Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • This topic is locked This topic is locked
32 replies to this topic

#1 Oblivion121

Oblivion121

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 19 February 2012 - 08:30 PM

While I was away from home my youngest sister got into who knows what and sense then i've been getting redirected when using google. I ran malwarebytes and while it found and removed something it didn't fix the problem it seems. I noticed a process in task manager called Ping*32.exe which seems to slow down my computer to the point it cant be used unless I end the process every twenty minutes. Any help would be awesome and greatly appreciated :).

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Zach at 18:56:52 on 2012-02-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.928 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - C:\Users\Zach\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{713FD0CE-4996-4CD4-B61A-C545A61D87C4} : DhcpNameServer = 10.0.0.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\py0j3kah.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109881&tt=090212_ctrl&babsrc=adbartrp&mntrId=a87df5300000000000007071bc9feb0a&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - a87df5300000000000007071bc9feb0a
FF - user.js: extensions.BabylonToolbar_i.hardId - a87df5300000000000007071bc9feb0a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:51:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-15 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-13 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-16 09:01:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-16 09:01:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-16 09:01:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-02-16 09:01:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-02-16 04:39:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-16 04:39:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-16 03:53:37 18944 ----a-r- C:\Users\Zach\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-02-16 03:51:00 -------- d-----w- C:\Users\Zach\AppData\Local\Babylon
2012-02-16 03:51:00 -------- d-----w- C:\ProgramData\Babylon
2012-02-16 03:50:59 -------- d-----w- C:\Users\Zach\AppData\Roaming\Babylon
2012-02-16 03:50:31 -------- d-----w- C:\ProgramData\100
2012-02-16 03:50:04 -------- d-----w- C:\codec-info
2012-02-16 03:44:04 -------- d-----w- C:\ProgramData\InstallMate
2012-02-16 00:55:14 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 00:55:13 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 00:55:10 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 00:55:10 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-05 20:44:09 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:57:37.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 20 February 2012 - 01:23 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Oblivion121

Oblivion121
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 20 February 2012 - 08:25 PM

I used combofix and got the "Illegal operation attempted on a registery key that has been marked for deletion" when attempting to open internet explorer and a handful of other programs. After restarting my computer it now comes to a screen that says Windows Error Recovery at the top of the screen. It gives me two choices, start windows normally or launch startup repair, I tryed to start windows normally but it would get to the windows loading screen and then my computer would restart. Thanks for your help so far.

EDIT

Although I know I wasn't instructed to do so I chose the launch startup repair and it asked me about using a system restore point and as I noticed combofix made one I clicked yes. So now im able to post my combo fix log.

ComboFix 12-02-19.02 - Zach 02/20/2012 18:09:01.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1155 [GMT -6:00]
Running from: c:\users\Zach\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\100
c:\users\Zach\AppData\Roaming\Local
c:\users\Zach\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Zach\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Zach\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Tvfreeload.comH119.avi.ddp
c:\users\Zach\AppData\Roaming\Local\Temp\DDM\Settings\Tvfreeload.comH119.avi.ddr
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\security\Database\tmp.edb
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 00:14 . 2012-02-21 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 09:01 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 09:01 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-16 09:01 . 2011-12-14 07:47 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-16 09:01 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-02-16 04:39 . 2012-02-21 00:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-16 04:39 . 2012-02-20 23:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-16 03:53 . 2012-02-16 03:53 18944 ----a-r- c:\users\Zach\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-02-16 03:51 . 2012-02-16 03:51 239 ----a-w- C:\user.js
2012-02-16 03:51 . 2012-02-16 03:51 -------- d-----w- c:\users\Zach\AppData\Local\Babylon
2012-02-16 03:51 . 2012-02-16 03:51 -------- d-----w- c:\programdata\Babylon
2012-02-16 03:50 . 2012-02-16 03:50 -------- d-----w- c:\users\Zach\AppData\Roaming\Babylon
2012-02-16 03:50 . 2012-02-16 03:53 -------- d-----w- C:\codec-info
2012-02-16 03:44 . 2012-02-16 03:53 -------- d-----w- c:\programdata\InstallMate
2012-02-16 00:55 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 00:55 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 00:55 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:55 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-05 20:44 . 2012-02-21 00:21 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2010-12-27 09:29 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 02:18]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 02:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 855608]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF30200.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
alerter
bglivesvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Zach\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\py0j3kah.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109881&tt=090212_ctrl&babsrc=adbartrp&mntrId=a87df5300000000000007071bc9feb0a&q=
FF - user.js: extensions.BabylonToolbar_i.id - a87df5300000000000007071bc9feb0a
FF - user.js: extensions.BabylonToolbar_i.hardId - a87df5300000000000007071bc9feb0a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-02-20 18:26:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 00:26
.
Pre-Run: 335,663,951,872 bytes free
Post-Run: 335,420,735,488 bytes free
.
- - End Of File - - A8E5DD43F0D9935967373B881BE2A6A7

Edited by Oblivion121, 20 February 2012 - 09:06 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 20 February 2012 - 09:17 PM

Farbar Recovery Scan Tool[/b][/url] and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Oblivion121

Oblivion121
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 20 February 2012 - 09:35 PM

As I wrote in the edit of my previous post I used the system restore option that was given by the launch startup repair, I was able to access my computer and post the combofix log. I have a question about your last instructions, is this what I need to do continue to rid my computer of malware or is this for getting back into windows. If it was for getting back into windows, as i've said I already am back in. Sorry if i'm complicating the process, thanks for your continued assistance.

Edited by Oblivion121, 20 February 2012 - 09:36 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 20 February 2012 - 10:00 PM

I need this done to locate and remove the malware that I suspect that you have on the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Oblivion121

Oblivion121
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 20 February 2012 - 10:07 PM

I unfortunately do not have a flashdrive available for use at the moment, any alternatives?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 20 February 2012 - 10:23 PM

Hello


lets see if this will see it


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Oblivion121

Oblivion121
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 20 February 2012 - 10:33 PM

Heres that OTL Log

TL logfile created on: 2/20/2012 9:26:15 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Zach\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.89% Memory free
3.50 Gb Paging File | 2.08 Gb Available in Paging File | 59.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.02 Gb Total Space | 312.40 Gb Free Space | 68.66% Space Free | Partition Type: NTFS
Drive D: | 10.64 Gb Total Space | 1.57 Gb Free Space | 14.79% Space Free | Partition Type: NTFS

Computer Name: ZACH-PC | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Zach\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax ()
MOD - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_libmad.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (bglivesvc) -- C:\Windows\SysNative\mi-raysat_3dsMax2008_32.dll (Oak Technology Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109881&tt=090212_ctrl&babsrc=adbartrp&mntrId=a87df5300000000000007071bc9feb0a&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/16 21:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/16 21:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/26 23:20:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/26 23:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Extensions
[2012/02/19 17:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\py0j3kah.default\extensions
[2011/08/09 15:09:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\py0j3kah.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/19 17:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\py0j3kah.default\extensions\staged
[2011/12/19 14:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/18 18:34:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/19 14:21:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PY0J3KAH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ZACH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PY0J3KAH.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/06/15 22:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/15 21:51:01 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3771062745-3372372062-1169224525-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Zach\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Zach\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{713FD0CE-4996-4CD4-B61A-C545A61D87C4}: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{52c0360d-690b-11e0-a660-7071bc9feb0a}\Shell - "" = AutoRun
O33 - MountPoints2\{52c0360d-690b-11e0-a660-7071bc9feb0a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{fde9ce19-e6a7-11e0-9fe8-7071bc9feb0a}\Shell - "" = AutoRun
O33 - MountPoints2\{fde9ce19-e6a7-11e0-9fe8-7071bc9feb0a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 19:54:31 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/02/20 18:26:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/20 18:06:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/20 18:06:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/16 03:01:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 03:01:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 03:00:59 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/16 03:00:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 03:00:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/16 03:00:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 03:00:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/16 03:00:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/16 03:00:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 03:00:57 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/16 03:00:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 22:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/15 22:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/15 22:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/15 21:51:00 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Local\Babylon
[2012/02/15 21:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/02/15 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\Babylon
[2012/02/15 21:50:04 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/02/15 21:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/02/15 18:55:10 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/01/31 13:17:51 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/31 13:17:50 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/31 13:17:50 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/31 13:17:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/31 13:17:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/31 13:17:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

========== Files - Modified Within 30 Days ==========

[2012/02/20 21:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/02/20 21:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/02/20 20:50:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 20:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/02/20 20:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/02/20 20:01:41 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 20:01:41 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 19:55:39 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/02/20 19:54:44 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 19:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/20 19:54:28 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/19 18:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/02/19 18:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/02/19 17:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/02/19 17:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/02/19 16:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/02/19 16:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/02/19 15:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/02/19 15:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/02/19 04:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/02/19 04:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/02/19 03:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/02/19 03:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/02/19 02:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/02/19 02:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/19 01:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/19 01:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/19 00:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/19 00:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/18 23:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/02/18 23:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/02/18 22:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/02/18 22:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/02/18 19:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/02/18 19:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/02/17 14:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/02/17 14:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/02/17 13:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/02/17 13:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/02/17 12:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/02/17 12:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/02/17 10:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/02/17 10:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/02/17 09:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/02/17 09:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/02/17 08:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/02/17 08:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/02/17 07:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/02/17 07:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/02/17 06:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/02/17 06:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/02/17 05:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/02/17 05:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/02/16 03:21:39 | 004,836,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 22:39:52 | 000,001,252 | ---- | M] () -- C:\Users\Zach\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/15 21:51:18 | 000,000,239 | ---- | M] () -- C:\user.js
[2012/02/10 11:02:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/02/10 11:02:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/02/01 23:18:26 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/02/15 22:39:52 | 000,001,252 | ---- | C] () -- C:\Users\Zach\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/15 21:51:18 | 000,000,239 | ---- | C] () -- C:\user.js
[2012/02/05 14:44:09 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/02/01 23:18:26 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/24 04:39:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\pvGnFTLOQ.dat
[2011/12/14 18:47:02 | 000,013,486 | -HS- | C] () -- C:\Users\Zach\AppData\Local\370173d2u587h743k306j0xyi3v8
[2011/12/14 18:47:02 | 000,013,486 | -HS- | C] () -- C:\ProgramData\370173d2u587h743k306j0xyi3v8
[2011/05/08 22:45:04 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/31 23:15:53 | 000,005,632 | ---- | C] () -- C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 04:07:43 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 20 February 2012 - 10:54 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    SRV:64bit: - (bglivesvc) -- C:\Windows\SysNative\mi-raysat_3dsMax2008_32.dll (Oak Technology Inc.)
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109881&tt=090212_ctrl&babsrc=adbartrp&mntrId=a87df5300000000000007071bc9feb0a&q="
    [2012/02/15 21:51:01 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/02/20 19:55:39 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [2011/12/14 18:47:02 | 000,013,486 | -HS- | C] () -- C:\Users\Zach\AppData\Local\370173d2u587h743k306j0xyi3v8
    [2011/12/14 18:47:02 | 000,013,486 | -HS- | C] () -- C:\ProgramData\370173d2u587h743k306j0xyi3v8
    [2012/02/15 21:51:00 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Local\Babylon
    [2012/02/15 21:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/02/15 21:50:59 | 000,000,000 | ---D | C] -- C:\Users\Zach\AppData\Roaming\Babylon
    :Files
    ipconfig /flushdns /c
    C:\Windows\SysNative\mi-raysat_3dsMax2008_32.dll
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Oblivion121

Oblivion121
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 20 February 2012 - 11:17 PM

I ran the OTL Script and rebooted, google is still redirecting to other websites and Ping.exe*32 is still shows up in processes using a high amount of my cpu. Again thanks for your continued help.

Heres the log

All processes killed
========== OTL ==========
Service bglivesvc stopped successfully!
Service bglivesvc deleted successfully!
C:\Windows\SysNative\mi-raysat_3dsMax2008_32.dll moved successfully.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?AF=109881&tt=090212_ctrl&babsrc=adbartrp&mntrId=a87df5300000000000007071bc9feb0a&q=" removed from keyword.URL
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Windows\SysNative\dds_trash_log.cmd moved successfully.
C:\Users\Zach\AppData\Local\370173d2u587h743k306j0xyi3v8 moved successfully.
C:\ProgramData\370173d2u587h743k306j0xyi3v8 moved successfully.
C:\Users\Zach\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Zach\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Zach\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Zach\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Zach\Downloads\cmd.bat deleted successfully.
C:\Users\Zach\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\SysNative\mi-raysat_3dsMax2008_32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zach
->Temp folder emptied: 14212641 bytes
->Temporary Internet Files folder emptied: 40719861 bytes
->Java cache emptied: 5695395 bytes
->FireFox cache emptied: 44184978 bytes
->Flash cache emptied: 3130855 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 103.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Zach
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Zach
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.1 log created on 02202012_215907

Files\Folders moved on Reboot...
C:\Users\Zach\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\01[1].htm not found!
File\Folder C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\4275421863[1].htm not found!
File\Folder C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\Dawnbreaker[1].htm not found!
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\facebook_com[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\hub.1329368159[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\img[2].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\jstags[1].htm moved successfully.
File\Folder C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\like[1].htm not found!
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\like[2].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\Meridia[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\net[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\net[2].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\tcodewads_at[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZAIOOZR\tweet_button.1329368159[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\ai[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\ai[2].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\analytics[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\bkids[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\empty[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\newmail[1].mp3 moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\redirect_v98_cim_11_22_0[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\sandbox[2].htm moved successfully.
File move failed. C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\size=728x90;noperf=1;alias=93319178;kvugc=0;kvui=a5676b8c5c2f11e1bfd4ab81175b4d27;kvmn=93319178;extmirroring=0;target=_blank;aduho=-360;grp=796591120[1].htm scheduled to be moved on reboot.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\tagCADCYPX0.htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\tagCAGE8UCX.htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\tagCAVS1RB9.htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\tcode3[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H0M545DM\xd_proxy[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BC8QIQEY\ai[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BC8QIQEY\grab[1].cur moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BC8QIQEY\weather[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\12[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\5040[2].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\8803425522[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\ai[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\ai[2].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\ai[3].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\c=206_rand=634353828_pv=y_p=2962_dp=y_rt=ifr[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\facebook_com[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\map_iframe[1].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\net[3].htm moved successfully.
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3LXK2I5B\page__gopid__2605564[1].htm moved successfully.
File\Folder C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaCC01.tmp not found!
C:\Users\Zach\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 21 February 2012 - 12:21 AM

hello

now I want you to rerun combofix for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Oblivion121

Oblivion121
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 21 February 2012 - 02:13 AM

Ran combofix again, still have the redirects and the ping.exe*32 taking up cpu. Heres the log.

ComboFix 12-02-21.01 - Zach 02/21/2012 0:20.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1040 [GMT -6:00]
Running from: c:\users\Zach\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 06:25 . 2012-02-21 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 04:05 . 2012-02-21 06:26 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-21 03:59 . 2012-02-21 03:59 -------- d-----w- C:\_OTL
2012-02-16 09:01 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 09:01 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-16 09:01 . 2011-12-14 07:47 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-16 09:01 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-02-16 04:39 . 2012-02-21 03:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-16 04:39 . 2012-02-21 01:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-16 03:53 . 2012-02-16 03:53 18944 ----a-r- c:\users\Zach\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-02-16 03:51 . 2012-02-16 03:51 239 ----a-w- C:\user.js
2012-02-16 03:50 . 2012-02-16 03:53 -------- d-----w- C:\codec-info
2012-02-16 03:44 . 2012-02-16 03:53 -------- d-----w- c:\programdata\InstallMate
2012-02-16 00:55 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 00:55 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 00:55 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 00:55 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2010-12-27 09:29 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-21_05.53.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-27 22:40 . 2012-02-21 06:03 34090 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-21 06:03 38634 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-25 18:02 . 2012-02-21 06:03 11976 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3771062745-3372372062-1169224525-1000_UserData.bin
- 2010-12-25 15:58 . 2012-02-21 05:44 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 15:58 . 2012-02-21 06:26 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 15:58 . 2012-02-21 05:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-25 15:58 . 2012-02-21 06:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-21 06:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-21 05:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-21 05:42 . 2012-02-21 05:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 06:26 . 2012-02-21 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-21 06:26 . 2012-02-21 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-21 05:42 . 2012-02-21 05:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-15 08:38 . 2012-02-21 06:08 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-15 08:38 . 2012-02-21 05:19 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-15 08:39 . 2012-02-21 05:19 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-15 08:39 . 2012-02-21 06:08 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2009-07-14 05:01 . 2012-02-21 05:41 314832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-21 06:25 314832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-02-21 06:19 1179648 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-21 05:38 1179648 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-21 06:19 6406144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-21 05:38 6406144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-26 23:30 . 2012-02-21 06:25 2079228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3771062745-3372372062-1169224525-1000-8192.dat
- 2009-07-14 04:54 . 2012-02-21 05:38 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-21 06:19 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-15 08:57 . 2012-02-21 06:25 13023288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2011-12-15 08:57 . 2012-02-21 05:41 13023288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 02:18]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 02:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 855608]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
alerter
servicemgr
bglivesvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Zach\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\py0j3kah.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - Google.com
FF - user.js: extensions.BabylonToolbar_i.id - a87df5300000000000007071bc9feb0a
FF - user.js: extensions.BabylonToolbar_i.hardId - a87df5300000000000007071bc9feb0a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-02-21 00:36:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 06:36
ComboFix2.txt 2012-02-21 05:56
ComboFix3.txt 2012-02-21 00:26
.
Pre-Run: 335,268,651,008 bytes free
Post-Run: 335,277,088,768 bytes free
.
- - End Of File - - 77D9954C9459AA4AA574E507C9E65155

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:02 AM

Posted 21 February 2012 - 02:23 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Oblivion121

Oblivion121
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:02 AM

Posted 21 February 2012 - 03:11 AM

The TDSSKiller found nothing, and aswMBR seems to have found 5 things. Here are the logs.

01:41:43.0994 3256 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
01:41:45.0996 3256 ============================================================
01:41:45.0996 3256 Current date / time: 2012/02/21 01:41:45.0996
01:41:45.0996 3256 SystemInfo:
01:41:45.0996 3256
01:41:45.0996 3256 OS Version: 6.1.7601 ServicePack: 1.0
01:41:45.0996 3256 Product type: Workstation
01:41:45.0997 3256 ComputerName: ZACH-PC
01:41:45.0997 3256 UserName: Zach
01:41:45.0997 3256 Windows directory: C:\Windows
01:41:45.0997 3256 System windows directory: C:\Windows
01:41:45.0997 3256 Running under WOW64
01:41:45.0997 3256 Processor architecture: Intel x64
01:41:45.0997 3256 Number of processors: 1
01:41:45.0997 3256 Page size: 0x1000
01:41:45.0997 3256 Boot type: Normal boot
01:41:45.0997 3256 ============================================================
01:41:46.0970 3256 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
01:41:46.0974 3256 \Device\Harddisk0\DR0:
01:41:46.0974 3256 MBR used
01:41:46.0974 3256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:41:46.0974 3256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38E09800
01:41:46.0974 3256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38E3C000, BlocksNum 0x1549800
01:41:47.0027 3256 Initialize success
01:41:47.0027 3256 ============================================================
01:41:54.0772 3776 ============================================================
01:41:54.0772 3776 Scan started
01:41:54.0772 3776 Mode: Manual;
01:41:54.0772 3776 ============================================================
01:41:57.0954 3776 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:41:57.0958 3776 1394ohci - ok
01:41:58.0006 3776 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:41:58.0011 3776 ACPI - ok
01:41:58.0043 3776 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:41:58.0051 3776 AcpiPmi - ok
01:41:58.0214 3776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:41:58.0221 3776 adp94xx - ok
01:41:58.0256 3776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:41:58.0261 3776 adpahci - ok
01:41:58.0279 3776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:41:58.0282 3776 adpu320 - ok
01:41:58.0363 3776 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:41:58.0370 3776 AFD - ok
01:41:58.0397 3776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:41:58.0399 3776 agp440 - ok
01:41:58.0429 3776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:41:58.0431 3776 aliide - ok
01:41:58.0453 3776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:41:58.0455 3776 amdide - ok
01:41:58.0489 3776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:41:58.0491 3776 AmdK8 - ok
01:41:58.0537 3776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:41:58.0538 3776 AmdPPM - ok
01:41:58.0572 3776 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
01:41:58.0578 3776 amdsata - ok
01:41:58.0609 3776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:41:58.0611 3776 amdsbs - ok
01:41:58.0638 3776 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
01:41:58.0640 3776 amdxata - ok
01:41:58.0690 3776 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:41:58.0692 3776 AppID - ok
01:41:58.0739 3776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:41:58.0741 3776 arc - ok
01:41:58.0776 3776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:41:58.0778 3776 arcsas - ok
01:41:58.0818 3776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:41:58.0821 3776 AsyncMac - ok
01:41:58.0863 3776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:41:58.0864 3776 atapi - ok
01:41:58.0927 3776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:41:58.0934 3776 b06bdrv - ok
01:41:58.0962 3776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:41:58.0966 3776 b57nd60a - ok
01:41:59.0045 3776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:41:59.0047 3776 Beep - ok
01:41:59.0118 3776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:41:59.0122 3776 blbdrive - ok
01:41:59.0149 3776 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:41:59.0151 3776 bowser - ok
01:41:59.0181 3776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:41:59.0182 3776 BrFiltLo - ok
01:41:59.0199 3776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:41:59.0199 3776 BrFiltUp - ok
01:41:59.0234 3776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:41:59.0238 3776 Brserid - ok
01:41:59.0259 3776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:41:59.0260 3776 BrSerWdm - ok
01:41:59.0278 3776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:41:59.0279 3776 BrUsbMdm - ok
01:41:59.0298 3776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:41:59.0300 3776 BrUsbSer - ok
01:41:59.0336 3776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:41:59.0340 3776 BTHMODEM - ok
01:41:59.0383 3776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:41:59.0385 3776 cdfs - ok
01:41:59.0429 3776 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:41:59.0432 3776 cdrom - ok
01:41:59.0472 3776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:41:59.0474 3776 circlass - ok
01:41:59.0507 3776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:41:59.0512 3776 CLFS - ok
01:41:59.0551 3776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:41:59.0553 3776 CmBatt - ok
01:41:59.0581 3776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:41:59.0582 3776 cmdide - ok
01:41:59.0635 3776 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:41:59.0641 3776 CNG - ok
01:41:59.0665 3776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:41:59.0667 3776 Compbatt - ok
01:41:59.0709 3776 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:41:59.0710 3776 CompositeBus - ok
01:41:59.0756 3776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:41:59.0758 3776 crcdisk - ok
01:41:59.0824 3776 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:41:59.0826 3776 DfsC - ok
01:41:59.0867 3776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:41:59.0868 3776 discache - ok
01:41:59.0956 3776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:41:59.0958 3776 Disk - ok
01:42:00.0024 3776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:42:00.0025 3776 drmkaud - ok
01:42:00.0085 3776 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:42:00.0097 3776 DXGKrnl - ok
01:42:00.0189 3776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:42:00.0244 3776 ebdrv - ok
01:42:00.0305 3776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:42:00.0312 3776 elxstor - ok
01:42:00.0347 3776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:42:00.0348 3776 ErrDev - ok
01:42:00.0400 3776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:42:00.0403 3776 exfat - ok
01:42:00.0431 3776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:42:00.0434 3776 fastfat - ok
01:42:00.0480 3776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:42:00.0481 3776 fdc - ok
01:42:00.0523 3776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:42:00.0526 3776 FileInfo - ok
01:42:00.0547 3776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:42:00.0548 3776 Filetrace - ok
01:42:00.0582 3776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:42:00.0584 3776 flpydisk - ok
01:42:00.0624 3776 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:42:00.0632 3776 FltMgr - ok
01:42:00.0674 3776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:42:00.0676 3776 FsDepends - ok
01:42:00.0704 3776 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:42:00.0705 3776 Fs_Rec - ok
01:42:00.0764 3776 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:42:00.0766 3776 fvevol - ok
01:42:00.0794 3776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:42:00.0796 3776 gagp30kx - ok
01:42:00.0871 3776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:42:00.0874 3776 hcw85cir - ok
01:42:00.0915 3776 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:42:00.0917 3776 HDAudBus - ok
01:42:00.0956 3776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:42:00.0958 3776 HidBatt - ok
01:42:00.0994 3776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:42:00.0996 3776 HidBth - ok
01:42:01.0037 3776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:42:01.0039 3776 HidIr - ok
01:42:01.0086 3776 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
01:42:01.0088 3776 HidUsb - ok
01:42:01.0157 3776 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:42:01.0158 3776 HpSAMD - ok
01:42:01.0208 3776 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:42:01.0217 3776 HTTP - ok
01:42:01.0258 3776 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:42:01.0259 3776 hwpolicy - ok
01:42:01.0286 3776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:42:01.0289 3776 i8042prt - ok
01:42:01.0339 3776 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
01:42:01.0345 3776 iaStorV - ok
01:42:01.0394 3776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:42:01.0395 3776 iirsp - ok
01:42:01.0479 3776 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
01:42:01.0521 3776 IntcAzAudAddService - ok
01:42:01.0551 3776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:42:01.0552 3776 intelide - ok
01:42:01.0585 3776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:42:01.0587 3776 intelppm - ok
01:42:01.0636 3776 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:42:01.0642 3776 IpFilterDriver - ok
01:42:01.0678 3776 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:42:01.0680 3776 IPMIDRV - ok
01:42:01.0726 3776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:42:01.0729 3776 IPNAT - ok
01:42:01.0755 3776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:42:01.0756 3776 IRENUM - ok
01:42:01.0784 3776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:42:01.0786 3776 isapnp - ok
01:42:01.0817 3776 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:42:01.0821 3776 iScsiPrt - ok
01:42:01.0853 3776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:42:01.0854 3776 kbdclass - ok
01:42:01.0904 3776 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:42:01.0905 3776 kbdhid - ok
01:42:01.0947 3776 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:42:01.0950 3776 KSecDD - ok
01:42:01.0990 3776 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:42:01.0995 3776 KSecPkg - ok
01:42:02.0026 3776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:42:02.0028 3776 ksthunk - ok
01:42:02.0115 3776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:42:02.0117 3776 lltdio - ok
01:42:02.0184 3776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:42:02.0186 3776 LSI_FC - ok
01:42:02.0210 3776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:42:02.0213 3776 LSI_SAS - ok
01:42:02.0233 3776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:42:02.0235 3776 LSI_SAS2 - ok
01:42:02.0271 3776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:42:02.0274 3776 LSI_SCSI - ok
01:42:02.0320 3776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:42:02.0322 3776 luafv - ok
01:42:02.0353 3776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:42:02.0354 3776 megasas - ok
01:42:02.0382 3776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:42:02.0386 3776 MegaSR - ok
01:42:02.0414 3776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:42:02.0416 3776 Modem - ok
01:42:02.0445 3776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:42:02.0446 3776 monitor - ok
01:42:02.0476 3776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:42:02.0479 3776 mouclass - ok
01:42:02.0518 3776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:42:02.0519 3776 mouhid - ok
01:42:02.0562 3776 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:42:02.0564 3776 mountmgr - ok
01:42:02.0600 3776 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:42:02.0603 3776 mpio - ok
01:42:02.0627 3776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:42:02.0629 3776 mpsdrv - ok
01:42:02.0670 3776 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:42:02.0672 3776 MRxDAV - ok
01:42:02.0711 3776 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:42:02.0714 3776 mrxsmb - ok
01:42:02.0755 3776 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:42:02.0759 3776 mrxsmb10 - ok
01:42:02.0778 3776 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:42:02.0780 3776 mrxsmb20 - ok
01:42:02.0812 3776 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:42:02.0813 3776 msahci - ok
01:42:02.0850 3776 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:42:02.0852 3776 msdsm - ok
01:42:02.0895 3776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:42:02.0896 3776 Msfs - ok
01:42:02.0929 3776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:42:02.0930 3776 mshidkmdf - ok
01:42:02.0956 3776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:42:02.0957 3776 msisadrv - ok
01:42:03.0007 3776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:42:03.0008 3776 MSKSSRV - ok
01:42:03.0063 3776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:42:03.0064 3776 MSPCLOCK - ok
01:42:03.0088 3776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:42:03.0089 3776 MSPQM - ok
01:42:03.0155 3776 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:42:03.0160 3776 MsRPC - ok
01:42:03.0204 3776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:42:03.0205 3776 mssmbios - ok
01:42:03.0229 3776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:42:03.0231 3776 MSTEE - ok
01:42:03.0255 3776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:42:03.0257 3776 MTConfig - ok
01:42:03.0281 3776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:42:03.0283 3776 Mup - ok
01:42:03.0333 3776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:42:03.0342 3776 NativeWifiP - ok
01:42:03.0394 3776 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:42:03.0405 3776 NDIS - ok
01:42:03.0439 3776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:42:03.0440 3776 NdisCap - ok
01:42:03.0474 3776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:42:03.0476 3776 NdisTapi - ok
01:42:03.0521 3776 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:42:03.0523 3776 Ndisuio - ok
01:42:03.0566 3776 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:42:03.0568 3776 NdisWan - ok
01:42:03.0612 3776 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:42:03.0614 3776 NDProxy - ok
01:42:03.0632 3776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:42:03.0633 3776 NetBIOS - ok
01:42:03.0675 3776 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:42:03.0678 3776 NetBT - ok
01:42:03.0741 3776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:42:03.0743 3776 nfrd960 - ok
01:42:03.0784 3776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:42:03.0785 3776 Npfs - ok
01:42:03.0812 3776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:42:03.0813 3776 nsiproxy - ok
01:42:03.0883 3776 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
01:42:03.0918 3776 Ntfs - ok
01:42:03.0946 3776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:42:03.0948 3776 Null - ok
01:42:04.0190 3776 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:42:04.0387 3776 nvlddmkm - ok
01:42:04.0434 3776 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
01:42:04.0438 3776 NVNET - ok
01:42:04.0473 3776 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
01:42:04.0475 3776 nvraid - ok
01:42:04.0498 3776 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
01:42:04.0501 3776 nvstor - ok
01:42:04.0532 3776 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
01:42:04.0534 3776 nvstor64 - ok
01:42:04.0598 3776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:42:04.0601 3776 nv_agp - ok
01:42:04.0633 3776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:42:04.0635 3776 ohci1394 - ok
01:42:04.0681 3776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:42:04.0683 3776 Parport - ok
01:42:04.0730 3776 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:42:04.0732 3776 partmgr - ok
01:42:04.0761 3776 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:42:04.0766 3776 pci - ok
01:42:04.0794 3776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:42:04.0797 3776 pciide - ok
01:42:04.0832 3776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:42:04.0836 3776 pcmcia - ok
01:42:04.0872 3776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:42:04.0874 3776 pcw - ok
01:42:04.0906 3776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:42:04.0915 3776 PEAUTH - ok
01:42:05.0020 3776 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:42:05.0022 3776 PptpMiniport - ok
01:42:05.0058 3776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:42:05.0060 3776 Processor - ok
01:42:05.0121 3776 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:42:05.0123 3776 Psched - ok
01:42:05.0176 3776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:42:05.0203 3776 ql2300 - ok
01:42:05.0231 3776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:42:05.0237 3776 ql40xx - ok
01:42:05.0268 3776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:42:05.0270 3776 QWAVEdrv - ok
01:42:05.0291 3776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:42:05.0292 3776 RasAcd - ok
01:42:05.0327 3776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:42:05.0329 3776 RasAgileVpn - ok
01:42:05.0383 3776 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:42:05.0385 3776 Rasl2tp - ok
01:42:05.0417 3776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:42:05.0419 3776 RasPppoe - ok
01:42:05.0448 3776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:42:05.0450 3776 RasSstp - ok
01:42:05.0502 3776 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:42:05.0506 3776 rdbss - ok
01:42:05.0540 3776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:42:05.0541 3776 rdpbus - ok
01:42:05.0573 3776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:42:05.0574 3776 RDPCDD - ok
01:42:05.0622 3776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:42:05.0622 3776 RDPENCDD - ok
01:42:05.0660 3776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:42:05.0660 3776 RDPREFMP - ok
01:42:05.0711 3776 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:42:05.0717 3776 RDPWD - ok
01:42:05.0771 3776 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:42:05.0774 3776 rdyboost - ok
01:42:05.0849 3776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:42:05.0851 3776 rspndr - ok
01:42:05.0889 3776 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:42:05.0892 3776 sbp2port - ok
01:42:05.0966 3776 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:42:05.0968 3776 scfilter - ok
01:42:06.0017 3776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:42:06.0019 3776 secdrv - ok
01:42:06.0060 3776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:42:06.0061 3776 Serenum - ok
01:42:06.0087 3776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:42:06.0102 3776 Serial - ok
01:42:06.0128 3776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:42:06.0129 3776 sermouse - ok
01:42:06.0185 3776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:42:06.0186 3776 sffdisk - ok
01:42:06.0216 3776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:42:06.0218 3776 sffp_mmc - ok
01:42:06.0235 3776 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:42:06.0236 3776 sffp_sd - ok
01:42:06.0263 3776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:42:06.0264 3776 sfloppy - ok
01:42:06.0301 3776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:42:06.0303 3776 SiSRaid2 - ok
01:42:06.0328 3776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:42:06.0330 3776 SiSRaid4 - ok
01:42:06.0367 3776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:42:06.0370 3776 Smb - ok
01:42:06.0405 3776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:42:06.0407 3776 spldr - ok
01:42:06.0459 3776 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:42:06.0465 3776 srv - ok
01:42:06.0503 3776 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:42:06.0508 3776 srv2 - ok
01:42:06.0540 3776 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:42:06.0543 3776 srvnet - ok
01:42:06.0586 3776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:42:06.0587 3776 stexstor - ok
01:42:06.0633 3776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:42:06.0635 3776 swenum - ok
01:42:06.0737 3776 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
01:42:06.0773 3776 Tcpip - ok
01:42:06.0829 3776 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
01:42:06.0843 3776 TCPIP6 - ok
01:42:06.0895 3776 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:42:06.0896 3776 tcpipreg - ok
01:42:06.0927 3776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:42:06.0929 3776 TDPIPE - ok
01:42:06.0953 3776 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:42:06.0954 3776 TDTCP - ok
01:42:06.0991 3776 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:42:06.0994 3776 tdx - ok
01:42:07.0022 3776 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:42:07.0024 3776 TermDD - ok
01:42:07.0098 3776 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:42:07.0102 3776 tssecsrv - ok
01:42:07.0167 3776 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:42:07.0170 3776 TsUsbFlt - ok
01:42:07.0221 3776 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:42:07.0223 3776 tunnel - ok
01:42:07.0255 3776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:42:07.0257 3776 uagp35 - ok
01:42:07.0299 3776 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:42:07.0306 3776 udfs - ok
01:42:07.0360 3776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:42:07.0361 3776 uliagpkx - ok
01:42:07.0402 3776 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:42:07.0404 3776 umbus - ok
01:42:07.0431 3776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:42:07.0433 3776 UmPass - ok
01:42:07.0478 3776 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
01:42:07.0481 3776 usbccgp - ok
01:42:07.0516 3776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:42:07.0519 3776 usbcir - ok
01:42:07.0546 3776 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
01:42:07.0548 3776 usbehci - ok
01:42:07.0588 3776 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
01:42:07.0593 3776 usbhub - ok
01:42:07.0616 3776 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
01:42:07.0619 3776 usbohci - ok
01:42:07.0655 3776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:42:07.0656 3776 usbprint - ok
01:42:07.0687 3776 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:42:07.0689 3776 USBSTOR - ok
01:42:07.0712 3776 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
01:42:07.0714 3776 usbuhci - ok
01:42:07.0756 3776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:42:07.0758 3776 vdrvroot - ok
01:42:07.0791 3776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:42:07.0792 3776 vga - ok
01:42:07.0822 3776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:42:07.0823 3776 VgaSave - ok
01:42:07.0854 3776 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:42:07.0857 3776 vhdmp - ok
01:42:07.0891 3776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:42:07.0893 3776 viaide - ok
01:42:07.0915 3776 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:42:07.0917 3776 volmgr - ok
01:42:07.0966 3776 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:42:07.0971 3776 volmgrx - ok
01:42:07.0994 3776 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:42:07.0997 3776 volsnap - ok
01:42:08.0037 3776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:42:08.0041 3776 vsmraid - ok
01:42:08.0087 3776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:42:08.0089 3776 vwifibus - ok
01:42:08.0132 3776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:42:08.0133 3776 WacomPen - ok
01:42:08.0192 3776 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:42:08.0194 3776 WANARP - ok
01:42:08.0206 3776 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:42:08.0207 3776 Wanarpv6 - ok
01:42:08.0286 3776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:42:08.0288 3776 Wd - ok
01:42:08.0330 3776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:42:08.0339 3776 Wdf01000 - ok
01:42:08.0409 3776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:42:08.0410 3776 WfpLwf - ok
01:42:08.0431 3776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:42:08.0432 3776 WIMMount - ok
01:42:08.0512 3776 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:42:08.0513 3776 WinUsb - ok
01:42:08.0550 3776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:42:08.0554 3776 WmiAcpi - ok
01:42:08.0608 3776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:42:08.0609 3776 ws2ifsl - ok
01:42:08.0661 3776 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:42:08.0663 3776 WudfPf - ok
01:42:08.0691 3776 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:42:08.0693 3776 WUDFRd - ok
01:42:08.0759 3776 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
01:42:08.0768 3776 xnacc - ok
01:42:08.0807 3776 xusb21 (5aa532bbac7e34186edff24f72bcd61b) C:\Windows\system32\DRIVERS\xusb21.sys
01:42:08.0809 3776 xusb21 - ok
01:42:08.0840 3776 MBR (0x1B8) (e9e1952e8c9ff3cb45f3696d0c75f6d8) \Device\Harddisk0\DR0
01:42:08.0953 3776 \Device\Harddisk0\DR0 - ok
01:42:08.0961 3776 Boot (0x1200) (572e3775cf86c05dd76b2bdc6c56ddd7) \Device\Harddisk0\DR0\Partition0
01:42:08.0962 3776 \Device\Harddisk0\DR0\Partition0 - ok
01:42:08.0989 3776 Boot (0x1200) (baa1490312ae4e609d4d476be29d421a) \Device\Harddisk0\DR0\Partition1
01:42:08.0990 3776 \Device\Harddisk0\DR0\Partition1 - ok
01:42:09.0019 3776 Boot (0x1200) (3bde9d8e097e05b9eacea4aa2fcdb297) \Device\Harddisk0\DR0\Partition2
01:42:09.0020 3776 \Device\Harddisk0\DR0\Partition2 - ok
01:42:09.0024 3776 ============================================================
01:42:09.0024 3776 Scan finished
01:42:09.0024 3776 ============================================================
01:42:09.0041 3232 Detected object count: 0
01:42:09.0041 3232 Actual detected object count: 0


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-21 01:51:15
-----------------------------
01:51:15.178 OS Version: Windows x64 6.1.7601 Service Pack 1
01:51:15.178 Number of processors: 1 586 0x603
01:51:15.179 ComputerName: ZACH-PC UserName: Zach
01:51:17.106 Initialize success
01:57:38.106 AVAST engine defs: 12022002
02:00:24.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
02:00:24.322 Disk 0 Vendor: ST350041 HP35 Size: 476940MB BusType: 3
02:00:24.337 Disk 0 MBR read successfully
02:00:24.340 Disk 0 MBR scan
02:00:24.403 Disk 0 unknown MBR code
02:00:24.419 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:00:24.427 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465939 MB offset 206848
02:00:24.457 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10899 MB offset 954449920
02:00:24.462 Service scanning
02:00:43.911 Modules scanning
02:00:43.921 Disk 0 trace - called modules:
02:00:43.932 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
02:00:43.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002665060]
02:00:44.296 3 CLASSPNP.SYS[fffff880019bb43f] -> nt!IofCallDriver -> [0xfffffa8001f59ca0]
02:00:44.304 5 ACPI.sys[fffff88000f197a1] -> nt!IofCallDriver -> \Device\0000004f[0xfffffa80021569c0]
02:00:47.120 AVAST engine scan C:\Windows
02:00:49.609 AVAST engine scan C:\Windows\system32
02:00:59.136 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
02:02:31.997 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
02:02:34.100 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
02:03:11.792 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
02:03:11.837 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
02:03:12.263 AVAST engine scan C:\Windows\system32\drivers
02:03:23.119 AVAST engine scan C:\Users\Zach
02:05:53.283 AVAST engine scan C:\ProgramData
02:06:56.404 Scan finished successfully
02:09:23.845 Disk 0 MBR has been saved successfully to "C:\Users\Zach\Desktop\MBR.dat"
02:09:23.851 The log file has been saved successfully to "C:\Users\Zach\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users