:03:44 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/09 17:01:52 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/01/09 16:54:20 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012/01/09 16:21:19 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 15:30:03 | 000,000,000 | ---- | M] () -- C:\Windows\1293147910
[2012/01/09 15:18:43 | 000,000,020 | ---- | M] () -- C:\Users\user\defogger_reenable
[2012/01/09 15:16:20 | 000,003,386 | ---- | M] () -- C:\Users\user\Documents\ax_files.xml
[2012/01/09 15:04:52 | 000,075,264 | ---- | M] () -- C:\Windows\System32\drivers\dfsc.sys
[2012/01/09 01:06:21 | 000,002,047 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/01/09 01:06:21 | 000,002,009 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/08 23:58:24 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012/01/04 08:11:10 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\ASUS SmartLogon Console Sensor.job
[2012/01/04 00:51:09 | 000,001,736 | -HS- | M] () -- C:\Windows\2356950drv.spi
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/23 12:42:19 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/20 17:34:19 | 000,000,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreziDesktop3.lnk
[2012/01/20 17:34:18 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\PreziDesktop3.lnk
[2012/01/18 12:00:12 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/17 19:33:38 | 1062,506,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/15 06:47:27 | 073,829,755 | ---- | C] () -- C:\Users\user\Documents\report ncmc.pxc
[2012/01/15 06:47:27 | 000,392,562 | ---- | C] () -- C:\Users\user\Documents\report ncmc.psh
[2012/01/13 09:24:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/13 09:24:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/13 09:24:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/13 09:24:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/13 09:24:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/10 11:52:27 | 243,976,628 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/09 17:07:48 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/01/09 17:07:47 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/01/09 16:21:19 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 15:17:42 | 000,000,020 | ---- | C] () -- C:\Users\user\defogger_reenable
[2012/01/09 13:52:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2012/01/04 08:11:10 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\ASUS SmartLogon Console Sensor.job
[2012/01/04 00:38:30 | 000,001,736 | -HS- | C] () -- C:\Windows\2356950drv.spi
[2011/11/20 10:11:03 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{F462725A-D673-4B2A-A734-B4C725A8DD80}
[2011/10/19 16:23:00 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
[2011/10/05 01:53:38 | 000,035,473 | ---- | C] () -- C:\Windows\scunin.dat
[2011/09/27 18:59:24 | 000,000,552 | ---- | C] () -- C:\Users\user\AppData\Local\d3d8caps.dat
[2011/08/16 23:18:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/06/16 01:11:08 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/02/25 00:37:38 | 000,000,088 | ---- | C] () -- C:\Windows\Launcher.ini
[2011/02/24 08:12:25 | 000,000,034 | ---- | C] () -- C:\Windows\QTW.INI
[2010/12/11 01:29:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/11 01:27:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/06 10:09:23 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010/09/17 09:13:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/11 18:46:04 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/06/19 15:06:06 | 000,002,409 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/24 14:45:04 | 000,000,826 | ---- | C] () -- C:\Windows\eReg.dat
[2009/04/19 12:30:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/04/19 12:30:32 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/19 12:30:32 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/19 12:30:31 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/04/19 12:30:26 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/30 12:22:43 | 000,061,440 | ---- | C] () -- C:\Program Files\RGSGrowBounds.aex
[2009/01/30 10:07:55 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2008/12/21 14:37:30 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/12/21 14:36:54 | 000,022,328 | ---- | C] () -- C:\Users\user\AppData\Roaming\PnkBstrK.sys
[2008/12/21 14:36:01 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/12/21 14:35:17 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/11/19 15:59:10 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/11/07 09:59:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/30 18:38:00 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/25 13:01:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/24 19:48:15 | 000,036,864 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/24 14:24:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008/10/24 13:38:13 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008/10/24 13:38:13 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008/10/24 13:38:09 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/10/24 13:27:36 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/10/24 13:27:36 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/10/24 13:21:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/10/24 13:21:24 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/10/24 13:21:23 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/10/24 13:21:23 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/10/24 13:09:52 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2008/04/07 14:00:46 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,483,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/17 08:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BB1102D7

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 24 January 2012 - 06:54 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
    O3 - HKU\S-1-5-21-949780334-2377647623-2708085185-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O33 - MountPoints2\{22aedb09-a24e-11dd-9c1c-0022159e64fe}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\Shell\AutoRun\command - "" = J:\uvwara.exe
    O33 - MountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\Shell\explore\Command - "" = J:\uvwara.exe
    O33 - MountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\Shell\open\Command - "" = J:\uvwara.exe
    O33 - MountPoints2\{554399ad-da30-11de-be15-00158307c93e}\Shell - "" = AutoRun
    O33 - MountPoints2\{554399ad-da30-11de-be15-00158307c93e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    O33 - MountPoints2\{6f904335-63a8-11df-84d7-00158307c93e}\Shell - "" = AutoRun
    O33 - MountPoints2\{6f904335-63a8-11df-84d7-00158307c93e}\Shell\AutoRun\command - "" = G:\SETUP.EXE
    O33 - MountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\Shell\AutoRun\command - "" = J:\
    O33 - MountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\Shell\explore\Command - "" = WScript.exe .\gova.vbs
    O33 - MountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\Shell\open\Command - "" = WScript.exe .\gova.vbs
    O33 - MountPoints2\{aae22eab-a188-11dd-b792-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{aae22eab-a188-11dd-b792-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
    O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\Autoplay\Command - "" = H:\smss.exe
    O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\AutoRun\command - "" = H:\smss.exe
    O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\Explore\Command - "" = H:\smss.exe
    O33 - MountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\Shell\Open\Command - "" = H:\smss.exe
    O33 - MountPoints2\{c28f263a-0713-11e0-92cd-00158307c93e}\Shell - "" = AutoRun
    O33 - MountPoints2\{c28f263a-0713-11e0-92cd-00158307c93e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{c7dccaab-dd5c-11dd-9943-0022159e64fe}\Shell\AutoRun\command - "" = H:\RESTORE\k-1-3542-4232123213-7676767-8888886\JUZZ.exe
    O33 - MountPoints2\{c7dccaab-dd5c-11dd-9943-0022159e64fe}\Shell\open\command - "" = H:\RESTORE\k-1-3542-4232123213-7676767-8888886\JUZZ.exe
    O33 - MountPoints2\{c88a46fe-bd92-11df-a1fd-00158307c93e}\Shell\Auto\command - "" = rejoice2010.exe
    O33 - MountPoints2\{c88a46fe-bd92-11df-a1fd-00158307c93e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoice2010.exe
    O33 - MountPoints2\{d8c4e43f-0536-11de-8a51-0022159e64fe}\Shell\AutoRun\command - "" = H:\ur0.com
    O33 - MountPoints2\{d8c4e43f-0536-11de-8a51-0022159e64fe}\Shell\open\Command - "" = H:\ur0.com
    O33 - MountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\Shell\AutoRun\command - "" = I:\vircure/vircure32.exe
    O33 - MountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\Shell\explore\command - "" = I:\vircure/vircure32.exe
    O33 - MountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\Shell\open\command - "" = I:\vircure/vircure32.exe
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BB1102D7  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 vinralfakyn

vinralfakyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 25 January 2012 - 07:27 AM

All processes killed
========== OTL ==========
Registry key

HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\

deleted successfully.
Registry key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Bro

wser Helper Objects\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ deleted

successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B530A9A4-1722-

4D16-AAD6-AA85E3AD2ADE}\ not found.
Registry value HKEY_USERS\S-1-5-21-949780334-2377647623-2708085185-1000

\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-

4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-

4136-9E9A-4E364A424E17}\ not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{22aedb09-a24e-11dd-9c1c-0022159e64fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22aedb09-a24e-

11dd-9c1c-0022159e64fe}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665

\jwgkvsq.vmx,ahaezedrn not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2333c5ba-c085-

11de-bf8f-00158307c93e}\ not found.
File J:\uvwara.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2333c5ba-c085-

11de-bf8f-00158307c93e}\ not found.
File J:\uvwara.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{2333c5ba-c085-11de-bf8f-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2333c5ba-c085-

11de-bf8f-00158307c93e}\ not found.
File J:\uvwara.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{554399ad-da30-11de-be15-00158307c93e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{554399ad-da30-

11de-be15-00158307c93e}\ not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{554399ad-da30-11de-be15-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{554399ad-da30-

11de-be15-00158307c93e}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{6f904335-63a8-11df-84d7-00158307c93e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f904335-63a8-

11df-84d7-00158307c93e}\ not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{6f904335-63a8-11df-84d7-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f904335-63a8-

11df-84d7-00158307c93e}\ not found.
File G:\SETUP.EXE not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9da906d0-808f-

11de-bbe9-00158307c93e}\ not found.
File J:\ not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9da906d0-808f-

11de-bbe9-00158307c93e}\ not found.
File WScript.exe .\gova.vbs not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{9da906d0-808f-11de-bbe9-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9da906d0-808f-

11de-bbe9-00158307c93e}\ not found.
File WScript.exe .\gova.vbs not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{aae22eab-a188-11dd-b792-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae22eab-a188-

11dd-b792-806e6f6e6963}\ not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{aae22eab-a188-11dd-b792-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aae22eab-a188-

11dd-b792-806e6f6e6963}\ not found.
File E:\setup.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd109392-0ee0-

11de-9512-0022159e64fe}\ not found.
File H:\smss.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd109392-0ee0-

11de-9512-0022159e64fe}\ not found.
File H:\smss.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd109392-0ee0-

11de-9512-0022159e64fe}\ not found.
File H:\smss.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{bd109392-0ee0-11de-9512-0022159e64fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd109392-0ee0-

11de-9512-0022159e64fe}\ not found.
File H:\smss.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{c28f263a-0713-11e0-92cd-00158307c93e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c28f263a-0713-

11e0-92cd-00158307c93e}\ not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{c28f263a-0713-11e0-92cd-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c28f263a-0713-

11e0-92cd-00158307c93e}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{c7dccaab-dd5c-11dd-9943-0022159e64fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7dccaab-dd5c-

11dd-9943-0022159e64fe}\ not found.
File H:\RESTORE\k-1-3542-4232123213-7676767-8888886\JUZZ.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{c7dccaab-dd5c-11dd-9943-0022159e64fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7dccaab-dd5c-

11dd-9943-0022159e64fe}\ not found.
File H:\RESTORE\k-1-3542-4232123213-7676767-8888886\JUZZ.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{c88a46fe-bd92-11df-a1fd-00158307c93e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c88a46fe-bd92-

11df-a1fd-00158307c93e}\ not found.
File rejoice2010.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{c88a46fe-bd92-11df-a1fd-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c88a46fe-bd92-

11df-a1fd-00158307c93e}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

rejoice2010.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{d8c4e43f-0536-11de-8a51-0022159e64fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8c4e43f-0536-

11de-8a51-0022159e64fe}\ not found.
File H:\ur0.com not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{d8c4e43f-0536-11de-8a51-0022159e64fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8c4e43f-0536-

11de-8a51-0022159e64fe}\ not found.
File H:\ur0.com not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4b9bf4d-0a27-

11df-b9a1-00158307c93e}\ not found.
File I:\vircure/vircure32.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4b9bf4d-0a27-

11df-b9a1-00158307c93e}\ not found.
File I:\vircure/vircure32.exe not found.
Registry key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\M

ountPoints2\{e4b9bf4d-0a27-11df-b9a1-00158307c93e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4b9bf4d-0a27-

11df-b9a1-00158307c93e}\ not found.
File I:\vircure/vircure32.exe not found.
ADS C:\ProgramData\TEMP:BB1102D7 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 1587135 bytes
->Temporary Internet Files folder emptied: 689414 bytes
->Java cache emptied: 46658075 bytes
->FireFox cache emptied: 309652890 bytes
->Opera cache emptied: 12738853 bytes
->Flash cache emptied: 15076 bytes

User: user
->Temp folder emptied: 225201015 bytes
->Temporary Internet Files folder emptied: 47182116 bytes
->Java cache emptied: 32962019 bytes
->Google Chrome cache emptied: 251534319 bytes
->Opera cache emptied: 359551 bytes
->Flash cache emptied: 77349 bytes

User: user Family
->Temp folder emptied: 191979500 bytes
->Temporary Internet Files folder emptied: 5748164 bytes
->Java cache emptied: 8940054 bytes
->FireFox cache emptied: 116703234 bytes
->Opera cache emptied: 36503014 bytes
->Flash cache emptied: 41434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 173031 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43893190 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet

Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,271.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: user
->Java cache emptied: 0 bytes

User: user Family
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

User: user Family
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01252012_174953

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\klsD529.tmp not found!

Registry entries deleted on Reboot...



what did OTL just do? what was my system's problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users