Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible ZeroAccess infection...


  • This topic is locked This topic is locked
59 replies to this topic

#1 kerneldrop

kerneldrop

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 01 February 2012 - 12:45 PM


I had tried to follow the 'Preparation Guide' as instructed, but was unable to get dds.scr to complete and was told to run OTL and post the log files here. So here they are:

OTL.txt:
OTL logfile created on: 2/1/2012 12:16:15 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 63.87% Memory free
1.84 Gb Paging File | 1.48 Gb Available in Paging File | 80.42% Paging File free
Paging file location(s): F:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive F: | 74.52 Gb Total Space | 36.57 Gb Free Space | 49.07% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - F:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - F:\Program Files\Launchy\Launchy.exe ()
PRC - F:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - F:\Program Files\Git\git-cheetah\git_shell_ext.dll ()
MOD - F:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - F:\Program Files\Notepad++\NppShell_04.dll ()
MOD - F:\Program Files\Launchy\plugins\calcy.dll ()
MOD - F:\Program Files\Launchy\plugins\gcalc.dll ()
MOD - F:\Program Files\Launchy\plugins\runner.dll ()
MOD - F:\Program Files\Launchy\plugins\weby.dll ()
MOD - F:\Program Files\Launchy\Launchy.exe ()
MOD - F:\Program Files\Launchy\plugins\verby.dll ()
MOD - F:\Program Files\Launchy\plugins\controly.dll ()
MOD - F:\Program Files\Launchy\imageformats\qmng4.dll ()
MOD - F:\Program Files\Launchy\QtGui4.dll ()
MOD - F:\Program Files\Launchy\QtNetwork4.dll ()
MOD - F:\Program Files\Launchy\QtCore4.dll ()
MOD - F:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (PrismXL) -- File not found
SRV - (PEVSystemStart) -- File not found
SRV - (MDM) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (cmdAgent) -- F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (postgresql-9.0) -- F:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (PostgreSQL Global Development Group)


========== Driver Services (SafeList) ==========

DRV - (cmdGuard) -- F:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (MBAMSwissArmy) -- F:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Inspect) -- F:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- F:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (avipbb) -- F:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (VBoxDrv) -- F:\WINDOWS\system32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- F:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- F:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- F:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (avgntflt) -- F:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- F:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SmartDefragDriver) -- F:\WINDOWS\System32\Drivers\SmartDefragDriver.sys ()
DRV - (ssmdrv) -- F:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MREMP50) -- F:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- F:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cpudrv) -- F:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (RsFx0103) -- F:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (STAC97) Audio Driver (WDM) -- F:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (GTWModem) -- F:\WINDOWS\system32\drivers\GWMDM.sys (GTW)
DRV - (WPC54Gv3) -- F:\WINDOWS\system32\drivers\WPC54Gv3.SYS (Broadcom Corporation)
DRV - (BCM43XX) -- F:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (odysseyIM4) -- F:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-1563985344-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-1563985344-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1563985344-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: f:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: f:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: F:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: F:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xenocode.com/Spoon Plugin 3.24: F:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.24.0.9\npMozillaSpoonPlugin.dll (Code Systems Corp.)
FF - HKCU\Software\MozillaPlugins\@xenocode.com/Spoon Plugin 3.25: F:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.25.0.9\npMozillaSpoonPlugin.dll (Code Systems Corp.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012/01/31 22:58:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2012/01/13 19:03:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: F:\Program Files\Mozilla Thunderbird\components [2012/01/24 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: F:\Program Files\Mozilla Thunderbird\plugins

[2010/07/24 13:07:02 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/24 13:07:02 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/31 22:58:56 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\afo8jjm5.default\extensions
[2010/04/27 20:19:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\afo8jjm5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/04 18:49:34 | 000,002,525 | ---- | M] () -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\afo8jjm5.default\searchplugins\msdn.xml
[2011/06/17 19:10:39 | 000,008,204 | ---- | M] () -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\afo8jjm5.default\searchplugins\wikimedia-commons.xml
[2010/07/13 11:52:20 | 000,001,336 | ---- | M] () -- F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\afo8jjm5.default\searchplugins\wiktionary-en.xml
[2011/11/08 18:27:26 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
() (No name found) -- F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AFO8JJM5.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AFO8JJM5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AFO8JJM5.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/01/31 22:58:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/05 23:31:52 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 12:33:31 | 000,002,040 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = F:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = F:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = f:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = F:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Spoon Plugin (Enabled) = F:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.24.0.9\npMozillaSpoonPlugin.dll
CHR - plugin: Spoon Plugin (Enabled) = F:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.25.0.9\npMozillaSpoonPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = F:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = f:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1\
CHR - Extension: YouTube = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Dictionary (by Google) = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.6_0\
CHR - Extension: SEO for Chrome = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.3_0\
CHR - Extension: Gmail = F:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/30 15:15:23 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - F:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1645522239-1563985344-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] F:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [GWMDMpi] F:\WINDOWS\GWMDMpi.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] F:\Program Files\KeePass 2.13\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SynTPLpr] F:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: F:\Documents and Settings\Owner\Start Menu\Programs\Startup\Launchy.lnk = F:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1563985344-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-1563985344-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - F:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://F:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) -F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 00:12:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/31 12:47:32 | 000,607,260 | R--- | C] (Swearware) -- F:\Documents and Settings\Owner\Desktop\dds.scr
[2012/01/31 01:14:39 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\Owner\Recent
[2012/01/30 13:17:16 | 000,000,000 | ---D | C] -- F:\Program Files\nodejs
[2012/01/28 17:46:24 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/28 17:46:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2012/01/28 16:00:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/25 18:44:37 | 000,000,000 | ---D | C] -- F:\Program Files\PChat
[2012/01/25 18:35:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
[2012/01/24 12:55:07 | 000,000,000 | ---D | C] -- F:\Program Files\Mozilla Thunderbird
[2012/01/09 00:43:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/09 00:42:46 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012/02/01 00:12:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/31 23:58:00 | 000,000,978 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1563985344-1957994488-1003UA.job
[2012/01/31 23:38:31 | 000,177,664 | ---- | M] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 23:26:27 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/01/31 23:26:26 | 1332,203,520 | -HS- | M] () -- F:\hiberfil.sys
[2012/01/31 18:58:13 | 000,000,926 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1563985344-1957994488-1003Core.job
[2012/01/31 12:47:33 | 000,607,260 | R--- | M] (Swearware) -- F:\Documents and Settings\Owner\Desktop\dds.scr
[2012/01/31 12:46:41 | 000,000,000 | ---- | M] () -- F:\Documents and Settings\Owner\defogger_reenable
[2012/01/30 15:15:23 | 000,000,734 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2012/01/30 12:45:55 | 000,002,422 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012/01/27 14:16:03 | 000,000,059 | ---- | M] () -- F:\Documents and Settings\Owner\.dbshell
[2012/01/24 12:55:15 | 000,001,686 | ---- | M] () -- F:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/01/23 22:18:06 | 000,000,688 | ---- | M] () -- F:\Documents and Settings\Owner\.rediscli_history
[2012/01/19 20:37:26 | 000,000,010 | ---- | M] () -- F:\Documents and Settings\Owner\dump.rdb
[2012/01/18 01:04:18 | 000,000,800 | ---- | M] () -- F:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/17 16:00:48 | 000,494,968 | ---- | M] (COMODO) -- F:\WINDOWS\System32\drivers\cmdGuard.sys
[2012/01/09 21:39:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2012/01/31 12:46:41 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\Owner\defogger_reenable
[2012/01/28 17:42:07 | 1332,203,520 | -HS- | C] () -- F:\hiberfil.sys
[2012/01/27 14:16:03 | 000,000,059 | ---- | C] () -- F:\Documents and Settings\Owner\.dbshell
[2012/01/25 18:48:29 | 000,000,628 | ---- | C] () -- F:\Documents and Settings\Owner\Start Menu\Programs\PChat.lnk
[2012/01/24 12:55:15 | 000,001,686 | ---- | C] () -- F:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/01/24 12:55:14 | 000,001,674 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/01/19 20:37:26 | 000,000,010 | ---- | C] () -- F:\Documents and Settings\Owner\dump.rdb
[2012/01/18 01:04:18 | 000,000,800 | ---- | C] () -- F:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/13 19:03:52 | 000,001,804 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/22 12:29:42 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2011/11/22 12:29:42 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2011/11/22 12:29:42 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2011/11/22 12:29:42 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2011/11/22 12:29:42 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2011/09/01 20:03:47 | 000,025,944 | ---- | C] () -- F:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/09/01 20:03:46 | 000,014,776 | ---- | C] () -- F:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/05/25 19:29:37 | 000,475,136 | ---- | C] () -- F:\WINDOWS\System32\sqlite3.exe
[2011/05/25 19:25:33 | 000,565,827 | ---- | C] () -- F:\WINDOWS\System32\sqlite3.dll
[2011/05/13 14:08:18 | 000,005,220 | ---- | C] () -- F:\WINDOWS\Ascd_tmp.ini
[2011/05/13 14:07:11 | 000,010,288 | ---- | C] () -- F:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/01/23 15:56:40 | 000,000,145 | ---- | C] () -- F:\WINDOWS\pear.ini
[2011/01/22 14:58:26 | 000,175,616 | ---- | C] () -- F:\WINDOWS\System32\unrar.dll
[2010/10/12 21:48:54 | 000,118,448 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 17:48:18 | 000,000,664 | ---- | C] () -- F:\WINDOWS\System32\d3d9caps.dat
[2010/07/18 14:49:28 | 001,390,394 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1645522239-1563985344-1957994488-1003-0.dat
[2010/07/18 14:49:26 | 000,252,642 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/03/31 17:55:31 | 000,000,029 | ---- | C] () -- F:\WINDOWS\Battle.ini
[2010/03/22 18:07:03 | 000,000,600 | ---- | C] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2010/03/14 23:47:10 | 000,000,000 | ---- | C] () -- F:\WINDOWS\nsreg.dat
[2009/11/15 15:45:11 | 000,000,047 | ---- | C] () -- F:\WINDOWS\MinGW.INI
[2009/07/08 21:31:41 | 000,000,000 | ---- | C] () -- F:\WINDOWS\MSYS.INI
[2009/06/20 02:53:18 | 000,134,126 | ---- | C] () -- F:\WINDOWS\ColorPic Uninstaller.exe.bak
[2009/06/20 02:48:58 | 000,134,126 | ---- | C] () -- F:\WINDOWS\ColorPic Uninstaller.exe
[2009/01/07 21:07:38 | 000,000,484 | ---- | C] () -- F:\WINDOWS\my.ini
[2008/12/16 15:16:17 | 000,000,088 | ---- | C] () -- F:\WINDOWS\QTODBC.INI
[2008/11/30 21:35:08 | 000,001,751 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/11/22 17:31:10 | 000,177,664 | ---- | C] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 19:09:06 | 000,000,128 | ---- | C] () -- F:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/11/21 14:42:15 | 000,000,064 | ---- | C] () -- F:\WINDOWS\init.ini
[2008/11/17 12:13:45 | 000,006,550 | ---- | C] () -- F:\WINDOWS\jautoexp.dat
[2008/11/17 12:08:49 | 000,053,248 | ---- | C] () -- F:\WINDOWS\GWMDMpi.exe
[2008/11/17 12:01:30 | 000,077,824 | ---- | C] () -- F:\WINDOWS\System32\SynTPCoI.dll
[2008/11/17 11:56:45 | 000,002,048 | --S- | C] () -- F:\WINDOWS\bootstat.dat
[2008/11/17 11:51:29 | 000,021,640 | ---- | C] () -- F:\WINDOWS\System32\emptyregdb.dat
[2008/11/17 06:40:18 | 000,004,161 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2008/11/17 06:39:06 | 001,465,336 | ---- | C] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/17 17:07:40 | 000,000,032 | ---- | C] () -- F:\WINDOWS\asusacpi.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- F:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- F:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,635,650 | ---- | C] () -- F:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- F:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- F:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,139,188 | ---- | C] () -- F:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- F:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- F:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- F:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- F:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- F:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- F:\WINDOWS\System32\noise.dat

< End of report >


Extras.txt
OTL Extras logfile created on: 2/1/2012 12:16:15 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 63.87% Memory free
1.84 Gb Paging File | 1.48 Gb Available in Paging File | 80.42% Paging File free
Paging file location(s): F:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive F: | 74.52 Gb Total Space | 36.57 Gb Free Space | 49.07% Space Free | Partition Type: NTFS

Computer Name: MAIN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1645522239-1563985344-1957994488-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Command] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Java\jre6\bin\java.exe" = F:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Program Files\Java\jdk1.6.0_12\bin\java.exe" = F:\Program Files\Java\jdk1.6.0_12\bin\java.exe:*:Enabled:Java™ Platform SE binary
"F:\Program Files\Java\jdk1.6.0_12\jre\bin\java.exe" = F:\Program Files\Java\jdk1.6.0_12\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary
"F:\Program Files\Borland\BDS\3.0\RaveReports\Rave.exe" = F:\Program Files\Borland\BDS\3.0\RaveReports\Rave.exe:*:Disabled:Rave
"H:\xampplite\apache\bin\httpd.exe" = H:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"H:\xampplite\mysql\bin\mysqld.exe" = H:\xampplite\mysql\bin\mysqld.exe:*:Enabled:mysqld
"H:\xampp\FileZillaFTP\FileZilla Server.exe" = H:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server
"F:\XAMPP\xampp\mysql\bin\mysqld.exe" = F:\XAMPP\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server
"F:\Program Files\LimeWire\LimeWire.exe" = F:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"F:\Python31\pythonw.exe" = F:\Python31\pythonw.exe:*:Disabled:pythonw
"F:\Program Files\Mozilla Firefox\firefox.exe" = F:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Program Files\Bonjour\mDNSResponder.exe" = F:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
"F:\Program Files\FileZilla FTP Client\filezilla.exe" = F:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"F:\Python26\python.exe" = F:\Python26\python.exe:*:Enabled:python -- ()
"F:\Documents and Settings\Owner\My Documents\My Code\nginx-1.0.1\nginx.exe" = F:\Documents and Settings\Owner\My Documents\My Code\nginx-1.0.1\nginx.exe:*:Enabled:nginx
"F:\cygwin\usr\local\bin\node.exe" = F:\cygwin\usr\local\bin\node.exe:*:Enabled:node
"F:\mongo\bin\mongod.exe" = F:\mongo\bin\mongod.exe:*:Enabled:mongod -- ()
"F:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = F:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"F:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = F:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"F:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = F:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"F:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = F:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00257FA9-3622-45E4-8B4B-A792CC5169EB}" = SQLite ADO.NET 2.0/3.5 Provider
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{256430AF-D83C-4F55-A6BD-565A94C1C5F9}" = MSDN Library for Visual Studio 2008 Express Editions SP1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{650E4124-292E-4638-944C-99A880C9D0F0}" = Oracle VM VirtualBox 4.1.6
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AE22174-4FFA-4572-B692-31F0C386ED38}" = Consolas Font Family
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8CA32D58-3DDB-4BB9-8108-218FF73CFF47}" = Foxit Reader
"{9137E62C-1C49-4323-9E09-8F20B1DA9561}" = NUnit 2.5.5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAF4C5F2-DE82-4CAF-9241-F4CD9D4ACC8F}" = node.js
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E7394A0F-3F80-45B1-87FC-ABCD51893246}" = Python 2.6.4
"{EA1B6EBB-B623-22ED-B5EB-7D574DCAD521}" = RegExr
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"CobBackup9" = Cobian Backup 9
"ColorPic" = ColorPic
"DS_Store Cleaner_is1" = DS_Store Cleaner 1.5.0
"Gateway Desktop Manager" = Gateway Desktop Manager
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"Git_is1" = Git version 1.7.7-preview20111012
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"IcoFX_is1" = IcoFX 1.6.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.7.4 Q16_is1" = ImageMagick 6.7.4-0 Q16 (2011-12-15)
"InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Standard)
"Launchy_21344213_is1" = Launchy 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Mozilla Thunderbird 9.0.1 (x86 en-US)" = Mozilla Thunderbird 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"PostgreSQL 9.0" = PostgreSQL 9.0
"PROSet" = Intel® Network Connections Drivers
"PX: {CABC148C-D45D-431C-AEC7-6E7CC31E8583}" = Gateway Power Management
"Revo Uninstaller" = Revo Uninstaller 1.93
"Smart Defrag 2_is1" = Smart Defrag 2
"StarUML_is1" = StarUML 5.0.2.1570
"SynTPDeinstKey" = Synaptics TouchPad
"SystemRequirementsLab" = System Requirements Lab
"TagScanner_is1" = TagScanner 5.1 build 594
"Trillian" = Trillian
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1563985344-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"psycopg2-py2.6" = Python 2.6 psycopg2-2.4.2
"py2exe-py2.6" = Python 2.6 py2exe-0.6.9
"pycurl-ssl-py2.6" = Python 2.6 pycurl-ssl-7.19.0
"Spoon Sandbox Manager 3.24" = Spoon Sandbox Manager 3.24
"Spoon Sandbox Manager 3.25" = Spoon Sandbox Manager 3.25
"WConio-py2.6" = Python 2.6 WConio-1.5.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2011 9:21:25 PM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/9/2012 1:52:59 AM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/9/2012 1:52:59 AM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2012 1:52:59 AM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/23/2012 12:31:17 AM | Computer Name = MAIN | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x800708ca (converted
to 0x800423f4).

Error - 1/23/2012 11:28:01 PM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/23/2012 11:28:01 PM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/23/2012 11:28:01 PM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/1/2012 1:07:49 AM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/1/2012 1:07:49 AM | Computer Name = MAIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 1/31/2012 4:22:04 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/31/2012 4:22:04 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/31/2012 4:22:04 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/31/2012 4:22:04 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/31/2012 4:22:04 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/31/2012 4:26:24 PM | Computer Name = MAIN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/31/2012 7:15:34 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Machine Debug Manager service failed to start due to the following
error: %%2

Error - 1/31/2012 7:15:34 PM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2/1/2012 12:26:41 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The Machine Debug Manager service failed to start due to the following
error: %%2

Error - 2/1/2012 12:26:41 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 03 February 2012 - 02:46 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 February 2012 - 01:46 PM


OK, so ComboFix confirmed that I do indeed have the Rootkit.ZeroAccess infection, but my issue now is that something may be stopping ComboFix from working due to the fact that I've let it run for about an hour and nothing happens. No log, no computer activity (at least as can be noticed by the non-flashing hard drive LED), and no ability to use the system. And as noted in my other post in the 'Am I infected?' section, I now get an alert to install a new driver on startup (which I cancel each time).

Regarding your previous post's advice about removing multiple AV software, I'm currently running Avira (free) and Comodo Firewall (also free).


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 03 February 2012 - 03:24 PM

restart the computer and see if combofix continues


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 February 2012 - 04:06 PM


Same result. This application is demonstrating the same behavior as dds.scr was; the scan begins and runs for a little bit and then suddenly freezes with no report.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 03 February 2012 - 04:11 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 February 2012 - 04:48 PM


ComboFix 12-02-03.02 - Owner 02/03/2012 16:22:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.819 [GMT -5:00]
Running from: f:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\All Users\Application Data\TEMP
f:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
f:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp
f:\windows\system32\sqlite3.dll
f:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-01-30 18:17 . 2012-01-30 18:17 -------- d-----w- f:\program files\nodejs
2012-01-28 22:46 . 2011-08-31 22:00 22216 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-01-28 21:00 . 2012-01-28 21:00 -------- d-----w- f:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-25 23:44 . 2012-01-25 23:48 -------- d-----w- f:\program files\PChat
2012-01-24 17:55 . 2012-01-24 17:55 -------- d-----w- f:\program files\Mozilla Thunderbird
2012-01-09 05:43 . 2012-01-10 02:39 40776 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2012-01-09 05:42 . 2012-01-28 22:46 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 21:00 . 2011-10-07 23:48 494968 ----a-w- f:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-10-07 23:48 97760 ----a-w- f:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-10-07 23:48 31704 ----a-w- f:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-10-07 23:48 18056 ----a-w- f:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-07 23:47 33984 ----a-w- f:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2011-10-07 23:47 301224 ----a-w- f:\windows\system32\guard32.dll
2011-12-09 04:26 . 2011-10-18 16:26 134856 ----a-w- f:\windows\system32\drivers\avipbb.sys
2011-11-15 17:29 . 2011-05-13 15:01 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 05:56 . 2011-11-10 05:56 1060864 ----a-w- f:\windows\system32\mfc71.dll
2011-11-10 01:23 . 2010-07-18 18:43 188128 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-01 03:58 . 2011-05-06 04:31 134104 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="f:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-11-17 126976]
"SynTPEnh"="f:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-17 561152]
"KeePass 2 PreLoad"="f:\program files\KeePass 2.13\KeePass.exe" [2011-04-10 1733120]
"igfxpers"="f:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"igfxhkcmd"="f:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"GWMDMpi"="f:\windows\GWMDMpi.exe" [2008-11-17 53248]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"COMODO Internet Security"="f:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
f:\documents and settings\Owner\Start Menu\Programs\Startup\
Launchy.lnk - f:\program files\Launchy\Launchy.exe [2009-5-22 380928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=f:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CPA"=f:\program files\COMODO\COMODO GeekBuddy\VALA.exe
"COMODO"=f:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
"GWMDMMSG"=GWMDMMSG.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"f:\\Python26\\python.exe"=
"f:\\mongo\\bin\\mongod.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;f:\windows\system32\drivers\SmartDefragDriver.sys [9/1/2011 8:03 PM 14776]
R1 avkmgr;avkmgr;f:\windows\system32\drivers\avkmgr.sys [10/18/2011 11:26 AM 36000]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;f:\windows\system32\drivers\cmdGuard.sys [10/7/2011 6:48 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;f:\windows\system32\drivers\cmdhlp.sys [10/7/2011 6:48 PM 31704]
R1 VBoxDrv;VirtualBox Service;f:\windows\system32\drivers\VBoxDrv.sys [9/1/2011 9:31 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;f:\windows\system32\drivers\VBoxUSBMon.sys [9/1/2011 9:26 PM 91440]
R2 AntiVirSchedulerService;Avira Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [10/18/2011 11:26 AM 86224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;f:\windows\system32\drivers\VBoxNetAdp.sys [8/15/2011 2:06 PM 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;f:\windows\system32\drivers\VBoxNetFlt.sys [11/4/2011 1:42 PM 116016]
R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;f:\windows\system32\drivers\WPC54Gv3.SYS [11/30/2006 11:54 PM 610816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 cpudrv;cpudrv;f:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;f:\windows\system32\drivers\mbamswissarmy.sys [1/9/2012 12:43 AM 40776]
S3 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;F:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "F:/Program Files/PostgreSQL/9.0/data" -w --> F:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;f:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;f:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);f:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1563985344-1957994488-1003Core.job
- f:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-20 05:56]
.
2012-02-03 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1563985344-1957994488-1003UA.job
- f:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-20 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
FF - ProfilePath - f:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\afo8jjm5.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 16:38
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-9.0]
"ImagePath"="F:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"F:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-9.0]
"ImagePath"="F:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"F:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-1563985344-1957994488-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1848)
f:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1520)
f:\windows\system32\cmdcsr.dll
.
Completion time: 2012-02-03 16:42:27
ComboFix-quarantined-files.txt 2012-02-03 21:42
.
Pre-Run: 39,350,824,960 bytes free
Post-Run: 39,342,596,096 bytes free
.
- - End Of File - - 963B1F4296DA9B794831A7F06E852BB6



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 03 February 2012 - 04:55 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 February 2012 - 06:21 PM


TDSS Killer Log:
18:17:46.0899 2736 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
18:17:48.0210 2736 ============================================================
18:17:48.0210 2736 Current date / time: 2012/02/03 18:17:48.0210
18:17:48.0210 2736 SystemInfo:
18:17:48.0210 2736
18:17:48.0210 2736 OS Version: 5.1.2600 ServicePack: 3.0
18:17:48.0210 2736 Product type: Workstation
18:17:48.0210 2736 ComputerName: MAIN
18:17:48.0210 2736 UserName: Owner
18:17:48.0210 2736 Windows directory: F:\WINDOWS
18:17:48.0210 2736 System windows directory: F:\WINDOWS
18:17:48.0210 2736 Processor architecture: Intel x86
18:17:48.0210 2736 Number of processors: 1
18:17:48.0210 2736 Page size: 0x1000
18:17:48.0210 2736 Boot type: Normal boot
18:17:48.0210 2736 ============================================================
18:17:50.0674 2736 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:17:50.0684 2736 \Device\Harddisk0\DR0:
18:17:50.0684 2736 MBR used
18:17:50.0684 2736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
18:17:50.0704 2736 Initialize success
18:17:50.0704 2736 ============================================================
18:18:12.0996 3824 ============================================================
18:18:12.0996 3824 Scan started
18:18:12.0996 3824 Mode: Manual;
18:18:12.0996 3824 ============================================================
18:18:13.0417 3824 Abiosdsk - ok
18:18:13.0447 3824 abp480n5 - ok
18:18:13.0517 3824 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
18:18:13.0517 3824 ACPI - ok
18:18:13.0577 3824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:18:13.0577 3824 ACPIEC - ok
18:18:13.0607 3824 adpu160m - ok
18:18:13.0657 3824 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
18:18:13.0667 3824 aec - ok
18:18:13.0727 3824 AFD (1e44bc1e83d8fd2305f8d452db109cf9) F:\WINDOWS\System32\drivers\afd.sys
18:18:13.0727 3824 AFD - ok
18:18:13.0757 3824 Aha154x - ok
18:18:13.0787 3824 aic78u2 - ok
18:18:13.0807 3824 aic78xx - ok
18:18:13.0847 3824 AliIde - ok
18:18:13.0877 3824 amsint - ok
18:18:13.0927 3824 asc - ok
18:18:13.0957 3824 asc3350p - ok
18:18:13.0977 3824 asc3550 - ok
18:18:14.0108 3824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:18:14.0108 3824 AsyncMac - ok
18:18:14.0148 3824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
18:18:14.0148 3824 atapi - ok
18:18:14.0178 3824 Atdisk - ok
18:18:14.0218 3824 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:18:14.0218 3824 Atmarpc - ok
18:18:14.0278 3824 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
18:18:14.0278 3824 audstub - ok
18:18:14.0338 3824 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) F:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:18:14.0338 3824 avgntflt - ok
18:18:14.0408 3824 avipbb (475fbb85956534720858ae72010c0a43) F:\WINDOWS\system32\DRIVERS\avipbb.sys
18:18:14.0408 3824 avipbb - ok
18:18:14.0468 3824 avkmgr (271cfd1a989209b1964e24d969552bf7) F:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:18:14.0468 3824 avkmgr - ok
18:18:14.0578 3824 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) F:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:18:14.0588 3824 BCM43XX - ok
18:18:14.0638 3824 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
18:18:14.0638 3824 Beep - ok
18:18:14.0769 3824 catchme - ok
18:18:14.0829 3824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
18:18:14.0829 3824 cbidf2k - ok
18:18:14.0849 3824 cd20xrnt - ok
18:18:14.0899 3824 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
18:18:14.0899 3824 Cdaudio - ok
18:18:14.0969 3824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
18:18:14.0969 3824 Cdfs - ok
18:18:15.0029 3824 cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
18:18:15.0029 3824 cdrom - ok
18:18:15.0059 3824 Changer - ok
18:18:15.0139 3824 CmBatt (0f6c187d38d98f8df904589a5f94d411) F:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:18:15.0139 3824 CmBatt - ok
18:18:15.0219 3824 cmdGuard (f8a304ab7bbc61b26f66ab65aae27693) F:\WINDOWS\system32\DRIVERS\cmdguard.sys
18:18:15.0229 3824 cmdGuard - ok
18:18:15.0279 3824 cmdHlp (a736f2263310fee1799de88cb50c1023) F:\WINDOWS\system32\DRIVERS\cmdhlp.sys
18:18:15.0279 3824 cmdHlp - ok
18:18:15.0309 3824 CmdIde - ok
18:18:15.0349 3824 Compbatt (6e4c9f21f0fae8940661144f41b13203) F:\WINDOWS\system32\DRIVERS\compbatt.sys
18:18:15.0349 3824 Compbatt - ok
18:18:15.0389 3824 Cpqarray - ok
18:18:15.0480 3824 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) F:\Program Files\SystemRequirementsLab\cpudrv.sys
18:18:15.0480 3824 cpudrv - ok
18:18:15.0520 3824 dac2w2k - ok
18:18:15.0550 3824 dac960nt - ok
18:18:15.0610 3824 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
18:18:15.0610 3824 Disk - ok
18:18:15.0680 3824 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
18:18:15.0700 3824 dmboot - ok
18:18:15.0740 3824 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\drivers\dmio.sys
18:18:15.0740 3824 dmio - ok
18:18:15.0800 3824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
18:18:15.0800 3824 dmload - ok
18:18:15.0840 3824 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
18:18:15.0850 3824 DMusic - ok
18:18:15.0890 3824 dpti2o - ok
18:18:15.0930 3824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
18:18:15.0930 3824 drmkaud - ok
18:18:16.0000 3824 E100B (ac9cf17ee2ae003c98eb4f5336c38058) F:\WINDOWS\system32\DRIVERS\e100b325.sys
18:18:16.0000 3824 E100B - ok
18:18:16.0080 3824 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
18:18:16.0080 3824 Fastfat - ok
18:18:16.0131 3824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\drivers\Fdc.sys
18:18:16.0131 3824 Fdc - ok
18:18:16.0171 3824 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
18:18:16.0171 3824 Fips - ok
18:18:16.0211 3824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\drivers\Flpydisk.sys
18:18:16.0211 3824 Flpydisk - ok
18:18:16.0271 3824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\drivers\fltmgr.sys
18:18:16.0281 3824 FltMgr - ok
18:18:16.0351 3824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
18:18:16.0351 3824 Fs_Rec - ok
18:18:16.0411 3824 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:18:16.0411 3824 Ftdisk - ok
18:18:16.0461 3824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
18:18:16.0461 3824 Gpc - ok
18:18:16.0571 3824 GTWModem (2b34e4aacb5734bfd663c803335b11ea) F:\WINDOWS\system32\DRIVERS\GWMDM.sys
18:18:16.0581 3824 GTWModem - ok
18:18:16.0661 3824 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
18:18:16.0661 3824 HidUsb - ok
18:18:16.0711 3824 hpn - ok
18:18:16.0791 3824 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
18:18:16.0791 3824 HTTP - ok
18:18:16.0832 3824 i2omgmt - ok
18:18:16.0852 3824 i2omp - ok
18:18:16.0892 3824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:18:16.0902 3824 i8042prt - ok
18:18:16.0992 3824 ialm (da91f5385cfc8ba0f110f2fde112b563) F:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:18:17.0012 3824 ialm - ok
18:18:17.0072 3824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
18:18:17.0082 3824 Imapi - ok
18:18:17.0122 3824 ini910u - ok
18:18:17.0182 3824 Inspect (456003490faa4a2361ceacbfb6409172) F:\WINDOWS\system32\DRIVERS\inspect.sys
18:18:17.0182 3824 Inspect - ok
18:18:17.0222 3824 IntelIde (b5466a9250342a7aa0cd1fba13420678) F:\WINDOWS\system32\DRIVERS\intelide.sys
18:18:17.0222 3824 IntelIde - ok
18:18:17.0292 3824 intelppm (8c953733d8f36eb2133f5bb58808b66b) F:\WINDOWS\system32\DRIVERS\intelppm.sys
18:18:17.0292 3824 intelppm - ok
18:18:17.0332 3824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\drivers\ip6fw.sys
18:18:17.0332 3824 Ip6Fw - ok
18:18:17.0392 3824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:18:17.0392 3824 IpFilterDriver - ok
18:18:17.0442 3824 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
18:18:17.0442 3824 IpInIp - ok
18:18:17.0533 3824 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
18:18:17.0533 3824 IpNat - ok
18:18:17.0593 3824 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
18:18:17.0593 3824 IPSec - ok
18:18:17.0633 3824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
18:18:17.0633 3824 IRENUM - ok
18:18:17.0673 3824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
18:18:17.0683 3824 isapnp - ok
18:18:17.0723 3824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:18:17.0723 3824 Kbdclass - ok
18:18:17.0773 3824 kbdhid (9ef487a186dea361aa06913a75b3fa99) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:18:17.0773 3824 kbdhid - ok
18:18:17.0823 3824 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
18:18:17.0823 3824 kmixer - ok
18:18:17.0883 3824 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
18:18:17.0883 3824 KSecDD - ok
18:18:17.0933 3824 lbrtfdc - ok
18:18:18.0013 3824 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) F:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:18:18.0013 3824 MBAMSwissArmy - ok
18:18:18.0083 3824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
18:18:18.0093 3824 mnmdd - ok
18:18:18.0143 3824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
18:18:18.0143 3824 Modem - ok
18:18:18.0194 3824 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) F:\WINDOWS\system32\drivers\MODEMCSA.sys
18:18:18.0194 3824 MODEMCSA - ok
18:18:18.0224 3824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
18:18:18.0224 3824 Mouclass - ok
18:18:18.0284 3824 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
18:18:18.0284 3824 mouhid - ok
18:18:18.0324 3824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
18:18:18.0324 3824 MountMgr - ok
18:18:18.0354 3824 mraid35x - ok
18:18:18.0444 3824 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) F:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:18:18.0454 3824 MREMP50 - ok
18:18:18.0464 3824 MREMP50a64 - ok
18:18:18.0484 3824 MREMPR5 - ok
18:18:18.0494 3824 MRENDIS5 - ok
18:18:18.0534 3824 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) F:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:18:18.0544 3824 MRESP50 - ok
18:18:18.0554 3824 MRESP50a64 - ok
18:18:18.0614 3824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:18:18.0614 3824 MRxDAV - ok
18:18:18.0684 3824 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:18:18.0684 3824 MRxSmb - ok
18:18:18.0754 3824 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
18:18:18.0754 3824 Msfs - ok
18:18:18.0824 3824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
18:18:18.0824 3824 MSKSSRV - ok
18:18:18.0864 3824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:18:18.0864 3824 MSPCLOCK - ok
18:18:18.0915 3824 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
18:18:18.0915 3824 MSPQM - ok
18:18:18.0955 3824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:18:18.0965 3824 mssmbios - ok
18:18:19.0045 3824 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
18:18:19.0045 3824 Mup - ok
18:18:19.0145 3824 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
18:18:19.0145 3824 NDIS - ok
18:18:19.0215 3824 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:18:19.0215 3824 NdisTapi - ok
18:18:19.0265 3824 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:18:19.0275 3824 Ndisuio - ok
18:18:19.0325 3824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:18:19.0325 3824 NdisWan - ok
18:18:19.0385 3824 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
18:18:19.0385 3824 NDProxy - ok
18:18:19.0445 3824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
18:18:19.0445 3824 NetBIOS - ok
18:18:19.0515 3824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
18:18:19.0525 3824 NetBT - ok
18:18:19.0626 3824 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
18:18:19.0626 3824 Npfs - ok
18:18:19.0696 3824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
18:18:19.0706 3824 Ntfs - ok
18:18:19.0786 3824 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
18:18:19.0786 3824 Null - ok
18:18:19.0846 3824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:18:19.0846 3824 NwlnkFlt - ok
18:18:19.0886 3824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:18:19.0896 3824 NwlnkFwd - ok
18:18:19.0946 3824 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) F:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
18:18:19.0956 3824 odysseyIM4 - ok
18:18:20.0006 3824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\DRIVERS\parport.sys
18:18:20.0006 3824 Parport - ok
18:18:20.0046 3824 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
18:18:20.0046 3824 PartMgr - ok
18:18:20.0086 3824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
18:18:20.0086 3824 ParVdm - ok
18:18:20.0126 3824 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
18:18:20.0126 3824 PCI - ok
18:18:20.0146 3824 PCIDump - ok
18:18:20.0216 3824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\DRIVERS\pciide.sys
18:18:20.0216 3824 PCIIde - ok
18:18:20.0266 3824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:18:20.0266 3824 Pcmcia - ok
18:18:20.0297 3824 PDCOMP - ok
18:18:20.0327 3824 PDFRAME - ok
18:18:20.0357 3824 PDRELI - ok
18:18:20.0377 3824 PDRFRAME - ok
18:18:20.0407 3824 perc2 - ok
18:18:20.0437 3824 perc2hib - ok
18:18:20.0527 3824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
18:18:20.0527 3824 PptpMiniport - ok
18:18:20.0577 3824 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
18:18:20.0577 3824 PSched - ok
18:18:20.0637 3824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
18:18:20.0637 3824 Ptilink - ok
18:18:20.0667 3824 ql1080 - ok
18:18:20.0697 3824 Ql10wnt - ok
18:18:20.0717 3824 ql12160 - ok
18:18:20.0747 3824 ql1240 - ok
18:18:20.0777 3824 ql1280 - ok
18:18:20.0817 3824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
18:18:20.0817 3824 RasAcd - ok
18:18:20.0877 3824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:18:20.0877 3824 Rasl2tp - ok
18:18:20.0937 3824 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:18:20.0937 3824 RasPppoe - ok
18:18:20.0978 3824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
18:18:20.0978 3824 Raspti - ok
18:18:21.0028 3824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
18:18:21.0028 3824 Rdbss - ok
18:18:21.0068 3824 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:18:21.0068 3824 RDPCDD - ok
18:18:21.0148 3824 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) F:\WINDOWS\system32\drivers\RDPWD.sys
18:18:21.0158 3824 RDPWD - ok
18:18:21.0238 3824 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
18:18:21.0238 3824 redbook - ok
18:18:21.0318 3824 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) F:\WINDOWS\system32\DRIVERS\RsFx0103.sys
18:18:21.0328 3824 RsFx0103 - ok
18:18:21.0468 3824 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
18:18:21.0468 3824 Secdrv - ok
18:18:21.0538 3824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\drivers\Serial.sys
18:18:21.0538 3824 Serial - ok
18:18:21.0628 3824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
18:18:21.0628 3824 Sfloppy - ok
18:18:21.0669 3824 Simbad - ok
18:18:21.0729 3824 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) F:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
18:18:21.0739 3824 SmartDefragDriver - ok
18:18:21.0779 3824 Sparrow - ok
18:18:21.0829 3824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
18:18:21.0829 3824 splitter - ok
18:18:21.0899 3824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
18:18:21.0899 3824 sr - ok
18:18:21.0979 3824 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
18:18:21.0989 3824 Srv - ok
18:18:22.0059 3824 ssmdrv (a36ee93698802cd899f98bfd553d8185) F:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:18:22.0059 3824 ssmdrv - ok
18:18:22.0119 3824 STAC97 (4bd2a399c36bf5d3d9ff4b6da60b1d00) F:\WINDOWS\system32\drivers\STAC97.sys
18:18:22.0129 3824 STAC97 - ok
18:18:22.0179 3824 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
18:18:22.0179 3824 swenum - ok
18:18:22.0219 3824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
18:18:22.0219 3824 swmidi - ok
18:18:22.0269 3824 symc810 - ok
18:18:22.0289 3824 symc8xx - ok
18:18:22.0319 3824 sym_hi - ok
18:18:22.0349 3824 sym_u3 - ok
18:18:22.0420 3824 SynTP (fb5c05bb8d5b557a0072313a23ab1d68) F:\WINDOWS\system32\DRIVERS\SynTP.sys
18:18:22.0430 3824 SynTP - ok
18:18:22.0470 3824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
18:18:22.0480 3824 sysaudio - ok
18:18:22.0570 3824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
18:18:22.0580 3824 Tcpip - ok
18:18:22.0620 3824 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
18:18:22.0620 3824 TDPIPE - ok
18:18:22.0680 3824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
18:18:22.0680 3824 TDTCP - ok
18:18:22.0720 3824 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
18:18:22.0730 3824 TermDD - ok
18:18:22.0770 3824 TosIde - ok
18:18:22.0830 3824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
18:18:22.0830 3824 Udfs - ok
18:18:22.0860 3824 ultra - ok
18:18:22.0930 3824 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
18:18:22.0940 3824 Update - ok
18:18:23.0020 3824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:18:23.0020 3824 usbccgp - ok
18:18:23.0061 3824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
18:18:23.0071 3824 usbehci - ok
18:18:23.0111 3824 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
18:18:23.0111 3824 usbhub - ok
18:18:23.0181 3824 usbstor (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:18:23.0181 3824 usbstor - ok
18:18:23.0241 3824 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:18:23.0241 3824 usbuhci - ok
18:18:23.0301 3824 VBoxDrv (49a4673b3e1e167fe5c18f6571d00af5) F:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
18:18:23.0311 3824 VBoxDrv - ok
18:18:23.0381 3824 VBoxNetAdp (a471884d136dce3cec878ddab5acaebe) F:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
18:18:23.0381 3824 VBoxNetAdp - ok
18:18:23.0431 3824 VBoxNetFlt (af33dc300f15505321efb49c58016258) F:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
18:18:23.0441 3824 VBoxNetFlt - ok
18:18:23.0501 3824 VBoxUSBMon (3cdc46bc988ce3921c4e9480a56afd8e) F:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
18:18:23.0511 3824 VBoxUSBMon - ok
18:18:23.0591 3824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
18:18:23.0591 3824 VgaSave - ok
18:18:23.0621 3824 ViaIde - ok
18:18:23.0681 3824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) F:\WINDOWS\system32\drivers\VolSnap.sys
18:18:23.0681 3824 VolSnap - ok
18:18:23.0772 3824 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
18:18:23.0772 3824 Wanarp - ok
18:18:23.0802 3824 WDICA - ok
18:18:23.0852 3824 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
18:18:23.0862 3824 wdmaud - ok
18:18:24.0022 3824 WPC54Gv3 (e679fe7890c366f3418963e289d273cf) F:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS
18:18:24.0032 3824 WPC54Gv3 - ok
18:18:24.0112 3824 WpdUsb (cf4def1bf66f06964dc0d91844239104) F:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:18:24.0112 3824 WpdUsb - ok
18:18:24.0172 3824 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) F:\WINDOWS\System32\drivers\ws2ifsl.sys
18:18:24.0172 3824 WS2IFSL - ok
18:18:24.0252 3824 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:18:24.0252 3824 WudfPf - ok
18:18:24.0302 3824 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:18:24.0302 3824 WudfRd - ok
18:18:24.0402 3824 {6080A529-897E-4629-A488-ABA0C29B635E} (02cea7fc83b48d59732dcaee910334fa) F:\WINDOWS\system32\drivers\ialmsbw.sys
18:18:24.0402 3824 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
18:18:24.0463 3824 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (68547ea3ab2fbdbee8e6aca9640996b6) F:\WINDOWS\system32\drivers\ialmkchw.sys
18:18:24.0463 3824 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
18:18:24.0513 3824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:18:24.0703 3824 \Device\Harddisk0\DR0 - ok
18:18:24.0713 3824 Boot (0x1200) (a20097d6c0bda31ff20f747769d76b54) \Device\Harddisk0\DR0\Partition0
18:18:24.0713 3824 \Device\Harddisk0\DR0\Partition0 - ok
18:18:24.0723 3824 ============================================================
18:18:24.0723 3824 Scan finished
18:18:24.0723 3824 ============================================================
18:18:24.0743 0880 Detected object count: 0
18:18:24.0743 0880 Actual detected object count: 0
18:19:33.0021 3020 Deinitialize success



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 03 February 2012 - 08:07 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 04 February 2012 - 02:18 PM


So I've run aswMBR twice and it crashed both times. I'm not sure if I should restart the computer and try again since I've yet to do so after the ComboFix run?


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 04 February 2012 - 05:51 PM

hello

go ahead and restart the computer and try once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 04 February 2012 - 08:36 PM


aswMBR Log:
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 19:28:04
-----------------------------
19:28:04.179 OS Version: Windows 5.1.2600 Service Pack 3
19:28:04.179 Number of processors: 1 586 0x209
19:28:04.179 ComputerName: MAIN UserName:
19:28:05.300 Initialize success
19:28:23.597 AVAST engine defs: 12020401
19:28:26.781 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:28:26.781 Disk 0 Vendor: WDC_WD800BEVE-00UYT0 01.04A01 Size: 76319MB BusType: 3
19:28:26.781 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS f7798f26
19:28:26.921 Disk 1 MBR read successfully
19:28:26.921 Disk 1 MBR scan
19:28:26.981 Disk 1 Windows XP default MBR code
19:28:26.981 Disk 1 MBR hidden
19:28:26.981 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
19:28:27.032 Disk 1 scanning F:\WINDOWS\system32\drivers
19:28:46.369 Service scanning
19:28:48.142 Modules scanning
19:28:55.633 Disk 1 trace - called modules:
19:28:55.633 ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll
19:28:55.973 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x89f94730]
19:28:56.664 AVAST engine scan F:\WINDOWS
19:29:11.195 AVAST engine scan F:\WINDOWS\system32
19:34:52.436 AVAST engine scan F:\WINDOWS\system32\drivers
19:35:20.055 AVAST engine scan F:\Documents and Settings\Owner
20:15:13.016 AVAST engine scan F:\Documents and Settings\All Users
20:16:57.136 Scan finished successfully
20:17:15.072 Disk 1 MBR has been saved successfully to "F:\Documents and Settings\Owner\Desktop\MBR.dat"
20:17:15.072 The log file has been saved successfully to "F:\Documents and Settings\Owner\Desktop\aswMBR.txt"



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:11 PM

Posted 04 February 2012 - 08:49 PM

How is the computer doing now and what problems do you still have



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 February 2012 - 01:49 AM


  • MalwareBytes' still won't open
  • On startup I'm receiving a tooltip message to install a new driver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users