Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer and Firefox Hijacked


  • This topic is locked This topic is locked
62 replies to this topic

#1 Ksloan89

Ksloan89

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 21 February 2012 - 01:31 PM

I have tried everything (superantispyware, malwarebytes, spywaredoctor, rkill (access is denied with application errors), and combofix) in normal mode and safemode. I cannot get rid of whatever this is. I appreciate any help offered.



================DDS.txt===================


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kyle at 13:21:29 on 2012-02-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.1938 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWoW64\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Users\Kyle\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PeerBlock\peerblock.exe
C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe" -RESTART
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LemurDaemon] C:\Program Files (x86)\Liine\Lemur Daemon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [PCTools FGuard] C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: C:\Users\Kyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: DhcpNameServer = 172.20.0.6
TCP: Interfaces\{8478A280-76BF-4A80-9643-921DD472444C} : DhcpNameServer = 172.20.0.6
TCP: Interfaces\{8478A280-76BF-4A80-9643-921DD472444C}\35C6F616E6 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8478A280-76BF-4A80-9643-921DD472444C}\75166756C414E4 : DhcpNameServer = 130.68.1.204 130.68.191.7
TCP: Interfaces\{8478A280-76BF-4A80-9643-921DD472444C}\D43555D275051423 : DhcpNameServer = 172.20.0.6
TCP: Interfaces\{8478A280-76BF-4A80-9643-921DD472444C}\D43555D275966496 : DhcpNameServer = 172.20.0.6
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_20\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun-x64: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LemurDaemon] C:\Program Files (x86)\Liine\Lemur Daemon.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [PCTools FGuard] C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\az1hriop.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-9-9 5735424]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-6-21 341296]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-8-24 3013448]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-10-12 126392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe --> C:\Windows\System32\StkCSrv.exe [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-9-12 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys --> C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2011-11-24 247760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-3 2253120]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
S3 ks4avs;Kontrol S4 WDM Audio;C:\Windows\system32\Drivers\ks4avs.sys --> C:\Windows\system32\Drivers\ks4avs.sys [?]
S3 ks4usb_svc;Traktor Kontrol S4;C:\Windows\system32\Drivers\ks4usb.sys --> C:\Windows\system32\Drivers\ks4usb.sys [?]
S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2012-2-19 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2012-2-19 1150936]
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\Windows\system32\Drivers\StkCMini.sys --> C:\Windows\system32\Drivers\StkCMini.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-10-12 135608]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-02-21 17:59:38 876 ----a-w- C:\ProgramData\hvwyaaa.tmp
2012-02-21 17:56:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-21 06:48:38 388096 ----a-r- C:\Users\Kyle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-21 06:48:38 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-21 04:18:07 98816 ----a-w- C:\Windows\sed.exe
2012-02-21 04:18:07 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-21 04:18:07 256000 ----a-w- C:\Windows\PEV.exe
2012-02-21 04:18:07 208896 ----a-w- C:\Windows\MBR.exe
2012-02-20 23:57:28 -------- d-----w- C:\Program Files\CCleaner
2012-02-20 03:05:17 -------- d-----w- C:\Users\Kyle\AppData\Local\Google
2012-02-19 23:38:10 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-02-19 23:38:10 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-02-19 23:31:59 -------- d-----w- C:\b088f5ac491425e36d
2012-02-19 23:14:53 -------- d-----w- C:\Users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
2012-02-19 23:14:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-19 23:14:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-19 21:31:33 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-02-14 19:23:14 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-14 19:23:13 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-14 19:23:04 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-14 19:23:04 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-14 19:23:03 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 19:22:51 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-14 19:22:40 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 19:22:40 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-08 23:51:21 -------- d-----w- C:\Users\Kyle\AppData\Roaming\.Tribler
2012-02-08 23:44:23 -------- d-----w- C:\Program Files (x86)\Tribler
2012-02-06 16:26:18 -------- dc-h--w- C:\ProgramData\{13A9B825-42CB-4973-913D-2194B5A4CF94}
2012-02-02 12:27:32 -------- d-----w- C:\the girl with the dragon tatoo
2012-01-30 06:02:42 -------- d-----w- C:\deus ex missing link
2012-01-27 17:11:37 -------- d-----w- C:\red state
2012-01-27 17:10:47 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-01-27 17:10:46 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-01-27 17:09:13 -------- d-----w- C:\ProgramData\Propellerhead Software
2012-01-27 17:09:12 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Propellerhead Software
2012-01-27 17:06:20 -------- d-----w- C:\Program Files (x86)\Propellerhead
2012-01-26 21:48:46 -------- d-----w- C:\Users\Kyle\AppData\Local\SAS
2012-01-26 21:45:31 -------- d-----w- C:\Program Files\SAS
2012-01-26 21:45:20 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-26 21:44:13 -------- d-----w- C:\Program Files (x86)\SAS Institute Inc
2012-01-26 21:42:58 -------- d-----w- C:\Program Files (x86)\SAS
.
==================== Find3M ====================
.
2012-02-21 03:47:56 922228 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 13:22:19.92 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 22 February 2012 - 09:00 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 25 February 2012 - 12:49 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Ksloan89

Ksloan89
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 February 2012 - 02:37 AM

Sorry about taking so long gringro_pr. My computer hasn't been as slow, but I cannot search on any search engine without a redirect. Here's my log from Combofix:


ComboFix 12-02-24.02 - Kyle 02/24/2012 12:18:56.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2581 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\Sloan\AppData\Local\temp
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 01:20 . 2012-02-22 01:20 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-02-22 00:15 . 2012-02-22 00:15 -------- d-----w- c:\program files (x86)\ESET
2012-02-21 06:48 . 2012-02-21 06:48 388096 ----a-r- c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-21 06:48 . 2012-02-21 06:48 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-20 23:57 . 2012-02-20 23:57 -------- d-----w- c:\program files\CCleaner
2012-02-20 03:05 . 2012-02-22 00:53 -------- d-----w- c:\users\Kyle\AppData\Local\Google
2012-02-20 03:05 . 2012-02-22 00:53 -------- d-----w- c:\program files (x86)\Google
2012-02-19 23:38 . 2010-07-16 19:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-02-19 23:38 . 2010-06-29 15:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-02-19 23:31 . 2012-02-19 23:32 -------- d-----w- C:\b088f5ac491425e36d
2012-02-19 23:14 . 2012-02-19 23:14 -------- d-----w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
2012-02-19 23:14 . 2012-02-19 23:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 23:14 . 2012-02-19 23:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 21:31 . 2012-02-19 22:21 -------- d-----w- c:\windows\Microsoft Antimalware
2012-02-14 19:23 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 19:23 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 19:23 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 19:23 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 19:23 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 19:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 19:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 19:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-08 23:51 . 2012-02-09 00:07 -------- d-----w- c:\users\Kyle\AppData\Roaming\.Tribler
2012-02-08 23:44 . 2012-02-08 23:51 -------- d-----w- c:\program files (x86)\Tribler
2012-02-06 16:26 . 2012-02-09 11:56 -------- dc-h--w- c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}
2012-02-02 12:27 . 2012-02-02 12:27 -------- d-----w- C:\the girl with the dragon tatoo
2012-01-30 06:02 . 2012-01-30 08:10 -------- d-----w- C:\deus ex missing link
2012-01-27 17:11 . 2012-02-01 21:30 -------- d-----w- C:\red state
2012-01-27 17:10 . 2012-01-27 17:10 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-01-27 17:10 . 2012-01-27 17:10 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2012-01-27 17:09 . 2012-01-27 17:10 -------- d-----w- c:\programdata\Propellerhead Software
2012-01-27 17:09 . 2012-01-27 17:11 -------- d-----w- c:\users\Kyle\AppData\Roaming\Propellerhead Software
2012-01-27 17:06 . 2012-01-27 17:06 -------- d-----w- c:\program files (x86)\Propellerhead
2012-01-26 21:48 . 2012-01-26 21:48 -------- d-----w- c:\users\Kyle\AppData\Local\SAS
2012-01-26 21:45 . 2012-01-26 21:45 -------- d-----w- c:\program files\SAS
2012-01-26 21:45 . 2012-01-26 21:45 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-26 21:44 . 2012-01-26 21:44 -------- d-----w- c:\program files (x86)\SAS Institute Inc
2012-01-26 21:42 . 2012-01-26 21:42 -------- d-----w- c:\program files (x86)\SAS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 03:47 . 2011-11-25 05:24 922228 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-26 08:06 . 2011-12-13 21:20 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-26 08:02 . 2011-09-09 20:39 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-12-10 20:24 . 2012-01-10 20:40 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2010-11-20 . A685CA8D31136476B3973AB478007DAF . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-09-21 9250728]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-04 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2009-10-08 232960]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LemurDaemon"="c:\program files (x86)\Liine\Lemur Daemon.exe" [2011-12-13 459776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 BlackBox;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R3 ks4avs;Kontrol S4 WDM Audio;c:\windows\system32\Drivers\ks4avs.sys [x]
R3 ks4usb_svc;Traktor Kontrol S4;c:\windows\system32\Drivers\ks4usb.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-15 366840]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-12-03 135608]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-09-09 5735424]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-08-25 3013448]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2421258422-3832877340-3197541322-1001Core.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 07:55]
.
2012-02-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2421258422-3832877340-3197541322-1001UA.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 07:55]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 03:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.0.6
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:88,f5,a2,89,9f,ea,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,eb,40,82,31,8e,d6,45,9f,7b,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,eb,40,82,31,8e,d6,45,9f,7b,cb,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c5,15,09,68,1d,7e,9a,cb,ae,67,b3,df,b9,c9,e0,b1,b5,e3,e1,a9,be,
c8,5f,57,29,2b,a9,67,82,35,b6,dd,7b,de,7e,60,85,92,c1,0e,73,3f,17,47,39,5c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="C17909757053A8F57C67234916CFE90A555826E00ECEC91DA16503AF9D207DA9C095AE343A8D998DAFAAC40369CA4901AB33C122233782DC62F9C7B8D56C5E2E39B7728AE820F0971BA1C2C1DB523B0B5DBE900F6ED228CBB00E9413DC0A1A4027877D1E29A28C9CC2D9163A75F2C0CE1989FB08EFBF794D06D9E56B4BCC50A2ED807C094B3F8DD792323D12DFCA98A4727B7260C9B37A773CE53BE2DD9EE4C751F19FD9C7B4D73BD861B8E5EA0ECB1B614EE66046F5F0959591978DF5FC7F577A009B11B7D415EA466F8F430983A2F1C10FD0C450E46925369082F418F8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C9DB7CE019D40AA5C5D575E7D6A3B9808E15DF25A29ED15FA457E8B65A8410B751FEC4AA02F7DE8A8919BB08673A3AA1FFE59F66D57C95C40835884B96D87D6A3817DED5489B409ABC48909EDF0EFD078AF0C919F898169AB75A7D74CA204E2F1EFA704DECCE2AB6BF661ECCCBEA4B055D46C75F5CB89FE0F4025FE46697709E96E0272304A3667452DB64A787F7CB6871629B8CBB0C907D4CAB9DDA5E4974D274452038DD552F4AC2F4BF29957A678755CA4D84D501E8A77BF85B63EBC0D52DCFD14620C484BB3A68A991DAB7145AB9B5672B47DC4D6BB080FD932B69CF36150EC7822997DABA3CE114D65017BF02B88765D8EB12C37ED2A6BBC5D0A34DE68582461B8F6D7F2ECD258C647BDA5B4F5E072620F922AF797974B6AA785B65177E4FAE67DB53B11D7F3B79B275A278D2F5AC4B3C0A06445561BE94FE5CE5D46C3760F55303D8FECD1894E13C92438709CC0AAB5932B06BEE915C711D0D961A826A1BFAA70CB42DF6EFDFC2ADB3B9743AAF227045A583D78B5FA278284F283DA1B90B21BC3EE43B9634F679169948661676580694D23BDF9C0D40FB0013708B1C400CC0F158C88BB8910772D66FA4A9A859E40E908D7BD40B83E4B59AC1C367566C13D21B05A099ADE65DA9729882D31DC3AB439881AF6BA6CE6E96E4D665964E93A73A0C7E4C202868B821A6B2F7DDC68667041B25D29CE51143F1810B2C1AE5CE3A211EF8BB50FC4CE23384C320BC645684A21CFEC9652FC1E622F866D42F86DCA442B2304E6D38492B6A44D2DAC10B795DA2808E60692AC71AD43A3DAB3DDF2111459BD535F57D44CF849550B3CCB27D901DCED3C41CEBF0EC0964190F0E866EB11BB0257AA12E408EC402E8C167E1E345E79F232983C3B077E9F9A7B599B64A380A515BE5AF30CE1D65D87479D264AB95AEA6E645E0245860E88CFD7516B2C176B1E800E02DCC40DBFA273A238B0000F1ED19CBE673CABC7DAB0E63A3FC025361B61321CBB24AB50F3C967DDCD00367218041D048F7B5C9B142947099078D68722DE"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,15,09,68,1d,7e,9a,cb,ae,67,b3,df,b9,c9,e0,b1,b5,e3,e1,a9,be,
c8,5f,57,29,2b,a9,67,82,35,b6,dd,7b,de,7e,60,85,92,c1,0e,73,3f,17,47,39,5c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-24 12:33:03
ComboFix-quarantined-files.txt 2012-02-24 17:33
ComboFix2.txt 2012-02-21 23:49
.
Pre-Run: 3,913,187,328 bytes free
Post-Run: 3,962,621,952 bytes free
.
- - End Of File - - 2FE0CD6F814D03324AF3EACB732A98CE

#5 Ksloan89

Ksloan89
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 February 2012 - 02:37 AM

Sorry about taking so long gringro_pr. My computer hasn't been as slow, but I cannot search on any search engine without a redirect. Here's my log from Combofix:


ComboFix 12-02-24.02 - Kyle 02/24/2012 12:18:56.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2581 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\Sloan\AppData\Local\temp
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-24 17:28 . 2012-02-24 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 01:20 . 2012-02-22 01:20 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-02-22 00:15 . 2012-02-22 00:15 -------- d-----w- c:\program files (x86)\ESET
2012-02-21 06:48 . 2012-02-21 06:48 388096 ----a-r- c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-21 06:48 . 2012-02-21 06:48 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-20 23:57 . 2012-02-20 23:57 -------- d-----w- c:\program files\CCleaner
2012-02-20 03:05 . 2012-02-22 00:53 -------- d-----w- c:\users\Kyle\AppData\Local\Google
2012-02-20 03:05 . 2012-02-22 00:53 -------- d-----w- c:\program files (x86)\Google
2012-02-19 23:38 . 2010-07-16 19:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-02-19 23:38 . 2010-06-29 15:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-02-19 23:31 . 2012-02-19 23:32 -------- d-----w- C:\b088f5ac491425e36d
2012-02-19 23:14 . 2012-02-19 23:14 -------- d-----w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
2012-02-19 23:14 . 2012-02-19 23:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-19 23:14 . 2012-02-19 23:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-19 21:31 . 2012-02-19 22:21 -------- d-----w- c:\windows\Microsoft Antimalware
2012-02-14 19:23 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 19:23 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 19:23 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 19:23 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 19:23 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 19:22 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 19:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 19:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-08 23:51 . 2012-02-09 00:07 -------- d-----w- c:\users\Kyle\AppData\Roaming\.Tribler
2012-02-08 23:44 . 2012-02-08 23:51 -------- d-----w- c:\program files (x86)\Tribler
2012-02-06 16:26 . 2012-02-09 11:56 -------- dc-h--w- c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}
2012-02-02 12:27 . 2012-02-02 12:27 -------- d-----w- C:\the girl with the dragon tatoo
2012-01-30 06:02 . 2012-01-30 08:10 -------- d-----w- C:\deus ex missing link
2012-01-27 17:11 . 2012-02-01 21:30 -------- d-----w- C:\red state
2012-01-27 17:10 . 2012-01-27 17:10 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-01-27 17:10 . 2012-01-27 17:10 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2012-01-27 17:09 . 2012-01-27 17:10 -------- d-----w- c:\programdata\Propellerhead Software
2012-01-27 17:09 . 2012-01-27 17:11 -------- d-----w- c:\users\Kyle\AppData\Roaming\Propellerhead Software
2012-01-27 17:06 . 2012-01-27 17:06 -------- d-----w- c:\program files (x86)\Propellerhead
2012-01-26 21:48 . 2012-01-26 21:48 -------- d-----w- c:\users\Kyle\AppData\Local\SAS
2012-01-26 21:45 . 2012-01-26 21:45 -------- d-----w- c:\program files\SAS
2012-01-26 21:45 . 2012-01-26 21:45 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-26 21:44 . 2012-01-26 21:44 -------- d-----w- c:\program files (x86)\SAS Institute Inc
2012-01-26 21:42 . 2012-01-26 21:42 -------- d-----w- c:\program files (x86)\SAS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 03:47 . 2011-11-25 05:24 922228 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-26 08:06 . 2011-12-13 21:20 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-26 08:02 . 2011-09-09 20:39 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-12-10 20:24 . 2012-01-10 20:40 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2010-11-20 . A685CA8D31136476B3973AB478007DAF . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\devices.exe" [2011-09-21 9250728]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-04 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2009-10-08 232960]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LemurDaemon"="c:\program files (x86)\Liine\Lemur Daemon.exe" [2011-12-13 459776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 BlackBox;BlackBox SR2; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 136176]
R3 ks4avs;Kontrol S4 WDM Audio;c:\windows\system32\Drivers\ks4avs.sys [x]
R3 ks4usb_svc;Traktor Kontrol S4;c:\windows\system32\Drivers\ks4usb.sys [x]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-15 366840]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-12-03 135608]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-09-09 5735424]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-22 2253120]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-08-25 3013448]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [2011-05-03 126392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2421258422-3832877340-3197541322-1001Core.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 07:55]
.
2012-02-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2421258422-3832877340-3197541322-1001UA.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-15 07:55]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 03:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Kyle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.20.0.6
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:88,f5,a2,89,9f,ea,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,eb,40,82,31,8e,d6,45,9f,7b,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,eb,40,82,31,8e,d6,45,9f,7b,cb,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c5,15,09,68,1d,7e,9a,cb,ae,67,b3,df,b9,c9,e0,b1,b5,e3,e1,a9,be,
c8,5f,57,29,2b,a9,67,82,35,b6,dd,7b,de,7e,60,85,92,c1,0e,73,3f,17,47,39,5c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="C17909757053A8F57C67234916CFE90A555826E00ECEC91DA16503AF9D207DA9C095AE343A8D998DAFAAC40369CA4901AB33C122233782DC62F9C7B8D56C5E2E39B7728AE820F0971BA1C2C1DB523B0B5DBE900F6ED228CBB00E9413DC0A1A4027877D1E29A28C9CC2D9163A75F2C0CE1989FB08EFBF794D06D9E56B4BCC50A2ED807C094B3F8DD792323D12DFCA98A4727B7260C9B37A773CE53BE2DD9EE4C751F19FD9C7B4D73BD861B8E5EA0ECB1B614EE66046F5F0959591978DF5FC7F577A009B11B7D415EA466F8F430983A2F1C10FD0C450E46925369082F418F8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C9DB7CE019D40AA5C5D575E7D6A3B9808E15DF25A29ED15FA457E8B65A8410B751FEC4AA02F7DE8A8919BB08673A3AA1FFE59F66D57C95C40835884B96D87D6A3817DED5489B409ABC48909EDF0EFD078AF0C919F898169AB75A7D74CA204E2F1EFA704DECCE2AB6BF661ECCCBEA4B055D46C75F5CB89FE0F4025FE46697709E96E0272304A3667452DB64A787F7CB6871629B8CBB0C907D4CAB9DDA5E4974D274452038DD552F4AC2F4BF29957A678755CA4D84D501E8A77BF85B63EBC0D52DCFD14620C484BB3A68A991DAB7145AB9B5672B47DC4D6BB080FD932B69CF36150EC7822997DABA3CE114D65017BF02B88765D8EB12C37ED2A6BBC5D0A34DE68582461B8F6D7F2ECD258C647BDA5B4F5E072620F922AF797974B6AA785B65177E4FAE67DB53B11D7F3B79B275A278D2F5AC4B3C0A06445561BE94FE5CE5D46C3760F55303D8FECD1894E13C92438709CC0AAB5932B06BEE915C711D0D961A826A1BFAA70CB42DF6EFDFC2ADB3B9743AAF227045A583D78B5FA278284F283DA1B90B21BC3EE43B9634F679169948661676580694D23BDF9C0D40FB0013708B1C400CC0F158C88BB8910772D66FA4A9A859E40E908D7BD40B83E4B59AC1C367566C13D21B05A099ADE65DA9729882D31DC3AB439881AF6BA6CE6E96E4D665964E93A73A0C7E4C202868B821A6B2F7DDC68667041B25D29CE51143F1810B2C1AE5CE3A211EF8BB50FC4CE23384C320BC645684A21CFEC9652FC1E622F866D42F86DCA442B2304E6D38492B6A44D2DAC10B795DA2808E60692AC71AD43A3DAB3DDF2111459BD535F57D44CF849550B3CCB27D901DCED3C41CEBF0EC0964190F0E866EB11BB0257AA12E408EC402E8C167E1E345E79F232983C3B077E9F9A7B599B64A380A515BE5AF30CE1D65D87479D264AB95AEA6E645E0245860E88CFD7516B2C176B1E800E02DCC40DBFA273A238B0000F1ED19CBE673CABC7DAB0E63A3FC025361B61321CBB24AB50F3C967DDCD00367218041D048F7B5C9B142947099078D68722DE"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,15,09,68,1d,7e,9a,cb,ae,67,b3,df,b9,c9,e0,b1,b5,e3,e1,a9,be,
c8,5f,57,29,2b,a9,67,82,35,b6,dd,7b,de,7e,60,85,92,c1,0e,73,3f,17,47,39,5c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-24 12:33:03
ComboFix-quarantined-files.txt 2012-02-24 17:33
ComboFix2.txt 2012-02-21 23:49
.
Pre-Run: 3,913,187,328 bytes free
Post-Run: 3,962,621,952 bytes free
.
- - End Of File - - 2FE0CD6F814D03324AF3EACB732A98CE

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 25 February 2012 - 02:48 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ksloan89

Ksloan89
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 February 2012 - 06:45 PM

13:41:05.0552 3992 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
13:41:05.0776 3992 ============================================================
13:41:05.0776 3992 Current date / time: 2012/02/25 13:41:05.0776
13:41:05.0776 3992 SystemInfo:
13:41:05.0776 3992
13:41:05.0776 3992 OS Version: 6.1.7601 ServicePack: 1.0
13:41:05.0776 3992 Product type: Workstation
13:41:05.0776 3992 ComputerName: KYLE-PC
13:41:05.0776 3992 UserName: Kyle
13:41:05.0776 3992 Windows directory: C:\Windows
13:41:05.0776 3992 System windows directory: C:\Windows
13:41:05.0776 3992 Running under WOW64
13:41:05.0776 3992 Processor architecture: Intel x64
13:41:05.0776 3992 Number of processors: 4
13:41:05.0776 3992 Page size: 0x1000
13:41:05.0776 3992 Boot type: Normal boot
13:41:05.0776 3992 ============================================================
13:41:06.0999 3992 Drive \Device\Harddisk0\DR0 - Size: 0x5D27700000 (372.62 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:41:07.0004 3992 \Device\Harddisk0\DR0:
13:41:07.0004 3992 MBR used
13:41:07.0004 3992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2E93A800
13:41:07.0030 3992 Initialize success
13:41:07.0030 3992 ============================================================
13:41:08.0796 1128 ============================================================
13:41:08.0796 1128 Scan started
13:41:08.0796 1128 Mode: Manual;
13:41:08.0796 1128 ============================================================
13:41:09.0887 1128 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:41:09.0890 1128 1394ohci - ok
13:41:09.0950 1128 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:41:09.0954 1128 ACPI - ok
13:41:09.0973 1128 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:41:09.0974 1128 AcpiPmi - ok
13:41:10.0033 1128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:41:10.0038 1128 adp94xx - ok
13:41:10.0089 1128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:41:10.0092 1128 adpahci - ok
13:41:10.0116 1128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:41:10.0118 1128 adpu320 - ok
13:41:10.0186 1128 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:41:10.0189 1128 AFD - ok
13:41:10.0249 1128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:41:10.0250 1128 agp440 - ok
13:41:10.0300 1128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:41:10.0301 1128 aliide - ok
13:41:10.0316 1128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:41:10.0317 1128 amdide - ok
13:41:10.0330 1128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:41:10.0332 1128 AmdK8 - ok
13:41:10.0347 1128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:41:10.0349 1128 AmdPPM - ok
13:41:10.0400 1128 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:41:10.0402 1128 amdsata - ok
13:41:10.0418 1128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:41:10.0421 1128 amdsbs - ok
13:41:10.0471 1128 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:41:10.0471 1128 amdxata - ok
13:41:10.0551 1128 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:41:10.0553 1128 AppID - ok
13:41:10.0653 1128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:41:10.0654 1128 arc - ok
13:41:10.0681 1128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:41:10.0683 1128 arcsas - ok
13:41:10.0772 1128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:41:10.0773 1128 AsyncMac - ok
13:41:10.0845 1128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:41:10.0846 1128 atapi - ok
13:41:10.0958 1128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:41:10.0963 1128 b06bdrv - ok
13:41:10.0979 1128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:41:10.0982 1128 b57nd60a - ok
13:41:10.0998 1128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:41:10.0999 1128 Beep - ok
13:41:11.0083 1128 BlackBox - ok
13:41:11.0115 1128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:41:11.0116 1128 blbdrive - ok
13:41:11.0222 1128 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:41:11.0224 1128 bowser - ok
13:41:11.0237 1128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:41:11.0238 1128 BrFiltLo - ok
13:41:11.0251 1128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:41:11.0252 1128 BrFiltUp - ok
13:41:11.0360 1128 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:41:11.0394 1128 BridgeMP - ok
13:41:11.0488 1128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:41:11.0491 1128 Brserid - ok
13:41:11.0504 1128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:41:11.0505 1128 BrSerWdm - ok
13:41:11.0538 1128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:41:11.0539 1128 BrUsbMdm - ok
13:41:11.0545 1128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:41:11.0546 1128 BrUsbSer - ok
13:41:11.0603 1128 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:41:11.0605 1128 BthEnum - ok
13:41:11.0674 1128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:41:11.0700 1128 BTHMODEM - ok
13:41:11.0781 1128 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:41:11.0783 1128 BthPan - ok
13:41:11.0805 1128 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:41:11.0811 1128 BTHPORT - ok
13:41:11.0862 1128 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:41:11.0863 1128 BTHUSB - ok
13:41:11.0929 1128 catchme - ok
13:41:11.0981 1128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:41:11.0982 1128 cdfs - ok
13:41:12.0040 1128 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:41:12.0042 1128 cdrom - ok
13:41:12.0094 1128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:41:12.0095 1128 circlass - ok
13:41:12.0125 1128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:41:12.0129 1128 CLFS - ok
13:41:12.0234 1128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:41:12.0235 1128 CmBatt - ok
13:41:12.0272 1128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:41:12.0273 1128 cmdide - ok
13:41:12.0311 1128 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:41:12.0316 1128 CNG - ok
13:41:12.0369 1128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:41:12.0369 1128 Compbatt - ok
13:41:12.0421 1128 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:41:12.0422 1128 CompositeBus - ok
13:41:12.0457 1128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:41:12.0458 1128 crcdisk - ok
13:41:12.0534 1128 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:41:12.0536 1128 DfsC - ok
13:41:12.0562 1128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:41:12.0564 1128 discache - ok
13:41:12.0641 1128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:41:12.0642 1128 Disk - ok
13:41:12.0709 1128 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:41:12.0711 1128 Dot4 - ok
13:41:12.0767 1128 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
13:41:12.0768 1128 Dot4Print - ok
13:41:12.0803 1128 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:41:12.0804 1128 dot4usb - ok
13:41:12.0874 1128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:41:12.0875 1128 drmkaud - ok
13:41:13.0007 1128 DSDrv4 (8462304cbd54857a5943bda8a6ede5ed) C:\PROGRA~2\DScaler\DSDrv4.sys
13:41:13.0008 1128 DSDrv4 - ok
13:41:13.0119 1128 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:41:13.0122 1128 dtsoftbus01 - ok
13:41:13.0168 1128 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:41:13.0177 1128 DXGKrnl - ok
13:41:13.0249 1128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:41:13.0275 1128 ebdrv - ok
13:41:13.0401 1128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:41:13.0407 1128 elxstor - ok
13:41:13.0432 1128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:41:13.0433 1128 ErrDev - ok
13:41:13.0491 1128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:41:13.0493 1128 exfat - ok
13:41:13.0526 1128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:41:13.0528 1128 fastfat - ok
13:41:13.0599 1128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:41:13.0600 1128 fdc - ok
13:41:13.0634 1128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:41:13.0636 1128 FileInfo - ok
13:41:13.0653 1128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:41:13.0654 1128 Filetrace - ok
13:41:13.0709 1128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:41:13.0710 1128 flpydisk - ok
13:41:13.0742 1128 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:41:13.0746 1128 FltMgr - ok
13:41:13.0804 1128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:41:13.0806 1128 FsDepends - ok
13:41:13.0824 1128 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:41:13.0825 1128 Fs_Rec - ok
13:41:13.0885 1128 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:41:13.0887 1128 fvevol - ok
13:41:13.0939 1128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:41:13.0941 1128 gagp30kx - ok
13:41:14.0038 1128 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:41:14.0039 1128 GEARAspiWDM - ok
13:41:14.0165 1128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:41:14.0165 1128 hcw85cir - ok
13:41:14.0248 1128 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:41:14.0251 1128 HdAudAddService - ok
13:41:14.0284 1128 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:41:14.0286 1128 HDAudBus - ok
13:41:14.0292 1128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:41:14.0293 1128 HidBatt - ok
13:41:14.0313 1128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:41:14.0315 1128 HidBth - ok
13:41:14.0344 1128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:41:14.0345 1128 HidIr - ok
13:41:14.0431 1128 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:41:14.0432 1128 HidUsb - ok
13:41:14.0557 1128 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:41:14.0559 1128 HpSAMD - ok
13:41:14.0606 1128 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:41:14.0613 1128 HTTP - ok
13:41:14.0647 1128 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:41:14.0647 1128 hwpolicy - ok
13:41:14.0673 1128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:41:14.0675 1128 i8042prt - ok
13:41:14.0702 1128 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:41:14.0705 1128 iaStorV - ok
13:41:14.0740 1128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:41:14.0741 1128 iirsp - ok
13:41:14.0872 1128 IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
13:41:14.0897 1128 IntcAzAudAddService - ok
13:41:14.0938 1128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:41:14.0939 1128 intelide - ok
13:41:15.0010 1128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:41:15.0011 1128 intelppm - ok
13:41:15.0082 1128 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:41:15.0083 1128 IpFilterDriver - ok
13:41:15.0138 1128 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:41:15.0140 1128 IPMIDRV - ok
13:41:15.0158 1128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:41:15.0160 1128 IPNAT - ok
13:41:15.0243 1128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:41:15.0244 1128 IRENUM - ok
13:41:15.0278 1128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:41:15.0279 1128 isapnp - ok
13:41:15.0298 1128 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:41:15.0301 1128 iScsiPrt - ok
13:41:15.0365 1128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:41:15.0367 1128 kbdclass - ok
13:41:15.0383 1128 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:41:15.0385 1128 kbdhid - ok
13:41:15.0476 1128 KMWDFILTER (4e76398aef64cb6d782cfeb99b4eae55) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:41:15.0477 1128 KMWDFILTER - ok
13:41:15.0546 1128 ks4avs (de45d004c5d1648fcaaa2c51cce604a5) C:\Windows\system32\Drivers\ks4avs.sys
13:41:15.0551 1128 ks4avs - ok
13:41:15.0619 1128 ks4usb_svc (29d9877d4118c7c3fe3172af4407069b) C:\Windows\system32\Drivers\ks4usb.sys
13:41:15.0620 1128 ks4usb_svc - ok
13:41:15.0649 1128 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:41:15.0651 1128 KSecDD - ok
13:41:15.0688 1128 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:41:15.0690 1128 KSecPkg - ok
13:41:15.0719 1128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:41:15.0720 1128 ksthunk - ok
13:41:15.0846 1128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:41:15.0847 1128 lltdio - ok
13:41:15.0912 1128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:41:15.0914 1128 LSI_FC - ok
13:41:15.0932 1128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:41:15.0934 1128 LSI_SAS - ok
13:41:15.0942 1128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:41:15.0943 1128 LSI_SAS2 - ok
13:41:16.0006 1128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:41:16.0008 1128 LSI_SCSI - ok
13:41:16.0057 1128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:41:16.0058 1128 luafv - ok
13:41:16.0095 1128 Lycosa (aecc49af0ac3368027573a5d2f9de351) C:\Windows\system32\drivers\Lycosa.sys
13:41:16.0096 1128 Lycosa - ok
13:41:16.0166 1128 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:41:16.0167 1128 MBAMProtector - ok
13:41:16.0177 1128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:41:16.0178 1128 megasas - ok
13:41:16.0209 1128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:41:16.0212 1128 MegaSR - ok
13:41:16.0256 1128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:41:16.0257 1128 Modem - ok
13:41:16.0290 1128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:41:16.0291 1128 monitor - ok
13:41:16.0332 1128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:41:16.0334 1128 mouclass - ok
13:41:16.0362 1128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:41:16.0363 1128 mouhid - ok
13:41:16.0409 1128 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:41:16.0411 1128 mountmgr - ok
13:41:16.0459 1128 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:41:16.0461 1128 mpio - ok
13:41:16.0476 1128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:41:16.0477 1128 mpsdrv - ok
13:41:16.0540 1128 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:41:16.0541 1128 MRxDAV - ok
13:41:16.0590 1128 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:41:16.0592 1128 mrxsmb - ok
13:41:16.0624 1128 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:41:16.0627 1128 mrxsmb10 - ok
13:41:16.0646 1128 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:41:16.0648 1128 mrxsmb20 - ok
13:41:16.0678 1128 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:41:16.0680 1128 msahci - ok
13:41:16.0706 1128 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:41:16.0707 1128 msdsm - ok
13:41:16.0760 1128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:41:16.0761 1128 Msfs - ok
13:41:16.0772 1128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:41:16.0772 1128 mshidkmdf - ok
13:41:16.0796 1128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:41:16.0797 1128 msisadrv - ok
13:41:16.0874 1128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:41:16.0874 1128 MSKSSRV - ok
13:41:16.0888 1128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:41:16.0889 1128 MSPCLOCK - ok
13:41:16.0941 1128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:41:16.0942 1128 MSPQM - ok
13:41:16.0974 1128 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:41:16.0978 1128 MsRPC - ok
13:41:17.0015 1128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:41:17.0016 1128 mssmbios - ok
13:41:17.0129 1128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:41:17.0130 1128 MSTEE - ok
13:41:17.0137 1128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:41:17.0138 1128 MTConfig - ok
13:41:17.0176 1128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:41:17.0177 1128 Mup - ok
13:41:17.0241 1128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:41:17.0245 1128 NativeWifiP - ok
13:41:17.0303 1128 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:41:17.0313 1128 NDIS - ok
13:41:17.0363 1128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:41:17.0364 1128 NdisCap - ok
13:41:17.0403 1128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:41:17.0404 1128 NdisTapi - ok
13:41:17.0447 1128 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:41:17.0448 1128 Ndisuio - ok
13:41:17.0491 1128 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:41:17.0493 1128 NdisWan - ok
13:41:17.0526 1128 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:41:17.0527 1128 NDProxy - ok
13:41:17.0577 1128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:41:17.0578 1128 NetBIOS - ok
13:41:17.0618 1128 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:41:17.0621 1128 NetBT - ok
13:41:17.0911 1128 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:41:17.0953 1128 netw5v64 - ok
13:41:18.0001 1128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:41:18.0002 1128 nfrd960 - ok
13:41:18.0141 1128 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
13:41:18.0142 1128 NPF - ok
13:41:18.0156 1128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:41:18.0156 1128 Npfs - ok
13:41:18.0173 1128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:41:18.0174 1128 nsiproxy - ok
13:41:18.0226 1128 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:41:18.0240 1128 Ntfs - ok
13:41:18.0248 1128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:41:18.0249 1128 Null - ok
13:41:18.0448 1128 nvlddmkm (aa043614b7f65eaf7fa83068286d5981) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:41:18.0553 1128 nvlddmkm - ok
13:41:18.0668 1128 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:41:18.0671 1128 nvraid - ok
13:41:18.0704 1128 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:41:18.0707 1128 nvstor - ok
13:41:18.0827 1128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:41:18.0828 1128 nv_agp - ok
13:41:18.0857 1128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:41:18.0859 1128 ohci1394 - ok
13:41:18.0974 1128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:41:18.0976 1128 Parport - ok
13:41:19.0010 1128 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:41:19.0012 1128 partmgr - ok
13:41:19.0066 1128 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:41:19.0068 1128 pci - ok
13:41:19.0085 1128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:41:19.0085 1128 pciide - ok
13:41:19.0111 1128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:41:19.0114 1128 pcmcia - ok
13:41:19.0198 1128 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
13:41:19.0200 1128 PCTCore - ok
13:41:19.0305 1128 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
13:41:19.0310 1128 pctDS - ok
13:41:19.0382 1128 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
13:41:19.0390 1128 pctEFA - ok
13:41:19.0429 1128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:41:19.0430 1128 pcw - ok
13:41:19.0455 1128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:41:19.0460 1128 PEAUTH - ok
13:41:19.0595 1128 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:41:19.0597 1128 PptpMiniport - ok
13:41:19.0610 1128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:41:19.0612 1128 Processor - ok
13:41:19.0690 1128 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:41:19.0692 1128 Psched - ok
13:41:19.0791 1128 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:41:19.0791 1128 PxHlpa64 - ok
13:41:19.0828 1128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:41:19.0840 1128 ql2300 - ok
13:41:19.0858 1128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:41:19.0860 1128 ql40xx - ok
13:41:19.0908 1128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:41:19.0910 1128 QWAVEdrv - ok
13:41:19.0926 1128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:41:19.0927 1128 RasAcd - ok
13:41:19.0954 1128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:41:19.0955 1128 RasAgileVpn - ok
13:41:19.0994 1128 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:41:19.0996 1128 Rasl2tp - ok
13:41:20.0015 1128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:41:20.0017 1128 RasPppoe - ok
13:41:20.0035 1128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:41:20.0037 1128 RasSstp - ok
13:41:20.0073 1128 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:41:20.0076 1128 rdbss - ok
13:41:20.0098 1128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:41:20.0099 1128 rdpbus - ok
13:41:20.0130 1128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:41:20.0130 1128 RDPCDD - ok
13:41:20.0186 1128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:41:20.0186 1128 RDPENCDD - ok
13:41:20.0195 1128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:41:20.0196 1128 RDPREFMP - ok
13:41:20.0219 1128 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:41:20.0222 1128 RDPWD - ok
13:41:20.0291 1128 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:41:20.0293 1128 rdyboost - ok
13:41:20.0362 1128 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:41:20.0365 1128 RFCOMM - ok
13:41:20.0428 1128 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:41:20.0430 1128 RimUsb - ok
13:41:20.0457 1128 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:41:20.0457 1128 RimVSerPort - ok
13:41:20.0551 1128 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
13:41:20.0552 1128 ROOTMODEM - ok
13:41:20.0676 1128 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
13:41:20.0678 1128 RsFx0103 - ok
13:41:20.0715 1128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:41:20.0717 1128 rspndr - ok
13:41:20.0792 1128 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:41:20.0794 1128 RTL8167 - ok
13:41:20.0933 1128 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:41:20.0934 1128 SASDIFSV - ok
13:41:20.0996 1128 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:41:20.0997 1128 SASKUTIL - ok
13:41:21.0042 1128 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:41:21.0045 1128 sbp2port - ok
13:41:21.0086 1128 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:41:21.0088 1128 scfilter - ok
13:41:21.0153 1128 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:41:21.0155 1128 sdbus - ok
13:41:21.0180 1128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:41:21.0181 1128 secdrv - ok
13:41:21.0220 1128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:41:21.0221 1128 Serenum - ok
13:41:21.0270 1128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:41:21.0272 1128 Serial - ok
13:41:21.0317 1128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:41:21.0319 1128 sermouse - ok
13:41:21.0337 1128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:41:21.0338 1128 sffdisk - ok
13:41:21.0364 1128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:41:21.0365 1128 sffp_mmc - ok
13:41:21.0381 1128 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:41:21.0383 1128 sffp_sd - ok
13:41:21.0396 1128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:41:21.0397 1128 sfloppy - ok
13:41:21.0430 1128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:41:21.0432 1128 SiSRaid2 - ok
13:41:21.0461 1128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:41:21.0463 1128 SiSRaid4 - ok
13:41:21.0483 1128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:41:21.0485 1128 Smb - ok
13:41:21.0561 1128 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\Windows\system32\DRIVERS\SmSerl64.sys
13:41:21.0572 1128 smserial - ok
13:41:21.0617 1128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:41:21.0617 1128 spldr - ok
13:41:21.0742 1128 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:41:21.0747 1128 srv - ok
13:41:21.0788 1128 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:41:21.0791 1128 srv2 - ok
13:41:21.0832 1128 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:41:21.0834 1128 srvnet - ok
13:41:21.0955 1128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:41:21.0956 1128 stexstor - ok
13:41:22.0053 1128 StkCMini (ca0ad898ad66c37fec95dc9b3f71ff62) C:\Windows\system32\Drivers\StkCMini.sys
13:41:22.0066 1128 StkCMini - ok
13:41:22.0091 1128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:41:22.0093 1128 swenum - ok
13:41:22.0186 1128 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:41:22.0202 1128 Tcpip - ok
13:41:22.0251 1128 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:41:22.0262 1128 TCPIP6 - ok
13:41:22.0298 1128 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:41:22.0300 1128 tcpipreg - ok
13:41:22.0346 1128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:41:22.0347 1128 TDPIPE - ok
13:41:22.0355 1128 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:41:22.0356 1128 TDTCP - ok
13:41:22.0419 1128 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:41:22.0421 1128 tdx - ok
13:41:22.0442 1128 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:41:22.0444 1128 TermDD - ok
13:41:22.0509 1128 teVirtualMIDI64 (678bd7d7620368af1f399662e9b941b4) C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys
13:41:22.0510 1128 teVirtualMIDI64 - ok
13:41:22.0545 1128 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:41:22.0547 1128 tssecsrv - ok
13:41:22.0644 1128 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:41:22.0645 1128 TsUsbFlt - ok
13:41:22.0753 1128 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:41:22.0756 1128 tunnel - ok
13:41:22.0859 1128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:41:22.0860 1128 uagp35 - ok
13:41:22.0909 1128 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:41:22.0913 1128 udfs - ok
13:41:22.0962 1128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:41:22.0963 1128 uliagpkx - ok
13:41:23.0038 1128 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:41:23.0040 1128 umbus - ok
13:41:23.0061 1128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:41:23.0062 1128 UmPass - ok
13:41:23.0090 1128 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:41:23.0091 1128 USBAAPL64 - ok
13:41:23.0152 1128 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:41:23.0153 1128 usbaudio - ok
13:41:23.0184 1128 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:41:23.0185 1128 usbccgp - ok
13:41:23.0237 1128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:41:23.0238 1128 usbcir - ok
13:41:23.0262 1128 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:41:23.0263 1128 usbehci - ok
13:41:23.0331 1128 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:41:23.0334 1128 usbhub - ok
13:41:23.0386 1128 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:41:23.0387 1128 usbohci - ok
13:41:23.0424 1128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:41:23.0426 1128 usbprint - ok
13:41:23.0469 1128 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:41:23.0471 1128 usbscan - ok
13:41:23.0489 1128 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:41:23.0491 1128 USBSTOR - ok
13:41:23.0517 1128 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:41:23.0518 1128 usbuhci - ok
13:41:23.0613 1128 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:41:23.0615 1128 usbvideo - ok
13:41:23.0711 1128 VaneFltr (18436f7006443fb76145b3d35162a810) C:\Windows\system32\drivers\Lachesis.sys
13:41:23.0712 1128 VaneFltr - ok
13:41:23.0773 1128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:41:23.0775 1128 vdrvroot - ok
13:41:23.0790 1128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:41:23.0791 1128 vga - ok
13:41:23.0813 1128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:41:23.0814 1128 VgaSave - ok
13:41:23.0843 1128 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:41:23.0846 1128 vhdmp - ok
13:41:23.0881 1128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:41:23.0882 1128 viaide - ok
13:41:23.0889 1128 VMnetAdapter - ok
13:41:23.0907 1128 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:41:23.0909 1128 volmgr - ok
13:41:23.0946 1128 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:41:23.0950 1128 volmgrx - ok
13:41:24.0020 1128 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:41:24.0024 1128 volsnap - ok
13:41:24.0089 1128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:41:24.0091 1128 vsmraid - ok
13:41:24.0134 1128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:41:24.0135 1128 vwifibus - ok
13:41:24.0192 1128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:41:24.0193 1128 WacomPen - ok
13:41:24.0275 1128 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:24.0277 1128 WANARP - ok
13:41:24.0281 1128 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:24.0282 1128 Wanarpv6 - ok
13:41:24.0351 1128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:41:24.0353 1128 Wd - ok
13:41:24.0378 1128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:41:24.0384 1128 Wdf01000 - ok
13:41:24.0458 1128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:41:24.0459 1128 WfpLwf - ok
13:41:24.0468 1128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:41:24.0469 1128 WIMMount - ok
13:41:24.0569 1128 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:41:24.0570 1128 WinUsb - ok
13:41:24.0630 1128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:41:24.0631 1128 WmiAcpi - ok
13:41:24.0658 1128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:41:24.0660 1128 ws2ifsl - ok
13:41:24.0703 1128 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:41:24.0705 1128 WudfPf - ok
13:41:24.0743 1128 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:24.0746 1128 WUDFRd - ok
13:41:24.0792 1128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:41:24.0857 1128 \Device\Harddisk0\DR0 - ok
13:41:24.0860 1128 Boot (0x1200) (cfac3dfb1dc85031b90c46b9e38c9a32) \Device\Harddisk0\DR0\Partition0
13:41:24.0861 1128 \Device\Harddisk0\DR0\Partition0 - ok
13:41:24.0861 1128 ============================================================
13:41:24.0861 1128 Scan finished
13:41:24.0861 1128 ============================================================
13:41:24.0870 3144 Detected object count: 0
13:41:24.0871 3144 Actual detected object count: 0




aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-21 17:14:45
-----------------------------
17:14:45.060 OS Version: Windows x64 6.1.7601 Service Pack 1
17:14:45.060 Number of processors: 4 586 0xF0B
17:14:45.060 ComputerName: KYLE-PC UserName: Kyle
17:14:47.046 Initialze error C000010E - driver not loaded
17:14:47.077 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
17:14:47.350 AVAST engine defs: 12022100
17:14:48.484 Service scanning
17:15:15.799 Modules scanning
17:15:15.799 Disk 0 trace - called modules:
17:15:15.799
17:15:17.831 AVAST engine scan C:\Windows
17:15:21.643 AVAST engine scan C:\Windows\system32
17:20:02.781 AVAST engine scan C:\Windows\system32\drivers
17:20:16.315 AVAST engine scan C:\Users\Kyle
17:39:01.652 AVAST engine scan C:\ProgramData
17:40:19.562 Scan finished successfully
18:16:43.804 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 13:44:08
-----------------------------
13:44:08.880 OS Version: Windows x64 6.1.7601 Service Pack 1
13:44:08.880 Number of processors: 4 586 0xF0B
13:44:08.881 ComputerName: KYLE-PC UserName: Kyle
13:44:09.990 Initialize success
13:44:44.282 AVAST engine defs: 12022500
13:45:15.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:45:15.223 Disk 0 Vendor: Intel___ 1.0. Size: 381559MB BusType: 8
13:45:15.255 Disk 0 MBR read successfully
13:45:15.257 Disk 0 MBR scan
13:45:15.261 Disk 0 Windows 7 default MBR code
13:45:15.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381557 MB offset 2048
13:45:15.301 Disk 0 scanning C:\Windows\system32\drivers
13:45:24.845 Service scanning
13:45:48.541 Modules scanning
13:45:48.547 Disk 0 trace - called modules:
13:45:48.582 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys iaStorV.sys hal.dll
13:45:48.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046fe790]
13:45:48.590 3 CLASSPNP.SYS[fffff88001d5843f] -> nt!IofCallDriver -> [0xfffffa8004591cf0]
13:45:48.927 5 PCTCore64.sys[fffff88001226094] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004470050]
13:45:50.007 AVAST engine scan C:\Windows
13:45:52.860 AVAST engine scan C:\Windows\system32
13:50:15.190 AVAST engine scan C:\Windows\system32\drivers
13:50:28.441 AVAST engine scan C:\Users\Kyle
14:13:16.415 AVAST engine scan C:\ProgramData
14:15:20.911 Scan finished successfully
18:44:32.910 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
18:44:32.944 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 25 February 2012 - 08:26 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ksloan89

Ksloan89
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 February 2012 - 02:08 PM

Just saved Extras.txt to desktop and here's the OTL.txt log. Thanks again for the help!

OTL logfile created on: 2/26/2012 4:05:21 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 51.78% Memory free
7.99 Gb Paging File | 6.16 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.61 Gb Total Space | 3.21 Gb Free Space | 0.86% Space Free | Partition Type: NTFS
Drive D: | 100.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Kyle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\Razer\Lachesis\razerofa.exe (Razer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe (Symantec Corporation)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (TVersityMediaServer) -- C:\Users\Kyle\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ks4avs) -- C:\Windows\SysNative\drivers\ks4avs.sys (Native Instruments GmbH)
DRV:64bit: - (ks4usb_svc) -- C:\Windows\SysNative\drivers\ks4usb.sys (Native Instruments GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (BlackBox) -- C:\Windows\SysNative\blackbox.dll (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (teVirtualMIDI64) -- C:\Windows\SysNative\drivers\teVirtualMIDI64.sys (Tobias Erichsen)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\drivers\StkCMini.sys (Syntek)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (BlackBox) -- C:\Windows\SysWow64\drivers\BlackBox.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DSDrv4) -- C:\Program Files (x86)\DScaler\DSDrv4.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z204&install_date=20110930
IE - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 06 04 2D CA 5A CB 01 [binary data]
IE - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%20%28x86%29%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.10
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.2
FF - prefs.js..extensions.enabledItems: modern@themes.mozilla.org:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_20\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/23 04:51:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.14\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/11/23 04:51:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.14\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2011/11/23 04:51:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/23 04:51:15 | 000,000,000 | ---D | M]

[2012/02/13 18:26:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions
[2011/04/07 13:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/12/05 21:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\SeaMonkey\Profiles\7farfpjr.default\extensions
[2011/11/23 04:52:43 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kyle\AppData\Roaming\mozilla\SeaMonkey\Profiles\7farfpjr.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/11/23 04:52:43 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Kyle\AppData\Roaming\mozilla\SeaMonkey\Profiles\7farfpjr.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/11/23 04:52:43 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Kyle\AppData\Roaming\mozilla\SeaMonkey\Profiles\7farfpjr.default\extensions\inspector@mozilla.org
[2012/01/26 16:45:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/28 23:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2012/02/21 18:45:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [LemurDaemon] C:\Program Files (x86)\Liine\Lemur Daemon.exe (Liine)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001..\Run: [DriverMax_RESTART] C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.0.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8478A280-76BF-4A80-9643-921DD472444C}: DhcpNameServer = 172.20.0.6
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/24 05:27:57 | 000,000,073 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 03:40:04 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2012/02/25 13:42:48 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2012/02/24 12:33:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/24 12:16:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/24 12:16:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/24 12:16:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/24 12:15:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 12:15:18 | 004,419,501 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\ComboFix.exe
[2012/02/21 19:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/21 19:08:24 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\tdsskiller.exe
[2012/02/21 13:19:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2012/02/21 01:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/21 01:48:38 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/20 18:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/20 18:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/20 18:08:26 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\computer alg class
[2012/02/19 22:05:17 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Google
[2012/02/19 22:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/02/19 18:38:10 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/02/19 18:38:10 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/02/19 18:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/19 18:31:59 | 000,000,000 | ---D | C] -- C:\b088f5ac491425e36d
[2012/02/19 18:14:53 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/19 18:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/19 18:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/19 18:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/19 16:31:33 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/02/14 14:42:22 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/14 14:42:21 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/14 14:42:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/14 14:42:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/14 14:42:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 14:42:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/14 14:42:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/14 14:42:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/14 14:42:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/14 14:42:19 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/14 14:42:19 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/14 14:23:14 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 14:23:04 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 14:23:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 14:22:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/08 18:51:21 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\.Tribler
[2012/02/08 18:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tribler
[2012/02/08 18:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribler
[2012/02/08 18:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tribler
[2012/02/06 11:26:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{13A9B825-42CB-4973-913D-2194B5A4CF94}
[2012/02/02 07:27:32 | 000,000,000 | ---D | C] -- C:\the girl with the dragon tatoo
[2012/01/30 01:02:42 | 000,000,000 | ---D | C] -- C:\deus ex missing link
[2012/01/27 12:11:37 | 000,000,000 | ---D | C] -- C:\red state
[2012/01/27 12:10:47 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2012/01/27 12:10:46 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2012/01/27 12:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
[2012/01/27 12:09:12 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Propellerhead Software
[2012/01/27 12:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
[2012/01/27 12:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Propellerhead
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 03:40:01 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2012/02/26 03:00:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2421258422-3832877340-3197541322-1001UA.job
[2012/02/26 03:00:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2421258422-3832877340-3197541322-1001Core.job
[2012/02/25 22:10:27 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 22:10:27 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/25 18:44:32 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/02/25 13:43:39 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2012/02/25 13:39:47 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\tdsskiller.exe
[2012/02/24 12:15:13 | 004,419,501 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\ComboFix.exe
[2012/02/24 12:09:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/24 12:09:01 | 3219,664,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/21 20:20:54 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012/02/21 19:07:54 | 002,041,519 | ---- | M] () -- C:\Users\Kyle\Desktop\tdsskiller.zip
[2012/02/21 18:45:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/21 13:15:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2012/02/21 13:14:50 | 000,050,477 | ---- | M] () -- C:\Users\Kyle\Desktop\Defogger.exe
[2012/02/21 13:14:31 | 000,000,168 | ---- | M] () -- C:\Users\Kyle\defogger_reenable
[2012/02/21 02:04:35 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\n3ujug1s.exe
[2012/02/21 01:48:38 | 000,002,971 | ---- | M] () -- C:\Users\Kyle\Desktop\HiJackThis.lnk
[2012/02/20 22:46:49 | 001,008,141 | ---- | M] () -- C:\Users\Kyle\Desktop\internet explorer.exe
[2012/02/20 22:12:10 | 000,007,607 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg
[2012/02/20 19:03:41 | 000,001,354 | ---- | M] () -- C:\Users\Kyle\Documents\cc_20120220_190338.reg
[2012/02/20 18:59:01 | 000,089,582 | ---- | M] () -- C:\Users\Kyle\Documents\cc_20120220_185856.reg
[2012/02/20 18:57:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/19 22:05:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/19 18:38:21 | 001,864,938 | -H-- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/19 18:38:03 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/19 18:14:39 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/18 21:13:59 | 004,997,784 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/13 10:39:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 15:59:29 | 000,001,423 | ---- | M] () -- C:\Users\Kyle\Documents\stat - table 1.6.jmp
[2012/02/09 06:57:00 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk
[2012/02/08 22:04:19 | 010,432,879 | ---- | M] () -- C:\Users\Kyle\Desktop\AC_DC - Thunderstruck (Protohype Remix).mp3
[2012/02/08 16:40:22 | 000,001,456 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/08 15:41:50 | 000,041,396 | ---- | M] () -- C:\Users\Kyle\Desktop\medium_c1dd6067041e1c4fb5be48f7f581c8c5.jpg
[2012/02/08 15:25:08 | 003,770,060 | ---- | M] () -- C:\Users\Kyle\Desktop\bleep It (We'll do it live).mp3
[2012/02/08 12:19:50 | 001,867,638 | ---- | M] () -- C:\Users\Kyle\Desktop\Bill OReilly Flips Out.mp3
[2012/02/08 10:06:20 | 006,200,493 | ---- | M] () -- C:\Users\Kyle\Desktop\no name.mp3
[2012/02/02 01:45:47 | 001,281,113 | ---- | M] () -- C:\Users\Kyle\Desktop\alarm.mp3
[2012/02/01 07:10:25 | 000,082,217 | ---- | M] () -- C:\Users\Kyle\Desktop\kick out the epic antidote.jpg
[2012/02/01 03:27:09 | 000,000,993 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/30 16:37:56 | 078,482,122 | ---- | M] () -- C:\Users\Kyle\Desktop\wintry mix.mp3
[2012/01/30 16:37:56 | 004,298,743 | ---- | M] () -- C:\Users\Kyle\Desktop\birdo.mp3
[2012/01/30 16:36:04 | 012,436,211 | ---- | M] () -- C:\Users\Kyle\Desktop\zen.mp3
[2012/01/27 12:10:47 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2012/01/27 12:10:46 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2012/01/27 12:07:20 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\Reason.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/25 18:44:32 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/02/24 12:16:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/24 12:16:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/24 12:16:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/24 12:16:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/24 12:16:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/21 20:20:54 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012/02/21 19:07:31 | 002,041,519 | ---- | C] () -- C:\Users\Kyle\Desktop\tdsskiller.zip
[2012/02/21 13:18:48 | 000,050,477 | ---- | C] () -- C:\Users\Kyle\Desktop\Defogger.exe
[2012/02/21 13:14:31 | 000,000,168 | ---- | C] () -- C:\Users\Kyle\defogger_reenable
[2012/02/21 02:04:39 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\n3ujug1s.exe
[2012/02/21 01:48:38 | 000,002,971 | ---- | C] () -- C:\Users\Kyle\Desktop\HiJackThis.lnk
[2012/02/20 22:47:48 | 001,008,141 | ---- | C] () -- C:\Users\Kyle\Desktop\internet explorer.exe
[2012/02/20 19:03:39 | 000,001,354 | ---- | C] () -- C:\Users\Kyle\Documents\cc_20120220_190338.reg
[2012/02/20 18:58:59 | 000,089,582 | ---- | C] () -- C:\Users\Kyle\Documents\cc_20120220_185856.reg
[2012/02/20 18:57:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/19 22:05:22 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/19 18:38:03 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/19 18:14:39 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/09 15:59:29 | 000,001,423 | ---- | C] () -- C:\Users\Kyle\Documents\stat - table 1.6.jmp
[2012/02/08 21:52:46 | 010,432,879 | ---- | C] () -- C:\Users\Kyle\Desktop\AC_DC - Thunderstruck (Protohype Remix).mp3
[2012/02/08 15:41:49 | 000,041,396 | ---- | C] () -- C:\Users\Kyle\Desktop\medium_c1dd6067041e1c4fb5be48f7f581c8c5.jpg
[2012/02/08 12:30:49 | 003,770,060 | ---- | C] () -- C:\Users\Kyle\Desktop\bleep It (We'll do it live).mp3
[2012/02/08 12:20:09 | 001,867,638 | ---- | C] () -- C:\Users\Kyle\Desktop\Bill OReilly Flips Out.mp3
[2012/02/06 11:26:17 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk
[2012/02/04 19:59:46 | 006,200,493 | ---- | C] () -- C:\Users\Kyle\Desktop\no name.mp3
[2012/02/02 01:45:37 | 001,281,113 | ---- | C] () -- C:\Users\Kyle\Desktop\alarm.mp3
[2012/01/27 12:07:20 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\Reason.lnk
[2012/01/21 22:38:12 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/01/10 00:41:06 | 000,012,240 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\5voa426fjixhehbw5dehh875tt5y1
[2012/01/10 00:41:06 | 000,012,240 | -HS- | C] () -- C:\ProgramData\5voa426fjixhehbw5dehh875tt5y1
[2011/12/20 17:36:23 | 000,008,228 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\r3q3lsj4765r6pe8j882exm168h0e77
[2011/12/20 17:36:23 | 000,008,228 | -HS- | C] () -- C:\ProgramData\r3q3lsj4765r6pe8j882exm168h0e77
[2011/12/09 16:08:03 | 000,013,046 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\d471nrg341682171o7514jak74y0q
[2011/12/09 16:08:03 | 000,013,046 | -HS- | C] () -- C:\ProgramData\d471nrg341682171o7514jak74y0q
[2011/12/05 17:55:30 | 000,001,456 | ---- | C] () -- C:\Users\Kyle\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/24 23:49:43 | 000,000,240 | ---- | C] () -- C:\ProgramData\~5sromql4fCTI10r
[2011/11/24 23:49:42 | 000,000,312 | ---- | C] () -- C:\ProgramData\~5sromql4fCTI10
[2011/11/24 23:49:25 | 000,000,336 | ---- | C] () -- C:\ProgramData\5sromql4fCTI10
[2011/11/24 17:38:54 | 000,767,952 | -H-- | C] () -- C:\Windows\BDTSupport.dll0220.old
[2011/11/23 03:41:04 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/11/21 19:41:49 | 000,000,240 | ---- | C] () -- C:\ProgramData\~tt84bIlNW1Pj2Yr
[2011/11/21 19:41:48 | 000,000,320 | ---- | C] () -- C:\ProgramData\~tt84bIlNW1Pj2Y
[2011/11/21 19:41:43 | 000,000,456 | ---- | C] () -- C:\ProgramData\tt84bIlNW1Pj2Y
[2011/09/30 16:48:59 | 000,000,073 | -H-- | C] () -- C:\Windows\cdplayer.ini
[2011/09/30 16:48:52 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/09/22 11:29:58 | 000,321,856 | -H-- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/01 17:14:38 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2011/04/09 17:55:28 | 000,179,261 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/25 16:10:53 | 000,007,607 | ---- | C] () -- C:\Users\Kyle\AppData\Local\Resmon.ResmonCfg
[2010/12/11 13:07:08 | 000,900,662 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/08 21:40:06 | 000,000,132 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/12/07 21:38:17 | 000,000,132 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/01 16:52:21 | 000,085,504 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/21 02:12:24 | 000,000,093 | -H-- | C] () -- C:\Windows\OEM.ini
[2010/10/17 03:31:18 | 000,815,104 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/17 03:31:17 | 000,180,224 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/13 17:12:40 | 000,120,668 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/04 16:05:05 | 000,165,449 | -H-- | C] () -- C:\Windows\hpoins28.dat
[2010/10/04 16:05:05 | 000,000,442 | -H-- | C] () -- C:\Windows\hpomdl28.dat
[2010/09/23 02:08:39 | 000,280,904 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/09/23 02:08:37 | 002,434,856 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/09/23 02:08:37 | 000,075,136 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/25 12:03:12 | 000,053,299 | -H-- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 979 bytes -> C:\ProgramData\Microsoft:89RhSar6c2KeSw0cuXbLVO6
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 1093 bytes -> C:\ProgramData\Microsoft:1bKPxtSVWnkiFJkkeFni09
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1010 bytes -> C:\ProgramData\Microsoft:WX06p2ifqewj145QPb0SbZLvx

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 26 February 2012 - 03:12 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_20\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-2421258422-3832877340-3197541322-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 979 bytes -> C:\ProgramData\Microsoft:89RhSar6c2KeSw0cuXbLVO6
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 1093 bytes -> C:\ProgramData\Microsoft:1bKPxtSVWnkiFJkkeFni09
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 1010 bytes -> C:\ProgramData\Microsoft:WX06p2ifqewj145QPb0SbZLvx  
    [2012/01/10 00:41:06 | 000,012,240 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\5voa426fjixhehbw5dehh875tt5y1
    [2012/01/10 00:41:06 | 000,012,240 | -HS- | C] () -- C:\ProgramData\5voa426fjixhehbw5dehh875tt5y1
    [2011/12/20 17:36:23 | 000,008,228 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\r3q3lsj4765r6pe8j882exm168h0e77
    [2011/12/20 17:36:23 | 000,008,228 | -HS- | C] () -- C:\ProgramData\r3q3lsj4765r6pe8j882exm168h0e77
    [2011/12/09 16:08:03 | 000,013,046 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\d471nrg341682171o7514jak74y0q
    [2011/12/09 16:08:03 | 000,013,046 | -HS- | C] () -- C:\ProgramData\d471nrg341682171o7514jak74y0q
    [2011/11/24 23:49:43 | 000,000,240 | ---- | C] () -- C:\ProgramData\~5sromql4fCTI10r
    [2011/11/24 23:49:42 | 000,000,312 | ---- | C] () -- C:\ProgramData\~5sromql4fCTI10
    [2011/11/24 23:49:25 | 000,000,336 | ---- | C] () -- C:\ProgramData\5sromql4fCTI10
    [2011/11/21 19:41:49 | 000,000,240 | ---- | C] () -- C:\ProgramData\~tt84bIlNW1Pj2Yr
    [2011/11/21 19:41:48 | 000,000,320 | ---- | C] () -- C:\ProgramData\~tt84bIlNW1Pj2Y
    [2011/11/21 19:41:43 | 000,000,456 | ---- | C] () -- C:\ProgramData\tt84bIlNW1Pj2Y
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ksloan89

Ksloan89
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 February 2012 - 08:27 PM

After the reboot, adobe flash player update came up so I updated it. I am still getting redirects to websites like gimmeanswers.org, http://63.209.69.107, http://luxurylinenmenswear.com, etc.

Here's the log that came up after reboot:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-2421258422-3832877340-3197541322-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_USERS\S-1-5-21-2421258422-3832877340-3197541322-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-2421258422-3832877340-3197541322-1010\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\Microsoft:89RhSar6c2KeSw0cuXbLVO6 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:EA029835 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\Microsoft:1bKPxtSVWnkiFJkkeFni09 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\Microsoft:WX06p2ifqewj145QPb0SbZLvx deleted successfully.
C:\Users\Kyle\AppData\Local\5voa426fjixhehbw5dehh875tt5y1 moved successfully.
C:\ProgramData\5voa426fjixhehbw5dehh875tt5y1 moved successfully.
C:\Users\Kyle\AppData\Local\r3q3lsj4765r6pe8j882exm168h0e77 moved successfully.
C:\ProgramData\r3q3lsj4765r6pe8j882exm168h0e77 moved successfully.
C:\Users\Kyle\AppData\Local\d471nrg341682171o7514jak74y0q moved successfully.
C:\ProgramData\d471nrg341682171o7514jak74y0q moved successfully.
C:\ProgramData\~5sromql4fCTI10r moved successfully.
C:\ProgramData\~5sromql4fCTI10 moved successfully.
C:\ProgramData\5sromql4fCTI10 moved successfully.
C:\ProgramData\~tt84bIlNW1Pj2Yr moved successfully.
C:\ProgramData\~tt84bIlNW1Pj2Y moved successfully.
C:\ProgramData\tt84bIlNW1Pj2Y moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kyle\Desktop\cmd.bat deleted successfully.
C:\Users\Kyle\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 53208554 bytes
->Temporary Internet Files folder emptied: 233623379 bytes
->Java cache emptied: 3557039 bytes
->Flash cache emptied: 58179 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sloan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 27385169 bytes
->Flash cache emptied: 3685 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 922228 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 304.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kyle
->Java cache emptied: 0 bytes

User: Public

User: Sloan

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

User: Sloan
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.2 log created on 02262012_201744

Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHOBGWNO\topic443567[1].htm moved successfully.

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 26 February 2012 - 08:29 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ksloan89

Ksloan89
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 February 2012 - 08:30 PM

Thanks again for helping me with this. I really appreciate it!

#14 Ksloan89

Ksloan89
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 February 2012 - 08:35 PM

After double clicking router.bat cmd pops up and closes right out with no notepad. I think it says "not recognized as internal or external command or bach file"

Edited by Ksloan89, 26 February 2012 - 08:36 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 26 February 2012 - 08:42 PM

try and redo it please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users