Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svhost.exe winrscmde && Search Engine redirecting


  • This topic is locked This topic is locked
67 replies to this topic

#1 KBEAST

KBEAST

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 03 March 2012 - 08:00 PM

Hi,

Original post is My link

Randomly this svhost.exe winrscmde is keep running and it goes up to 1 GB of ram and then it crashes the computer.
And Google, bing any, search engine seems to redirect the links both firefox and internet explore.

I've followed the direction to create reports successfully.

I am attaching DDS.txt and Attach.txt

And just like from original post, I've already ran the Combofix report so I'll post that as well.

Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 04 March 2012 - 02:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 06 March 2012 - 09:36 PM

HI,

This looks like just some auto reply...
As you can see I've already ran that combo fix and attached the report...

Does anyone here really know how to fix these?

Thank you

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 06 March 2012 - 09:53 PM

Hello


yes I did ask for a new combofix scan as that one looked to me to be about 10 days old - I feel it would be to dangerous to keep going with a report that is that old



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 09 March 2012 - 02:10 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 10 March 2012 - 07:06 PM

Hi,

So I have been trying over and the next day over but I can't create the report now....

It will run at first and it goes up to stage_50 then it reboots on its own.
So up to here, its running fine.

I log back in then, it is trying to create report....
I've waited about 2 hours and yet nothing was changing...

next day I tried again. After 1 hour I came back, I see the my computer have restarted. So I log back in and saw combofix.txt in C:windows

And it was blank....

Any clue?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 11 March 2012 - 10:52 PM

Greetings

Ok lets try these and see what they find


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 13 March 2012 - 06:28 PM

18:54:30.0438 3740 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:54:31.0484 3740 ============================================================
18:54:31.0484 3740 Current date / time: 2012/03/13 18:54:31.0484
18:54:31.0484 3740 SystemInfo:
18:54:31.0484 3740
18:54:31.0485 3740 OS Version: 6.1.7601 ServicePack: 1.0
18:54:31.0485 3740 Product type: Workstation
18:54:31.0485 3740 ComputerName: JOHN-PC
18:54:31.0485 3740 UserName: John
18:54:31.0485 3740 Windows directory: C:\Windows
18:54:31.0485 3740 System windows directory: C:\Windows
18:54:31.0485 3740 Running under WOW64
18:54:31.0485 3740 Processor architecture: Intel x64
18:54:31.0485 3740 Number of processors: 4
18:54:31.0485 3740 Page size: 0x1000
18:54:31.0485 3740 Boot type: Normal boot
18:54:31.0485 3740 ============================================================
18:54:32.0551 3740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:54:32.0625 3740 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:54:32.0627 3740 \Device\Harddisk0\DR0:
18:54:32.0627 3740 MBR used
18:54:32.0627 3740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
18:54:32.0627 3740 \Device\Harddisk1\DR1:
18:54:32.0627 3740 MBR used
18:54:32.0627 3740 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
18:54:32.0714 3740 Initialize success
18:54:32.0714 3740 ============================================================
18:54:35.0495 4904 ============================================================
18:54:35.0495 4904 Scan started
18:54:35.0495 4904 Mode: Manual;
18:54:35.0495 4904 ============================================================
18:54:36.0996 4904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:54:37.0028 4904 1394ohci - ok
18:54:37.0077 4904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:54:37.0093 4904 ACPI - ok
18:54:37.0127 4904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:54:37.0130 4904 AcpiPmi - ok
18:54:37.0202 4904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:54:37.0210 4904 adp94xx - ok
18:54:37.0226 4904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:54:37.0232 4904 adpahci - ok
18:54:37.0247 4904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:54:37.0251 4904 adpu320 - ok
18:54:37.0308 4904 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:54:37.0316 4904 AFD - ok
18:54:37.0348 4904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:54:37.0350 4904 agp440 - ok
18:54:37.0370 4904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:54:37.0372 4904 aliide - ok
18:54:37.0394 4904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:54:37.0396 4904 amdide - ok
18:54:37.0421 4904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:54:37.0424 4904 AmdK8 - ok
18:54:37.0445 4904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:54:37.0448 4904 AmdPPM - ok
18:54:37.0461 4904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:54:37.0464 4904 amdsata - ok
18:54:37.0485 4904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:54:37.0489 4904 amdsbs - ok
18:54:37.0516 4904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:54:37.0518 4904 amdxata - ok
18:54:37.0576 4904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:54:37.0579 4904 AppID - ok
18:54:37.0635 4904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:54:37.0638 4904 arc - ok
18:54:37.0663 4904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:54:37.0666 4904 arcsas - ok
18:54:37.0695 4904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:54:37.0699 4904 AsyncMac - ok
18:54:37.0743 4904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:54:37.0745 4904 atapi - ok
18:54:37.0821 4904 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:54:37.0824 4904 AVGIDSDriver - ok
18:54:37.0840 4904 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:54:37.0842 4904 AVGIDSEH - ok
18:54:37.0859 4904 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:54:37.0861 4904 AVGIDSFilter - ok
18:54:37.0913 4904 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
18:54:37.0921 4904 Avgldx64 - ok
18:54:37.0937 4904 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:54:37.0939 4904 Avgmfx64 - ok
18:54:37.0981 4904 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:54:37.0984 4904 Avgrkx64 - ok
18:54:38.0008 4904 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
18:54:38.0015 4904 Avgtdia - ok
18:54:38.0078 4904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:54:38.0103 4904 b06bdrv - ok
18:54:38.0157 4904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:54:38.0167 4904 b57nd60a - ok
18:54:38.0190 4904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:54:38.0192 4904 Beep - ok
18:54:38.0226 4904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:54:38.0229 4904 blbdrive - ok
18:54:38.0297 4904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:54:38.0322 4904 bowser - ok
18:54:38.0341 4904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:54:38.0343 4904 BrFiltLo - ok
18:54:38.0367 4904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:54:38.0369 4904 BrFiltUp - ok
18:54:38.0411 4904 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:54:38.0414 4904 BridgeMP - ok
18:54:38.0439 4904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:54:38.0444 4904 Brserid - ok
18:54:38.0466 4904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:54:38.0468 4904 BrSerWdm - ok
18:54:38.0497 4904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:54:38.0499 4904 BrUsbMdm - ok
18:54:38.0510 4904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:54:38.0512 4904 BrUsbSer - ok
18:54:38.0550 4904 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
18:54:38.0563 4904 BTCFilterService - ok
18:54:38.0589 4904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:54:38.0592 4904 BTHMODEM - ok
18:54:38.0743 4904 catchme (d94b86ad01a3cc323619d4ff512ed6fa) C:\ComboFix\catchme.sys
18:54:38.0763 4904 catchme - ok
18:54:38.0872 4904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:54:38.0882 4904 cdfs - ok
18:54:38.0945 4904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:54:38.0950 4904 cdrom - ok
18:54:38.0980 4904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:54:38.0982 4904 circlass - ok
18:54:39.0017 4904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:54:39.0024 4904 CLFS - ok
18:54:39.0072 4904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:54:39.0074 4904 CmBatt - ok
18:54:39.0109 4904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:54:39.0121 4904 cmdide - ok
18:54:39.0159 4904 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:54:39.0166 4904 CNG - ok
18:54:39.0195 4904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:54:39.0197 4904 Compbatt - ok
18:54:39.0221 4904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:54:39.0223 4904 CompositeBus - ok
18:54:39.0254 4904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:54:39.0256 4904 crcdisk - ok
18:54:39.0360 4904 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:54:39.0384 4904 CSC - ok
18:54:39.0453 4904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:54:39.0456 4904 DfsC - ok
18:54:39.0487 4904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:54:39.0489 4904 discache - ok
18:54:39.0532 4904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:54:39.0535 4904 Disk - ok
18:54:39.0570 4904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:54:39.0582 4904 drmkaud - ok
18:54:39.0634 4904 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:54:39.0639 4904 dtsoftbus01 - ok
18:54:39.0695 4904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:54:39.0753 4904 DXGKrnl - ok
18:54:40.0078 4904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:54:40.0163 4904 ebdrv - ok
18:54:40.0227 4904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:54:40.0252 4904 elxstor - ok
18:54:40.0281 4904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:54:40.0283 4904 ErrDev - ok
18:54:40.0332 4904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:54:40.0341 4904 exfat - ok
18:54:40.0371 4904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:54:40.0374 4904 fastfat - ok
18:54:40.0395 4904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:54:40.0397 4904 fdc - ok
18:54:40.0416 4904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:54:40.0419 4904 FileInfo - ok
18:54:40.0439 4904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:54:40.0441 4904 Filetrace - ok
18:54:40.0458 4904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:54:40.0460 4904 flpydisk - ok
18:54:40.0519 4904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:54:40.0559 4904 FltMgr - ok
18:54:40.0652 4904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:54:40.0655 4904 FsDepends - ok
18:54:40.0668 4904 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:54:40.0669 4904 Fs_Rec - ok
18:54:40.0703 4904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:54:40.0708 4904 fvevol - ok
18:54:40.0732 4904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:54:40.0735 4904 gagp30kx - ok
18:54:40.0798 4904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:54:40.0813 4904 hcw85cir - ok
18:54:40.0860 4904 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:54:40.0865 4904 HdAudAddService - ok
18:54:40.0892 4904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:54:40.0904 4904 HDAudBus - ok
18:54:40.0923 4904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:54:40.0925 4904 HidBatt - ok
18:54:40.0958 4904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:54:40.0974 4904 HidBth - ok
18:54:41.0000 4904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:54:41.0001 4904 HidIr - ok
18:54:41.0047 4904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:54:41.0049 4904 HidUsb - ok
18:54:41.0087 4904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:54:41.0090 4904 HpSAMD - ok
18:54:41.0150 4904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:54:41.0183 4904 HTTP - ok
18:54:41.0211 4904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:54:41.0223 4904 hwpolicy - ok
18:54:41.0278 4904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:54:41.0281 4904 i8042prt - ok
18:54:41.0348 4904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:54:41.0373 4904 iaStorV - ok
18:54:41.0403 4904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:54:41.0405 4904 iirsp - ok
18:54:41.0428 4904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:54:41.0430 4904 intelide - ok
18:54:41.0456 4904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:54:41.0458 4904 intelppm - ok
18:54:41.0487 4904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:54:41.0489 4904 IpFilterDriver - ok
18:54:41.0525 4904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:54:41.0528 4904 IPMIDRV - ok
18:54:41.0564 4904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:54:41.0567 4904 IPNAT - ok
18:54:41.0594 4904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:54:41.0595 4904 IRENUM - ok
18:54:41.0615 4904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:54:41.0627 4904 isapnp - ok
18:54:41.0651 4904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:54:41.0656 4904 iScsiPrt - ok
18:54:41.0696 4904 JRSKD24 - ok
18:54:41.0724 4904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:54:41.0726 4904 kbdclass - ok
18:54:41.0757 4904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:54:41.0760 4904 kbdhid - ok
18:54:41.0804 4904 kcrtx64 (b2023b8c0aca7a4ff75a69e877dfb2d4) C:\Windows\system32\kcrtx64.sys
18:54:41.0818 4904 kcrtx64 - ok
18:54:41.0848 4904 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:54:41.0851 4904 KSecDD - ok
18:54:41.0879 4904 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:54:41.0883 4904 KSecPkg - ok
18:54:41.0913 4904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:54:41.0914 4904 ksthunk - ok
18:54:41.0967 4904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:54:41.0970 4904 lltdio - ok
18:54:42.0007 4904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:54:42.0010 4904 LSI_FC - ok
18:54:42.0030 4904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:54:42.0033 4904 LSI_SAS - ok
18:54:42.0055 4904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:54:42.0057 4904 LSI_SAS2 - ok
18:54:42.0083 4904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:54:42.0086 4904 LSI_SCSI - ok
18:54:42.0120 4904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:54:42.0123 4904 luafv - ok
18:54:42.0147 4904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:54:42.0161 4904 megasas - ok
18:54:42.0208 4904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:54:42.0225 4904 MegaSR - ok
18:54:42.0255 4904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:54:42.0257 4904 Modem - ok
18:54:42.0298 4904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:54:42.0302 4904 monitor - ok
18:54:42.0341 4904 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
18:54:42.0344 4904 motandroidusb - ok
18:54:42.0390 4904 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
18:54:42.0401 4904 motccgp - ok
18:54:42.0424 4904 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
18:54:42.0451 4904 motccgpfl - ok
18:54:42.0491 4904 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
18:54:42.0494 4904 motmodem - ok
18:54:42.0533 4904 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
18:54:42.0535 4904 MotoSwitchService - ok
18:54:42.0562 4904 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
18:54:42.0571 4904 Motousbnet - ok
18:54:42.0593 4904 motusbdevice - ok
18:54:42.0627 4904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:54:42.0637 4904 mouclass - ok
18:54:42.0671 4904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:54:42.0673 4904 mouhid - ok
18:54:42.0706 4904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:54:42.0709 4904 mountmgr - ok
18:54:42.0730 4904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:54:42.0733 4904 mpio - ok
18:54:42.0752 4904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:54:42.0755 4904 mpsdrv - ok
18:54:42.0804 4904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:54:42.0808 4904 MRxDAV - ok
18:54:42.0865 4904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:54:42.0890 4904 mrxsmb - ok
18:54:42.0922 4904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:54:42.0940 4904 mrxsmb10 - ok
18:54:42.0970 4904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:54:42.0973 4904 mrxsmb20 - ok
18:54:43.0008 4904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:54:43.0016 4904 msahci - ok
18:54:43.0042 4904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:54:43.0045 4904 msdsm - ok
18:54:43.0079 4904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:54:43.0081 4904 Msfs - ok
18:54:43.0096 4904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:54:43.0098 4904 mshidkmdf - ok
18:54:43.0110 4904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:54:43.0112 4904 msisadrv - ok
18:54:43.0149 4904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:54:43.0151 4904 MSKSSRV - ok
18:54:43.0170 4904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:54:43.0172 4904 MSPCLOCK - ok
18:54:43.0187 4904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:54:43.0189 4904 MSPQM - ok
18:54:43.0240 4904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:54:43.0247 4904 MsRPC - ok
18:54:43.0281 4904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:54:43.0290 4904 mssmbios - ok
18:54:43.0313 4904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:54:43.0315 4904 MSTEE - ok
18:54:43.0337 4904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:54:43.0339 4904 MTConfig - ok
18:54:43.0372 4904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:54:43.0374 4904 Mup - ok
18:54:43.0443 4904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:54:43.0459 4904 NativeWifiP - ok
18:54:43.0530 4904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:54:43.0568 4904 NDIS - ok
18:54:43.0589 4904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:54:43.0592 4904 NdisCap - ok
18:54:43.0620 4904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:54:43.0622 4904 NdisTapi - ok
18:54:43.0653 4904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:54:43.0656 4904 Ndisuio - ok
18:54:43.0691 4904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:54:43.0700 4904 NdisWan - ok
18:54:43.0727 4904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:54:43.0730 4904 NDProxy - ok
18:54:43.0746 4904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:54:43.0748 4904 NetBIOS - ok
18:54:43.0780 4904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:54:43.0785 4904 NetBT - ok
18:54:43.0834 4904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:54:43.0849 4904 nfrd960 - ok
18:54:43.0870 4904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:54:43.0872 4904 Npfs - ok
18:54:43.0892 4904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:54:43.0894 4904 nsiproxy - ok
18:54:44.0188 4904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:54:44.0256 4904 Ntfs - ok
18:54:44.0336 4904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:54:44.0338 4904 Null - ok
18:54:44.0384 4904 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
18:54:44.0391 4904 NVENETFD - ok
18:54:44.0438 4904 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
18:54:44.0442 4904 NVHDA - ok
18:54:45.0660 4904 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:54:45.0940 4904 nvlddmkm - ok
18:54:46.0205 4904 NVNET (c42c32bf90a78d72d4b7c144ff907fb6) C:\Windows\system32\DRIVERS\nvmf6264.sys
18:54:46.0215 4904 NVNET - ok
18:54:46.0265 4904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:54:46.0269 4904 nvraid - ok
18:54:46.0291 4904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:54:46.0295 4904 nvstor - ok
18:54:46.0326 4904 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
18:54:46.0328 4904 nvstor64 - ok
18:54:46.0369 4904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:54:46.0372 4904 nv_agp - ok
18:54:46.0396 4904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:54:46.0399 4904 ohci1394 - ok
18:54:46.0505 4904 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
18:54:46.0556 4904 P17 - ok
18:54:46.0594 4904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:54:46.0604 4904 Parport - ok
18:54:46.0635 4904 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:54:46.0637 4904 partmgr - ok
18:54:46.0671 4904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:54:46.0676 4904 pci - ok
18:54:46.0691 4904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:54:46.0693 4904 pciide - ok
18:54:46.0720 4904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:54:46.0724 4904 pcmcia - ok
18:54:46.0745 4904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:54:46.0748 4904 pcw - ok
18:54:46.0780 4904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:54:46.0805 4904 PEAUTH - ok
18:54:46.0883 4904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:54:46.0886 4904 PptpMiniport - ok
18:54:46.0908 4904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:54:46.0910 4904 Processor - ok
18:54:46.0958 4904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:54:46.0962 4904 Psched - ok
18:54:47.0046 4904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:54:47.0098 4904 ql2300 - ok
18:54:47.0136 4904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:54:47.0148 4904 ql40xx - ok
18:54:47.0167 4904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:54:47.0169 4904 QWAVEdrv - ok
18:54:47.0195 4904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:54:47.0208 4904 RasAcd - ok
18:54:47.0247 4904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:54:47.0249 4904 RasAgileVpn - ok
18:54:47.0309 4904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:54:47.0322 4904 Rasl2tp - ok
18:54:47.0347 4904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:54:47.0350 4904 RasPppoe - ok
18:54:47.0371 4904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:54:47.0374 4904 RasSstp - ok
18:54:47.0413 4904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:54:47.0418 4904 rdbss - ok
18:54:47.0436 4904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:54:47.0438 4904 rdpbus - ok
18:54:47.0458 4904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:54:47.0460 4904 RDPCDD - ok
18:54:47.0491 4904 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:54:47.0505 4904 RDPDR - ok
18:54:47.0529 4904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:54:47.0532 4904 RDPENCDD - ok
18:54:47.0551 4904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:54:47.0552 4904 RDPREFMP - ok
18:54:47.0590 4904 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:54:47.0594 4904 RDPWD - ok
18:54:47.0638 4904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:54:47.0643 4904 rdyboost - ok
18:54:47.0689 4904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:54:47.0692 4904 rspndr - ok
18:54:47.0725 4904 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:54:47.0745 4904 s3cap - ok
18:54:47.0774 4904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:54:47.0777 4904 sbp2port - ok
18:54:47.0822 4904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:54:47.0824 4904 scfilter - ok
18:54:47.0855 4904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:54:47.0857 4904 secdrv - ok
18:54:47.0896 4904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:54:47.0898 4904 Serenum - ok
18:54:47.0913 4904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:54:47.0916 4904 Serial - ok
18:54:47.0942 4904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:54:47.0944 4904 sermouse - ok
18:54:47.0985 4904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:54:47.0993 4904 sffdisk - ok
18:54:48.0017 4904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:54:48.0032 4904 sffp_mmc - ok
18:54:48.0057 4904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:54:48.0059 4904 sffp_sd - ok
18:54:48.0080 4904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:54:48.0082 4904 sfloppy - ok
18:54:48.0129 4904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:54:48.0132 4904 SiSRaid2 - ok
18:54:48.0155 4904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:54:48.0157 4904 SiSRaid4 - ok
18:54:48.0190 4904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:54:48.0193 4904 Smb - ok
18:54:48.0222 4904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:54:48.0224 4904 spldr - ok
18:54:48.0267 4904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:54:48.0288 4904 srv - ok
18:54:48.0316 4904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:54:48.0323 4904 srv2 - ok
18:54:48.0342 4904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:54:48.0346 4904 srvnet - ok
18:54:48.0393 4904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:54:48.0396 4904 stexstor - ok
18:54:48.0439 4904 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:54:48.0442 4904 storflt - ok
18:54:48.0466 4904 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:54:48.0469 4904 storvsc - ok
18:54:48.0503 4904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:54:48.0516 4904 swenum - ok
18:54:48.0625 4904 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:54:48.0668 4904 Tcpip - ok
18:54:48.0741 4904 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:54:48.0751 4904 TCPIP6 - ok
18:54:48.0802 4904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:54:48.0816 4904 tcpipreg - ok
18:54:48.0836 4904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:54:48.0838 4904 TDPIPE - ok
18:54:48.0860 4904 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:54:48.0862 4904 TDTCP - ok
18:54:48.0900 4904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:54:48.0913 4904 tdx - ok
18:54:48.0944 4904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:54:48.0946 4904 TermDD - ok
18:54:48.0991 4904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:54:49.0000 4904 tssecsrv - ok
18:54:49.0051 4904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:54:49.0065 4904 TsUsbFlt - ok
18:54:49.0106 4904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:54:49.0109 4904 tunnel - ok
18:54:49.0138 4904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:54:49.0146 4904 uagp35 - ok
18:54:49.0182 4904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:54:49.0189 4904 udfs - ok
18:54:49.0225 4904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:54:49.0237 4904 uliagpkx - ok
18:54:49.0276 4904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:54:49.0278 4904 umbus - ok
18:54:49.0298 4904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:54:49.0300 4904 UmPass - ok
18:54:49.0329 4904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:54:49.0347 4904 usbccgp - ok
18:54:49.0388 4904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:54:49.0397 4904 usbcir - ok
18:54:49.0420 4904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:54:49.0423 4904 usbehci - ok
18:54:49.0453 4904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:54:49.0459 4904 usbhub - ok
18:54:49.0481 4904 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:54:49.0483 4904 usbohci - ok
18:54:49.0516 4904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:54:49.0519 4904 usbprint - ok
18:54:49.0541 4904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:54:49.0545 4904 USBSTOR - ok
18:54:49.0569 4904 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:54:49.0572 4904 usbuhci - ok
18:54:49.0632 4904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:54:49.0634 4904 vdrvroot - ok
18:54:49.0666 4904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:54:49.0669 4904 vga - ok
18:54:49.0693 4904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:54:49.0695 4904 VgaSave - ok
18:54:49.0719 4904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:54:49.0724 4904 vhdmp - ok
18:54:49.0743 4904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:54:49.0745 4904 viaide - ok
18:54:49.0773 4904 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:54:49.0777 4904 vmbus - ok
18:54:49.0800 4904 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:54:49.0802 4904 VMBusHID - ok
18:54:49.0828 4904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:54:49.0831 4904 volmgr - ok
18:54:49.0871 4904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:54:49.0886 4904 volmgrx - ok
18:54:49.0910 4904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:54:49.0916 4904 volsnap - ok
18:54:49.0948 4904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:54:49.0952 4904 vsmraid - ok
18:54:49.0965 4904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:54:49.0967 4904 vwifibus - ok
18:54:49.0994 4904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:54:49.0996 4904 WacomPen - ok
18:54:50.0043 4904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:50.0048 4904 WANARP - ok
18:54:50.0051 4904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:54:50.0052 4904 Wanarpv6 - ok
18:54:50.0087 4904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:54:50.0100 4904 Wd - ok
18:54:50.0134 4904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:54:50.0150 4904 Wdf01000 - ok
18:54:50.0188 4904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:54:50.0189 4904 WfpLwf - ok
18:54:50.0212 4904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:54:50.0214 4904 WIMMount - ok
18:54:50.0288 4904 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:54:50.0299 4904 WinUsb - ok
18:54:50.0324 4904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:54:50.0326 4904 WmiAcpi - ok
18:54:50.0365 4904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:54:50.0367 4904 ws2ifsl - ok
18:54:50.0408 4904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:54:50.0412 4904 WudfPf - ok
18:54:50.0434 4904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:54:50.0439 4904 WUDFRd - ok
18:54:50.0471 4904 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
18:54:50.0493 4904 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:54:50.0493 4904 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:54:50.0497 4904 MBR (0x1B8) (680a325d64193cdc5918aac6dc5bb889) \Device\Harddisk1\DR1
18:54:50.0719 4904 \Device\Harddisk1\DR1 - ok
18:54:50.0733 4904 Boot (0x1200) (02238fe9e8598e762371282cd4296030) \Device\Harddisk0\DR0\Partition0
18:54:50.0765 4904 \Device\Harddisk0\DR0\Partition0 - ok
18:54:50.0768 4904 Boot (0x1200) (5c7aeff580d4b1c9841b526a7b849567) \Device\Harddisk1\DR1\Partition0
18:54:50.0771 4904 \Device\Harddisk1\DR1\Partition0 - ok
18:54:50.0771 4904 ============================================================
18:54:50.0771 4904 Scan finished
18:54:50.0771 4904 ============================================================
18:54:50.0782 5852 Detected object count: 1
18:54:50.0782 5852 Actual detected object count: 1
18:57:14.0955 5852 \Device\Harddisk0\DR0\# - copied to quarantine
18:57:14.0955 5852 \Device\Harddisk0\DR0 - copied to quarantine
18:57:15.0000 5852 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:57:15.0002 5852 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:57:15.0008 5852 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
18:57:15.0019 5852 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:57:15.0027 5852 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:57:15.0028 5852 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:57:15.0029 5852 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:57:15.0031 5852 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:57:15.0033 5852 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:57:15.0036 5852 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:57:15.0037 5852 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:57:15.0041 5852 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:57:15.0045 5852 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:57:15.0070 5852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:57:15.0070 5852 \Device\Harddisk0\DR0 - ok
18:57:15.0142 5852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:57:37.0090 4512 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 19:02:05
-----------------------------
19:02:05.003 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:05.004 Number of processors: 4 586 0xF07
19:02:05.005 ComputerName: JOHN-PC UserName: John
19:02:06.033 Initialize success
19:05:28.659 AVAST engine defs: 12031300
19:11:53.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
19:11:53.038 Disk 0 Vendor: ST332062 3.AA Size: 305245MB BusType: 3
19:11:53.045 Disk 0 MBR read successfully
19:11:53.048 Disk 0 MBR scan
19:11:53.058 Disk 0 Windows 7 default MBR code
19:11:53.066 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
19:11:53.080 Disk 0 scanning C:\Windows\system32\drivers
19:12:01.082 Service scanning
19:12:17.007 Modules scanning
19:12:17.014 Disk 0 trace - called modules:
19:12:17.026 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:12:17.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002c10060]
19:12:17.034 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800273ec60]
19:12:17.383 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa80026194e0]
19:12:18.599 AVAST engine scan C:\Windows
19:12:23.088 AVAST engine scan C:\Windows\system32
19:15:11.526 AVAST engine scan C:\Windows\system32\drivers
19:15:22.433 AVAST engine scan C:\Users\John
19:17:27.625 AVAST engine scan C:\ProgramData
19:19:53.780 Scan finished successfully
19:26:42.226 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
19:26:42.232 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 13 March 2012 - 09:40 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 14 March 2012 - 05:13 PM

Hello,


Here's OTL


OTL logfile created on: 3/14/2012 6:06:04 PM - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\John\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.52% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 72.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 234.71 Gb Free Space | 78.74% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 886.56 Gb Free Space | 95.17% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (kcrtx64) -- C:\Windows\SysNative\kcrtx64.sys (Kings Information & Network)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (catchme) -- C:\ComboFix\catchme.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A1 68 CC 02 D5 85 CB 01 [binary data]
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303}: "URL" = http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q={searchTerms}
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20110824&iesrc={referrer:source}
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C3442E7B-E9FD-46A7-BE8E-C87E6CD987D6}&mid=72d500dfd42347d1947ad14d0de7d4b1-9ca04b0a0e15a2aae6633ac2cca04581309fd063&lang=en&ds=tg027&pr=sa&d=2011-09-18 14:08:08&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "eSnips Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@peeringportal.com/AOD: C:\Windows\nppeeraod.dll (Peering Portal, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (Softsecurity Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/14 01:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 18:47:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 15:06:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/16 22:10:41 | 000,000,000 | ---D | M]

[2010/11/16 18:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/03/08 22:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions
[2012/02/15 00:26:08 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2012/02/03 22:42:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/14 01:02:45 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/04/17 22:45:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com
[2011/09/18 17:25:30 | 000,003,851 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\searchplugins\avg-secure-search.xml
[2011/10/02 22:54:02 | 000,000,923 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\searchplugins\conduit.xml
[2011/11/25 21:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M2TFK4UV.DEFAULT\EXTENSIONS\CZSNZHHTAV@CZSNZHHTAV.ORG.XPI
() (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M2TFK4UV.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
[2012/02/18 15:06:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2010/07/15 05:36:46 | 000,069,632 | ---- | M] (SK Communications Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCMListControl.dll
[2007/08/21 02:30:26 | 000,233,472 | ---- | M] (PeeringPortal) -- C:\Program Files (x86)\mozilla firefox\plugins\npcyworld.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2008/12/03 21:21:34 | 000,073,728 | ---- | M] (Peering Portal, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppeeraod.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/02/14 18:34:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/05 22:25:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/10/01 14:31:08 | 000,002,029 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\esnips.xml
[2012/02/14 18:34:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/11 15:55:10 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Real\Real\klzgc.dll (eMajix.com, Inc.)
O4 - HKU\S-1-5-18..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Real\Real\klzgc.dll (eMajix.com, Inc.)
O4 - HKU\S-1-5-21-2116333086-45548962-528574141-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2116333086-45548962-528574141-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2116333086-45548962-528574141-1005..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Real\Real\klzgc.dll (eMajix.com, Inc.)
O4 - HKU\S-1-5-21-2116333086-45548962-528574141-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: JavaSoft = C:\Windows\system32\config\systemprofile\AppData\Roaming\6F2958.exe
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: JavaSoft = C:\Windows\system32\config\systemprofile\AppData\Roaming\6F2958.exe
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2116333086-45548962-528574141-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2116333086-45548962-528574141-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\John\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\John\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://www.g-pin.go.kr/XecureObject/TouchEnkey3107_32k.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F31FDD3-721F-41D6-91F9-12BEE579185C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 17:47:21 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/03/14 00:02:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 00:02:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 00:02:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 19:02:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/03/13 18:57:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/13 17:21:42 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 17:20:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 17:20:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 17:20:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 17:20:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 17:20:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/10 19:50:39 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/03/10 19:34:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/10 19:31:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 19:23:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/08 22:15:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/08 22:15:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/08 22:15:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 17:09:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/02/27 23:40:03 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Podcast
[2012/02/27 23:40:03 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\MotorolaMediaLink
[2012/02/27 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2012/02/27 23:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Media Link
[2012/02/27 23:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/02/27 23:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/02/27 23:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Media Link
[2012/02/27 23:36:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Motorola
[2012/02/27 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Downloaded Installations
[2012/02/26 14:22:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG
[2012/02/26 14:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/25 13:53:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/25 13:53:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/20 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Uvaf
[2012/02/20 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Duroa
[2012/02/19 15:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/02/16 02:40:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 02:40:11 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/16 02:40:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 02:40:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 02:40:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/16 02:40:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 02:40:08 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/16 02:40:08 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 02:40:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/16 02:40:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/16 02:40:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 22:37:51 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 22:37:49 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 22:37:49 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 22:37:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 17:47:08 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/03/14 17:42:28 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 17:42:28 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 17:40:51 | 091,761,561 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/14 17:40:03 | 006,070,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/14 17:40:03 | 001,947,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/14 17:40:03 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/14 17:36:53 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 17:34:58 | 004,826,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 17:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 17:34:11 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/13 23:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 19:26:42 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/03/13 18:05:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/03/13 18:03:12 | 000,417,680 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/11 15:55:10 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/10 15:03:15 | 000,001,134 | ---- | M] () -- C:\Users\John\Desktop\ComboFix - Shortcut.lnk
[2012/03/03 17:07:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2012/02/27 23:37:13 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\MOTOROLA MEDIA LINK.lnk
[2012/02/25 20:25:39 | 000,000,229 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/25 14:10:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120225-192614.backup
[2012/02/22 16:55:15 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120222-213700.backup
[2012/02/20 18:01:12 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120220-213956.backup
[2012/02/17 02:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/17 01:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/16 02:42:58 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/13 19:26:42 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/03/10 15:03:15 | 000,001,134 | ---- | C] () -- C:\Users\John\Desktop\ComboFix - Shortcut.lnk
[2012/03/08 22:15:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/08 22:15:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/08 22:15:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/08 22:15:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/08 22:15:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/27 23:37:13 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\MOTOROLA MEDIA LINK.lnk
[2012/02/16 22:10:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/16 02:42:58 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/02/14 19:32:16 | 000,000,229 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/11 21:52:13 | 000,001,538 | -HS- | C] () -- C:\Users\John\AppData\Local\gfy7j1h4inpa
[2012/01/11 21:52:13 | 000,001,538 | -HS- | C] () -- C:\ProgramData\gfy7j1h4inpa
[2012/01/11 21:43:59 | 000,001,396 | -HS- | C] () -- C:\Users\John\AppData\Local\567k35v481313ck2gf546ep
[2012/01/11 21:43:59 | 000,001,396 | -HS- | C] () -- C:\ProgramData\567k35v481313ck2gf546ep
[2011/12/30 12:39:54 | 000,001,442 | -HS- | C] () -- C:\Users\John\AppData\Local\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/30 12:39:54 | 000,001,442 | -HS- | C] () -- C:\ProgramData\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/20 00:32:24 | 000,002,354 | -HS- | C] () -- C:\Users\John\AppData\Local\6u47cy4c82y108
[2011/12/20 00:32:24 | 000,002,354 | -HS- | C] () -- C:\ProgramData\6u47cy4c82y108
[2011/12/18 15:59:37 | 000,005,446 | -HS- | C] () -- C:\Users\John\AppData\Local\n1cq10c7ro3iik
[2011/12/18 15:59:37 | 000,005,446 | -HS- | C] () -- C:\ProgramData\n1cq10c7ro3iik
[2011/12/16 19:01:35 | 000,002,350 | -HS- | C] () -- C:\Users\John\AppData\Local\422812a8x855w464i684m2sni3l8
[2011/12/16 19:01:35 | 000,001,618 | -HS- | C] () -- C:\ProgramData\422812a8x855w464i684m2sni3l8
[2011/12/06 21:37:44 | 000,001,456 | ---- | C] () -- C:\Users\John\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/02 18:45:32 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/02 18:45:32 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/24 18:28:10 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/08/24 18:28:09 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/08/24 18:10:38 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/01/28 11:11:38 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/16 17:23:14 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/11/16 17:23:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== Files - Unicode (All) ==========
[2012/02/01 18:58:58 | 014,227,551 | ---- | M] ()(C:\Users\John\Desktop\???.psd) -- C:\Users\John\Desktop\포스터.psd
[2012/01/31 00:11:06 | 014,227,551 | ---- | C] ()(C:\Users\John\Desktop\???.psd) -- C:\Users\John\Desktop\포스터.psd

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 15 March 2012 - 08:01 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKU\S-1-5-21-2116333086-45548962-528574141-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://www.g-pin.go.kr/XecureObject/TouchEnkey3107_32k.cab (Reg Error: Key error.)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4  
    IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    IE - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Freecorder Customized Web Search"
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
    [2012/02/15 00:26:08 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2012/02/14 01:02:45 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/04/17 22:45:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com
    [2011/10/02 22:54:02 | 000,000,923 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\searchplugins\conduit.xml
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2116333086-45548962-528574141-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    [2012/01/11 21:52:13 | 000,001,538 | -HS- | C] () -- C:\Users\John\AppData\Local\gfy7j1h4inpa
    [2012/01/11 21:52:13 | 000,001,538 | -HS- | C] () -- C:\ProgramData\gfy7j1h4inpa
    [2012/01/11 21:43:59 | 000,001,396 | -HS- | C] () -- C:\Users\John\AppData\Local\567k35v481313ck2gf546ep
    [2012/01/11 21:43:59 | 000,001,396 | -HS- | C] () -- C:\ProgramData\567k35v481313ck2gf546ep
    [2011/12/30 12:39:54 | 000,001,442 | -HS- | C] () -- C:\Users\John\AppData\Local\213ms54md02a01808426vojooi4k641umf6gp23374q
    [2011/12/30 12:39:54 | 000,001,442 | -HS- | C] () -- C:\ProgramData\213ms54md02a01808426vojooi4k641umf6gp23374q
    [2011/12/20 00:32:24 | 000,002,354 | -HS- | C] () -- C:\Users\John\AppData\Local\6u47cy4c82y108
    [2011/12/20 00:32:24 | 000,002,354 | -HS- | C] () -- C:\ProgramData\6u47cy4c82y108
    [2011/12/18 15:59:37 | 000,005,446 | -HS- | C] () -- C:\Users\John\AppData\Local\n1cq10c7ro3iik
    [2011/12/18 15:59:37 | 000,005,446 | -HS- | C] () -- C:\ProgramData\n1cq10c7ro3iik
    [2011/12/16 19:01:35 | 000,002,350 | -HS- | C] () -- C:\Users\John\AppData\Local\422812a8x855w464i684m2sni3l8
    [2011/12/16 19:01:35 | 000,001,618 | -HS- | C] () -- C:\ProgramData\422812a8x855w464i684m2sni3l8
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 16 March 2012 - 05:41 PM

Hi,

Thanks for helping me out by the way.
Did you write those code?

Anyway, Google, bing like well known search engines used to redirect me to random site when I click on the searched link.
But after running OTL from previous scan, I noticed that it won't even go in to these sites.
Few days ago I went to google and it gave me this.

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

IP address: 94.63.147.10
Time: 2012-03-16T22:35:50Z
URL: http://74.125.65.99/search?hl=en&site=&source=hp&q=testing&btnG=Search

So something is running on my machine that is preventing...


And I don't know you know anything about spybot? when I run it, it finds this one item svhost.exe detected as Trojan but when I try to fix it, it always says that I am not the admin when I am the admin for this machine.... so something took my permission as well...

So pretty much, I can't use these search engines and I don't feel safe. I hope they are not recording my keystrokes.. or take my passwords...

Here is the log info. It didn't asked me to request. It froze for 20sec (not responding) but it came back and ran fine...







========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2116333086-45548962-528574141-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {6CE20149-ABE3-462E-A1B4-5B549971AA38}
C:\Windows\Downloaded Program Files\TouchEnKey.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
Starting removal of ActiveX control {D4B68B83-8710-488B-A692-D74B50BA558E}
C:\Windows\Downloaded Program Files\CTPIDPDE.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4B68B83-8710-488B-A692-D74B50BA558E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4B68B83-8710-488B-A692-D74B50BA558E}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKEY_USERS\S-1-5-21-2116333086-45548962-528574141-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2116333086-45548962-528574141-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2 removed from extensions.enabledItems
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m2tfk4uv.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\tbVuze.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2116333086-45548962-528574141-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
C:\Users\John\AppData\Local\gfy7j1h4inpa moved successfully.
C:\ProgramData\gfy7j1h4inpa moved successfully.
C:\Users\John\AppData\Local\567k35v481313ck2gf546ep moved successfully.
C:\ProgramData\567k35v481313ck2gf546ep moved successfully.
C:\Users\John\AppData\Local\213ms54md02a01808426vojooi4k641umf6gp23374q moved successfully.
C:\ProgramData\213ms54md02a01808426vojooi4k641umf6gp23374q moved successfully.
C:\Users\John\AppData\Local\6u47cy4c82y108 moved successfully.
C:\ProgramData\6u47cy4c82y108 moved successfully.
C:\Users\John\AppData\Local\n1cq10c7ro3iik moved successfully.
C:\ProgramData\n1cq10c7ro3iik moved successfully.
C:\Users\John\AppData\Local\422812a8x855w464i684m2sni3l8 moved successfully.
C:\ProgramData\422812a8x855w464i684m2sni3l8 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John\Desktop\cmd.bat deleted successfully.
C:\Users\John\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Admin

User: Administrator

User: All Users

User: Default

User: Default User

User: John
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 56958 bytes

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: John
->Flash cache emptied: 487 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56502 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.37.0 log created on 03162012_183332

#13 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 16 March 2012 - 05:44 PM

Hi,

I am just adding more status update from my post.

So, I can go to google now, and it's really weird.. some of the links work but some links redirects still...

Hopefully this will go away soon.

Let me know what I should do next.

John

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:01 AM

Posted 17 March 2012 - 12:00 AM

Let me know if this happens in all browsers or just one and which one does it do it in


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 17 March 2012 - 12:12 PM

HI,

This is happening to all my browsers which I only have firefox and IE.

google and bing. when I search for something, now I can click into the links fine for SOME.
And other times, it goes back to redirect random ad site.

and once in awhile, I get the message from google that they are detecting something from my machine that they want me to verify that I am human.
So something is still running in my machine for sure..

Let me know




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users