Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some sort of fake google site problem


  • This topic is locked This topic is locked
28 replies to this topic

#1 JobsAllOver

JobsAllOver

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 08 March 2012 - 12:03 PM

Hello. My computer is seemingly running well except for a couple of big problems. The first problem is that I am getting redirects to some malicious looking ad sites randomly when I visit new internet pages. The main problem, and likely tied to the first, is with google.com. Whenever I use it I can tell I am getting a fake version. It looks mostly the same except there are no paid ad spots at the top of the search results. I'm afraid to use my gmail accounts and google sites such as IMAGEs, Adsense, and Adwords just simply won't load and cannot be found.

What can I do? I'm runnig Windows 7 and use the latest Firefox for my browser. Thanks so much.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 PM

Posted 09 March 2012 - 03:35 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JobsAllOver

JobsAllOver
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 09 March 2012 - 05:41 PM

Hello, thanks so much for helping out! No problems thus far, emulation disabled just fine it seemed.

Here is my .dds log -

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Rigatoni at 17:40:13 on 2012-03-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4814 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56606
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{627A3C9B-BEA9-4BA9-A114-9580E7BEF046} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{BBE7CB2A-E251-4A58-8F26-028FC8208350} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C25D2763-D722-4237-88A2-20883911AD30} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Hosts: 188.119.151.113 www.google-analytics.com.
Hosts: 188.119.151.113 ad-emea.doubleclick.net.
Hosts: 188.119.151.113 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rigatoni\AppData\Roaming\Mozilla\Firefox\Profiles\vrfry1vt.default\
FF - prefs.js: network.proxy.http_port - 56606
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-27 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-14 2253120]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 rt61x64;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-09 18:11:21 20480 ------w- C:\Windows\svchost.exe
2012-03-09 18:10:51 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-09 17:45:51 -------- d-----w- C:\ComboFix
2012-03-09 17:26:38 98816 ----a-w- C:\Windows\sed.exe
2012-03-09 17:26:38 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-09 17:26:38 256000 ----a-w- C:\Windows\PEV.exe
2012-03-09 17:26:38 208896 ----a-w- C:\Windows\MBR.exe
2012-03-03 21:56:49 -------- d-----w- C:\Program Files (x86)\Batch Image Resizer
2012-02-27 17:57:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-27 17:09:05 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-23 21:55:16 -------- d-----w- C:\FRST
2012-02-21 15:41:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-17 21:47:24 -------- d-----w- C:\Users\Rigatoni\AppData\Roaming\Malwarebytes
2012-02-17 21:47:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-17 21:47:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-17 21:40:25 -------- d-----w- C:\Users\Rigatoni\AppData\Roaming\PC Tools
2012-02-17 21:40:25 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-02-17 21:40:25 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-17 21:38:54 -------- d-----w- C:\ProgramData\PC Tools
2012-02-15 05:07:29 -------- d-----w- C:\Users\Rigatoni\AppData\Roaming\.minecraft
2012-02-15 04:03:48 -------- d-----w- C:\Users\Rigatoni\AppData\Roaming\NVIDIA
2012-02-15 03:56:51 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-02-15 03:56:42 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2012-02-15 03:56:42 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-15 03:56:42 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-15 03:56:42 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-15 03:56:42 137536 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-15 03:56:42 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-15 03:56:31 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-15 02:56:24 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-02-15 02:45:41 -------- d-----w- C:\NVIDIA
.
==================== Find3M ====================
.
2011-12-18 20:02:51 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:40:34.67 ===============




And here is my Attach log -

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2011 10:51:12 PM
System Uptime: 3/9/2012 1:11:13 PM (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz | Socket 775 | 900/399mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 121.576 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Ralink RT61 Turbo Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&14591D7E&0&3880
Manufacturer: Ralink Technology, Inc.
Name: Ralink RT61 Turbo Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&14591D7E&0&3880
Service: rt61x64
.
==== System Restore Points ===================
.
RP58: 2/14/2012 9:37:00 PM - Scheduled Checkpoint
RP59: 2/17/2012 4:08:24 PM - Installed Microsoft Fix it 50267
RP60: 2/24/2012 12:56:01 AM - ComboFix created restore point
RP61: 2/27/2012 11:16:48 AM - ComboFix created restore point
RP62: 3/5/2012 3:06:11 PM - Scheduled Checkpoint
RP63: 3/9/2012 12:26:48 PM - ComboFix created restore point
.
==== Hosts File Hijack ======================
.
Hosts: 188.119.151.113 www.google-analytics.com.
Hosts: 188.119.151.113 ad-emea.doubleclick.net.
Hosts: 188.119.151.113 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
µTorrent
Add or Remove Adobe Premiere Pro CS5
Adobe After Effects CS5
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Professional CS5.5
Adobe Illustrator CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Akamai NetSession Interface
AndreaMosaic 3.33.0
Apple Application Support
Apple Software Update
Ask Toolbar
Auto Gordian Knot 2.55
AviSynth 2.5
Batch Image Resizer 2.88
Canon MP Navigator EX 1.0
Core FTP LE
CuteFTP 8 Home
DVD Flick 1.3.0.7
DVDStyler v1.8.4.2
FrostWire 4.21.5
GrabIt 1.7.2 Beta 4 (build 997)
ImgBurn
Java Auto Updater
Java™ 6 Update 24
LightScribe System Software
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
Notepad++
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.1
PDF Settings CS5
PxMergeModule
QuickPar 0.9
QuickTime
Ralink Wireless LAN
RoboForm 7-4-2 (All Users)
Skype™ 5.3
StarCraft II
VLC media player 1.1.9
VobSub v2.23 (Remove Only)
WBFS Manager 3.0
Windows Movie Maker 2.6
XviD MPEG4 Video Codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 2:12:24 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
3/9/2012 12:58:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/9/2012 12:58:20 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/9/2012 12:45:25 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/9/2012 12:36:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a9c047, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030912-26738-01.
3/9/2012 12:31:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a71047, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030912-26036-01.
3/9/2012 1:10:36 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================


Thanks again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 PM

Posted 09 March 2012 - 09:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JobsAllOver

JobsAllOver
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 11 March 2012 - 12:53 PM

Well, I tried about a dozen times. I cannot get ComboFix to completely finish. I've watched it towards the end and just as it says it is preparing the log report, an error is written on the command prompt. Something about For* commands. I could watch it again if you like. The log report never appears and it isn't in the Qoobox folder. Sometimes my computer crashes before it gets to this point even. What can I do?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 PM

Posted 11 March 2012 - 09:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JobsAllOver

JobsAllOver
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 12 March 2012 - 01:28 AM

Upon running TDSSKiller the problem APPEARS fixed, but it has been known to resurface in the past. Are there further steps I should take, or better ways to prevent this from occuring again? Here is the TDSS log -

02:10:32.0837 5544 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
02:10:33.0110 5544 ============================================================
02:10:33.0110 5544 Current date / time: 2012/03/12 02:10:33.0110
02:10:33.0110 5544 SystemInfo:
02:10:33.0110 5544
02:10:33.0110 5544 OS Version: 6.1.7600 ServicePack: 0.0
02:10:33.0110 5544 Product type: Workstation
02:10:33.0110 5544 ComputerName: PASTAPETE
02:10:33.0110 5544 UserName: Rigatoni
02:10:33.0110 5544 Windows directory: C:\Windows
02:10:33.0110 5544 System windows directory: C:\Windows
02:10:33.0110 5544 Running under WOW64
02:10:33.0110 5544 Processor architecture: Intel x64
02:10:33.0110 5544 Number of processors: 2
02:10:33.0110 5544 Page size: 0x1000
02:10:33.0110 5544 Boot type: Normal boot
02:10:33.0110 5544 ============================================================
02:10:34.0036 5544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:10:34.0050 5544 \Device\Harddisk0\DR0:
02:10:34.0050 5544 MBR used
02:10:34.0050 5544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
02:10:34.0068 5544 Initialize success
02:10:34.0068 5544 ============================================================
02:10:38.0259 5580 ============================================================
02:10:38.0259 5580 Scan started
02:10:38.0259 5580 Mode: Manual;
02:10:38.0259 5580 ============================================================
02:10:41.0733 5580 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
02:10:41.0736 5580 1394ohci - ok
02:10:41.0766 5580 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
02:10:41.0770 5580 ACPI - ok
02:10:41.0783 5580 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
02:10:41.0784 5580 AcpiPmi - ok
02:10:41.0825 5580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:10:41.0838 5580 adp94xx - ok
02:10:41.0866 5580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:10:41.0870 5580 adpahci - ok
02:10:41.0893 5580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:10:41.0896 5580 adpu320 - ok
02:10:41.0936 5580 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
02:10:41.0943 5580 AFD - ok
02:10:42.0068 5580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
02:10:42.0069 5580 agp440 - ok
02:10:42.0135 5580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
02:10:42.0136 5580 aliide - ok
02:10:42.0149 5580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
02:10:42.0150 5580 amdide - ok
02:10:42.0181 5580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:10:42.0182 5580 AmdK8 - ok
02:10:42.0200 5580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:10:42.0201 5580 AmdPPM - ok
02:10:42.0231 5580 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
02:10:42.0233 5580 amdsata - ok
02:10:42.0273 5580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:10:42.0276 5580 amdsbs - ok
02:10:42.0287 5580 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
02:10:42.0288 5580 amdxata - ok
02:10:42.0409 5580 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
02:10:42.0410 5580 AppID - ok
02:10:42.0467 5580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:10:42.0468 5580 arc - ok
02:10:42.0482 5580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:10:42.0483 5580 arcsas - ok
02:10:42.0508 5580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:10:42.0509 5580 AsyncMac - ok
02:10:42.0533 5580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
02:10:42.0534 5580 atapi - ok
02:10:42.0580 5580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:10:42.0586 5580 b06bdrv - ok
02:10:42.0712 5580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:10:42.0715 5580 b57nd60a - ok
02:10:42.0756 5580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:10:42.0757 5580 Beep - ok
02:10:42.0803 5580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:10:42.0804 5580 blbdrive - ok
02:10:42.0841 5580 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
02:10:42.0842 5580 bowser - ok
02:10:42.0855 5580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:10:42.0856 5580 BrFiltLo - ok
02:10:42.0870 5580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:10:42.0870 5580 BrFiltUp - ok
02:10:42.0900 5580 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:10:42.0902 5580 BridgeMP - ok
02:10:43.0023 5580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:10:43.0027 5580 Brserid - ok
02:10:43.0061 5580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:10:43.0062 5580 BrSerWdm - ok
02:10:43.0092 5580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:10:43.0092 5580 BrUsbMdm - ok
02:10:43.0103 5580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:10:43.0104 5580 BrUsbSer - ok
02:10:43.0138 5580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:10:43.0139 5580 BTHMODEM - ok
02:10:43.0197 5580 catchme - ok
02:10:43.0245 5580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:10:43.0247 5580 cdfs - ok
02:10:43.0383 5580 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
02:10:43.0385 5580 cdrom - ok
02:10:43.0438 5580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:10:43.0439 5580 circlass - ok
02:10:43.0495 5580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:10:43.0500 5580 CLFS - ok
02:10:43.0541 5580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:10:43.0542 5580 CmBatt - ok
02:10:43.0557 5580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
02:10:43.0557 5580 cmdide - ok
02:10:43.0586 5580 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
02:10:43.0591 5580 CNG - ok
02:10:43.0612 5580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:10:43.0613 5580 Compbatt - ok
02:10:43.0643 5580 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:10:43.0644 5580 CompositeBus - ok
02:10:43.0770 5580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:10:43.0771 5580 crcdisk - ok
02:10:43.0840 5580 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
02:10:43.0854 5580 CSC - ok
02:10:43.0901 5580 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
02:10:43.0902 5580 DfsC - ok
02:10:43.0930 5580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:10:43.0931 5580 discache - ok
02:10:43.0953 5580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:10:43.0954 5580 Disk - ok
02:10:44.0012 5580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:10:44.0012 5580 drmkaud - ok
02:10:44.0160 5580 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
02:10:44.0192 5580 DXGKrnl - ok
02:10:44.0293 5580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:10:44.0371 5580 ebdrv - ok
02:10:44.0409 5580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:10:44.0415 5580 elxstor - ok
02:10:44.0430 5580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
02:10:44.0431 5580 ErrDev - ok
02:10:44.0455 5580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:10:44.0458 5580 exfat - ok
02:10:44.0472 5580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:10:44.0475 5580 fastfat - ok
02:10:44.0607 5580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:10:44.0608 5580 fdc - ok
02:10:44.0633 5580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:10:44.0635 5580 FileInfo - ok
02:10:44.0654 5580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:10:44.0655 5580 Filetrace - ok
02:10:44.0687 5580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:10:44.0687 5580 flpydisk - ok
02:10:44.0714 5580 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
02:10:44.0717 5580 FltMgr - ok
02:10:44.0754 5580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:10:44.0755 5580 FsDepends - ok
02:10:44.0770 5580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:10:44.0771 5580 Fs_Rec - ok
02:10:44.0799 5580 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
02:10:44.0802 5580 fvevol - ok
02:10:44.0925 5580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:10:44.0927 5580 gagp30kx - ok
02:10:44.0974 5580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:10:44.0975 5580 GEARAspiWDM - ok
02:10:45.0009 5580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:10:45.0012 5580 hcw85cir - ok
02:10:45.0065 5580 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
02:10:45.0070 5580 HdAudAddService - ok
02:10:45.0093 5580 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:10:45.0095 5580 HDAudBus - ok
02:10:45.0111 5580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:10:45.0112 5580 HidBatt - ok
02:10:45.0132 5580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:10:45.0134 5580 HidBth - ok
02:10:45.0261 5580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:10:45.0263 5580 HidIr - ok
02:10:45.0301 5580 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
02:10:45.0302 5580 HidUsb - ok
02:10:45.0343 5580 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
02:10:45.0345 5580 HpSAMD - ok
02:10:45.0390 5580 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
02:10:45.0421 5580 HTTP - ok
02:10:45.0454 5580 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
02:10:45.0455 5580 hwpolicy - ok
02:10:45.0527 5580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:10:45.0529 5580 i8042prt - ok
02:10:45.0665 5580 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
02:10:45.0671 5580 iaStorV - ok
02:10:45.0705 5580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:10:45.0706 5580 iirsp - ok
02:10:45.0728 5580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
02:10:45.0729 5580 intelide - ok
02:10:45.0791 5580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:10:45.0792 5580 intelppm - ok
02:10:45.0844 5580 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:10:45.0846 5580 IpFilterDriver - ok
02:10:45.0877 5580 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:10:45.0879 5580 IPMIDRV - ok
02:10:45.0899 5580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:10:45.0901 5580 IPNAT - ok
02:10:46.0037 5580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:10:46.0038 5580 IRENUM - ok
02:10:46.0050 5580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
02:10:46.0051 5580 isapnp - ok
02:10:46.0073 5580 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
02:10:46.0077 5580 iScsiPrt - ok
02:10:46.0106 5580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:10:46.0108 5580 kbdclass - ok
02:10:46.0141 5580 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
02:10:46.0143 5580 kbdhid - ok
02:10:46.0188 5580 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
02:10:46.0197 5580 KSecDD - ok
02:10:46.0248 5580 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
02:10:46.0250 5580 KSecPkg - ok
02:10:46.0266 5580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:10:46.0267 5580 ksthunk - ok
02:10:46.0433 5580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:10:46.0434 5580 lltdio - ok
02:10:46.0469 5580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:10:46.0471 5580 LSI_FC - ok
02:10:46.0489 5580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:10:46.0490 5580 LSI_SAS - ok
02:10:46.0511 5580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:10:46.0512 5580 LSI_SAS2 - ok
02:10:46.0545 5580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:10:46.0546 5580 LSI_SCSI - ok
02:10:46.0556 5580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:10:46.0558 5580 luafv - ok
02:10:46.0625 5580 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
02:10:46.0625 5580 MBAMProtector - ok
02:10:46.0818 5580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:10:46.0819 5580 megasas - ok
02:10:46.0857 5580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:10:46.0861 5580 MegaSR - ok
02:10:46.0878 5580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:10:46.0879 5580 Modem - ok
02:10:46.0917 5580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:10:46.0918 5580 monitor - ok
02:10:46.0949 5580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:10:46.0951 5580 mouclass - ok
02:10:46.0990 5580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:10:46.0991 5580 mouhid - ok
02:10:47.0006 5580 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
02:10:47.0008 5580 mountmgr - ok
02:10:47.0026 5580 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
02:10:47.0029 5580 mpio - ok
02:10:47.0124 5580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:10:47.0126 5580 mpsdrv - ok
02:10:47.0177 5580 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
02:10:47.0180 5580 MRxDAV - ok
02:10:47.0218 5580 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:10:47.0221 5580 mrxsmb - ok
02:10:47.0247 5580 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:10:47.0250 5580 mrxsmb10 - ok
02:10:47.0271 5580 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:10:47.0273 5580 mrxsmb20 - ok
02:10:47.0296 5580 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
02:10:47.0297 5580 msahci - ok
02:10:47.0310 5580 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
02:10:47.0313 5580 msdsm - ok
02:10:47.0329 5580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:10:47.0330 5580 Msfs - ok
02:10:47.0431 5580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:10:47.0432 5580 mshidkmdf - ok
02:10:47.0448 5580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
02:10:47.0449 5580 msisadrv - ok
02:10:47.0484 5580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:10:47.0485 5580 MSKSSRV - ok
02:10:47.0494 5580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:10:47.0495 5580 MSPCLOCK - ok
02:10:47.0504 5580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:10:47.0505 5580 MSPQM - ok
02:10:47.0535 5580 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
02:10:47.0539 5580 MsRPC - ok
02:10:47.0574 5580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
02:10:47.0574 5580 mssmbios - ok
02:10:47.0588 5580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:10:47.0589 5580 MSTEE - ok
02:10:47.0601 5580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:10:47.0602 5580 MTConfig - ok
02:10:47.0711 5580 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
02:10:47.0712 5580 MTsensor - ok
02:10:47.0758 5580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:10:47.0759 5580 Mup - ok
02:10:47.0811 5580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:10:47.0816 5580 NativeWifiP - ok
02:10:47.0861 5580 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
02:10:47.0895 5580 NDIS - ok
02:10:47.0933 5580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:10:47.0934 5580 NdisCap - ok
02:10:47.0968 5580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:10:47.0969 5580 NdisTapi - ok
02:10:48.0034 5580 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
02:10:48.0036 5580 Ndisuio - ok
02:10:48.0081 5580 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:10:48.0084 5580 NdisWan - ok
02:10:48.0106 5580 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
02:10:48.0107 5580 NDProxy - ok
02:10:48.0125 5580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:10:48.0127 5580 NetBIOS - ok
02:10:48.0146 5580 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
02:10:48.0149 5580 NetBT - ok
02:10:48.0191 5580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:10:48.0193 5580 nfrd960 - ok
02:10:48.0232 5580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:10:48.0233 5580 Npfs - ok
02:10:48.0307 5580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:10:48.0308 5580 nsiproxy - ok
02:10:48.0364 5580 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
02:10:48.0409 5580 Ntfs - ok
02:10:48.0445 5580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:10:48.0446 5580 Null - ok
02:10:48.0527 5580 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
02:10:48.0533 5580 NVENETFD - ok
02:10:48.0859 5580 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:10:49.0163 5580 nvlddmkm - ok
02:10:49.0250 5580 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
02:10:49.0252 5580 nvraid - ok
02:10:49.0273 5580 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
02:10:49.0274 5580 nvstor - ok
02:10:49.0356 5580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
02:10:49.0358 5580 nv_agp - ok
02:10:49.0388 5580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
02:10:49.0390 5580 ohci1394 - ok
02:10:49.0483 5580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:10:49.0485 5580 Parport - ok
02:10:49.0528 5580 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
02:10:49.0529 5580 partmgr - ok
02:10:49.0556 5580 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
02:10:49.0559 5580 pci - ok
02:10:49.0577 5580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
02:10:49.0577 5580 pciide - ok
02:10:49.0623 5580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:10:49.0627 5580 pcmcia - ok
02:10:49.0655 5580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:10:49.0656 5580 pcw - ok
02:10:49.0691 5580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:10:49.0716 5580 PEAUTH - ok
02:10:49.0804 5580 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
02:10:49.0807 5580 PptpMiniport - ok
02:10:49.0826 5580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:10:49.0827 5580 Processor - ok
02:10:49.0907 5580 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
02:10:49.0910 5580 Psched - ok
02:10:49.0991 5580 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
02:10:49.0992 5580 PxHlpa64 - ok
02:10:50.0072 5580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:10:50.0124 5580 ql2300 - ok
02:10:50.0141 5580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:10:50.0144 5580 ql40xx - ok
02:10:50.0192 5580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:10:50.0194 5580 QWAVEdrv - ok
02:10:50.0212 5580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:10:50.0213 5580 RasAcd - ok
02:10:50.0281 5580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:10:50.0282 5580 RasAgileVpn - ok
02:10:50.0329 5580 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:10:50.0331 5580 Rasl2tp - ok
02:10:50.0399 5580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:10:50.0401 5580 RasPppoe - ok
02:10:50.0416 5580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:10:50.0418 5580 RasSstp - ok
02:10:50.0440 5580 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
02:10:50.0444 5580 rdbss - ok
02:10:50.0460 5580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:10:50.0461 5580 rdpbus - ok
02:10:50.0510 5580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:10:50.0511 5580 RDPCDD - ok
02:10:50.0561 5580 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
02:10:50.0564 5580 RDPDR - ok
02:10:50.0614 5580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:10:50.0614 5580 RDPENCDD - ok
02:10:50.0653 5580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:10:50.0654 5580 RDPREFMP - ok
02:10:50.0712 5580 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
02:10:50.0715 5580 RDPWD - ok
02:10:50.0747 5580 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
02:10:50.0751 5580 rdyboost - ok
02:10:50.0829 5580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:10:50.0831 5580 rspndr - ok
02:10:50.0920 5580 rt61x64 (51f0fd171844de3d9b9a0f4492db7aa4) C:\Windows\system32\DRIVERS\netr6164.sys
02:10:50.0925 5580 rt61x64 - ok
02:10:50.0976 5580 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:10:50.0979 5580 RTL8167 - ok
02:10:51.0079 5580 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
02:10:51.0079 5580 s3cap - ok
02:10:51.0134 5580 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
02:10:51.0136 5580 sbp2port - ok
02:10:51.0153 5580 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
02:10:51.0154 5580 scfilter - ok
02:10:51.0213 5580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:10:51.0214 5580 secdrv - ok
02:10:51.0275 5580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:10:51.0277 5580 Serenum - ok
02:10:51.0326 5580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:10:51.0328 5580 Serial - ok
02:10:51.0404 5580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:10:51.0405 5580 sermouse - ok
02:10:51.0455 5580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
02:10:51.0456 5580 sffdisk - ok
02:10:51.0470 5580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:10:51.0471 5580 sffp_mmc - ok
02:10:51.0486 5580 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
02:10:51.0487 5580 sffp_sd - ok
02:10:51.0502 5580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:10:51.0503 5580 sfloppy - ok
02:10:51.0571 5580 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
02:10:51.0594 5580 Sftfs - ok
02:10:51.0657 5580 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
02:10:51.0661 5580 Sftplay - ok
02:10:51.0701 5580 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
02:10:51.0701 5580 Sftredir - ok
02:10:51.0756 5580 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
02:10:51.0757 5580 Sftvol - ok
02:10:51.0828 5580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:10:51.0829 5580 SiSRaid2 - ok
02:10:51.0845 5580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:10:51.0847 5580 SiSRaid4 - ok
02:10:51.0874 5580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:10:51.0877 5580 Smb - ok
02:10:51.0931 5580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:10:51.0932 5580 spldr - ok
02:10:51.0995 5580 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
02:10:52.0001 5580 srv - ok
02:10:52.0067 5580 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
02:10:52.0073 5580 srv2 - ok
02:10:52.0128 5580 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
02:10:52.0131 5580 srvnet - ok
02:10:52.0183 5580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:10:52.0184 5580 stexstor - ok
02:10:52.0261 5580 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
02:10:52.0262 5580 storflt - ok
02:10:52.0296 5580 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
02:10:52.0297 5580 storvsc - ok
02:10:52.0321 5580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
02:10:52.0322 5580 swenum - ok
02:10:52.0422 5580 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
02:10:52.0477 5580 Tcpip - ok
02:10:52.0572 5580 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
02:10:52.0583 5580 TCPIP6 - ok
02:10:52.0605 5580 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
02:10:52.0606 5580 tcpipreg - ok
02:10:52.0620 5580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:10:52.0621 5580 TDPIPE - ok
02:10:52.0664 5580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
02:10:52.0665 5580 TDTCP - ok
02:10:52.0695 5580 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
02:10:52.0697 5580 tdx - ok
02:10:52.0750 5580 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
02:10:52.0752 5580 TermDD - ok
02:10:52.0845 5580 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:10:52.0846 5580 tssecsrv - ok
02:10:52.0881 5580 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
02:10:52.0884 5580 tunnel - ok
02:10:52.0899 5580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:10:52.0901 5580 uagp35 - ok
02:10:52.0924 5580 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
02:10:52.0929 5580 udfs - ok
02:10:52.0979 5580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
02:10:52.0980 5580 uliagpkx - ok
02:10:53.0032 5580 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
02:10:53.0033 5580 umbus - ok
02:10:53.0087 5580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:10:53.0088 5580 UmPass - ok
02:10:53.0157 5580 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:10:53.0159 5580 USBAAPL64 - ok
02:10:53.0214 5580 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
02:10:53.0216 5580 usbaudio - ok
02:10:53.0261 5580 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
02:10:53.0263 5580 usbccgp - ok
02:10:53.0324 5580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
02:10:53.0326 5580 usbcir - ok
02:10:53.0359 5580 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
02:10:53.0360 5580 usbehci - ok
02:10:53.0425 5580 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
02:10:53.0430 5580 usbhub - ok
02:10:53.0474 5580 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
02:10:53.0475 5580 usbohci - ok
02:10:53.0501 5580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:10:53.0503 5580 usbprint - ok
02:10:53.0528 5580 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:10:53.0530 5580 usbscan - ok
02:10:53.0569 5580 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:10:53.0571 5580 USBSTOR - ok
02:10:53.0612 5580 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:10:53.0613 5580 usbuhci - ok
02:10:53.0715 5580 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
02:10:53.0718 5580 usbvideo - ok
02:10:53.0771 5580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
02:10:53.0772 5580 vdrvroot - ok
02:10:53.0801 5580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:10:53.0802 5580 vga - ok
02:10:53.0818 5580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:10:53.0819 5580 VgaSave - ok
02:10:53.0867 5580 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
02:10:53.0870 5580 vhdmp - ok
02:10:53.0913 5580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
02:10:53.0914 5580 viaide - ok
02:10:53.0959 5580 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
02:10:53.0962 5580 vmbus - ok
02:10:53.0981 5580 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
02:10:53.0982 5580 VMBusHID - ok
02:10:53.0999 5580 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
02:10:54.0000 5580 volmgr - ok
02:10:54.0063 5580 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
02:10:54.0067 5580 volmgrx - ok
02:10:54.0121 5580 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
02:10:54.0125 5580 volsnap - ok
02:10:54.0147 5580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:10:54.0150 5580 vsmraid - ok
02:10:54.0165 5580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
02:10:54.0166 5580 vwifibus - ok
02:10:54.0199 5580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:10:54.0200 5580 WacomPen - ok
02:10:54.0285 5580 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:10:54.0293 5580 WANARP - ok
02:10:54.0306 5580 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:10:54.0307 5580 Wanarpv6 - ok
02:10:54.0344 5580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:10:54.0345 5580 Wd - ok
02:10:54.0377 5580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:10:54.0399 5580 Wdf01000 - ok
02:10:54.0502 5580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:10:54.0503 5580 WfpLwf - ok
02:10:54.0521 5580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:10:54.0522 5580 WIMMount - ok
02:10:54.0621 5580 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
02:10:54.0622 5580 WinUsb - ok
02:10:54.0672 5580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:10:54.0673 5580 WmiAcpi - ok
02:10:54.0716 5580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:10:54.0717 5580 ws2ifsl - ok
02:10:54.0750 5580 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
02:10:54.0752 5580 WudfPf - ok
02:10:54.0855 5580 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:10:54.0858 5580 WUDFRd - ok
02:10:54.0900 5580 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
02:10:54.0929 5580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
02:10:54.0929 5580 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
02:10:54.0932 5580 Boot (0x1200) (9187fe8966b75219702ec6ca25302405) \Device\Harddisk0\DR0\Partition0
02:10:54.0933 5580 \Device\Harddisk0\DR0\Partition0 - ok
02:10:54.0934 5580 ============================================================
02:10:54.0934 5580 Scan finished
02:10:54.0934 5580 ============================================================
02:10:54.0943 5236 Detected object count: 1
02:10:54.0943 5236 Actual detected object count: 1
02:11:04.0042 5236 \Device\Harddisk0\DR0\# - copied to quarantine
02:11:04.0042 5236 \Device\Harddisk0\DR0 - copied to quarantine
02:11:04.0082 5236 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
02:11:04.0083 5236 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
02:11:04.0086 5236 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
02:11:04.0089 5236 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
02:11:04.0097 5236 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
02:11:04.0102 5236 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
02:11:04.0103 5236 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
02:11:04.0104 5236 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
02:11:04.0105 5236 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
02:11:04.0107 5236 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
02:11:04.0108 5236 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
02:11:04.0109 5236 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
02:11:04.0112 5236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
02:11:04.0114 5236 \Device\Harddisk0\DR0 - ok
02:11:05.0336 5236 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
02:11:23.0928 3652 Deinitialize success



And the aswMBR log -

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-12 02:15:49
-----------------------------
02:15:49.563 OS Version: Windows x64 6.1.7600
02:15:49.563 Number of processors: 2 586 0xF06
02:15:49.563 ComputerName: PASTAPETE UserName: Rigatoni
02:15:50.655 Initialize success
02:16:39.006 AVAST engine defs: 12031101
02:16:43.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
02:16:43.639 Disk 0 Vendor: WDC_WD32 21.0 Size: 305245MB BusType: 3
02:16:43.655 Disk 0 MBR read successfully
02:16:43.655 Disk 0 MBR scan
02:16:43.655 Disk 0 Windows 7 default MBR code
02:16:43.655 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
02:16:43.671 Disk 0 scanning C:\Windows\system32\drivers
02:16:56.962 Service scanning
02:17:24.402 Modules scanning
02:17:24.402 Disk 0 trace - called modules:
02:17:24.418 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
02:17:24.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005b24060]
02:17:24.418 3 CLASSPNP.SYS[fffff8800198243f] -> nt!IofCallDriver -> [0xfffffa8004f0d040]
02:17:24.433 5 ACPI.sys[fffff88000f55781] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80059aa9d0]
02:17:25.432 AVAST engine scan C:\Windows
02:17:27.975 AVAST engine scan C:\Windows\system32
02:20:16.520 AVAST engine scan C:\Windows\system32\drivers
02:20:36.987 AVAST engine scan C:\Users\Rigatoni
02:24:23.708 Disk 0 MBR has been saved successfully to "C:\Users\Rigatoni\Desktop\MBR.dat"
02:24:23.708 The log file has been saved successfully to "C:\Users\Rigatoni\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 PM

Posted 12 March 2012 - 01:41 AM

Hello

That looks good but I want to do some double checks

I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JobsAllOver

JobsAllOver
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 12 March 2012 - 11:12 AM

Combofix had the same error in safe mode. Something about a bad batch parameter when running something .vir - Then it said uses a For/ or Call/ command instead.

Also I did click a webpage recently and get a malicious ad redirect, so the problem is still around. What can I do?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 PM

Posted 12 March 2012 - 05:05 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JobsAllOver

JobsAllOver
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 12 March 2012 - 07:05 PM

Hmm... I used the new version of Combofix you linked to - but I encountered the same problem. The google problem hasn't resurfaced yet, but I am getting the occasional ad redirect.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 PM

Posted 12 March 2012 - 08:39 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JobsAllOver

JobsAllOver
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 12 March 2012 - 08:56 PM

Alright, here is the OTL log -

OTL logfile created on: 3/12/2012 9:50:30 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Rigatoni\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 63.28% Memory free
12.00 Gb Paging File | 9.26 Gb Available in Paging File | 77.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 120.72 Gb Free Space | 40.50% Space Free | Partition Type: NTFS
Drive D: | 3.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PASTAPETE | User Name: Rigatoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rigatoni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 61 31 4B B6 ED CC 01 [binary data]
IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56606


========== FireFox ==========

FF - prefs.js..network.proxy.http_port: 56606
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/09/05 15:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/28 16:04:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/06 22:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rigatoni\AppData\Roaming\Mozilla\Extensions
[2012/02/24 01:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rigatoni\AppData\Roaming\Mozilla\Firefox\Profiles\vrfry1vt.default\extensions
[2011/12/20 17:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\RIGATONI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VRFRY1VT.DEFAULT\EXTENSIONS\CHACHAGUIDEBAR@CHACHA.COM.XPI
[2012/02/28 16:04:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/28 16:04:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/28 16:04:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/19 23:19:17 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.113 www.google-analytics.com.
O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.113 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-911654618-2236601301-3508037184-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-911654618-2236601301-3508037184-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-911654618-2236601301-3508037184-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-911654618-2236601301-3508037184-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{627A3C9B-BEA9-4BA9-A114-9580E7BEF046}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBE7CB2A-E251-4A58-8F26-028FC8208350}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C25D2763-D722-4237-88A2-20883911AD30}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\D88B3\0A616.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\D88B3\0A616.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/08 16:19:29 | 000,000,097 | ---- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = 01m] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\mgf.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = 01m] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\mgf.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 21:49:17 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Rigatoni\Desktop\OTL.exe
[2012/03/12 20:01:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/12 19:39:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/12 19:31:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/12 02:15:20 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Rigatoni\Desktop\aswMBR.exe
[2012/03/12 02:09:52 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rigatoni\Desktop\tdsskiller.exe
[2012/03/11 22:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/03/11 22:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/11 22:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/03/11 13:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/03/11 13:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/03/11 13:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/03/10 14:47:38 | 004,435,063 | R--- | C] (Swearware) -- C:\Users\Rigatoni\Desktop\ComboFix.exe
[2012/03/09 18:38:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rigatoni\Desktop\dds.scr
[2012/03/09 13:26:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/09 13:26:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/09 13:26:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 17:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batch Image Resizer
[2012/03/03 17:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Batch Image Resizer
[2012/03/03 17:31:35 | 000,000,000 | ---D | C] -- C:\Users\Rigatoni\Desktop\Walk Cycles
[2012/02/27 13:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/27 13:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/27 13:09:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/23 17:55:16 | 000,000,000 | ---D | C] -- C:\FRST
[2012/02/21 11:41:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/17 17:47:24 | 000,000,000 | ---D | C] -- C:\Users\Rigatoni\AppData\Roaming\Malwarebytes
[2012/02/17 17:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/17 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/17 17:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/17 17:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/17 17:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/02/17 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Rigatoni\AppData\Roaming\PC Tools
[2012/02/17 17:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/02/17 17:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/15 01:07:29 | 000,000,000 | ---D | C] -- C:\Users\Rigatoni\AppData\Roaming\.minecraft
[2012/02/15 00:03:48 | 000,000,000 | ---D | C] -- C:\Users\Rigatoni\AppData\Roaming\NVIDIA
[2012/02/14 23:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/02/14 23:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/02/14 23:56:42 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/02/14 23:56:42 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/02/14 23:56:42 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2012/02/14 23:56:42 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/02/14 23:56:42 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/02/14 23:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/02/14 23:55:56 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/02/14 23:55:56 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/02/14 23:55:55 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/02/14 23:55:55 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/02/14 23:55:55 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/02/14 23:55:55 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/02/14 23:55:52 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/02/14 23:55:52 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/02/14 23:55:52 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/02/14 23:55:52 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/02/14 23:55:52 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/02/14 23:55:52 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/02/14 23:55:52 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/02/14 23:55:51 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/02/14 23:55:51 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/02/14 23:55:51 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/02/14 22:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/02/14 22:45:41 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/02/14 21:56:11 | 000,000,000 | ---D | C] -- C:\Users\Rigatoni\AppData\Roaming\SystemRequirementsLab
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rigatoni\*.tmp files -> C:\Users\Rigatoni\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 21:49:16 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Rigatoni\Desktop\OTL.exe
[2012/03/12 20:08:48 | 000,016,624 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 20:08:48 | 000,016,624 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 20:07:40 | 000,731,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/12 20:07:40 | 000,627,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/12 20:07:40 | 000,107,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/12 20:01:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 20:01:16 | 535,732,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 19:30:32 | 004,435,063 | R--- | M] (Swearware) -- C:\Users\Rigatoni\Desktop\ComboFix.exe
[2012/03/12 02:24:23 | 000,000,512 | ---- | M] () -- C:\Users\Rigatoni\Desktop\MBR.dat
[2012/03/12 02:15:32 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Rigatoni\Desktop\aswMBR.exe
[2012/03/12 02:09:55 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rigatoni\Desktop\tdsskiller.exe
[2012/03/11 13:15:31 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/03/11 11:36:04 | 531,395,530 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/09 18:38:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rigatoni\Desktop\dds.scr
[2012/03/09 18:37:59 | 000,000,000 | ---- | M] () -- C:\Users\Rigatoni\defogger_reenable
[2012/03/09 18:37:34 | 000,050,477 | ---- | M] () -- C:\Users\Rigatoni\Desktop\Defogger.exe
[2012/03/06 15:16:41 | 004,234,332 | ---- | M] () -- C:\Users\Rigatoni\Desktop\RyuLeftFoot.psd
[2012/03/03 17:56:49 | 000,001,044 | ---- | M] () -- C:\Users\Rigatoni\Desktop\Batch Image Resizer.lnk
[2012/02/27 13:09:06 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 17:02:45 | 000,001,376 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2012/02/14 23:26:09 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rigatoni\*.tmp files -> C:\Users\Rigatoni\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/12 02:24:23 | 000,000,512 | ---- | C] () -- C:\Users\Rigatoni\Desktop\MBR.dat
[2012/03/11 13:15:31 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/03/09 18:37:59 | 000,000,000 | ---- | C] () -- C:\Users\Rigatoni\defogger_reenable
[2012/03/09 18:37:35 | 000,050,477 | ---- | C] () -- C:\Users\Rigatoni\Desktop\Defogger.exe
[2012/03/09 13:26:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/09 13:26:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/09 13:26:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/09 13:26:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/09 13:26:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/06 15:16:40 | 004,234,332 | ---- | C] () -- C:\Users\Rigatoni\Desktop\RyuLeftFoot.psd
[2012/03/03 17:56:49 | 000,001,044 | ---- | C] () -- C:\Users\Rigatoni\Desktop\Batch Image Resizer.lnk
[2012/02/27 13:09:06 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 23:55:55 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/02/14 22:04:31 | 053,545,909 | ---- | C] () -- C:\Users\Rigatoni\Desktop\minecraft cracked istaller v1.0.0.exe
[2012/01/17 20:06:41 | 000,000,132 | ---- | C] () -- C:\Users\Rigatoni\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/01/17 15:16:26 | 000,000,132 | ---- | C] () -- C:\Users\Rigatoni\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/13 13:50:13 | 000,016,384 | ---- | C] () -- C:\Users\Rigatoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 19:56:18 | 000,001,456 | ---- | C] () -- C:\Users\Rigatoni\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/08 13:25:39 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/12/08 11:19:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\V3c5furc.dat
[2011/08/18 11:20:23 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/29 21:04:20 | 000,000,770 | ---- | C] () -- C:\Users\Rigatoni\AppData\Local\RT61_{BBE7CB2A-E251-4A58-8F26-028FC8208350}_sta
[2011/07/29 21:04:17 | 000,003,001 | ---- | C] () -- C:\Users\Rigatoni\AppData\Local\RT61_{BBE7CB2A-E251-4A58-8F26-028FC8208350}_prof
[2011/06/17 19:54:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/28 02:37:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1230 bytes -> C:\Users\Rigatoni\AppData\Local\tASlEdmvq:iSMNyI8lUh3QipObwGFYD
@Alternate Data Stream - 1144 bytes -> C:\ProgramData\Microsoft:L077HWxpF1kcw2FFrrCaVhx
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:yrUk1YcswVC73mw2X34W0EIux1hVt
@Alternate Data Stream - 1111 bytes -> C:\ProgramData\Microsoft:7TPKAt5TBWlMV9aich
@Alternate Data Stream - 1080 bytes -> C:\Program Files\Common Files\Microsoft Shared:u9HkMW69278pQEHY3jRNfqd8
@Alternate Data Stream - 1057 bytes -> C:\Users\Rigatoni\AppData\Local\FB4Zcy0Xqpljfg:zq378Tuv57MOPf3NapkYxIegF

< End of report >


And the Extras log -

OTL Extras logfile created on: 3/12/2012 9:50:30 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Rigatoni\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 63.28% Memory free
12.00 Gb Paging File | 9.26 Gb Available in Paging File | 77.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 120.72 Gb Free Space | 40.50% Space Free | Partition Type: NTFS
Drive D: | 3.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PASTAPETE | User Name: Rigatoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = 01m] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\mgf.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = 01m] -- "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\mgf.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-911654618-2236601301-3508037184-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN
"Adobe AIR" = Adobe AIR
"AI RoboForm" = RoboForm 7-4-2 (All Users)
"Akamai" = Akamai NetSession Interface
"AndreaMosaic" = AndreaMosaic 3.33.0
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Batch Image Resizer_is1" = Batch Image Resizer 2.88
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CoreFTP" = Core FTP LE
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDStyler_is1" = DVDStyler v1.8.4.2
"FrostWire" = FrostWire 4.21.5
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"ImgBurn" = ImgBurn
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"QuickPar" = QuickPar 0.9
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"VobSub" = VobSub v2.23 (Remove Only)
"WBFS Manager 3.0" = WBFS Manager 3.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-911654618-2236601301-3508037184-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2012 6:40:10 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/12/2012 6:40:10 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9032

Error - 3/12/2012 6:40:10 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9032

Error - 3/12/2012 6:40:11 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/12/2012 6:40:11 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10031

Error - 3/12/2012 6:40:11 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10031

Error - 3/12/2012 6:40:12 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/12/2012 6:40:12 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11029

Error - 3/12/2012 6:40:12 PM | Computer Name = PastaPete | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11029

Error - 3/12/2012 8:11:42 PM | Computer Name = PastaPete | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
DownloadLatest Failed: A connection with the server could not be established

[ Media Center Events ]
Error - 6/17/2011 8:54:50 PM | Computer Name = PastaPete | Source = Microsoft-Windows-Media Center Extender | ID = 116
Description =

Error - 6/30/2011 12:14:01 AM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 12:14:01 AM - Error connecting to the internet. 12:14:01 AM - Unable
to contact server..

Error - 6/30/2011 12:14:34 AM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 12:14:30 AM - Error connecting to the internet. 12:14:30 AM - Unable
to contact server..

Error - 6/30/2011 1:15:13 AM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 1:15:13 AM - Error connecting to the internet. 1:15:13 AM - Unable
to contact server..

Error - 6/30/2011 1:15:43 AM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 1:15:42 AM - Error connecting to the internet. 1:15:42 AM - Unable
to contact server..

Error - 7/29/2011 8:51:44 PM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 8:51:44 PM - Error connecting to the internet. 8:51:44 PM - Unable
to contact server..

Error - 7/29/2011 8:51:54 PM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 8:51:49 PM - Error connecting to the internet. 8:51:49 PM - Unable
to contact server..

Error - 7/31/2011 6:31:11 PM | Computer Name = PastaPete | Source = Microsoft-Windows-Media Center Extender | ID = 116
Description =

Error - 8/13/2011 10:44:01 AM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 10:44:01 AM - Error connecting to the internet. 10:44:01 AM - Unable
to contact server..

Error - 8/13/2011 10:44:12 AM | Computer Name = PastaPete | Source = MCUpdate | ID = 0
Description = 10:44:06 AM - Error connecting to the internet. 10:44:06 AM - Unable
to contact server..

[ System Events ]
Error - 3/12/2012 12:07:57 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/12/2012 12:07:57 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/12/2012 12:07:57 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/12/2012 12:07:57 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 3/12/2012 12:09:30 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 3/12/2012 3:07:47 PM | Computer Name = PastaPete | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 3/12/2012 7:30:49 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 3/12/2012 7:36:32 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/12/2012 7:39:58 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/12/2012 8:01:25 PM | Computer Name = PastaPete | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:13 PM

Posted 12 March 2012 - 09:04 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60364
    IE - HKU\S-1-5-21-911654618-2236601301-3508037184-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56606
    FF - prefs.js..network.proxy.http_port: 56606
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 1230 bytes -> C:\Users\Rigatoni\AppData\Local\tASlEdmvq:iSMNyI8lUh3QipObwGFYD
    @Alternate Data Stream - 1144 bytes -> C:\ProgramData\Microsoft:L077HWxpF1kcw2FFrrCaVhx
    @Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:yrUk1YcswVC73mw2X34W0EIux1hVt
    @Alternate Data Stream - 1111 bytes -> C:\ProgramData\Microsoft:7TPKAt5TBWlMV9aich
    @Alternate Data Stream - 1080 bytes -> C:\Program Files\Common Files\Microsoft Shared:u9HkMW69278pQEHY3jRNfqd8
    @Alternate Data Stream - 1057 bytes -> C:\Users\Rigatoni\AppData\Local\FB4Zcy0Xqpljfg:zq378Tuv57MOP
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JobsAllOver

JobsAllOver
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 12 March 2012 - 09:48 PM

Well the computer seems fine, hard to know if the ad redirects are still occuring as they seem so random. I'll definitely update if I get one. I imagine you want me to try ComboFix again?


Here is the report -
Files\Folders moved on Reboot...
File move failed. C:\Users\Rigatoni\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Rigatoni\AppData\Local\Mozilla\Firefox\Profiles\vrfry1vt.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Rigatoni\AppData\Local\Mozilla\Firefox\Profiles\vrfry1vt.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Rigatoni\AppData\Local\Mozilla\Firefox\Profiles\vrfry1vt.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Rigatoni\AppData\Local\Mozilla\Firefox\Profiles\vrfry1vt.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Rigatoni\AppData\Local\Mozilla\Firefox\Profiles\vrfry1vt.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users