Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Google search is redirecting links


  • This topic is locked This topic is locked
24 replies to this topic

#1 ALVERMIC

ALVERMIC

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 29 March 2012 - 01:01 AM

ComboFix 12-03-25.01 - Beto 03/28/2012 16:57:54.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2048.1411 [GMT -7:00]
Running from: c:\downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\winlogon.bak
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-27 21:15 . 2012-03-28 00:25 -------- d-----w- c:\documents and settings\Beto\Application Data\vlc
2012-03-27 03:33 . 2012-03-27 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-03-26 16:30 . 2012-03-26 16:30 -------- d-----w- c:\documents and settings\Beto\Application Data\DriverCure
2012-03-26 16:30 . 2012-03-26 16:30 -------- d-----w- c:\documents and settings\Beto\Application Data\SpeedyPC Software
2012-03-26 16:29 . 2012-03-26 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-03-26 16:24 . 2012-03-26 16:24 -------- d-----w- C:\_OTL
2012-03-26 12:52 . 2012-03-28 11:45 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-26 03:20 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-26 03:20 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-22 17:30 . 2012-03-26 02:24 -------- d-----w- c:\documents and settings\Beto Admin
2012-03-20 21:29 . 2012-03-20 21:29 388096 ----a-r- c:\documents and settings\Beto\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-19 18:18 . 2012-03-19 18:18 -------- d-----w- c:\documents and settings\Beto\Application Data\Apple Computer
2012-03-08 12:25 . 2012-01-26 01:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-03-08 12:25 . 2012-03-08 12:25 -------- d-----w- c:\program files\Soluto
2012-02-28 15:22 . 2012-02-28 15:22 -------- d-----w- c:\documents and settings\Beto\Local Settings\Application Data\LoRd_MuldeR
2012-02-28 15:21 . 2012-02-28 15:21 -------- d-----w- c:\program files\MuldeR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 14:33 . 2004-08-03 22:56 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-02-26 17:14 . 2011-10-10 16:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:06 . 2011-10-20 14:00 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:22 . 2004-08-03 21:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2011-02-15 18:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-25 20:00 . 2011-04-06 19:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-27 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-10-01 137536]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-25 740216]
"93FDE12A68C1C5DA460E66A75EA30DA02AACFD33._service_run"="c:\documents and settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-03-27 1224176]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 1797008]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-17 163840]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"vspdfprsrv.exe"="c:\program files\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe" [2011-08-29 4566016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Beto\\My Documents\\Downloads\\solutoinstaller.exe"=
"c:\\Documents and Settings\\Beto\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Beto\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [3/8/2012 5:25 AM 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 7:00 AM 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/9/2011 2:22 PM 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 7:00 AM 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/9/2012 11:45 PM 652360]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2/25/2011 1:37 PM 28672]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [1/25/2012 7:05 PM 547872]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2/23/2012 3:40 AM 2886528]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [3/25/2012 7:15 PM 266240]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3/25/2012 7:15 PM 1759584]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [5/25/2011 7:59 PM 472644]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [3/25/2012 7:15 PM 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/9/2012 11:45 PM 20464]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2/25/2011 1:37 PM 6656]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/10/2011 6:07 PM 47360]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [5/3/2011 3:14 PM 260580]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [5/3/2011 8:20 PM 23552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [5/3/2011 3:13 PM 23456]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [3/25/2012 7:15 PM 360529]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/11/2012 9:14 AM 27064]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job
- c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-01 22:13]
.
2012-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job
- c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-01 22:13]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job
- c:\documents and settings\Beto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 14:18]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job
- c:\documents and settings\Beto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 14:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Beto\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Beto\Application Data\Mozilla\Firefox\Profiles\00pbhh9d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.http - 184.72.224.129
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-28 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1780)
c:\windows\system32\athgina.dll
.
Completion time: 2012-03-28 17:09:02
ComboFix-quarantined-files.txt 2012-03-29 00:08
.
Pre-Run: 87,100,014,592 bytes free
Post-Run: 87,098,060,800 bytes free
.
- - End Of File - - 2E3CE1149F93C0F233DE02D948E341EC


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Beto at 18:19:07 on 2012-03-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2048.1023 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Facebook Update] "c:\documents and settings\beto\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [93FDE12A68C1C5DA460E66A75EA30DA02AACFD33._service_run] "c:\documents and settings\beto\local settings\application data\google\chrome\application\chrome.exe" --type=service
uRun: [Greenshot] "c:\program files\greenshot\Greenshot.exe"
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DellTouch] c:\windows\MMKeybd.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vspdfprsrv.exe] c:\program files\pdf pro software\pdf pro 10\vspdfprsrv.exe --background
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\beto\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/es/uno1/GAME_UNO1.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B431EFE3-DC7D-4A8C-A182-822FDFB57A7D} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\beto\application data\mozilla\firefox\profiles\00pbhh9d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.http - 184.72.224.129
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-3-8 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-20 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-9 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-20 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-20 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-20 74640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-9 652360]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2011-2-25 28672]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-1-25 547872]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2012-3-25 266240]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-3-25 1759584]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2011-5-25 472644]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2012-3-25 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-9 20464]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2011-2-25 6656]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2011-5-3 260580]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [2011-5-3 23552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-5-3 23456]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2012-3-25 360529]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-11 27064]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-26 16:30:18 -------- d-----w- c:\documents and settings\beto\application data\DriverCure
2012-03-26 16:30:17 -------- d-----w- c:\documents and settings\beto\application data\SpeedyPC Software
2012-03-26 16:29:58 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-03-26 16:24:06 -------- d-----w- C:\_OTL
2012-03-26 12:52:29 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-26 03:20:40 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-26 03:20:40 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-26 03:07:00 -------- d-sha-r- C:\cmdcons
2012-03-26 03:04:57 98816 ----a-w- c:\windows\sed.exe
2012-03-26 03:04:57 518144 ----a-w- c:\windows\SWREG.exe
2012-03-26 03:04:57 256000 ----a-w- c:\windows\PEV.exe
2012-03-26 03:04:57 208896 ----a-w- c:\windows\MBR.exe
2012-03-20 21:29:34 388096 ----a-r- c:\documents and settings\beto\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-08 12:25:43 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-03-08 12:25:38 -------- d-----w- c:\program files\Soluto
2012-02-28 15:22:13 -------- d-----w- c:\documents and settings\beto\local settings\application data\LoRd_MuldeR
2012-02-28 15:21:39 -------- d-----w- c:\program files\MuldeR
.
==================== Find3M ====================
.
2012-03-27 14:33:58 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-02-26 17:14:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:19:58.20 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2011 11:21:43 AM
System Uptime: 3/28/2012 3:44:08 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P4S533-E
Processor: Intel® Pentium® 4 CPU 2.40GHz | PGA 478 | 2394/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 195 GiB total, 81.598 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 177 GiB total, 117.551 GiB free.
G: is FIXED (NTFS) - 77 GiB total, 21.239 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\PNP0501\1
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0501\1
Service:
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\PNP0501\2
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0501\2
Service:
.
==== System Restore Points ===================
.
RP284: 12/29/2011 11:51:51 PM - Software Distribution Service 3.0
RP285: 12/31/2011 2:12:35 AM - System Checkpoint
RP286: 12/31/2011 3:00:16 AM - Software Distribution Service 3.0
RP287: 1/1/2012 3:33:32 AM - System Checkpoint
RP288: 1/2/2012 12:38:38 PM - System Checkpoint
RP289: 1/2/2012 10:24:08 PM - Software Distribution Service 3.0
RP290: 1/3/2012 10:46:03 PM - System Checkpoint
RP291: 1/5/2012 12:44:48 AM - System Checkpoint
RP292: 1/6/2012 12:46:14 AM - System Checkpoint
RP293: 1/7/2012 6:45:51 AM - System Checkpoint
RP294: 1/8/2012 7:22:07 AM - System Checkpoint
RP295: 1/9/2012 8:12:51 AM - System Checkpoint
RP296: 1/10/2012 11:31:20 AM - System Checkpoint
RP297: 1/10/2012 2:13:53 PM - Installed HiJackThis
RP298: 1/11/2012 2:25:42 PM - System Checkpoint
RP299: 1/12/2012 3:08:09 PM - System Checkpoint
RP300: 1/13/2012 4:55:41 PM - System Checkpoint
RP301: 1/14/2012 5:08:34 PM - System Checkpoint
RP302: 1/16/2012 8:37:05 AM - System Checkpoint
RP303: 1/17/2012 9:35:01 AM - System Checkpoint
RP304: 1/18/2012 10:05:22 AM - System Checkpoint
RP305: 1/19/2012 10:06:30 AM - System Checkpoint
RP306: 1/20/2012 10:09:30 AM - System Checkpoint
RP307: 1/21/2012 11:04:19 PM - System Checkpoint
RP308: 1/23/2012 1:39:00 PM - System Checkpoint
RP309: 1/24/2012 7:23:36 PM - System Checkpoint
RP310: 1/26/2012 7:16:38 AM - System Checkpoint
RP311: 1/27/2012 8:36:46 AM - System Checkpoint
RP312: 1/28/2012 9:07:07 AM - System Checkpoint
RP313: 1/29/2012 9:54:39 PM - System Checkpoint
RP314: 1/30/2012 11:09:07 PM - System Checkpoint
RP315: 1/31/2012 11:24:29 PM - System Checkpoint
RP316: 2/2/2012 9:39:18 AM - System Checkpoint
RP317: 2/3/2012 10:34:59 AM - System Checkpoint
RP318: 2/4/2012 12:06:42 PM - System Checkpoint
RP319: 2/5/2012 1:38:22 PM - System Checkpoint
RP320: 2/6/2012 1:53:56 PM - System Checkpoint
RP321: 2/7/2012 1:59:06 PM - System Checkpoint
RP322: 2/8/2012 3:29:34 PM - System Checkpoint
RP323: 2/9/2012 4:10:05 PM - System Checkpoint
RP324: 2/10/2012 9:54:42 AM - Installed DirectX
RP325: 2/10/2012 10:03:38 AM - Installed SmartSound Common Data
RP326: 2/10/2012 10:03:55 AM - Installed SmartSound Quicktracks 5
RP327: 2/10/2012 12:51:18 PM - Removed ASPCA Tri Reminder by We-Care.com v4.0.13.5
RP328: 2/10/2012 5:42:14 PM - Installed DirectX
RP329: 2/10/2012 5:54:29 PM - Configured SmartSound Quicktracks 5
RP330: 2/10/2012 7:21:43 PM - Printer Driver Visage PDF Installed
RP331: 2/11/2012 7:51:58 AM - Installed DirectX
RP332: 2/11/2012 8:00:33 AM - Configured SmartSound Quicktracks 5
RP333: 2/12/2012 8:02:31 AM - System Checkpoint
RP334: 2/12/2012 1:32:10 PM - Installed spots1.
RP335: 2/12/2012 1:35:21 PM - Installed grunge.
RP336: 2/13/2012 2:32:10 PM - System Checkpoint
RP337: 2/13/2012 6:16:45 PM - Installed Windows XP winusb0100.
RP338: 2/15/2012 10:41:41 AM - System Checkpoint
RP339: 2/16/2012 11:13:14 AM - System Checkpoint
RP340: 2/18/2012 8:24:31 AM - System Checkpoint
RP341: 2/19/2012 9:10:07 AM - System Checkpoint
RP342: 2/20/2012 12:48:55 PM - System Checkpoint
RP343: 2/21/2012 3:53:40 PM - System Checkpoint
RP344: 2/23/2012 7:34:24 AM - System Checkpoint
RP345: 2/24/2012 8:55:21 AM - System Checkpoint
RP346: 2/25/2012 10:11:06 AM - System Checkpoint
RP347: 2/26/2012 11:23:56 AM - System Checkpoint
RP348: 2/27/2012 1:15:36 PM - System Checkpoint
RP349: 2/28/2012 1:36:19 PM - System Checkpoint
RP350: 2/29/2012 1:52:42 PM - System Checkpoint
RP351: 3/1/2012 3:16:38 PM - System Checkpoint
RP352: 3/2/2012 9:13:23 PM - System Checkpoint
RP353: 3/3/2012 10:30:25 PM - System Checkpoint
RP354: 3/5/2012 8:07:46 AM - System Checkpoint
RP355: 3/9/2012 12:41:32 PM - System Checkpoint
RP356: 3/10/2012 2:47:18 PM - System Checkpoint
RP357: 3/11/2012 4:43:44 PM - System Checkpoint
RP358: 3/12/2012 7:00:57 PM - System Checkpoint
RP359: 3/14/2012 7:17:47 AM - System Checkpoint
RP360: 3/15/2012 8:29:35 AM - System Checkpoint
RP361: 3/16/2012 9:17:42 AM - System Checkpoint
RP362: 3/18/2012 12:00:06 AM - System Checkpoint
RP363: 3/19/2012 8:39:02 AM - System Checkpoint
RP364: 3/20/2012 9:31:01 AM - System Checkpoint
RP365: 3/21/2012 10:17:18 AM - System Checkpoint
RP366: 3/22/2012 11:00:31 AM - System Checkpoint
RP367: 3/24/2012 7:27:05 AM - System Checkpoint
RP368: 3/25/2012 5:02:14 PM - System Checkpoint
RP369: 3/25/2012 8:30:15 PM - Software Distribution Service 3.0
RP370: 3/25/2012 9:39:55 PM - Software Distribution Service 3.0
RP371: 3/26/2012 9:14:27 AM - OTL Restore Point - 3/26/2012 9:14:21 AM
RP372: 3/26/2012 12:42:37 PM - Removed TweetDeck
RP373: 3/27/2012 2:41:57 PM - System Checkpoint
RP374: 3/28/2012 4:18:00 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Auslogics Disk Defrag
Auslogics Registry Cleaner
Avira Free Antivirus
Call of Duty® 2
Call of Duty® 2 Mod Tools
Call of Duty® 2 Patch 1.3
CamStudio
CCleaner
Common
Contents
ConvertXtoDVD 3.3.4.106e
Cool Edit Pro 2.1
Corel VideoStudio Pro X4
DAEMON Tools Lite
Dell Driver Download Manager
DellTouch
DeviceIO
DriverAgent by eSupport.com
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
Exact Audio Copy 1.0beta2
Facebook Video Calling 1.2.0.159
File Writer output plugin for WinAMP 2 v1.17© (remove only)
Foxit Reader
Free YouTube to MP3 Converter version 3.10.11.923
gen_msn_adv 1.1
Google Chrome
Google Gmail Notifier
Greenshot
Hauppauge WinTV NT4/Win2000 Drivers
Hauppauge WinTV2000
High-Definition Video Playback 10
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ICA
IPM_VS_Pro
ISCOM
Java Auto Updater
Java™ 6 Update 24
LameXP
Last.fm 1.5.4.27091
Magic ISO Maker v5.5 (build 0265)
Malwarebytes Anti-Malware version 1.60.1.1000
Medieval CUE Splitter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 8.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
Mozilla Firefox 10.0.2 (x86 en-US)
Mp3tag v2.48
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NETGEAR WNA1100 N150 Wireless USB Adapter
nLite 1.4.9.1
PDF Pro 10
PDF Settings CS5
PerfectDisk 11 Professional
PureHD
QuickTime
Recuva
Replay Media Catcher 4
Revo Uninstaller Pro 2.5.7
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Setup
Share
SmartSound Common Data
SmartSound Quicktracks 5
Soluto
SpeedFan (remove only)
Spotify
Spybot - Search & Destroy
SqrSoft® Advanced Crossfading (remove only)
TeamViewer 7
Unlocker 1.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USRobotics iBand
VIO
VLC media player 1.1.9
VSClassic
VSPro
WebFldrs XP
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR 4.00 beta 6 (32-bit)
WM Recorder 14
Xilisoft Video Converter Ultimate 6
Xvid Video Codec
Yahoo! Messenger
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
3/28/2012 3:46:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/28/2012 3:46:32 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/27/2012 9:23:06 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/27/2012 8:04:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm Soluto ssmdrv
3/27/2012 8:02:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/26/2012 7:58:21 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
3/26/2012 7:29:55 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PDEngine service to connect.
3/26/2012 7:29:55 AM, error: Service Control Manager [7000] - The PDEngine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/26/2012 7:29:54 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service PDEngine with arguments "-Service" in order to run the server: {22DAA0A2-0E27-4CC4-9588-EEEE76358306}
3/26/2012 7:26:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/26/2012 7:25:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/26/2012 7:25:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/26/2012 7:25:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Soluto ssmdrv Tcpip Tcpip6 WS2IFSL
3/26/2012 7:25:22 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2012 7:25:22 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2012 7:25:22 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2012 7:25:22 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2012 7:25:22 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/26/2012 7:21:36 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
3/26/2012 7:21:01 AM, error: Service Control Manager [7022] - The Telephony service hung on starting.
3/26/2012 7:21:01 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/26/2012 7:21:01 AM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Telephony service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/26/2012 1:52:10 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core Service service to connect.
3/26/2012 1:52:10 PM, error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2012 6:48:16 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.
3/25/2012 6:46:50 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
3/25/2012 3:49:20 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
3/24/2012 8:34:58 PM, error: Service Control Manager [7000] - The Hauppauge Streaming Data Capture Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/24/2012 8:34:58 PM, error: Service Control Manager [7000] - The AVerMedia, AVerTV WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/23/2012 9:22:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SolutoService service.
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-28 22:49:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3400832A rev.3.06
Running: d9fkpd4n.exe; Driver: C:\DOCUME~1\Beto\LOCALS~1\Temp\kgrdqfow.sys


---- System - GMER 1.0.15 ----

SSDT BA532A74 ZwClose
SSDT BA532A2E ZwCreateKey
SSDT BA532A7E ZwCreateSection
SSDT BA532A24 ZwCreateThread
SSDT BA532A33 ZwDeleteKey
SSDT BA532A3D ZwDeleteValueKey
SSDT BA532A6F ZwDuplicateObject
SSDT BA532A42 ZwLoadKey
SSDT BA532A10 ZwOpenProcess
SSDT BA532A15 ZwOpenThread
SSDT BA532A97 ZwQueryValueKey
SSDT BA532A4C ZwReplaceKey
SSDT BA532A88 ZwRequestWaitReplyPort
SSDT BA532A47 ZwRestoreKey
SSDT BA532A83 ZwSetContextThread
SSDT BA532A8D ZwSetSecurityObject
SSDT BA532A38 ZwSetValueKey
SSDT BA532A92 ZwSystemDebugControl
SSDT BA532A1F ZwTerminateProcess

Code \??\C:\DOCUME~1\Beto\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? fvsfn.sys The system cannot find the file specified. !
? C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Beto\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\DOCUME~1\Beto\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910D1A
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910D8B
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910EB9
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 37, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[6908] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7240] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8236] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[8296] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94003601
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94003601@001cc1eaed52 0xA7 0xC6 0xF2 0x6F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a94003601 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a94003601@001cc1eaed52 0xA7 0xC6 0xF2 0x6F ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:01:54 PM

Posted 31 March 2012 - 08:22 PM

Greetings ALVERMIC and Welcome to the Forums,

Before we get started, I need to address one thing that sticks out in your logs...like the proverbial sore thumb. Can you tell me if your copy of Windows is from a Volume License? It looks like it to me...and it looks like there was perhaps an attempt to change the license key. Does this sound familiar to you? It also appears, for the time being, that your copy of Windows has been "inactivated". It's entirely possible that you did this, but I would bet that's unlikely. I say that because it is something that is common but...of course, a malicious code author could also have done this.

Let me know first what you know about that so I can decide which way to go with your first instruction here. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 ALVERMIC

ALVERMIC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 April 2012 - 11:45 AM

Hello 1972vet, yes I know my windows copy I haven't bought the key to activate it, but other than the redirecting spiware/virus everything is running fine.

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:01:54 PM

Posted 01 April 2012 - 03:53 PM

Ok...I need to stress though, how important it is to get that machine licensed. Is your browser still being redirected even since the combofix scan?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 ALVERMIC

ALVERMIC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 01 April 2012 - 06:59 PM

Yes it is still redirected

#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:01:54 PM

Posted 01 April 2012 - 08:06 PM

OK, let's get busy:
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application. Click the "Change parameters". Under Additional options, check the box next to both options, "Verify Driver Digital Signature" and "Detect TDLFS file system" and click the OK button.
  • Click the Start scan button.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • You may be prompted to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please remember to copy and paste the contents of that file back here on your next reply.
  • ...otherwise, if a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". If this was the case, then we need to see that log.
Next, please temporarily disable your on board protective programs as detailed Here. Carefully read through that entire thread to make certain any and all programs YOU have on board are disabled.

Next:
It is extremely important that you DO NOT close this program until or unless you are directed to do so. Once the program is closed, it will automatically uninstall itself taking with it anything that was removed and the related report. Please do nothing else with this system while this troubleshooting endeavor is underway.

Please read through this instruction thoroughly before you begin. Save these instructions in a notepad file, or print them out if necessary so you can refer to them should something go wrong for you during your attempt to carry out these steps. If you have any questions, please ask first before you attempt anything at all.

Please download the AVP removal tool to the desktop and double-click the executable to install it. Select your language preference, accept the agreement and click the Start button. You should see something like this:
Posted Image
...click the settings button...it's the small "Gear" icon just to the right of the large yellow button. Make sure the following boxes are checked:
System memory
Hidden startup objects
Disk boot sectors
Computer


...Next, click the Actions link and click the bullet item labeled "Select action". Disinfect and Delete if disinfection fails should already be checked by default...then return to the Automatic Scan tab and click the Start scanning button.

If you happen to receive a pop up during the scan which reads "File C:\whatever...is password protected, you can safely ignore them. The program will find it's own password protected files and report these during the scan. If there is a genuine malicious file that is password protected, we will deal with it manually later.

The scan will begin and you will see a progress bar and scanned objects counter. When the scan completes, the progress bar will disappear. Click the "Reports" tab icon to the far right, just under the large yellow button. Click on the "Automatic scan report" link, then click the save button. Save the report to your desktop as Scan 1. The report will be saved as a text file.

That file is going to be very large...too large to post the entire thing. What I need you to do at this point, is to open that log in "Notepad", then click Edit from the menu at the top and select "Find". Using that Find search function, use these as search terms:
Disinfected
Cleared of viruses
Detected


Now...you'll need to search for those terms in that log, one at a time. Having selected the "Edit-->Find" function in Notepad, in the Find what search box, type in the word Disinfected then click the Find Next button. The search function will find anything in the text file having the name "Disinfected". Once it presents the findings, copy that individual line item and paste it into another blank notepad, then continue searching by clicking the Find Next button. Do this in like manner, for each of the search terms identified above. Once you complete the search and copied everything you found into the other blank notepad, save it to your desktop as Edited_AVP_Log.txt.

Next, please return to the AVP scanning utility and click the Manual Disinfection tab. Please click the Start gathering system information button. You'll again see a progress bar while the utility collects the necessary information. When it completes, the progress bar will disappear. Click the "Report sending" tab, then click on the link avptool sysinfo.zip (open the file manager). Attach that zip file here on your next reply along with the contents of the "notepad" file that you saved from the above "First scan" instruction...and, of course, the results from the TDSSKiller scan. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 ALVERMIC

ALVERMIC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 April 2012 - 04:10 PM

Disinfected = 0 files
Cleared of viruses = 0 files
Detected:

4/1/2012 10:36:03 PM Detected: not-a-virus:PSWTool.Boot.KonBoot.a C:\Downloads\SARDU_2.0.4beta16a\ISO\isolinux\ubcd\images\konboot.img.gz/konboot.img Information

4/1/2012 10:44:06 PM Detected: not-a-virus:PSWTool.Boot.KonBoot.a C:\Downloads\SARDU_2.0.4beta16a\ISO\ubcd511.iso/??/???/???????/konboot.img Information

4/1/2012 11:57:43 PM Detected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.f C:\WINDOWS\Intuit\{1D70AABC-CB59-4700-A708-EA56D1CA07B0}\Data1.cab/RemoteAssist.exe/SupportSoft Agent Controls.msi/Data1.cab/ssrc.dll/data0000.res/VncViewer.class Information

19:37:41.0765 0892 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:37:42.0375 0892 ============================================================
19:37:42.0375 0892 Current date / time: 2012/04/01 19:37:42.0375
19:37:42.0375 0892 SystemInfo:
19:37:42.0375 0892
19:37:42.0375 0892 OS Version: 5.1.2600 ServicePack: 3.0
19:37:42.0375 0892 Product type: Workstation
19:37:42.0375 0892 ComputerName: ALBERTO-PC
19:37:42.0375 0892 UserName: Beto
19:37:42.0375 0892 Windows directory: C:\WINDOWS
19:37:42.0375 0892 System windows directory: C:\WINDOWS
19:37:42.0375 0892 Processor architecture: Intel x86
19:37:42.0375 0892 Number of processors: 1
19:37:42.0375 0892 Page size: 0x1000
19:37:42.0375 0892 Boot type: Normal boot
19:37:42.0375 0892 ============================================================
19:37:43.0453 0892 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:37:43.0468 0892 Drive \Device\Harddisk1\DR1 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x26F48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
19:37:43.0468 0892 \Device\Harddisk0\DR0:
19:37:43.0468 0892 MBR used
19:37:43.0468 0892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
19:37:43.0484 0892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x162996EA
19:37:43.0484 0892 \Device\Harddisk1\DR1:
19:37:43.0484 0892 MBR used
19:37:43.0546 0892 Initialize success
19:37:43.0546 0892 ============================================================
19:37:50.0078 1436 ============================================================
19:37:50.0078 1436 Scan started
19:37:50.0078 1436 Mode: Manual; SigCheck; TDLFS;
19:37:50.0078 1436 ============================================================
19:37:50.0390 1436 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
19:37:50.0828 1436 61883 - ok
19:37:50.0906 1436 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
19:37:50.0984 1436 6to4 - ok
19:37:51.0046 1436 Abiosdsk - ok
19:37:51.0078 1436 abp480n5 - ok
19:37:51.0140 1436 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:37:51.0328 1436 ACPI - ok
19:37:51.0375 1436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:37:51.0562 1436 ACPIEC - ok
19:37:51.0656 1436 ACS (4acf9052a6355d1530cf782e0919c5b4) C:\WINDOWS\system32\acs.exe
19:37:51.0703 1436 ACS ( UnsignedFile.Multi.Generic ) - warning
19:37:51.0703 1436 ACS - detected UnsignedFile.Multi.Generic (1)
19:37:51.0734 1436 adpu160m - ok
19:37:51.0796 1436 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:37:51.0984 1436 aec - ok
19:37:52.0046 1436 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:37:52.0093 1436 AFD - ok
19:37:52.0140 1436 Aha154x - ok
19:37:52.0171 1436 aic78u2 - ok
19:37:52.0187 1436 aic78xx - ok
19:37:52.0234 1436 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:37:52.0421 1436 Alerter - ok
19:37:52.0453 1436 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:37:52.0640 1436 ALG - ok
19:37:52.0671 1436 AliIde - ok
19:37:52.0703 1436 amsint - ok
19:37:52.0765 1436 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:37:52.0796 1436 AntiVirSchedulerService - ok
19:37:52.0828 1436 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:37:52.0843 1436 AntiVirService - ok
19:37:52.0906 1436 appliand (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
19:37:52.0953 1436 appliand - ok
19:37:52.0968 1436 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
19:37:52.0984 1436 appliandMP - ok
19:37:53.0046 1436 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:37:53.0250 1436 AppMgmt - ok
19:37:53.0375 1436 AR9271 (3bc98a53c0abe3feb3b2b9b3bd9e7aa5) C:\WINDOWS\system32\DRIVERS\athuw.sys
19:37:53.0468 1436 AR9271 - ok
19:37:53.0531 1436 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:37:53.0718 1436 Arp1394 - ok
19:37:53.0750 1436 asc - ok
19:37:53.0765 1436 asc3350p - ok
19:37:53.0796 1436 asc3550 - ok
19:37:53.0953 1436 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:37:54.0015 1436 aspnet_state - ok
19:37:54.0078 1436 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:37:54.0265 1436 AsyncMac - ok
19:37:54.0312 1436 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:37:54.0515 1436 atapi - ok
19:37:54.0546 1436 Atdisk - ok
19:37:54.0593 1436 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:37:54.0781 1436 ati2mtag - ok
19:37:54.0828 1436 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:37:55.0015 1436 Atmarpc - ok
19:37:55.0062 1436 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:37:55.0250 1436 AudioSrv - ok
19:37:55.0312 1436 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:37:55.0500 1436 audstub - ok
19:37:55.0531 1436 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
19:37:55.0703 1436 Avc - ok
19:37:55.0734 1436 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:37:55.0750 1436 avgntflt - ok
19:37:55.0781 1436 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:37:55.0796 1436 avipbb - ok
19:37:55.0828 1436 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:37:55.0843 1436 avkmgr - ok
19:37:55.0875 1436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:37:56.0093 1436 Beep - ok
19:37:56.0156 1436 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:37:56.0359 1436 BITS - ok
19:37:56.0406 1436 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:37:56.0609 1436 Browser - ok
19:37:56.0656 1436 BT848 (4bafd216b99da704b8ae6817576864ac) C:\WINDOWS\system32\drivers\BT848.sys
19:37:56.0671 1436 BT848 ( UnsignedFile.Multi.Generic ) - warning
19:37:56.0671 1436 BT848 - detected UnsignedFile.Multi.Generic (1)
19:37:56.0718 1436 BT878 (72c98b32df52a641338a1599f6fc7ca8) C:\WINDOWS\system32\DRIVERS\BT878.sys
19:37:56.0718 1436 BT878 ( UnsignedFile.Multi.Generic ) - warning
19:37:56.0718 1436 BT878 - detected UnsignedFile.Multi.Generic (1)
19:37:56.0765 1436 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:37:56.0937 1436 BthEnum - ok
19:37:56.0968 1436 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:37:57.0156 1436 BTHMODEM - ok
19:37:57.0187 1436 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:37:57.0375 1436 BthPan - ok
19:37:57.0421 1436 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
19:37:57.0468 1436 BTHPORT - ok
19:37:57.0515 1436 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
19:37:57.0703 1436 BthServ - ok
19:37:57.0750 1436 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:37:57.0937 1436 BTHUSB - ok
19:37:57.0984 1436 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
19:37:58.0000 1436 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
19:37:58.0000 1436 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
19:37:58.0078 1436 catchme - ok
19:37:58.0140 1436 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:37:58.0343 1436 cbidf2k - ok
19:37:58.0375 1436 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:37:58.0562 1436 CCDECODE - ok
19:37:58.0578 1436 cd20xrnt - ok
19:37:58.0625 1436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:37:58.0828 1436 Cdaudio - ok
19:37:58.0875 1436 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:37:59.0046 1436 Cdfs - ok
19:37:59.0140 1436 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:37:59.0203 1436 Cdrom - ok
19:37:59.0250 1436 Changer - ok
19:37:59.0296 1436 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:37:59.0484 1436 CiSvc - ok
19:37:59.0515 1436 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:37:59.0703 1436 ClipSrv - ok
19:37:59.0765 1436 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:59.0859 1436 clr_optimization_v2.0.50727_32 - ok
19:37:59.0906 1436 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:59.0937 1436 clr_optimization_v4.0.30319_32 - ok
19:37:59.0984 1436 CmdIde - ok
19:38:00.0000 1436 COMSysApp - ok
19:38:00.0031 1436 Cpqarray - ok
19:38:00.0062 1436 cpuz135 - ok
19:38:00.0093 1436 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:38:00.0281 1436 CryptSvc - ok
19:38:00.0328 1436 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
19:38:00.0531 1436 ctljystk - ok
19:38:00.0562 1436 dac2w2k - ok
19:38:00.0578 1436 dac960nt - ok
19:38:00.0656 1436 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:38:00.0734 1436 DcomLaunch - ok
19:38:00.0765 1436 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\WINDOWS\system32\drivers\DefragFS.sys
19:38:00.0781 1436 DefragFS - ok
19:38:00.0828 1436 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:38:01.0015 1436 Dhcp - ok
19:38:01.0046 1436 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:38:01.0218 1436 Disk - ok
19:38:01.0250 1436 dmadmin - ok
19:38:01.0296 1436 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:38:01.0515 1436 dmboot - ok
19:38:01.0546 1436 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:38:01.0734 1436 dmio - ok
19:38:01.0750 1436 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:38:01.0968 1436 dmload - ok
19:38:02.0000 1436 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:38:02.0187 1436 dmserver - ok
19:38:02.0234 1436 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:38:02.0421 1436 DMusic - ok
19:38:02.0453 1436 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:38:02.0546 1436 Dnscache - ok
19:38:02.0593 1436 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:38:02.0781 1436 Dot3svc - ok
19:38:02.0812 1436 dpti2o - ok
19:38:02.0859 1436 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:38:03.0046 1436 drmkaud - ok
19:38:03.0093 1436 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
19:38:03.0109 1436 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
19:38:03.0109 1436 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
19:38:03.0156 1436 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:38:03.0171 1436 dtsoftbus01 - ok
19:38:03.0218 1436 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:38:03.0390 1436 EapHost - ok
19:38:03.0437 1436 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
19:38:03.0656 1436 emu10k - ok
19:38:03.0687 1436 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
19:38:03.0906 1436 emu10k1 - ok
19:38:03.0937 1436 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:38:04.0125 1436 ERSvc - ok
19:38:04.0156 1436 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:38:04.0234 1436 Eventlog - ok
19:38:04.0281 1436 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:38:04.0328 1436 EventSystem - ok
19:38:04.0375 1436 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:38:04.0578 1436 Fastfat - ok
19:38:04.0625 1436 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:38:04.0671 1436 FastUserSwitchingCompatibility - ok
19:38:04.0718 1436 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:38:04.0890 1436 Fdc - ok
19:38:04.0937 1436 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:38:05.0125 1436 Fips - ok
19:38:05.0156 1436 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:38:05.0328 1436 Flpydisk - ok
19:38:05.0359 1436 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:38:05.0546 1436 FltMgr - ok
19:38:05.0609 1436 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:38:05.0625 1436 FontCache3.0.0.0 - ok
19:38:05.0671 1436 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:38:05.0890 1436 Fs_Rec - ok
19:38:05.0921 1436 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:38:06.0140 1436 Ftdisk - ok
19:38:06.0187 1436 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:38:06.0359 1436 gameenum - ok
19:38:06.0406 1436 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
19:38:06.0406 1436 giveio ( UnsignedFile.Multi.Generic ) - warning
19:38:06.0406 1436 giveio - detected UnsignedFile.Multi.Generic (1)
19:38:06.0453 1436 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:38:06.0640 1436 Gpc - ok
19:38:06.0687 1436 HCWBT8XX (e4aef0daacbe59b048be0224a6d0e601) C:\WINDOWS\system32\drivers\HCWBT8XX.sys
19:38:06.0734 1436 HCWBT8XX ( UnsignedFile.Multi.Generic ) - warning
19:38:06.0734 1436 HCWBT8XX - detected UnsignedFile.Multi.Generic (1)
19:38:06.0765 1436 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:38:06.0937 1436 helpsvc - ok
19:38:06.0984 1436 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:38:07.0156 1436 HidServ - ok
19:38:07.0203 1436 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:38:07.0390 1436 hidusb - ok
19:38:07.0437 1436 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:38:07.0625 1436 hkmsvc - ok
19:38:07.0656 1436 hpn - ok
19:38:07.0703 1436 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:38:07.0750 1436 HTTP - ok
19:38:07.0796 1436 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:38:07.0984 1436 HTTPFilter - ok
19:38:08.0046 1436 i2omgmt - ok
19:38:08.0078 1436 i2omp - ok
19:38:08.0125 1436 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:38:08.0296 1436 i8042prt - ok
19:38:08.0343 1436 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\WINDOWS\system32\Drivers\Icam4USB.sys
19:38:08.0546 1436 Icam4USB - ok
19:38:08.0656 1436 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:38:08.0703 1436 idsvc - ok
19:38:08.0765 1436 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:38:08.0937 1436 Imapi - ok
19:38:08.0984 1436 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:38:09.0171 1436 ImapiService - ok
19:38:09.0203 1436 ini910u - ok
19:38:09.0218 1436 IntelIde - ok
19:38:09.0265 1436 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:38:09.0437 1436 intelppm - ok
19:38:09.0468 1436 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:38:09.0640 1436 Ip6Fw - ok
19:38:09.0671 1436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:38:09.0875 1436 IpFilterDriver - ok
19:38:09.0937 1436 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:38:10.0109 1436 IpInIp - ok
19:38:10.0140 1436 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:38:10.0328 1436 IpNat - ok
19:38:10.0359 1436 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:38:10.0546 1436 IPSec - ok
19:38:10.0578 1436 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:38:10.0781 1436 IRENUM - ok
19:38:10.0812 1436 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:38:11.0000 1436 isapnp - ok
19:38:11.0093 1436 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
19:38:11.0109 1436 JavaQuickStarterService - ok
19:38:11.0218 1436 jswpsapi (ad7c73c72480eecb7675c90eb565e7cb) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
19:38:11.0234 1436 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
19:38:11.0234 1436 jswpsapi - detected UnsignedFile.Multi.Generic (1)
19:38:11.0312 1436 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
19:38:11.0343 1436 JSWSCIMD - ok
19:38:11.0406 1436 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:38:11.0593 1436 Kbdclass - ok
19:38:11.0609 1436 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:38:11.0796 1436 kbdhid - ok
19:38:11.0843 1436 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:38:12.0031 1436 kmixer - ok
19:38:12.0078 1436 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:38:12.0125 1436 KSecDD - ok
19:38:12.0171 1436 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:38:12.0203 1436 lanmanserver - ok
19:38:12.0234 1436 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:38:12.0281 1436 lanmanworkstation - ok
19:38:12.0312 1436 lbrtfdc - ok
19:38:12.0359 1436 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:38:12.0546 1436 LmHosts - ok
19:38:12.0593 1436 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:38:12.0593 1436 MBAMProtector - ok
19:38:12.0687 1436 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:38:12.0734 1436 MBAMService - ok
19:38:12.0781 1436 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:38:12.0968 1436 Messenger - ok
19:38:13.0015 1436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:38:13.0218 1436 mnmdd - ok
19:38:13.0250 1436 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:38:13.0437 1436 mnmsrvc - ok
19:38:13.0484 1436 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:38:13.0703 1436 Modem - ok
19:38:13.0734 1436 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:38:13.0906 1436 Mouclass - ok
19:38:13.0953 1436 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:38:14.0171 1436 mouhid - ok
19:38:14.0203 1436 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:38:14.0390 1436 MountMgr - ok
19:38:14.0406 1436 mraid35x - ok
19:38:14.0453 1436 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:38:14.0640 1436 MRxDAV - ok
19:38:14.0687 1436 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:38:14.0750 1436 MRxSmb - ok
19:38:14.0796 1436 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:38:14.0984 1436 MSDTC - ok
19:38:15.0046 1436 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
19:38:15.0234 1436 MSDV - ok
19:38:15.0281 1436 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:38:15.0453 1436 Msfs - ok
19:38:15.0500 1436 Msikbd2k (9b99b04c28ccd19741dbbed64480195c) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
19:38:15.0562 1436 Msikbd2k - ok
19:38:15.0578 1436 MSIServer - ok
19:38:15.0625 1436 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:38:15.0796 1436 MSKSSRV - ok
19:38:15.0843 1436 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:38:16.0031 1436 MSPCLOCK - ok
19:38:16.0062 1436 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:38:16.0250 1436 MSPQM - ok
19:38:16.0281 1436 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:38:16.0453 1436 mssmbios - ok
19:38:16.0500 1436 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:38:16.0671 1436 MSTEE - ok
19:38:16.0703 1436 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:38:16.0750 1436 Mup - ok
19:38:16.0796 1436 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:38:16.0984 1436 NABTSFEC - ok
19:38:17.0046 1436 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:38:17.0250 1436 napagent - ok
19:38:17.0296 1436 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:38:17.0484 1436 NDIS - ok
19:38:17.0531 1436 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:38:17.0718 1436 NdisIP - ok
19:38:17.0937 1436 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:38:17.0984 1436 NdisTapi - ok
19:38:18.0015 1436 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:38:18.0203 1436 Ndisuio - ok
19:38:18.0234 1436 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:38:18.0421 1436 NdisWan - ok
19:38:18.0468 1436 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:38:18.0515 1436 NDProxy - ok
19:38:18.0546 1436 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:38:18.0734 1436 NetBIOS - ok
19:38:18.0765 1436 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:38:19.0000 1436 NetBT - ok
19:38:19.0046 1436 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:38:19.0234 1436 NetDDE - ok
19:38:19.0250 1436 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:38:19.0406 1436 NetDDEdsdm - ok
19:38:19.0437 1436 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:38:19.0625 1436 Netlogon - ok
19:38:19.0656 1436 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:38:19.0890 1436 Netman - ok
19:38:19.0984 1436 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:38:20.0015 1436 NetTcpPortSharing - ok
19:38:20.0046 1436 Nhksrv (522215532916836b9ca19ee30658f3c1) C:\WINDOWS\Nhksrv.exe
19:38:20.0343 1436 Nhksrv - ok
19:38:20.0406 1436 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:38:20.0640 1436 NIC1394 - ok
19:38:20.0718 1436 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:38:20.0781 1436 Nla - ok
19:38:20.0812 1436 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:38:20.0984 1436 Npfs - ok
19:38:21.0062 1436 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:38:21.0281 1436 Ntfs - ok
19:38:21.0328 1436 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:38:21.0531 1436 NtLmSsp - ok
19:38:21.0593 1436 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:38:21.0843 1436 NtmsSvc - ok
19:38:21.0906 1436 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:38:22.0109 1436 Null - ok
19:38:22.0156 1436 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:38:22.0375 1436 NwlnkFlt - ok
19:38:22.0406 1436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:38:22.0609 1436 NwlnkFwd - ok
19:38:22.0687 1436 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:38:22.0718 1436 odserv - ok
19:38:22.0796 1436 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:38:22.0968 1436 ohci1394 - ok
19:38:23.0000 1436 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:38:23.0015 1436 ose - ok
19:38:23.0062 1436 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:38:23.0265 1436 Parport - ok
19:38:23.0312 1436 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:38:23.0562 1436 PartMgr - ok
19:38:23.0625 1436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:38:23.0875 1436 ParVdm - ok
19:38:23.0921 1436 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:38:24.0125 1436 PCI - ok
19:38:24.0140 1436 PCIDump - ok
19:38:24.0171 1436 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:38:24.0375 1436 PCIIde - ok
19:38:24.0421 1436 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:38:24.0625 1436 Pcmcia - ok
19:38:24.0687 1436 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
19:38:24.0703 1436 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:38:24.0703 1436 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:38:24.0843 1436 PDAgent (7ceeb476ed3668c151a0dcf939c5188f) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
19:38:24.0937 1436 PDAgent - ok
19:38:25.0000 1436 PDCOMP - ok
19:38:25.0062 1436 PDEngine (7cb35b462af800889873b50b94f9c512) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
19:38:25.0156 1436 PDEngine - ok
19:38:25.0203 1436 PDFRAME - ok
19:38:25.0265 1436 PDRELI - ok
19:38:25.0281 1436 PDRFRAME - ok
19:38:25.0312 1436 perc2 - ok
19:38:25.0328 1436 perc2hib - ok
19:38:25.0390 1436 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:38:25.0484 1436 PlugPlay - ok
19:38:25.0515 1436 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
19:38:25.0531 1436 Point32 - ok
19:38:25.0578 1436 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:38:25.0734 1436 PolicyAgent - ok
19:38:25.0781 1436 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:38:25.0968 1436 PptpMiniport - ok
19:38:25.0984 1436 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:38:26.0140 1436 ProtectedStorage - ok
19:38:26.0171 1436 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:38:26.0343 1436 PSched - ok
19:38:26.0406 1436 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:38:26.0421 1436 PSI_SVC_2 - ok
19:38:26.0500 1436 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:38:26.0703 1436 Ptilink - ok
19:38:26.0750 1436 ql1080 - ok
19:38:26.0765 1436 Ql10wnt - ok
19:38:26.0781 1436 ql12160 - ok
19:38:26.0796 1436 ql1240 - ok
19:38:26.0812 1436 ql1280 - ok
19:38:26.0843 1436 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:38:27.0046 1436 RasAcd - ok
19:38:27.0093 1436 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:38:27.0265 1436 RasAuto - ok
19:38:27.0296 1436 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:38:27.0468 1436 Rasl2tp - ok
19:38:27.0531 1436 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:38:27.0703 1436 RasMan - ok
19:38:27.0718 1436 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:38:27.0890 1436 RasPppoe - ok
19:38:27.0937 1436 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:38:28.0140 1436 Raspti - ok
19:38:28.0171 1436 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:38:28.0343 1436 Rdbss - ok
19:38:28.0375 1436 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:38:28.0578 1436 RDPCDD - ok
19:38:28.0609 1436 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:38:28.0781 1436 rdpdr - ok
19:38:28.0828 1436 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:38:28.0875 1436 RDPWD - ok
19:38:28.0921 1436 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:38:29.0093 1436 RDSessMgr - ok
19:38:29.0125 1436 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:38:29.0296 1436 redbook - ok
19:38:29.0343 1436 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:38:29.0531 1436 RemoteAccess - ok
19:38:29.0578 1436 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:38:29.0781 1436 RemoteRegistry - ok
19:38:29.0843 1436 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
19:38:29.0859 1436 Revoflt - ok
19:38:29.0890 1436 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:38:30.0125 1436 RFCOMM - ok
19:38:30.0140 1436 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:38:30.0343 1436 RpcLocator - ok
19:38:30.0453 1436 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:38:30.0562 1436 RpcSs - ok
19:38:30.0609 1436 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:38:30.0828 1436 RSVP - ok
19:38:30.0859 1436 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:38:31.0031 1436 SamSs - ok
19:38:31.0062 1436 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:38:31.0234 1436 SCardSvr - ok
19:38:31.0265 1436 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:38:31.0593 1436 Schedule - ok
19:38:31.0640 1436 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:38:32.0046 1436 Secdrv - ok
19:38:32.0078 1436 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:38:32.0312 1436 seclogon - ok
19:38:32.0343 1436 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:38:32.0546 1436 SENS - ok
19:38:32.0593 1436 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:38:32.0812 1436 serenum - ok
19:38:32.0875 1436 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:38:33.0078 1436 Sfloppy - ok
19:38:33.0109 1436 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
19:38:33.0312 1436 sfman - ok
19:38:33.0359 1436 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:38:33.0546 1436 SharedAccess - ok
19:38:33.0593 1436 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:38:33.0609 1436 ShellHWDetection - ok
19:38:33.0640 1436 Simbad - ok
19:38:33.0687 1436 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:38:33.0843 1436 sisagp - ok
19:38:33.0890 1436 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
19:38:34.0093 1436 SISNIC - ok
19:38:34.0171 1436 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:38:34.0343 1436 SLIP - ok
19:38:34.0406 1436 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
19:38:34.0421 1436 Soluto - ok
19:38:34.0515 1436 SolutoService (a642a3a95c421a1ffded2e906f2a9856) C:\Program Files\Soluto\SolutoService.exe
19:38:34.0546 1436 SolutoService - ok
19:38:34.0593 1436 Sparrow - ok
19:38:34.0640 1436 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\WINDOWS\system32\speedfan.sys
19:38:34.0656 1436 speedfan - ok
19:38:34.0703 1436 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:38:34.0890 1436 splitter - ok
19:38:34.0921 1436 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:38:34.0968 1436 Spooler - ok
19:38:35.0015 1436 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:38:35.0203 1436 sr - ok
19:38:35.0250 1436 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:38:35.0421 1436 srservice - ok
19:38:35.0468 1436 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:38:35.0531 1436 Srv - ok
19:38:35.0562 1436 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:38:35.0734 1436 SSDPSRV - ok
19:38:35.0781 1436 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:38:35.0796 1436 ssmdrv - ok
19:38:35.0843 1436 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:38:36.0015 1436 stisvc - ok
19:38:36.0062 1436 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:38:36.0234 1436 streamip - ok
19:38:36.0265 1436 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:38:36.0468 1436 swenum - ok
19:38:36.0500 1436 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:38:36.0687 1436 swmidi - ok
19:38:36.0703 1436 SwPrv - ok
19:38:36.0734 1436 symc810 - ok
19:38:36.0765 1436 symc8xx - ok
19:38:36.0781 1436 sym_hi - ok
19:38:36.0812 1436 sym_u3 - ok
19:38:36.0843 1436 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:38:37.0031 1436 sysaudio - ok
19:38:37.0093 1436 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:38:37.0281 1436 SysmonLog - ok
19:38:37.0312 1436 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:38:37.0500 1436 TapiSrv - ok
19:38:37.0562 1436 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:38:37.0640 1436 Tcpip - ok
19:38:37.0687 1436 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:38:37.0703 1436 Tcpip6 - ok
19:38:37.0750 1436 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:38:37.0921 1436 TDPIPE - ok
19:38:37.0953 1436 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:38:38.0125 1436 TDTCP - ok
19:38:38.0281 1436 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:38:38.0406 1436 TeamViewer7 - ok
19:38:38.0484 1436 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:38:38.0656 1436 TermDD - ok
19:38:38.0734 1436 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:38:38.0906 1436 TermService - ok
19:38:38.0968 1436 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:38:38.0984 1436 Themes - ok
19:38:39.0031 1436 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:38:39.0218 1436 TlntSvr - ok
19:38:39.0265 1436 TosIde - ok
19:38:39.0312 1436 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:38:39.0500 1436 TrkWks - ok
19:38:39.0562 1436 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:38:39.0734 1436 tunmp - ok
19:38:39.0781 1436 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:38:39.0968 1436 Udfs - ok
19:38:40.0015 1436 ultra - ok
19:38:40.0078 1436 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:38:40.0265 1436 Update - ok
19:38:40.0312 1436 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:38:40.0500 1436 upnphost - ok
19:38:40.0515 1436 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:38:40.0703 1436 UPS - ok
19:38:40.0812 1436 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:38:41.0015 1436 usbccgp - ok
19:38:41.0078 1436 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:38:41.0250 1436 usbehci - ok
19:38:41.0281 1436 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:38:41.0453 1436 usbhub - ok
19:38:41.0484 1436 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:38:41.0656 1436 usbohci - ok
19:38:41.0687 1436 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:38:41.0859 1436 USBSTOR - ok
19:38:41.0890 1436 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:38:42.0078 1436 VgaSave - ok
19:38:42.0093 1436 ViaIde - ok
19:38:42.0125 1436 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:38:42.0296 1436 VolSnap - ok
19:38:42.0328 1436 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:38:42.0515 1436 VSS - ok
19:38:42.0546 1436 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:38:42.0734 1436 W32Time - ok
19:38:42.0765 1436 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:38:42.0937 1436 Wanarp - ok
19:38:42.0984 1436 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:38:43.0015 1436 Wdf01000 - ok
19:38:43.0046 1436 WDICA - ok
19:38:43.0078 1436 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:38:43.0250 1436 wdmaud - ok
19:38:43.0296 1436 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:38:43.0468 1436 WebClient - ok
19:38:43.0546 1436 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:38:43.0718 1436 winmgmt - ok
19:38:43.0781 1436 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
19:38:43.0796 1436 WinUSB - ok
19:38:43.0843 1436 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:38:43.0890 1436 WmdmPmSN - ok
19:38:43.0953 1436 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:38:44.0031 1436 Wmi - ok
19:38:44.0078 1436 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:38:44.0250 1436 WmiApSrv - ok
19:38:44.0359 1436 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:38:44.0406 1436 WMPNetworkSvc - ok
19:38:44.0500 1436 WMZuneComm (017695393afffed8de58abd1b085be6d) c:\Program Files\Zune\WMZuneComm.exe
19:38:44.0531 1436 WMZuneComm - ok
19:38:44.0640 1436 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:38:44.0703 1436 WPFFontCache_v0400 - ok
19:38:44.0765 1436 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:38:44.0968 1436 WS2IFSL - ok
19:38:45.0015 1436 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:38:45.0187 1436 wscsvc - ok
19:38:45.0250 1436 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys
19:38:45.0281 1436 WSIMD ( UnsignedFile.Multi.Generic ) - warning
19:38:45.0281 1436 WSIMD - detected UnsignedFile.Multi.Generic (1)
19:38:45.0343 1436 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:38:45.0515 1436 WSTCODEC - ok
19:38:45.0640 1436 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
19:38:45.0656 1436 WSWNA1100 ( UnsignedFile.Multi.Generic ) - warning
19:38:45.0656 1436 WSWNA1100 - detected UnsignedFile.Multi.Generic (1)
19:38:45.0718 1436 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:38:45.0906 1436 wuauserv - ok
19:38:45.0968 1436 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:38:46.0015 1436 WudfPf - ok
19:38:46.0062 1436 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:38:46.0093 1436 WudfRd - ok
19:38:46.0125 1436 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
19:38:46.0171 1436 WudfSvc - ok
19:38:46.0218 1436 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:38:46.0406 1436 WZCSVC - ok
19:38:46.0453 1436 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:38:46.0625 1436 xmlprov - ok
19:38:46.0687 1436 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys
19:38:46.0812 1436 zumbus - ok
19:38:46.0859 1436 ZuneBusEnum (37f339b64f19e2775284ed7161b96683) c:\Program Files\Zune\ZuneBusEnum.exe
19:38:46.0890 1436 ZuneBusEnum - ok
19:38:47.0093 1436 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) c:\Program Files\Zune\ZuneNss.exe
19:38:47.0468 1436 ZuneNetworkSvc - ok
19:38:47.0500 1436 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
19:38:47.0531 1436 ZuneWlanCfgSvc - ok
19:38:47.0609 1436 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:38:47.0906 1436 \Device\Harddisk0\DR0 - ok
19:38:47.0921 1436 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:38:47.0968 1436 \Device\Harddisk1\DR1 - ok
19:38:47.0984 1436 Boot (0x1200) (0bfee6f411415dcd1f334d30939317c8) \Device\Harddisk0\DR0\Partition0
19:38:47.0984 1436 \Device\Harddisk0\DR0\Partition0 - ok
19:38:48.0000 1436 Boot (0x1200) (03225314f433f3ae7a3093e2ca80c13a) \Device\Harddisk0\DR0\Partition1
19:38:48.0015 1436 \Device\Harddisk0\DR0\Partition1 - ok
19:38:48.0015 1436 ============================================================
19:38:48.0015 1436 Scan finished
19:38:48.0015 1436 ============================================================
19:38:48.0140 2692 Detected object count: 11
19:38:48.0140 2692 Actual detected object count: 11
19:39:20.0703 2692 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0703 2692 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0703 2692 BT848 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0703 2692 BT848 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0703 2692 BT878 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0703 2692 BT878 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0703 2692 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0703 2692 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0703 2692 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0703 2692 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0703 2692 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0703 2692 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0718 2692 HCWBT8XX ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0718 2692 HCWBT8XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0718 2692 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0718 2692 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0718 2692 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0718 2692 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0718 2692 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0718 2692 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:20.0718 2692 WSWNA1100 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:20.0718 2692 WSWNA1100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:42:29.0296 2780 Deinitialize success

Attached Files



#8 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:01:54 PM

Posted 02 April 2012 - 04:44 PM

You can close the AVP scanner and allow it to uninstall.

Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated and advise how the system is behaving now. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

Folder::
c:\program files\uTorrent

FCopy::
c:\windows\ERDNT\cache\winlogon.exe | c:\windows\system32\winlogon.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#9 ALVERMIC

ALVERMIC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 April 2012 - 07:13 PM

Still Google search redirecting
I dont think Utorrent is a bad program (that contains spyware)


ComboFix 12-04-01.03 - Beto 04/02/2012 16:31:08.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2048.1399 [GMT -7:00]
Running from: c:\documents and settings\Beto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Beto\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache\winlogon.exe --> c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 02:18 . 2012-04-02 02:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 15:06 . 2012-03-29 15:22 -------- d-----w- c:\documents and settings\Beto\Local Settings\Application Data\NPE
2012-03-29 15:06 . 2012-03-29 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-03-27 21:15 . 2012-03-28 00:25 -------- d-----w- c:\documents and settings\Beto\Application Data\vlc
2012-03-27 03:33 . 2012-03-27 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-03-26 16:30 . 2012-03-26 16:30 -------- d-----w- c:\documents and settings\Beto\Application Data\DriverCure
2012-03-26 16:30 . 2012-03-26 16:30 -------- d-----w- c:\documents and settings\Beto\Application Data\SpeedyPC Software
2012-03-26 16:29 . 2012-03-26 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-03-26 16:24 . 2012-03-26 16:24 -------- d-----w- C:\_OTL
2012-03-26 12:52 . 2012-03-28 11:45 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-26 03:20 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-26 03:20 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-22 17:30 . 2012-03-26 02:24 -------- d-----w- c:\documents and settings\Beto Admin
2012-03-19 18:18 . 2012-03-19 18:18 -------- d-----w- c:\documents and settings\Beto\Application Data\Apple Computer
2012-03-08 12:25 . 2012-01-26 01:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-03-08 12:25 . 2012-03-08 12:25 -------- d-----w- c:\program files\Soluto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 21:29 . 2012-03-20 21:29 388096 ----a-r- c:\documents and settings\Beto\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-26 17:14 . 2011-10-10 16:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:06 . 2011-10-20 14:00 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:22 . 2004-08-03 21:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2011-02-15 18:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-25 20:00 . 2011-04-06 19:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_15.05.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-26 02:15 . 2009-01-31 00:13 58208 c:\windows\system32\wsimd.sys
+ 2012-04-02 02:29 . 2009-01-31 00:13 58208 c:\windows\system32\wsimd.sys
- 2012-03-26 02:15 . 2008-09-26 01:07 57440 c:\windows\system32\jswscimd.sys
+ 2012-04-02 02:29 . 2008-09-26 01:07 57440 c:\windows\system32\jswscimd.sys
- 2012-03-26 02:15 . 2009-02-20 20:07 82017 c:\windows\system32\dsaNac.dll
+ 2012-04-02 02:29 . 2009-02-20 20:07 82017 c:\windows\system32\dsaNac.dll
+ 2012-04-02 02:29 . 2009-01-31 00:13 58208 c:\windows\system32\drivers\wsimd.sys
- 2012-03-26 02:15 . 2009-01-31 00:13 58208 c:\windows\system32\drivers\wsimd.sys
+ 2012-04-02 02:29 . 2008-09-26 01:07 57440 c:\windows\system32\drivers\jswscimd.sys
- 2012-03-26 02:15 . 2008-09-26 01:07 57440 c:\windows\system32\drivers\jswscimd.sys
- 2012-03-26 02:15 . 2009-02-20 20:29 249924 c:\windows\system32\wsimd.dll
+ 2012-04-02 02:29 . 2009-02-20 20:29 249924 c:\windows\system32\wsimd.dll
+ 2012-04-02 02:29 . 2009-02-20 20:29 254022 c:\windows\system32\wsfwDS.dll
- 2012-03-26 02:15 . 2009-02-20 20:29 254022 c:\windows\system32\wsfwDS.dll
+ 2012-04-02 02:29 . 2009-02-20 20:20 426074 c:\windows\system32\wgapi.dll
- 2012-03-26 02:15 . 2009-02-20 20:20 426074 c:\windows\system32\wgapi.dll
- 2012-03-26 02:15 . 2009-02-20 20:19 356443 c:\windows\system32\wcapiU.dll
+ 2012-04-02 02:29 . 2009-02-20 20:19 356443 c:\windows\system32\wcapiU.dll
- 2012-03-26 02:15 . 2009-02-20 20:17 405504 c:\windows\system32\wcapi.dll
+ 2012-04-02 02:29 . 2009-02-20 20:17 405504 c:\windows\system32\wcapi.dll
+ 2012-04-02 02:29 . 2009-11-05 23:08 405582 c:\windows\system32\jswscsup.dll
- 2012-03-26 02:15 . 2009-11-05 23:08 405582 c:\windows\system32\jswscsup.dll
+ 2012-04-02 02:29 . 2009-02-20 20:13 262216 c:\windows\system32\IPTests.dll
- 2012-03-26 02:15 . 2009-02-20 20:13 262216 c:\windows\system32\IPTests.dll
+ 2004-08-03 22:56 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2012-04-02 02:29 . 2009-02-20 20:23 311390 c:\windows\system32\athcfg20U.dll
- 2012-03-26 02:15 . 2009-02-20 20:23 311390 c:\windows\system32\athcfg20U.dll
+ 2012-04-02 02:29 . 2009-02-20 20:22 127079 c:\windows\system32\athcfg20resU.dll
- 2012-03-26 02:15 . 2009-02-20 20:22 127079 c:\windows\system32\athcfg20resU.dll
- 2012-03-26 02:15 . 2009-02-20 20:16 127053 c:\windows\system32\athcfg20res.dll
+ 2012-04-02 02:29 . 2009-02-20 20:16 127053 c:\windows\system32\athcfg20res.dll
- 2012-03-26 02:15 . 2009-02-20 20:16 237568 c:\windows\system32\athcfg20.dll
+ 2012-04-02 02:29 . 2009-02-20 20:16 237568 c:\windows\system32\athcfg20.dll
+ 2012-04-02 02:29 . 2009-02-20 20:23 495700 c:\windows\system32\acs.exe
- 2012-03-26 02:15 . 2009-02-20 20:23 495700 c:\windows\system32\acs.exe
+ 2012-04-02 02:29 . 2009-02-20 20:07 1269854 c:\windows\system32\dsa.dll
- 2012-03-26 02:15 . 2009-02-20 20:07 1269854 c:\windows\system32\dsa.dll
- 2012-03-26 02:15 . 2010-10-01 03:15 1759584 c:\windows\system32\drivers\athuw.sys
+ 2012-04-02 02:29 . 2010-10-01 03:15 1759584 c:\windows\system32\drivers\athuw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-10-01 137536]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"93FDE12A68C1C5DA460E66A75EA30DA02AACFD33._service_run"="c:\documents and settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-03-27 1224176]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 1797008]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-17 163840]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"vspdfprsrv.exe"="c:\program files\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe" [2011-08-29 4566016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"jswtrayutil"="c:\program files\NETGEAR\WNA1100\jswtrayutil.exe" [BU]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-4-1 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Beto\\My Documents\\Downloads\\solutoinstaller.exe"=
"c:\\Documents and Settings\\Beto\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Beto\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [3/8/2012 5:25 AM 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 7:00 AM 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/9/2011 2:22 PM 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 7:00 AM 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/9/2012 11:45 PM 652360]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2/25/2011 1:37 PM 28672]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [1/25/2012 7:05 PM 547872]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2/23/2012 3:40 AM 2886528]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [4/1/2012 7:29 PM 266240]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4/1/2012 7:29 PM 1759584]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [5/25/2011 7:59 PM 472644]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [4/1/2012 7:29 PM 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/9/2012 11:45 PM 20464]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2/25/2011 1:37 PM 6656]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/10/2011 6:07 PM 47360]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [5/3/2011 3:14 PM 260580]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [5/3/2011 8:20 PM 23552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [5/3/2011 3:13 PM 23456]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [4/1/2012 7:29 PM 360529]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/11/2012 9:14 AM 27064]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job
- c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-01 22:13]
.
2012-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job
- c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-01 22:13]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job
- c:\documents and settings\Beto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 14:18]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job
- c:\documents and settings\Beto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 14:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Beto\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Beto\Application Data\Mozilla\Firefox\Profiles\00pbhh9d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.http - 184.72.224.129
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
SafeBoot-37559108.sys
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 16:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1780)
c:\windows\system32\athgina.dll
.
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\WININET.dll
c:\program files\U.S. Robotics\iBand\iBand.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\rundll32.exe
c:\program files\Netropa\Traymon.exe
c:\program files\Netropa\OSD.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-04-02 16:56:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 23:56
.
Pre-Run: 95,175,999,488 bytes free
Post-Run: 95,103,877,120 bytes free
.
- - End Of File - - 9E58696BD4D381259B8AEAD9F1485768

#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:01:54 PM

Posted 03 April 2012 - 02:10 AM

I dont think Utorrent is a bad program (that contains spyware)

Please think again...the program itself may be spyware free but the database from which one downloads is a cesspool containing every type of malware known to man. Having the program on board, I have to assume you've used it so...I suggest you delete/remove/uninstall anything you downloaded using their shared server.

Next, please open another blank Notepad and copy the below text in Bold. Paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

file::
c:\Documents and Settings\Beto\My Documents\Downloads\solutoinstaller.exe
c:\windows\system32\drivers\Soluto.sys

folder::
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update
c:\Program Files\Soluto
C:\TDSSKiller_Quarantine
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\Beto\Application Data\SpeedyPC Software
c:\documents and settings\All Users\Application Data\SpeedyPC Software
C:\_OTL

driver::
Soluto
SolutoService

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"= -
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Beto\\My Documents\\Downloads\\solutoinstaller.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=-
"c:\\Program Files\\Soluto\\SolutoService.exe"=-
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=-
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=-

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 ALVERMIC

ALVERMIC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 03 April 2012 - 01:04 PM

Still not fixed

ComboFix 12-04-01.03 - Beto 04/03/2012 7:19.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2048.1440 [GMT -7:00]
Running from: c:\documents and settings\Beto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Beto\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\documents and settings\Beto\My Documents\Downloads\solutoinstaller.exe"
"c:\windows\system32\drivers\Soluto.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\_OTL
c:\_otl\MovedFiles\03262012_092406.log
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\documents and settings\All Users\Application Data\Norton\NPE\NPEsettings.dat
c:\documents and settings\All Users\Application Data\SpeedyPC Software
c:\documents and settings\Beto\Application Data\SpeedyPC Software
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdate.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\documents and settings\Beto\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
c:\documents and settings\Beto\My Documents\Downloads\solutoinstaller.exe
c:\program files\Soluto
c:\program files\Soluto\AllowKernelDump.reg
c:\program files\Soluto\AllowMachineName.reg
c:\program files\Soluto\AmCharts.Windows.Design.dll
c:\program files\Soluto\AmCharts.Windows.dll
c:\program files\Soluto\Community.CsharpSqlite.dll
c:\program files\Soluto\cpuidsdk.dll
c:\program files\Soluto\CrashTest.exe
c:\program files\Soluto\Debugger\x86\cdb.exe
c:\program files\Soluto\Debugger\x86\dbgeng.dll
c:\program files\Soluto\Debugger\x86\dbghelp.dll
c:\program files\Soluto\Debugger\x86\ntsd.exe
c:\program files\Soluto\Interop.IWshRuntimeLibrary.dll
c:\program files\Soluto\Interop.NetFwTypeLib.dll
c:\program files\Soluto\Ionic.Zip.Reduced.dll
c:\program files\Soluto\License.txt
c:\program files\Soluto\LocalGenome.sdf
c:\program files\Soluto\Microsoft.ServiceHosting.ServiceRuntime.dll
c:\program files\Soluto\Newtonsoft.Json.Net35.dll
c:\program files\Soluto\PCGAppControlPluginLoader.exe
c:\program files\Soluto\PCGAzureEntityFramework.dll
c:\program files\Soluto\PCGAzureShared.dll
c:\program files\Soluto\PCGBootVisualizingCommon.dll
c:\program files\Soluto\PCGBootVisualizingCore.dll
c:\program files\Soluto\PCGBrowsersProbe.dll
c:\program files\Soluto\PCGCatalogItemCache.dll
c:\program files\Soluto\PCGCatalogItemFootprint.dll
c:\program files\Soluto\PCGClientCommon.dll
c:\program files\Soluto\PCGClientCommunication.dll
c:\program files\Soluto\PCGCommunication.dll
c:\program files\Soluto\PCGConfiguration.dll
c:\program files\Soluto\PCGDataAggregation.dll
c:\program files\Soluto\PCGDatabase.dll
c:\program files\Soluto\PCGDeviceScanLib.dll
c:\program files\Soluto\PCGDllExportInspector.dll
c:\program files\Soluto\PCGDriverProbe.dll
c:\program files\Soluto\PCGEntities.dll
c:\program files\Soluto\PCGFramework.dll
c:\program files\Soluto\PCGHIDProbe.dll
c:\program files\Soluto\PCGPostBootResources.dll
c:\program files\Soluto\PCGPreCompiled.dll
c:\program files\Soluto\PCGPrestoSerializer.dll
c:\program files\Soluto\PCGRSPProbe.dll
c:\program files\Soluto\PCGSAProbe.dll
c:\program files\Soluto\PCGUpgrader.dll
c:\program files\Soluto\PCGUsersCenter.dll
c:\program files\Soluto\PCGWuInfo.dll
c:\program files\Soluto\Soluto.cat
c:\program files\Soluto\Soluto.exe
c:\program files\Soluto\Soluto.exe.config
c:\program files\Soluto\Soluto.ico
c:\program files\Soluto\Soluto.inf
c:\program files\Soluto\Soluto.lnk
c:\program files\Soluto\Soluto.sys
c:\program files\Soluto\SolutoCleanup.exe
c:\program files\Soluto\SolutoCleanup.exe.config
c:\program files\Soluto\SolutoConsole.exe
c:\program files\Soluto\SolutoService.exe
c:\program files\Soluto\SolutoService.exe.config
c:\program files\Soluto\SolutoSleep.ico
c:\program files\Soluto\SolutoTray.ico
c:\program files\Soluto\SolutoUpdateService.exe
c:\program files\Soluto\sqlceca35.dll
c:\program files\Soluto\sqlcecompact35.dll
c:\program files\Soluto\sqlceer35EN.dll
c:\program files\Soluto\sqlceme35.dll
c:\program files\Soluto\sqlceoledb35.dll
c:\program files\Soluto\sqlceqp35.dll
c:\program files\Soluto\sqlcese35.dll
c:\program files\Soluto\System.Data.SqlServerCe.dll
c:\program files\Soluto\System.Data.SqlServerCe.Entity.dll
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0000\object.ini
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0000\svc0000\object.ini
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0000\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0000\svc0000\tsk0000.ini
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0001\object.ini
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0001\svc0000\object.ini
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0001\svc0000\tsk0000.dta
c:\tdsskiller_quarantine\01.04.2012_18.54.35\susp0001\svc0000\tsk0000.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\Soluto.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SOLUTO
-------\Legacy_SOLUTOSERVICE
-------\Service_Soluto
-------\Service_SolutoService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-03-29 15:06 . 2012-03-29 15:22 -------- d-----w- c:\documents and settings\Beto\Local Settings\Application Data\NPE
2012-03-27 21:15 . 2012-03-28 00:25 -------- d-----w- c:\documents and settings\Beto\Application Data\vlc
2012-03-27 03:33 . 2012-03-27 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-03-26 16:30 . 2012-03-26 16:30 -------- d-----w- c:\documents and settings\Beto\Application Data\DriverCure
2012-03-26 12:52 . 2012-03-28 11:45 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-03-26 03:20 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-26 03:20 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-22 17:30 . 2012-03-26 02:24 -------- d-----w- c:\documents and settings\Beto Admin
2012-03-19 18:18 . 2012-03-19 18:18 -------- d-----w- c:\documents and settings\Beto\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 21:29 . 2012-03-20 21:29 388096 ----a-r- c:\documents and settings\Beto\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-26 17:14 . 2011-10-10 16:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:06 . 2011-10-20 14:00 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:22 . 2004-08-03 21:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2011-02-15 18:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-25 20:00 . 2011-04-06 19:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_15.05.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-03 14:37 . 2012-04-03 14:37 16384 c:\windows\temp\Perflib_Perfdata_d14.dat
- 2012-03-26 02:15 . 2009-01-31 00:13 58208 c:\windows\system32\wsimd.sys
+ 2012-04-02 02:29 . 2009-01-31 00:13 58208 c:\windows\system32\wsimd.sys
- 2012-03-26 02:15 . 2008-09-26 01:07 57440 c:\windows\system32\jswscimd.sys
+ 2012-04-02 02:29 . 2008-09-26 01:07 57440 c:\windows\system32\jswscimd.sys
- 2012-03-26 02:15 . 2009-02-20 20:07 82017 c:\windows\system32\dsaNac.dll
+ 2012-04-02 02:29 . 2009-02-20 20:07 82017 c:\windows\system32\dsaNac.dll
- 2012-03-26 02:15 . 2009-01-31 00:13 58208 c:\windows\system32\drivers\wsimd.sys
+ 2012-04-02 02:29 . 2009-01-31 00:13 58208 c:\windows\system32\drivers\wsimd.sys
- 2012-03-26 02:15 . 2008-09-26 01:07 57440 c:\windows\system32\drivers\jswscimd.sys
+ 2012-04-02 02:29 . 2008-09-26 01:07 57440 c:\windows\system32\drivers\jswscimd.sys
+ 2012-04-02 02:29 . 2009-02-20 20:29 249924 c:\windows\system32\wsimd.dll
- 2012-03-26 02:15 . 2009-02-20 20:29 249924 c:\windows\system32\wsimd.dll
- 2012-03-26 02:15 . 2009-02-20 20:29 254022 c:\windows\system32\wsfwDS.dll
+ 2012-04-02 02:29 . 2009-02-20 20:29 254022 c:\windows\system32\wsfwDS.dll
- 2012-03-26 02:15 . 2009-02-20 20:20 426074 c:\windows\system32\wgapi.dll
+ 2012-04-02 02:29 . 2009-02-20 20:20 426074 c:\windows\system32\wgapi.dll
+ 2012-04-02 02:29 . 2009-02-20 20:19 356443 c:\windows\system32\wcapiU.dll
- 2012-03-26 02:15 . 2009-02-20 20:19 356443 c:\windows\system32\wcapiU.dll
- 2012-03-26 02:15 . 2009-02-20 20:17 405504 c:\windows\system32\wcapi.dll
+ 2012-04-02 02:29 . 2009-02-20 20:17 405504 c:\windows\system32\wcapi.dll
+ 2012-04-02 02:29 . 2009-11-05 23:08 405582 c:\windows\system32\jswscsup.dll
- 2012-03-26 02:15 . 2009-11-05 23:08 405582 c:\windows\system32\jswscsup.dll
+ 2012-04-02 02:29 . 2009-02-20 20:13 262216 c:\windows\system32\IPTests.dll
- 2012-03-26 02:15 . 2009-02-20 20:13 262216 c:\windows\system32\IPTests.dll
+ 2004-08-03 22:56 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe
- 2012-03-26 02:15 . 2009-02-20 20:23 311390 c:\windows\system32\athcfg20U.dll
+ 2012-04-02 02:29 . 2009-02-20 20:23 311390 c:\windows\system32\athcfg20U.dll
+ 2012-04-02 02:29 . 2009-02-20 20:22 127079 c:\windows\system32\athcfg20resU.dll
- 2012-03-26 02:15 . 2009-02-20 20:22 127079 c:\windows\system32\athcfg20resU.dll
+ 2012-04-02 02:29 . 2009-02-20 20:16 127053 c:\windows\system32\athcfg20res.dll
- 2012-03-26 02:15 . 2009-02-20 20:16 127053 c:\windows\system32\athcfg20res.dll
+ 2012-04-02 02:29 . 2009-02-20 20:16 237568 c:\windows\system32\athcfg20.dll
- 2012-03-26 02:15 . 2009-02-20 20:16 237568 c:\windows\system32\athcfg20.dll
- 2012-03-26 02:15 . 2009-02-20 20:23 495700 c:\windows\system32\acs.exe
+ 2012-04-02 02:29 . 2009-02-20 20:23 495700 c:\windows\system32\acs.exe
+ 2012-04-02 02:29 . 2009-02-20 20:07 1269854 c:\windows\system32\dsa.dll
- 2012-03-26 02:15 . 2009-02-20 20:07 1269854 c:\windows\system32\dsa.dll
- 2012-03-26 02:15 . 2010-10-01 03:15 1759584 c:\windows\system32\drivers\athuw.sys
+ 2012-04-02 02:29 . 2010-10-01 03:15 1759584 c:\windows\system32\drivers\athuw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"93FDE12A68C1C5DA460E66A75EA30DA02AACFD33._service_run"="c:\documents and settings\Beto\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-03-27 1224176]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 1797008]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-17 163840]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"vspdfprsrv.exe"="c:\program files\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe" [2011-08-29 4566016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"jswtrayutil"="c:\program files\NETGEAR\WNA1100\jswtrayutil.exe" [BU]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-4-1 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Beto\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Beto\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 7:00 AM 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/9/2011 2:22 PM 218688]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 7:00 AM 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/9/2012 11:45 PM 652360]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2/25/2011 1:37 PM 28672]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2/23/2012 3:40 AM 2886528]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [4/1/2012 7:29 PM 266240]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4/1/2012 7:29 PM 1759584]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [5/25/2011 7:59 PM 472644]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [4/1/2012 7:29 PM 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/9/2012 11:45 PM 20464]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2/25/2011 1:37 PM 6656]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/10/2011 6:07 PM 47360]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [5/3/2011 3:14 PM 260580]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [5/3/2011 8:20 PM 23552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [5/3/2011 3:13 PM 23456]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [4/1/2012 7:29 PM 360529]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/11/2012 9:14 AM 27064]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003Core.job
- c:\documents and settings\Beto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 14:18]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1177238915-839522115-1003UA.job
- c:\documents and settings\Beto\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-10 14:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Beto\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Beto\Application Data\Mozilla\Firefox\Profiles\00pbhh9d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.http - 184.72.224.129
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 07:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1780)
c:\windows\system32\athgina.dll
.
- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\program files\U.S. Robotics\iBand\iBand.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\rundll32.exe
c:\program files\Netropa\Traymon.exe
c:\program files\Netropa\OSD.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-04-03 07:40:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 14:40
ComboFix2.txt 2012-04-02 23:56
.
Pre-Run: 95,093,997,568 bytes free
Post-Run: 95,048,536,064 bytes free
.
- - End Of File - - CEF0ACFB7C7E7602BE2483FCD5BEFA3C

#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:01:54 PM

Posted 03 April 2012 - 06:50 PM

Thanks! Now, please update your on board MalwareBytes Anti-malware scanner and run a full system scan. Post back the log. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 ALVERMIC

ALVERMIC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 05 April 2012 - 12:40 AM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Beto :: ALBERTO-PC [administrator]

Protection: Disabled

4/4/2012 8:50:53 PM
mbam-log-2012-04-04 (20-50-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 327889
Time elapsed: 1 hour(s), 40 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:01:54 PM

Posted 05 April 2012 - 08:16 AM

Great! How's it running for you now?

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#15 ALVERMIC

ALVERMIC
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 05 April 2012 - 08:39 AM

I hate to tell you that is still redirecting, I was reading in a microsoft page about reseting the host file.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users