Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef, conedex! trojans all over the place!


  • This topic is locked This topic is locked
29 replies to this topic

#1 nsmosses

nsmosses

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:38 PM

Posted 14 March 2012 - 11:24 AM

Hi!
I've read trough several topics, and it is nice to see everyone gets helped around here. Everyone is so nice!!
I have found some similair problems to mine, but I just want to be safe, so here is my personal issue.

Obviously, I have a problem. And I think it is quite a big one (feels like one, anyway)

my system:

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 26-6-2011 12:20:20 (I had to re-install, because it wouldn't boot...I want to avoid that, if possible..)
System Uptime: 14-3-2012 14:08:23 (2 hours ago)
Motherboard: Dell Inc. | | 0CT017
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz
Firefox

anti virus downloaded AFTER suspicious behavior
(=I tried to save a funny .gif I saw on some random tumblr. That was when my browser got stuck, I had to reboot, after a while I got the Blue Screen of Death, my virus senses starting tingling)
NOD32
Microsoft Essentials (this detected and supposedly removed up to 21 trojans. 21!!!!)

Found:
Trojan.Win32/conedex.B
TrojanDropper:win32/sirefef.N
Trojan:win32/sirefef.J
"conedex.C
"Sirefef.P
"Conedex.A
"Sirefef.J
Trojandropper:Win32/sirefef.N
A few Redirect.A's (NOD32 removed them, I think)
and the list goes on, 21 of them. (even a few with win64?)

Tried running GMER, but it stopped working after a few min.
Below you will find the DDS-log.
I ran a Farbar Service Scan. I seem to be missing some service and registry keys! Below is the scan.


I am not entirely sure if it was removed (although my browser does load sites much faster now! hadnt even noticed -.-"),
because even after the restart, I could not change my firewall settings, which is really unsettling.
EDIT: It seems that my windows firewall was completely removed...........

I am not an entire leek when it comes to computers, but this seems to be EVERYWHERE in my pc, and I don't want to eff up anything essential.
Actually I cannot afford to back anything up, which sucks. So.. yeh. :(

So, please let me know what other information you need from me, and I will provide it.
I feel like such a noob right now, but I am trying to stay calm and not throw my pc out of my window.
THANKS A BUNCH for reading, and hopefully this ordeal will come to an end soon.

Natasha :flowers:

(I have nothing to offer money-wise, but Im an illustrator,
and if you'd like, I can offer art! You know, to compensate you for your trouble :)
natashastevie.tumblr.com if you are curious :bananas: )




DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 10.0.0
Run by Natasha at 16:44:24 on 2012-03-14
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2045.837 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Natasha\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\CTsvcCDA.exe
c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
C:\Windows\system32\dlcqcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
uWinlogon: Shell=c:\users\natasha\appdata\local\e4cac4ca\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Facebook Update] "c:\users\natasha\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AdobeBridge]
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\natasha\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\natasha\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\natasha\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{776280C7-500F-43F5-8636-AF60828AB4E8} : DhcpNameServer = 213.46.228.196 62.179.104.196
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\natasha\appdata\roaming\mozilla\firefox\profiles\198xagm4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\users\natasha\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-31 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl9574b68c;MpKsl9574b68c;c:\programdata\microsoft\microsoft antimalware\definition updates\{02a3b805-d046-46e2-b958-8b54cd55b144}\MpKsl9574b68c.sys [2012-3-14 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-10-1 25832]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-26 2214504]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-7-1 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-7-1 416112]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-7-1 16240]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\vmcam323av.sys [2012-1-31 232960]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2012-1-31 475136]
.
=============== Created Last 30 ================
.
2012-03-14 12:49:55 -------- d-----w- C:\sh4ldr
2012-03-14 12:49:55 -------- d-----w- c:\program files\Enigma Software Group
2012-03-14 12:49:42 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-14 12:49:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-14 12:31:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{02a3b805-d046-46e2-b958-8b54cd55b144}\offreg.dll
2012-03-14 12:30:54 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{02a3b805-d046-46e2-b958-8b54cd55b144}\MpKsl9574b68c.sys
2012-03-14 12:23:00 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2ad5c134-4f44-4c5c-af02-ce1374f80b01}\gapaengine.dll
2012-03-14 12:22:31 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{02a3b805-d046-46e2-b958-8b54cd55b144}\mpengine.dll
2012-03-14 12:17:01 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-14 03:40:48 -------- d-----w- c:\program files\ESET
2012-03-14 00:14:59 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-03-14 00:11:12 -------- d-sh--w- c:\users\natasha\appdata\local\e4cac4ca
2012-03-10 03:43:20 -------- d-----w- C:\Mass Effect 3
2012-03-10 01:33:45 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4542988a-dd9c-4200-a9b9-dd8de06a0bb8}\offreg.dll
2012-03-10 01:13:55 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4542988a-dd9c-4200-a9b9-dd8de06a0bb8}\mpengine.dll
2012-02-27 12:24:32 -------- d-----w- c:\program files\Pixologic
2012-02-27 12:21:07 -------- d-----w- c:\users\natasha\appdata\local\Downloaded Installations
2012-02-15 00:51:24 -------- d-----w- c:\programdata\EA Logs
2012-02-15 00:33:06 -------- d-----w- c:\program files\Origin Games
2012-02-15 00:32:52 -------- d-----w- c:\users\natasha\appdata\local\Origin
2012-02-15 00:32:48 -------- d-----w- c:\users\natasha\appdata\roaming\Origin
2012-02-15 00:32:33 -------- d-----w- c:\programdata\Origin
2012-02-15 00:32:18 -------- d-----w- c:\program files\Origin
.
==================== Find3M ====================
.
2012-03-14 13:03:46 68096 ----a-w- c:\windows\system32\drivers\tdx.sys.org
2012-03-14 00:13:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2003-11-03 15:07:06 499712 ----a-w- c:\program files\msvcp71.dll
2003-11-03 15:07:06 348160 ----a-w- c:\program files\msvcr71.dll
2003-05-30 07:22:06 344064 ----a-r- c:\program files\msvcr70.dll
2002-01-05 01:40:18 487424 ----a-w- c:\program files\msvcp70.dll
.
============= FINISH: 16:46:13,50 ===============


FSS

Farbar Service Scanner Version: 01-03-2012
Ran by Natasha (administrator) on 14-03-2012 at 20:29:06
Running from "C:\Users\Natasha\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll
[2006-11-02 09:51] - [2006-11-02 10:46] - 0259584 ____A (Microsoft Corporation) DFB250BAC1A9108ABD777EA181E32015

C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2011-06-26 22:43] - [2011-06-26 22:43] - 0265912 ____A (Microsoft Corporation) 0D5AD0E71FF5DDAC5DD2F443B499ABD0

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by boopme, 14 March 2012 - 02:36 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 15 March 2012 - 01:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 19 March 2012 - 09:55 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 nsmosses

nsmosses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:38 PM

Posted 20 March 2012 - 02:48 AM

Hi! Yes! Family business! I will post a log when i get home from work, thanks a lot!!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 20 March 2012 - 02:52 AM

No problem :thumbup2:



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 nsmosses

nsmosses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:38 PM

Posted 20 March 2012 - 05:30 PM

It said it found a rootkit.zeroaccess






--------------------------------


ComboFix 12-03-20.01 - Natasha 20-03-2012 23:05:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.31.1043.18.2045.743 [GMT 1:00]
Gestart vanuit: c:\users\Natasha\Downloads\ComboFix.exe
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
c:\windows\$NtUninstallKB57343$
c:\windows\$NtUninstallKB57343$\1038238783
c:\windows\$NtUninstallKB57343$\3838493898\@
c:\windows\$NtUninstallKB57343$\3838493898\L\qnbwvoto
c:\windows\$NtUninstallKB57343$\3838493898\loader.tlb
c:\windows\$NtUninstallKB57343$\3838493898\U\@00000001
c:\windows\$NtUninstallKB57343$\3838493898\U\@000000c0
c:\windows\$NtUninstallKB57343$\3838493898\U\@000000cb
c:\windows\$NtUninstallKB57343$\3838493898\U\@000000cf
c:\windows\$NtUninstallKB57343$\3838493898\U\@80000000
c:\windows\$NtUninstallKB57343$\3838493898\U\@800000c0
c:\windows\$NtUninstallKB57343$\3838493898\U\@800000cb
c:\windows\$NtUninstallKB57343$\3838493898\U\@800000cf
c:\windows\_iserr31.ini
c:\windows\system32\dds_log_ad13.cmd
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-20 to 2012-03-20 ))))))))))))))))))))))))))))))
.
.
2012-03-20 22:21 . 2012-03-20 22:21 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C34A28E-19F7-4634-9230-32E6AC564E3C}\offreg.dll
2012-03-20 22:19 . 2012-03-20 22:22 -------- d-----w- c:\users\Natasha\AppData\Local\temp
2012-03-20 22:19 . 2012-03-20 22:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-20 22:19 . 2012-03-20 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 18:56 . 2012-03-01 13:34 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C34A28E-19F7-4634-9230-32E6AC564E3C}\mpengine.dll
2012-03-20 07:32 . 2012-03-20 07:32 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 07:32 . 2012-03-20 07:32 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 12:17 . 2012-03-01 13:34 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-15 14:23 . 2012-03-15 14:49 -------- d-----w- C:\AdobeTemp
2012-03-15 13:28 . 2012-03-15 13:28 -------- d-----w- c:\users\Natasha\AppData\Local\SWTOR
2012-03-14 18:50 . 2012-03-14 18:50 268800 ----a-w- c:\windows\system32\es.dll
2012-03-14 12:49 . 2012-03-14 12:55 -------- d-----w- C:\sh4ldr
2012-03-14 12:49 . 2012-03-14 12:49 -------- d-----w- c:\program files\Enigma Software Group
2012-03-14 12:49 . 2012-03-14 12:55 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-14 12:49 . 2012-03-14 12:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-14 12:23 . 2012-02-09 12:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AD5C134-4F44-4C5C-AF02-CE1374F80B01}\gapaengine.dll
2012-03-14 12:17 . 2012-03-14 12:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-14 03:40 . 2012-03-14 03:40 -------- d-----w- c:\program files\ESET
2012-03-14 00:11 . 2012-03-14 12:39 -------- d-sh--w- c:\users\Natasha\AppData\Local\e4cac4ca
2012-03-10 03:43 . 2012-03-10 04:09 -------- d-----w- C:\Mass Effect 3
2012-03-10 01:33 . 2012-03-10 01:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4542988A-DD9C-4200-A9B9-DD8DE06A0BB8}\offreg.dll
2012-03-10 01:13 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4542988A-DD9C-4200-A9B9-DD8DE06A0BB8}\mpengine.dll
2012-02-27 12:24 . 2012-02-27 12:25 -------- d-----w- c:\users\Public\Pixologic
2012-02-27 12:24 . 2012-02-27 12:24 -------- d-----w- c:\program files\Pixologic
2012-02-27 12:21 . 2012-02-27 12:21 -------- d-----w- c:\users\Natasha\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 13:03 . 2012-03-14 13:03 68096 ----a-w- c:\windows\system32\drivers\tdx.sys.org
2012-03-14 00:13 . 2011-06-26 10:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2011-06-26 21:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll
2012-03-20 07:32 . 2011-06-26 10:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar_NL\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{87775FDB-6972-41F9-AE51-8326E38CB206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Natasha\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Natasha\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Natasha\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-05 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-09-05 2816328]
"Facebook Update"="c:\users\Natasha\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-03 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AsioReg"="CTASIO.DLL" [2006-11-02 79872]
"CTHelper"="CTHELPER.EXE" [2006-11-02 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-11-02 20480]
"CTXFIREG"="CTxfiReg.exe" [2006-11-02 44032]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Natasha\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-145958868-443711098-864438924-1000Core.job
- c:\users\Natasha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 14:45]
.
2012-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-145958868-443711098-864438924-1000UA.job
- c:\users\Natasha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-03 14:45]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
FF - ProfilePath - c:\users\Natasha\AppData\Roaming\Mozilla\Firefox\Profiles\198xagm4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-AdobeBridge - (no file)
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-20 23:22
Windows 6.0.6000 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SirefefRemover]
"ImagePath"="\??\c:\users\Natasha\AppData\Local\Temp\67e532ac8.tmp"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4572)
c:\users\Natasha\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
c:\windows\system32\dlcqcoms.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Giraffic\Veoh_GirafficWatchdog.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\windows\system32\conime.exe
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\windows\system32\Taskmgr.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Voltooingstijd: 2012-03-20 23:27:39 - machine werd herstart
ComboFix-quarantined-files.txt 2012-03-20 22:27
.
Pre-Run: 26.974.056.448 bytes beschikbaar
Post-Run: 28.732.919.808 bytes beschikbaar
.
- - End Of File - - 3DDCE87CDD9E3E7495D617FB05C1FC6E

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 20 March 2012 - 08:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 nsmosses

nsmosses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:38 PM

Posted 21 March 2012 - 06:36 AM

I forget to mention that my firewall is back again.
----------------------------------------------------


11:51:47.0799 2888 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
11:51:48.0056 2888 ============================================================
11:51:48.0056 2888 Current date / time: 2012/03/21 11:51:48.0056
11:51:48.0056 2888 SystemInfo:
11:51:48.0057 2888
11:51:48.0057 2888 OS Version: 6.0.6000 ServicePack: 0.0
11:51:48.0057 2888 Product type: Workstation
11:51:48.0057 2888 ComputerName: PC_VAN_NATASHA
11:51:48.0057 2888 UserName: Natasha
11:51:48.0057 2888 Windows directory: C:\Windows
11:51:48.0057 2888 System windows directory: C:\Windows
11:51:48.0057 2888 Processor architecture: Intel x86
11:51:48.0057 2888 Number of processors: 2
11:51:48.0057 2888 Page size: 0x1000
11:51:48.0057 2888 Boot type: Normal boot
11:51:48.0057 2888 ============================================================
11:51:49.0292 2888 Drive \Device\Harddisk0\DR0 - Size: 0x746A000000 (465.66 Gb), SectorSize: 0x200, Cylinders: 0xED73, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:51:49.0416 2888 \Device\Harddisk0\DR0:
11:51:49.0416 2888 MBR used
11:51:49.0416 2888 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
11:51:49.0416 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x38F37800
11:51:49.0541 2888 Initialize success
11:51:49.0541 2888 ============================================================
11:51:53.0012 5764 ============================================================
11:51:53.0012 5764 Scan started
11:51:53.0012 5764 Mode: Manual;
11:51:53.0012 5764 ============================================================
11:51:53.0939 5764 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
11:51:53.0982 5764 ACPI - ok
11:51:54.0071 5764 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
11:51:54.0077 5764 adp94xx - ok
11:51:54.0105 5764 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
11:51:54.0110 5764 adpahci - ok
11:51:54.0147 5764 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
11:51:54.0149 5764 adpu160m - ok
11:51:54.0177 5764 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
11:51:54.0180 5764 adpu320 - ok
11:51:54.0250 5764 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
11:51:54.0254 5764 AFD - ok
11:51:54.0288 5764 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
11:51:54.0289 5764 agp440 - ok
11:51:54.0325 5764 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:51:54.0327 5764 aic78xx - ok
11:51:54.0386 5764 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
11:51:54.0401 5764 aliide - ok
11:51:54.0423 5764 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
11:51:54.0425 5764 amdagp - ok
11:51:54.0445 5764 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
11:51:54.0446 5764 amdide - ok
11:51:54.0502 5764 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
11:51:54.0504 5764 AmdK7 - ok
11:51:54.0528 5764 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
11:51:54.0530 5764 AmdK8 - ok
11:51:54.0579 5764 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
11:51:54.0594 5764 arc - ok
11:51:54.0646 5764 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
11:51:54.0663 5764 arcsas - ok
11:51:54.0689 5764 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
11:51:54.0690 5764 AsyncMac - ok
11:51:54.0709 5764 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
11:51:54.0711 5764 atapi - ok
11:51:54.0784 5764 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
11:51:54.0785 5764 Beep - ok
11:51:54.0826 5764 blbdrive - ok
11:51:54.0922 5764 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
11:51:54.0924 5764 bowser - ok
11:51:54.0996 5764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:51:55.0015 5764 BrFiltLo - ok
11:51:55.0076 5764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:51:55.0077 5764 BrFiltUp - ok
11:51:55.0115 5764 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:51:55.0117 5764 Brserid - ok
11:51:55.0138 5764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:51:55.0140 5764 BrSerWdm - ok
11:51:55.0225 5764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:51:55.0245 5764 BrUsbMdm - ok
11:51:55.0276 5764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:51:55.0277 5764 BrUsbSer - ok
11:51:55.0306 5764 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:51:55.0308 5764 BTHMODEM - ok
11:51:55.0418 5764 catchme - ok
11:51:55.0484 5764 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
11:51:55.0486 5764 cdfs - ok
11:51:55.0504 5764 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
11:51:55.0506 5764 cdrom - ok
11:51:55.0538 5764 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
11:51:55.0539 5764 circlass - ok
11:51:55.0596 5764 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
11:51:55.0603 5764 CLFS - ok
11:51:55.0636 5764 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
11:51:55.0638 5764 cmdide - ok
11:51:55.0812 5764 cnnctfy2MP - ok
11:51:55.0882 5764 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
11:51:55.0895 5764 Compbatt - ok
11:51:55.0905 5764 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
11:51:55.0907 5764 crcdisk - ok
11:51:55.0931 5764 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
11:51:55.0933 5764 Crusoe - ok
11:51:55.0973 5764 CT20XUT - ok
11:51:56.0024 5764 ctac32k (050f015b0b45344586338a2c5ea84338) C:\Windows\system32\drivers\ctac32k.sys
11:51:56.0041 5764 ctac32k - ok
11:51:56.0141 5764 ctaud2k (52006f854459d2defe105fa728698aa0) C:\Windows\system32\drivers\ctaud2k.sys
11:51:56.0158 5764 ctaud2k - ok
11:51:56.0358 5764 ctdvda2k (583f58f3fe2e72a2242e0c9a89b2172e) C:\Windows\system32\drivers\ctdvda2k.sys
11:51:56.0363 5764 ctdvda2k - ok
11:51:56.0370 5764 CTEXFIFX - ok
11:51:56.0381 5764 CTHWIUT - ok
11:51:56.0412 5764 ctprxy2k (7076b5fc3142f8984b85c580f5f741f1) C:\Windows\system32\drivers\ctprxy2k.sys
11:51:56.0430 5764 ctprxy2k - ok
11:51:56.0464 5764 ctsfm2k (5f6c82859e39d0c1f7591c12469336ad) C:\Windows\system32\drivers\ctsfm2k.sys
11:51:56.0467 5764 ctsfm2k - ok
11:51:56.0489 5764 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
11:51:56.0492 5764 DfsC - ok
11:51:56.0610 5764 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
11:51:56.0612 5764 disk - ok
11:51:56.0682 5764 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
11:51:56.0683 5764 drmkaud - ok
11:51:56.0777 5764 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:51:56.0796 5764 dtsoftbus01 - ok
11:51:56.0866 5764 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
11:51:56.0890 5764 DXGKrnl - ok
11:51:56.0904 5764 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
11:51:56.0908 5764 e1express - ok
11:51:56.0942 5764 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:51:56.0945 5764 E1G60 - ok
11:51:56.0994 5764 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
11:51:57.0009 5764 eamonm - ok
11:51:57.0060 5764 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
11:51:57.0063 5764 Ecache - ok
11:51:57.0158 5764 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
11:51:57.0178 5764 ehdrv - ok
11:51:57.0223 5764 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
11:51:57.0228 5764 elxstor - ok
11:51:57.0293 5764 emupia (04964f762041fff8515ac05d209c6ea8) C:\Windows\system32\drivers\emupia2k.sys
11:51:57.0310 5764 emupia - ok
11:51:57.0357 5764 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\Windows\system32\DRIVERS\epfwtdir.sys
11:51:57.0379 5764 epfwtdir - ok
11:51:57.0426 5764 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
11:51:57.0445 5764 fastfat - ok
11:51:57.0480 5764 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
11:51:57.0481 5764 fdc - ok
11:51:57.0514 5764 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
11:51:57.0516 5764 FileInfo - ok
11:51:57.0549 5764 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
11:51:57.0572 5764 Filetrace - ok
11:51:57.0599 5764 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
11:51:57.0601 5764 flpydisk - ok
11:51:57.0646 5764 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
11:51:57.0649 5764 FltMgr - ok
11:51:57.0683 5764 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
11:51:57.0684 5764 Fs_Rec - ok
11:51:57.0709 5764 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
11:51:57.0710 5764 gagp30kx - ok
11:51:57.0944 5764 ha20x2k (59021f1e1708fdd98848c364ff02d947) C:\Windows\system32\drivers\ha20x2k.sys
11:51:58.0006 5764 ha20x2k - ok
11:51:58.0278 5764 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\drivers\hdaudbus.sys
11:51:58.0302 5764 HDAudBus - ok
11:51:58.0361 5764 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:51:58.0362 5764 HidBth - ok
11:51:58.0403 5764 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:51:58.0405 5764 HidIr - ok
11:51:58.0453 5764 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
11:51:58.0454 5764 HidUsb - ok
11:51:58.0489 5764 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
11:51:58.0490 5764 HpCISSs - ok
11:51:58.0546 5764 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
11:51:58.0571 5764 HTTP - ok
11:51:58.0619 5764 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
11:51:58.0620 5764 i2omp - ok
11:51:58.0684 5764 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
11:51:58.0699 5764 i8042prt - ok
11:51:58.0730 5764 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
11:51:58.0732 5764 iaStorV - ok
11:51:58.0758 5764 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:51:58.0759 5764 iirsp - ok
11:51:58.0822 5764 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
11:51:58.0823 5764 intelide - ok
11:51:58.0855 5764 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
11:51:58.0857 5764 intelppm - ok
11:51:58.0884 5764 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:51:58.0886 5764 IpFilterDriver - ok
11:51:58.0911 5764 IpInIp - ok
11:51:58.0937 5764 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
11:51:58.0939 5764 IPMIDRV - ok
11:51:58.0965 5764 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
11:51:58.0968 5764 IPNAT - ok
11:51:58.0990 5764 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
11:51:58.0992 5764 IRENUM - ok
11:51:59.0030 5764 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
11:51:59.0032 5764 isapnp - ok
11:51:59.0062 5764 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
11:51:59.0065 5764 iScsiPrt - ok
11:51:59.0100 5764 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:51:59.0101 5764 iteatapi - ok
11:51:59.0189 5764 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:51:59.0190 5764 iteraid - ok
11:51:59.0270 5764 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
11:51:59.0272 5764 kbdclass - ok
11:51:59.0318 5764 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
11:51:59.0319 5764 kbdhid - ok
11:51:59.0363 5764 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
11:51:59.0370 5764 KSecDD - ok
11:51:59.0397 5764 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
11:51:59.0399 5764 lltdio - ok
11:51:59.0441 5764 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
11:51:59.0443 5764 LSI_FC - ok
11:51:59.0507 5764 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
11:51:59.0509 5764 LSI_SAS - ok
11:51:59.0580 5764 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
11:51:59.0582 5764 LSI_SCSI - ok
11:51:59.0612 5764 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
11:51:59.0614 5764 luafv - ok
11:51:59.0655 5764 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
11:51:59.0657 5764 megasas - ok
11:51:59.0691 5764 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
11:51:59.0692 5764 Modem - ok
11:51:59.0737 5764 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
11:51:59.0738 5764 monitor - ok
11:51:59.0770 5764 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
11:51:59.0772 5764 mouclass - ok
11:51:59.0781 5764 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
11:51:59.0782 5764 mouhid - ok
11:51:59.0792 5764 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
11:51:59.0794 5764 MountMgr - ok
11:51:59.0850 5764 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
11:51:59.0853 5764 MpFilter - ok
11:51:59.0893 5764 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
11:51:59.0895 5764 mpio - ok
11:51:59.0919 5764 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:51:59.0921 5764 MpNWMon - ok
11:51:59.0971 5764 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
11:51:59.0973 5764 mpsdrv - ok
11:52:00.0019 5764 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:52:00.0021 5764 Mraid35x - ok
11:52:00.0032 5764 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
11:52:00.0034 5764 MRxDAV - ok
11:52:00.0087 5764 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:00.0089 5764 mrxsmb - ok
11:52:00.0100 5764 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:00.0104 5764 mrxsmb10 - ok
11:52:00.0114 5764 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:00.0116 5764 mrxsmb20 - ok
11:52:00.0163 5764 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
11:52:00.0164 5764 msahci - ok
11:52:00.0194 5764 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
11:52:00.0196 5764 msdsm - ok
11:52:00.0228 5764 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
11:52:00.0229 5764 Msfs - ok
11:52:00.0243 5764 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
11:52:00.0244 5764 msisadrv - ok
11:52:00.0286 5764 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
11:52:00.0287 5764 MSKSSRV - ok
11:52:00.0360 5764 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:00.0362 5764 MSPCLOCK - ok
11:52:00.0409 5764 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
11:52:00.0410 5764 MSPQM - ok
11:52:00.0451 5764 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
11:52:00.0453 5764 MsRPC - ok
11:52:00.0465 5764 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
11:52:00.0467 5764 mssmbios - ok
11:52:00.0494 5764 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
11:52:00.0496 5764 MSTEE - ok
11:52:00.0515 5764 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
11:52:00.0517 5764 Mup - ok
11:52:00.0581 5764 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
11:52:00.0584 5764 NativeWifiP - ok
11:52:00.0658 5764 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
11:52:00.0671 5764 NDIS - ok
11:52:00.0722 5764 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:00.0723 5764 NdisTapi - ok
11:52:00.0754 5764 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:00.0755 5764 Ndisuio - ok
11:52:00.0791 5764 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:00.0794 5764 NdisWan - ok
11:52:00.0844 5764 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
11:52:00.0880 5764 NDProxy - ok
11:52:00.0955 5764 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
11:52:00.0957 5764 NetBIOS - ok
11:52:00.0988 5764 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
11:52:01.0028 5764 netbt - ok
11:52:01.0049 5764 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:52:01.0051 5764 nfrd960 - ok
11:52:01.0070 5764 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
11:52:01.0071 5764 Npfs - ok
11:52:01.0099 5764 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
11:52:01.0100 5764 nsiproxy - ok
11:52:01.0194 5764 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
11:52:01.0211 5764 Ntfs - ok
11:52:01.0251 5764 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:52:01.0252 5764 ntrigdigi - ok
11:52:01.0260 5764 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
11:52:01.0264 5764 Null - ok
11:52:01.0514 5764 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:52:01.0694 5764 nvlddmkm - ok
11:52:01.0752 5764 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
11:52:01.0754 5764 nvraid - ok
11:52:01.0811 5764 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
11:52:01.0812 5764 nvstor - ok
11:52:01.0871 5764 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
11:52:01.0874 5764 nv_agp - ok
11:52:01.0882 5764 NwlnkFlt - ok
11:52:01.0892 5764 NwlnkFwd - ok
11:52:01.0948 5764 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:52:01.0957 5764 ohci1394 - ok
11:52:02.0000 5764 ossrv (7daadce251630b49580150f94b086b6c) C:\Windows\system32\drivers\ctoss2k.sys
11:52:02.0011 5764 ossrv - ok
11:52:02.0063 5764 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:52:02.0065 5764 Parport - ok
11:52:02.0075 5764 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
11:52:02.0077 5764 partmgr - ok
11:52:02.0107 5764 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:52:02.0108 5764 Parvdm - ok
11:52:02.0122 5764 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
11:52:02.0125 5764 pci - ok
11:52:02.0165 5764 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
11:52:02.0167 5764 pciide - ok
11:52:02.0196 5764 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:52:02.0199 5764 pcmcia - ok
11:52:02.0292 5764 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:52:02.0309 5764 PEAUTH - ok
11:52:02.0367 5764 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
11:52:02.0369 5764 PptpMiniport - ok
11:52:02.0447 5764 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
11:52:02.0449 5764 Processor - ok
11:52:02.0505 5764 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
11:52:02.0506 5764 PSched - ok
11:52:02.0583 5764 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
11:52:02.0608 5764 ql2300 - ok
11:52:02.0635 5764 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:52:02.0638 5764 ql40xx - ok
11:52:02.0672 5764 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
11:52:02.0673 5764 QWAVEdrv - ok
11:52:02.0705 5764 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
11:52:02.0706 5764 RasAcd - ok
11:52:02.0746 5764 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:02.0748 5764 Rasl2tp - ok
11:52:02.0761 5764 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:02.0763 5764 RasPppoe - ok
11:52:02.0781 5764 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
11:52:02.0786 5764 rdbss - ok
11:52:02.0796 5764 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:02.0798 5764 RDPCDD - ok
11:52:02.0832 5764 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
11:52:02.0836 5764 rdpdr - ok
11:52:02.0860 5764 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
11:52:02.0862 5764 RDPENCDD - ok
11:52:02.0892 5764 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
11:52:02.0895 5764 RDPWD - ok
11:52:02.0933 5764 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
11:52:02.0935 5764 rspndr - ok
11:52:02.0969 5764 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:52:02.0971 5764 sbp2port - ok
11:52:03.0011 5764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:52:03.0013 5764 secdrv - ok
11:52:03.0048 5764 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:52:03.0049 5764 Serenum - ok
11:52:03.0075 5764 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:52:03.0077 5764 Serial - ok
11:52:03.0151 5764 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
11:52:03.0152 5764 sermouse - ok
11:52:03.0191 5764 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
11:52:03.0192 5764 sffdisk - ok
11:52:03.0227 5764 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
11:52:03.0228 5764 sffp_mmc - ok
11:52:03.0254 5764 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
11:52:03.0255 5764 sffp_sd - ok
11:52:03.0270 5764 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:52:03.0271 5764 sfloppy - ok
11:52:03.0394 5764 SirefefRemover - ok
11:52:03.0461 5764 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
11:52:03.0463 5764 sisagp - ok
11:52:03.0526 5764 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
11:52:03.0528 5764 SiSRaid2 - ok
11:52:03.0598 5764 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
11:52:03.0600 5764 SiSRaid4 - ok
11:52:03.0635 5764 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
11:52:03.0637 5764 Smb - ok
11:52:03.0663 5764 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
11:52:03.0665 5764 spldr - ok
11:52:03.0734 5764 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
11:52:03.0743 5764 srv - ok
11:52:03.0775 5764 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
11:52:03.0778 5764 srv2 - ok
11:52:03.0790 5764 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
11:52:03.0792 5764 srvnet - ok
11:52:03.0839 5764 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
11:52:03.0841 5764 swenum - ok
11:52:03.0878 5764 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:52:03.0879 5764 Symc8xx - ok
11:52:03.0926 5764 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:52:03.0927 5764 Sym_hi - ok
11:52:03.0947 5764 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:52:03.0949 5764 Sym_u3 - ok
11:52:04.0053 5764 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
11:52:04.0071 5764 Tcpip - ok
11:52:04.0089 5764 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
11:52:04.0095 5764 Tcpip6 - ok
11:52:04.0112 5764 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
11:52:04.0113 5764 tcpipreg - ok
11:52:04.0142 5764 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
11:52:04.0143 5764 TDPIPE - ok
11:52:04.0162 5764 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
11:52:04.0164 5764 TDTCP - ok
11:52:04.0192 5764 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
11:52:04.0195 5764 tdx - ok
11:52:04.0207 5764 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
11:52:04.0209 5764 TermDD - ok
11:52:04.0264 5764 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:04.0265 5764 tssecsrv - ok
11:52:04.0296 5764 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
11:52:04.0298 5764 tunmp - ok
11:52:04.0345 5764 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
11:52:04.0346 5764 tunnel - ok
11:52:04.0416 5764 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
11:52:04.0418 5764 uagp35 - ok
11:52:04.0455 5764 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
11:52:04.0460 5764 udfs - ok
11:52:04.0496 5764 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
11:52:04.0498 5764 uliagpkx - ok
11:52:04.0554 5764 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
11:52:04.0557 5764 uliahci - ok
11:52:04.0583 5764 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:52:04.0586 5764 UlSata - ok
11:52:04.0604 5764 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:52:04.0607 5764 ulsata2 - ok
11:52:04.0638 5764 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
11:52:04.0639 5764 umbus - ok
11:52:04.0706 5764 UMPass (08ea9c0247f391af4d4a16885a1c159d) C:\Windows\system32\DRIVERS\umpass.sys
11:52:04.0707 5764 UMPass - ok
11:52:04.0801 5764 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
11:52:04.0803 5764 usbaudio - ok
11:52:04.0914 5764 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
11:52:04.0915 5764 usbccgp - ok
11:52:04.0952 5764 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:52:04.0954 5764 usbcir - ok
11:52:04.0985 5764 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
11:52:04.0987 5764 usbehci - ok
11:52:05.0018 5764 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
11:52:05.0024 5764 usbhub - ok
11:52:05.0063 5764 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:52:05.0064 5764 usbohci - ok
11:52:05.0096 5764 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
11:52:05.0099 5764 usbprint - ok
11:52:05.0159 5764 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
11:52:05.0161 5764 usbscan - ok
11:52:05.0223 5764 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:05.0255 5764 USBSTOR - ok
11:52:05.0264 5764 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:52:05.0265 5764 usbuhci - ok
11:52:05.0359 5764 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
11:52:05.0362 5764 usbvideo - ok
11:52:05.0411 5764 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:05.0413 5764 vga - ok
11:52:05.0474 5764 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
11:52:05.0476 5764 VgaSave - ok
11:52:05.0515 5764 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
11:52:05.0517 5764 viaagp - ok
11:52:05.0549 5764 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
11:52:05.0551 5764 ViaC7 - ok
11:52:05.0602 5764 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
11:52:05.0603 5764 viaide - ok
11:52:05.0690 5764 vmcam325av (ee6094ff2ffcc82b33c495382a52c164) C:\Windows\system32\Drivers\vmcam323av.sys
11:52:05.0694 5764 vmcam325av - ok
11:52:05.0719 5764 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
11:52:05.0720 5764 volmgr - ok
11:52:05.0747 5764 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
11:52:05.0752 5764 volmgrx - ok
11:52:05.0786 5764 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
11:52:05.0790 5764 volsnap - ok
11:52:05.0826 5764 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
11:52:05.0828 5764 vsmraid - ok
11:52:05.0888 5764 vvftav323 (ccde899c270f65d6f9835130067913ca) C:\Windows\system32\drivers\vvftav323.sys
11:52:05.0953 5764 vvftav323 - ok
11:52:06.0012 5764 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
11:52:06.0013 5764 wacmoumonitor - ok
11:52:06.0086 5764 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
11:52:06.0088 5764 wacommousefilter - ok
11:52:06.0126 5764 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:52:06.0128 5764 WacomPen - ok
11:52:06.0162 5764 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
11:52:06.0164 5764 wacomvhid - ok
11:52:06.0209 5764 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:06.0211 5764 Wanarp - ok
11:52:06.0224 5764 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:06.0226 5764 Wanarpv6 - ok
11:52:06.0284 5764 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
11:52:06.0286 5764 Wd - ok
11:52:06.0386 5764 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
11:52:06.0394 5764 Wdf01000 - ok
11:52:06.0496 5764 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
11:52:06.0497 5764 WmiAcpi - ok
11:52:06.0573 5764 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
11:52:06.0575 5764 WpdUsb - ok
11:52:06.0602 5764 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
11:52:06.0604 5764 ws2ifsl - ok
11:52:06.0660 5764 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:52:06.0662 5764 WUDFRd - ok
11:52:06.0690 5764 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:52:06.0755 5764 \Device\Harddisk0\DR0 - ok
11:52:06.0767 5764 Boot (0x1200) (1aabf4383aa02ab2ca8b80068c3b392a) \Device\Harddisk0\DR0\Partition0
11:52:06.0768 5764 \Device\Harddisk0\DR0\Partition0 - ok
11:52:06.0771 5764 Boot (0x1200) (2b01b9c61322ac6de4bf48f0714d2492) \Device\Harddisk0\DR0\Partition1
11:52:06.0773 5764 \Device\Harddisk0\DR0\Partition1 - ok
11:52:06.0774 5764 ============================================================
11:52:06.0774 5764 Scan finished
11:52:06.0774 5764 ============================================================
11:52:06.0787 4076 Detected object count: 0
11:52:06.0787 4076 Actual detected object count: 0

--------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------

'aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 11:54:06
-----------------------------
11:54:06.721 OS Version: Windows 6.0.6000
11:54:06.721 Number of processors: 2 586 0xF02
11:54:06.722 ComputerName: PC_VAN_NATASHA UserName: Natasha
11:54:10.620 Initialize success
11:54:57.555 AVAST engine defs: 12032000
11:55:10.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:55:10.518 Disk 0 Vendor: Intel___ 1.0. Size: 476832MB BusType: 8
11:55:10.555 Disk 0 MBR read successfully
11:55:10.557 Disk 0 MBR scan
11:55:10.721 Disk 0 Windows VISTA default MBR code
11:55:10.724 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
11:55:10.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
11:55:10.777 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466543 MB offset 21069824
11:55:10.806 Disk 0 scanning sectors +976549888
11:55:10.927 Disk 0 scanning C:\Windows\system32\drivers
11:55:40.231 Service scanning
11:55:56.851 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:56:23.687 Modules scanning
11:56:28.925 Disk 0 trace - called modules:
11:56:28.970 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
11:56:28.975 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854cc640]
11:56:28.980 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x847e5030]
11:56:31.209 AVAST engine scan C:\Windows
11:56:43.621 AVAST engine scan C:\Windows\system32
12:02:59.086 AVAST engine scan C:\Windows\system32\drivers
12:03:36.205 AVAST engine scan C:\Users\Natasha
12:27:12.886 AVAST engine scan C:\ProgramData
12:29:42.319 Scan finished successfully
12:35:47.024 Disk 0 MBR has been saved successfully to "C:\Users\Natasha\Desktop\MBR.dat"
12:35:47.252 The log file has been saved successfully to "C:\Users\Natasha\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 21 March 2012 - 01:12 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\uTorrentBar_NL
c:\program files\ConduitEngine

Firefox::
FF - ProfilePath - c:\users\Natasha\AppData\Roaming\Mozilla\Firefox\Profiles\198xagm4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 nsmosses

nsmosses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:38 PM

Posted 21 March 2012 - 01:43 PM

Nothing happens, actually. I drag the .txt into the combofix logo, it starts up, but after that it doesn't do anything.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 21 March 2012 - 02:45 PM

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nsmosses

nsmosses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:38 PM

Posted 22 March 2012 - 03:06 PM

Hi, it didnt turn out a report of whatever in safe mode as well!!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 22 March 2012 - 10:05 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 nsmosses

nsmosses
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:38 PM

Posted 23 March 2012 - 02:09 PM

OTL logfile created on: 23-3-2012 20:01:59 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Natasha\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,69% Memory free
4,21 Gb Paging File | 2,78 Gb Available in Paging File | 66,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,61 Gb Total Space | 19,60 Gb Free Space | 4,30% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 9,92 Gb Free Space | 99,15% Space Free | Partition Type: NTFS
Drive H: | 3,72 Gb Total Space | 3,45 Gb Free Space | 92,71% Space Free | Partition Type: FAT32

Computer Name: PC_VAN_NATASHA | User Name: Natasha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Natasha\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Natasha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Veoh_Giraffic.exe (Giraffic)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Natasha\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - c:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\dlcqcoms.exe ( )
PRC - C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTXFISPI.EXE (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Tablet\Pen\libxml2.dll ()
MOD - C:\Windows\CTXFIRES.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- c:\Program Files\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (dlcq_device) -- C:\Windows\System32\dlcqcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (SirefefRemover) -- C:\Users\Natasha\AppData\Local\Temp\67e532ac8.tmp File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (CTHWIUT) -- system32\drivers\CTHWIUT.SYS File not found
DRV - (CTEXFIFX) -- system32\drivers\CTEXFIFX.SYS File not found
DRV - (CT20XUT) -- system32\drivers\CT20XUT.SYS File not found
DRV - (cnnctfy2MP) -- system32\DRIVERS\cnnctfy2.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (epfwtdir) -- C:\Windows\System32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (vmcam325av) Vimicro USB2.0 PC Camera(VC0323) -- C:\Windows\System32\drivers\vmcam323av.sys (Vimicro Corporation)
DRV - (vvftav323) -- C:\Windows\System32\drivers\vvftav323.sys (Vimicro Corporation)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\HA20X2K.SYS (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\CTAUD2K.SYS (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (e1express) Stuurprogramma voor Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2865317


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\URLSearchHook: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2865317
IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_NL Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Natasha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-20 08:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-01 14:53:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-03-14 04:40:52 | 000,000,000 | ---D | M]

[2011-06-26 11:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natasha\AppData\Roaming\mozilla\Extensions
[2012-03-09 00:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions
[2012-03-09 00:12:36 | 000,000,000 | ---D | M] (uTorrentBar_NL Community Toolbar) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
[2012-02-15 02:52:52 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011-06-26 21:38:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011-06-26 12:00:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions\engine@conduit.com
[2011-09-04 15:50:56 | 000,000,933 | ---- | M] () -- C:\Users\Natasha\AppData\Roaming\Mozilla\Firefox\Profiles\198xagm4.default\searchplugins\conduit.xml
[2011-11-23 13:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-23 11:43:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-03-20 08:32:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-09-11 12:52:21 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-03-22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-01-07 03:33:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-01-07 03:33:55 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012-01-07 03:33:55 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012-01-07 03:33:55 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012-03-20 23:22:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar_NL Toolbar) - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_NL Toolbar) - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\Toolbar\WebBrowser: (uTorrentBar_NL Toolbar) - {87775FDB-6972-41F9-AE51-8326E38CB206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioReg] C:\Windows\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] C:\Windows\System32\CTXFIREG.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-145958868-443711098-864438924-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-145958868-443711098-864438924-1000..\Run: [Facebook Update] C:\Users\Natasha\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-145958868-443711098-864438924-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-145958868-443711098-864438924-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-145958868-443711098-864438924-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Natasha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-145958868-443711098-864438924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-145958868-443711098-864438924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-145958868-443711098-864438924-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.228.196 62.179.104.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776280C7-500F-43F5-8636-AF60828AB4E8}: DhcpNameServer = 213.46.228.196 62.179.104.196
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Natasha\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Natasha\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-23 19:59:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Natasha\Desktop\OTL.exe
[2012-03-21 19:21:18 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-03-21 19:21:03 | 004,440,469 | R--- | C] (Swearware) -- C:\Users\Natasha\Desktop\ComboFix.exe
[2012-03-21 11:53:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Natasha\Desktop\aswMBR.exe
[2012-03-20 23:27:41 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Local\temp
[2012-03-20 23:27:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-03-20 22:48:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-03-20 22:48:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-03-20 22:48:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-03-20 22:48:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012-03-20 22:47:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-03-20 22:47:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-03-20 22:47:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-20 09:15:31 | 000,000,000 | ---D | C] -- C:\Users\Natasha\Desktop\The Drums - The Drums (2010)
[2012-03-16 15:02:20 | 000,000,000 | ---D | C] -- C:\Users\Natasha\Desktop\101CANON
[2012-03-15 15:23:51 | 000,000,000 | ---D | C] -- C:\AdobeTemp
[2012-03-15 14:28:30 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Local\SWTOR
[2012-03-15 14:28:30 | 000,000,000 | ---D | C] -- C:\Users\Natasha\Documents\HeroBlade Logs
[2012-03-14 23:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012-03-14 14:59:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Natasha\Desktop\dds.scr
[2012-03-14 13:49:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012-03-14 13:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012-03-14 13:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012-03-14 13:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-03-14 04:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012-03-14 04:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012-03-14 04:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-03-14 01:11:12 | 000,000,000 | -HSD | C] -- C:\Users\Natasha\AppData\Local\e4cac4ca
[2012-03-10 04:43:20 | 000,000,000 | ---D | C] -- C:\Mass Effect 3
[2012-02-27 13:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
[2012-02-27 13:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Pixologic
[2012-02-27 13:21:07 | 000,000,000 | ---D | C] -- C:\Users\Natasha\AppData\Local\Downloaded Installations
[2012-02-27 13:15:27 | 000,000,000 | ---D | C] -- C:\Users\Natasha\Desktop\SB 97
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-23 19:59:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Natasha\Desktop\OTL.exe
[2012-03-23 19:50:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-145958868-443711098-864438924-1000UA.job
[2012-03-23 19:49:12 | 000,689,380 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012-03-23 19:49:12 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-03-23 19:49:12 | 000,122,590 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012-03-23 19:49:12 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-03-23 19:42:04 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-23 19:42:04 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-23 19:41:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-23 19:41:56 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2012-03-23 09:06:21 | 000,064,756 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012-03-23 09:06:21 | 000,054,724 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012-03-23 09:06:21 | 000,054,724 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2012-03-23 09:06:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2012-03-23 09:06:21 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2012-03-22 22:09:54 | 000,476,749 | ---- | M] () -- C:\Users\Natasha\Desktop\tozz.jpg
[2012-03-21 16:50:01 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-145958868-443711098-864438924-1000Core.job
[2012-03-21 12:35:47 | 000,000,512 | ---- | M] () -- C:\Users\Natasha\Desktop\MBR.dat
[2012-03-21 11:53:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Natasha\Desktop\aswMBR.exe
[2012-03-21 00:34:11 | 000,331,783 | ---- | M] () -- C:\Users\Natasha\Desktop\tas.jpg
[2012-03-20 23:22:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-03-20 22:46:08 | 016,696,016 | ---- | M] () -- C:\Users\Natasha\Desktop\bla.psd
[2012-03-20 22:40:21 | 004,440,469 | R--- | M] (Swearware) -- C:\Users\Natasha\Desktop\ComboFix.exe
[2012-03-20 21:57:29 | 000,103,424 | ---- | M] () -- C:\Users\Natasha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-14 21:13:57 | 000,000,667 | ---- | M] () -- C:\Users\Natasha\Desktop\regfix_vista.zip
[2012-03-14 20:26:20 | 000,337,137 | ---- | M] () -- C:\Users\Natasha\Desktop\FSS.exe
[2012-03-14 15:04:28 | 000,302,592 | ---- | M] () -- C:\Users\Natasha\Desktop\cfl8zw52.exe
[2012-03-14 15:00:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Natasha\Desktop\dds.scr
[2012-03-14 13:18:30 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-03-14 06:35:32 | 247,352,843 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-03-14 01:13:05 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-03-08 21:38:00 | 002,778,457 | ---- | M] () -- C:\Users\Natasha\zussen.jpg
[2012-02-27 13:26:26 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\ZBrush 4.0.lnk
[2012-02-27 11:28:09 | 000,000,925 | ---- | M] () -- C:\Users\Natasha\Desktop\Dropbox.lnk
[2012-02-27 11:28:09 | 000,000,905 | ---- | M] () -- C:\Users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012-02-26 16:02:25 | 041,254,949 | ---- | M] () -- C:\Users\Natasha\Desktop\florence.psd
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-22 22:09:51 | 000,476,749 | ---- | C] () -- C:\Users\Natasha\Desktop\tozz.jpg
[2012-03-22 21:03:59 | 2145,304,576 | -HS- | C] () -- C:\hiberfil.sys
[2012-03-21 12:35:47 | 000,000,512 | ---- | C] () -- C:\Users\Natasha\Desktop\MBR.dat
[2012-03-21 00:34:05 | 000,331,783 | ---- | C] () -- C:\Users\Natasha\Desktop\tas.jpg
[2012-03-20 22:48:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-03-20 22:48:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-03-20 22:48:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-03-20 22:48:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-03-20 22:48:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-03-20 22:46:07 | 016,696,016 | ---- | C] () -- C:\Users\Natasha\Desktop\bla.psd
[2012-03-14 21:13:25 | 000,000,667 | ---- | C] () -- C:\Users\Natasha\Desktop\regfix_vista.zip
[2012-03-14 20:25:56 | 000,337,137 | ---- | C] () -- C:\Users\Natasha\Desktop\FSS.exe
[2012-03-14 15:04:09 | 000,302,592 | ---- | C] () -- C:\Users\Natasha\Desktop\cfl8zw52.exe
[2012-03-14 13:18:30 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012-03-14 13:17:05 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012-03-08 21:37:55 | 002,778,457 | ---- | C] () -- C:\Users\Natasha\zussen.jpg
[2012-02-27 13:26:26 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\ZBrush 4.0.lnk
[2012-02-01 16:29:30 | 000,000,000 | ---- | C] () -- C:\Windows\_delis32.ini
[2012-02-01 16:29:29 | 000,001,125 | ---- | C] () -- C:\Windows\_isenv31.ini
[2012-01-31 23:37:56 | 000,086,016 | ---- | C] () -- C:\Windows\Bigdog.exe
[2012-01-31 23:37:55 | 000,131,072 | ---- | C] () -- C:\Windows\System32\vmcoinst_vc0323.dll
[2012-01-30 15:06:15 | 000,000,099 | ---- | C] () -- C:\Users\Natasha\AppData\Roaming\MultiFill Prefs
[2011-11-22 16:02:11 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-11-20 23:07:24 | 000,000,132 | ---- | C] () -- C:\Users\Natasha\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011-10-27 13:15:27 | 000,000,144 | ---- | C] () -- C:\Windows\TVPaint Animation Pro.ini
[2011-08-25 10:00:29 | 000,000,680 | ---- | C] () -- C:\Users\Natasha\AppData\Local\d3d9caps.dat
[2011-07-23 19:33:39 | 000,001,456 | ---- | C] () -- C:\Users\Natasha\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011-06-27 01:05:32 | 000,000,053 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2011-06-27 01:05:31 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2011-06-27 01:05:01 | 000,065,119 | R--- | C] () -- C:\Windows\System32\claptn.ini
[2011-06-27 00:14:45 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIDUT.DLL
[2011-06-26 19:00:38 | 000,103,424 | ---- | C] () -- C:\Users\Natasha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-26 11:29:52 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:38 PM

Posted 23 March 2012 - 04:31 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2865317
    IE - HKLM\..\URLSearchHook: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\URLSearchHook: {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2865317
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_NL Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q="
    [2012-03-09 00:12:36 | 000,000,000 | ---D | M] (uTorrentBar_NL Community Toolbar) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
    [2012-02-15 02:52:52 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
    [2011-06-26 12:00:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Natasha\AppData\Roaming\mozilla\Firefox\Profiles\198xagm4.default\extensions\engine@conduit.com
    [2011-09-04 15:50:56 | 000,000,933 | ---- | M] () -- C:\Users\Natasha\AppData\Roaming\Mozilla\Firefox\Profiles\198xagm4.default\searchplugins\conduit.xml
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (uTorrentBar_NL Toolbar) - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar_NL Toolbar) - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-145958868-443711098-864438924-1000\..\Toolbar\WebBrowser: (uTorrentBar_NL Toolbar) - {87775FDB-6972-41F9-AE51-8326E38CB206} - C:\Program Files\uTorrentBar_NL\prxtbuTor.dll (Conduit Ltd.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users