Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect & Recommended for You pop-up


  • This topic is locked This topic is locked
26 replies to this topic

#1 Slafter

Slafter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 May 2012 - 10:54 AM

Hi,

I keep getting redirected when I click on links and a small pop-up that reads "Recommended for You" shows up just before or after I get redirected. A friend told me to use Malwarebytes but it didn't find anything. Any insight on what to do would be greatly appreciated. Thanks.

Also, when I tried to use gmer most of the check boxes were grayed out so when I did the scan it didn't come up with anything. Am I doing something wrong?

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Aaron at 16:04:37 on 2012-05-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.5925 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Octoshape Streaming Services] "C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}\E415831523 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\wvjtflfe.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30:21];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-19 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-3-19 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-27 17:13:53 -------- d-----w- C:\Users\Aaron\AppData\Local\{39D7C1F1-92DB-42A8-89A1-31AB008EA655}
2012-04-27 17:13:32 -------- d-----w- C:\Users\Aaron\AppData\Local\{F54EBDA4-7E9A-4A3D-B919-C23C930D9334}
2012-04-27 03:46:02 -------- d-----w- C:\Users\Aaron\AppData\Local\{43556E0D-CEAE-46E3-B036-753BD41418AB}
2012-04-27 03:45:41 -------- d-----w- C:\Users\Aaron\AppData\Local\{D1A480EC-03C8-4A5F-9B4E-2C43613ACAF3}
2012-04-26 15:45:17 -------- d-----w- C:\Users\Aaron\AppData\Local\{18D531C7-7A5E-4DF1-8CDA-5C0118D2CA94}
2012-04-26 15:44:57 -------- d-----w- C:\Users\Aaron\AppData\Local\{7BBE9EBB-B042-42EE-A6F3-144645D6535C}
2012-04-26 03:44:32 -------- d-----w- C:\Users\Aaron\AppData\Local\{8CF456AD-7A60-48BE-8873-D5EABB928F98}
2012-04-26 03:44:10 -------- d-----w- C:\Users\Aaron\AppData\Local\{BC8FB0CB-4344-478F-A70C-789E842FB194}
2012-04-25 16:47:47 -------- d-----w- C:\Users\Aaron\AppData\Roaming\OpenOffice.org
2012-04-25 16:46:01 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-04-25 15:43:47 -------- d-----w- C:\Users\Aaron\AppData\Local\{7EEFFDD8-A6CE-40F3-AA59-78CE363ED1E0}
2012-04-25 15:43:27 -------- d-----w- C:\Users\Aaron\AppData\Local\{3AE85F30-1EA6-4FFF-B763-A114B342CCE4}
2012-04-24 22:16:38 -------- d-----w- C:\Users\Aaron\AppData\Local\{EBA14D49-3EA4-47C2-8F00-4E6F2122D6BA}
2012-04-24 22:16:18 -------- d-----w- C:\Users\Aaron\AppData\Local\{F250105D-3DD9-4B62-809F-B153098E3932}
2012-04-24 20:33:10 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-24 20:33:08 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 20:33:08 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 18:44:03 -------- d-----w- C:\Users\Aaron\AppData\Local\WMTools Downloaded Files
2012-04-23 18:33:20 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6
2012-04-23 17:37:52 -------- d-----w- C:\Users\Aaron\AppData\Local\{B588AFCF-7337-417D-BFEA-D389B86B42B2}
2012-04-23 17:37:32 -------- d-----w- C:\Users\Aaron\AppData\Local\{CF0A1322-B34A-4292-96A8-C9BDDAAE4F82}
2012-04-23 17:31:52 -------- d-----w- C:\Windows\en
2012-04-23 17:27:45 19352 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-23 17:24:45 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-04-23 17:24:45 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-04-23 17:24:45 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-04-23 17:24:45 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-04-23 17:21:37 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\DSETUP.dll
2012-04-23 17:21:37 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\DXSETUP.exe
2012-04-23 17:21:37 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\dsetup32.dll
2012-04-23 17:21:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\DSETUP.dll
2012-04-23 17:21:32 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\DXSETUP.exe
2012-04-23 17:21:32 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\dsetup32.dll
2012-04-23 17:21:13 -------- d-----w- C:\Program Files (x86)\Audacity
2012-04-23 17:19:55 -------- d-----w- C:\Users\Aaron\AppData\Local\Windows Live
2012-04-20 13:17:42 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
2012-04-20 13:16:59 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-05-11 20:46:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-11 20:46:43 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-11 20:46:24 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-21 14:53:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-03 21:53:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 16:05:05.99 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 14 May 2012 - 12:05 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Slafter

Slafter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 May 2012 - 09:18 AM

Thanks for the speedy reply Gringo.

After running combofix my browser has stopped redirecting but the ad pop-ups continue. They do seem to pop-up less frequently though.

Also, the combofix log was too big to fit into this reply so I attached it. Hope that's alright.



Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
King's Bounty: Armored Princess
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````




ComboFix 12-05-14.02 - Aaron 05/14/2012 9:25.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.5784 [GMT -4:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 13:33 . 2012-05-14 13:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-14 13:33 . 2012-05-14 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 18:58 . 2012-05-10 18:58 -------- d-----w- c:\program files\7-Zip
2012-05-01 05:58 . 2012-05-01 05:58 -------- d-----w- c:\windows\system32\Macromed
2012-04-25 16:47 . 2012-04-25 16:47 -------- d-----w- c:\users\Aaron\AppData\Roaming\OpenOffice.org
2012-04-25 16:46 . 2012-04-25 16:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-04-24 20:33 . 2012-04-24 20:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-24 20:33 . 2012-04-24 20:33 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 20:33 . 2012-04-24 20:33 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 18:44 . 2012-04-25 02:17 -------- d-----w- c:\users\Aaron\AppData\Local\WMTools Downloaded Files
2012-04-23 18:33 . 2012-04-23 18:33 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2012-04-23 17:31 . 2012-04-23 17:31 -------- d-----w- c:\windows\en
2012-04-23 17:28 . 2012-04-23 17:28 -------- d-----w- c:\program files\Windows Live
2012-04-23 17:27 . 2012-04-23 17:27 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-23 17:24 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2012-04-23 17:24 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-04-23 17:24 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-04-23 17:24 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-04-23 17:21 . 2012-04-23 17:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\DSETUP.dll
2012-04-23 17:21 . 2012-04-23 17:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\DXSETUP.exe
2012-04-23 17:21 . 2012-04-23 17:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\dsetup32.dll
2012-04-23 17:21 . 2012-04-23 17:21 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\DSETUP.dll
2012-04-23 17:21 . 2012-04-23 17:21 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\DXSETUP.exe
2012-04-23 17:21 . 2012-04-23 17:21 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\dsetup32.dll
2012-04-23 17:21 . 2012-04-23 17:21 -------- d-----w- c:\program files (x86)\Audacity
2012-04-23 17:19 . 2012-04-27 17:14 -------- d-----w- c:\users\Aaron\AppData\Local\Windows Live
2012-04-20 13:17 . 2012-04-20 13:39 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-04-20 13:16 . 2012-04-20 13:17 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 20:55 . 2010-08-19 23:20 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-13 20:55 . 2010-08-19 23:20 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-13 20:55 . 2010-08-19 23:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-21 14:53 . 2010-08-19 23:20 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-04 19:56 . 2011-11-04 23:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 07:09 . 2012-03-16 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 07:09 . 2012-03-16 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 07:09 . 2012-03-16 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 07:09 . 2012-03-16 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 07:09 . 2012-03-16 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 07:09 . 2012-03-16 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 07:09 . 2012-03-16 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 07:09 . 2012-03-16 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 07:09 . 2012-03-16 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 07:09 . 2012-03-16 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 07:09 . 2012-03-16 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 07:09 . 2012-03-16 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 07:09 . 2012-03-16 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 07:09 . 2012-03-16 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 07:09 . 2012-03-16 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 07:09 . 2012-03-16 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 07:09 . 2012-03-16 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 07:09 . 2012-03-16 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 07:09 . 2012-03-16 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 07:09 . 2012-03-16 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 07:09 . 2012-03-16 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 07:09 . 2012-03-16 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 07:09 . 2012-03-16 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 07:09 . 2012-03-16 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 07:09 . 2012-03-16 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 07:09 . 2012-03-16 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 07:09 . 2012-03-16 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 07:09 . 2012-03-16 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 07:09 . 2012-03-16 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 07:09 . 2012-03-16 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 07:09 . 2012-03-16 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 07:09 . 2012-03-16 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 07:09 . 2012-03-16 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 07:09 . 2012-03-16 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-03 21:53 . 2010-08-28 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:54 . 2012-04-12 07:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 07:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 07:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-15 06:27 . 2012-03-14 11:15 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 11:15 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 11:15 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 11:15 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-01_15.03.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-08-11 17:22 . 2009-12-11 07:36 96768 c:\windows\SysWOW64\sspicli.dll
7_32\PresentationCore\43c26b0f01acc4b15423a49af278e1df\PresentationCore.ni.dll
+ 2012-05-09 07:30 . 2012-05-09 07:30 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Octoshape Streaming Services"="c:\users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 00:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\At10.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At12.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At14.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At16.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At18.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At2.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At20.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At22.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At24.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At26.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At28.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At30.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At32.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At34.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At36.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At38.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At4.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-13 c:\windows\Tasks\At40.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At42.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At44.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At46.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At48.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At6.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-14 c:\windows\Tasks\At8.job
- c:\windows\system32\f7n0En.com_ [2011-11-26 00:54]
.
2012-05-12 c:\windows\Tasks\HPCeeScheduleForAaron.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\wvjtflfe.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*V*ќ6\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\SecuROM\License information*]
"datasecu"=hex:61,c2,a7,82,63,b1,2d,e2,0a,e8,7c,43,2e,e4,c4,d5,54,ca,40,a0,4c,
6b,8e,7d,4b,26,b6,28,0d,f8,cf,5d,93,c1,fb,55,1d,88,7c,53,2d,bd,da,f1,47,75,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-14 09:35:46
ComboFix-quarantined-files.txt 2012-05-14 13:35
ComboFix2.txt 2011-12-01 15:09
.
Pre-Run: 136,333,385,728 bytes free
Post-Run: 136,661,270,528 bytes free
.
- - End Of File - - A6657D6B8483E41C13CCE4F73C74588F

Attached Files

  • Attached File  log.txt   269.06KB   3 downloads

Edited by gringo_pr, 15 May 2012 - 07:38 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 14 May 2012 - 12:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Slafter

Slafter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 May 2012 - 02:10 PM

Hi,

14:01:10.0288 5500 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:01:10.0506 5500 ============================================================
14:01:10.0506 5500 Current date / time: 2012/05/14 14:01:10.0506
14:01:10.0506 5500 SystemInfo:
14:01:10.0506 5500
14:01:10.0506 5500 OS Version: 6.1.7600 ServicePack: 0.0
14:01:10.0506 5500 Product type: Workstation
14:01:10.0507 5500 ComputerName: AARON-PC
14:01:10.0507 5500 UserName: Aaron
14:01:10.0507 5500 Windows directory: C:\Windows
14:01:10.0507 5500 System windows directory: C:\Windows
14:01:10.0507 5500 Running under WOW64
14:01:10.0507 5500 Processor architecture: Intel x64
14:01:10.0507 5500 Number of processors: 8
14:01:10.0507 5500 Page size: 0x1000
14:01:10.0507 5500 Boot type: Normal boot
14:01:10.0507 5500 ============================================================
14:01:11.0175 5500 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:01:11.0199 5500 ============================================================
14:01:11.0199 5500 \Device\Harddisk0\DR0:
14:01:11.0199 5500 MBR partitions:
14:01:11.0199 5500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:01:11.0199 5500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x730B6800
14:01:11.0199 5500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x730E9000, BlocksNum 0x161D000
14:01:11.0199 5500 ============================================================
14:01:11.0221 5500 C: <-> \Device\Harddisk0\DR0\Partition1
14:01:11.0274 5500 D: <-> \Device\Harddisk0\DR0\Partition2
14:01:11.0274 5500 ============================================================
14:01:11.0274 5500 Initialize success
14:01:11.0274 5500 ============================================================
14:01:14.0238 5032 ============================================================
14:01:14.0238 5032 Scan started
14:01:14.0238 5032 Mode: Manual;
14:01:14.0238 5032 ============================================================
14:01:15.0129 5032 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:01:15.0131 5032 1394ohci - ok
14:01:15.0245 5032 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:01:15.0248 5032 ACPI - ok
14:01:15.0351 5032 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:01:15.0351 5032 AcpiPmi - ok
14:01:15.0428 5032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:01:15.0433 5032 adp94xx - ok
14:01:15.0502 5032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:01:15.0505 5032 adpahci - ok
14:01:15.0551 5032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:01:15.0553 5032 adpu320 - ok
14:01:15.0581 5032 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:01:15.0582 5032 AeLookupSvc - ok
14:01:15.0684 5032 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:01:15.0688 5032 AFD - ok
14:01:15.0723 5032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:01:15.0724 5032 agp440 - ok
14:01:15.0746 5032 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:01:15.0747 5032 ALG - ok
14:01:15.0775 5032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:01:15.0775 5032 aliide - ok
14:01:15.0841 5032 AMD External Events Utility (c6f7a4e77158af1b937f872392ff1b13) C:\Windows\system32\atiesrxx.exe
14:01:15.0843 5032 AMD External Events Utility - ok
14:01:15.0859 5032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:01:15.0859 5032 amdide - ok
14:01:15.0879 5032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:01:15.0880 5032 AmdK8 - ok
14:01:16.0454 5032 amdkmdag (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
14:01:16.0481 5032 amdkmdag - ok
14:01:16.0627 5032 amdkmdap (1aa6f50a8e7f8413377c979cef5218a5) C:\Windows\system32\DRIVERS\atikmpag.sys
14:01:16.0629 5032 amdkmdap - ok
14:01:16.0662 5032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:01:16.0663 5032 AmdPPM - ok
14:01:16.0714 5032 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:01:16.0716 5032 amdsata - ok
14:01:16.0754 5032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:01:16.0756 5032 amdsbs - ok
14:01:16.0774 5032 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:01:16.0774 5032 amdxata - ok
14:01:16.0815 5032 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:01:16.0816 5032 AppID - ok
14:01:16.0841 5032 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:01:16.0841 5032 AppIDSvc - ok
14:01:16.0863 5032 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:01:16.0864 5032 Appinfo - ok
14:01:16.0965 5032 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:01:16.0967 5032 Apple Mobile Device - ok
14:01:17.0028 5032 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:01:17.0029 5032 arc - ok
14:01:17.0041 5032 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:01:17.0043 5032 arcsas - ok
14:01:17.0080 5032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:17.0081 5032 AsyncMac - ok
14:01:17.0108 5032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:01:17.0109 5032 atapi - ok
14:01:17.0154 5032 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
14:01:17.0156 5032 AtiHdmiService - ok
14:01:17.0241 5032 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:01:17.0247 5032 AudioEndpointBuilder - ok
14:01:17.0256 5032 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:01:17.0260 5032 AudioSrv - ok
14:01:17.0293 5032 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:01:17.0294 5032 AxInstSV - ok
14:01:17.0358 5032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:01:17.0361 5032 b06bdrv - ok
14:01:17.0406 5032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:17.0409 5032 b57nd60a - ok
14:01:17.0437 5032 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:01:17.0438 5032 BDESVC - ok
14:01:17.0444 5032 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:01:17.0445 5032 Beep - ok
14:01:17.0517 5032 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:01:17.0524 5032 BFE - ok
14:01:17.0617 5032 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
14:01:17.0626 5032 BITS - ok
14:01:17.0672 5032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:17.0672 5032 blbdrive - ok
14:01:17.0777 5032 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:01:17.0781 5032 Bonjour Service - ok
14:01:17.0843 5032 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:01:17.0844 5032 bowser - ok
14:01:17.0875 5032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:01:17.0875 5032 BrFiltLo - ok
14:01:17.0878 5032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:01:17.0878 5032 BrFiltUp - ok
14:01:17.0928 5032 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:01:17.0929 5032 BridgeMP - ok
14:01:17.0963 5032 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:01:17.0964 5032 Browser - ok
14:01:18.0002 5032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:01:18.0004 5032 Brserid - ok
14:01:18.0015 5032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:18.0015 5032 BrSerWdm - ok
14:01:18.0026 5032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:18.0027 5032 BrUsbMdm - ok
14:01:18.0045 5032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:18.0045 5032 BrUsbSer - ok
14:01:18.0060 5032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:18.0060 5032 BTHMODEM - ok
14:01:18.0090 5032 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:01:18.0091 5032 bthserv - ok
14:01:18.0097 5032 catchme - ok
14:01:18.0133 5032 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:01:18.0134 5032 cdfs - ok
14:01:18.0165 5032 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:01:18.0166 5032 cdrom - ok
14:01:18.0199 5032 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:01:18.0200 5032 CertPropSvc - ok
14:01:18.0224 5032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:01:18.0225 5032 circlass - ok
14:01:18.0290 5032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:01:18.0294 5032 CLFS - ok
14:01:18.0346 5032 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:18.0347 5032 clr_optimization_v2.0.50727_32 - ok
14:01:18.0423 5032 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:01:18.0424 5032 clr_optimization_v2.0.50727_64 - ok
14:01:18.0525 5032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:18.0527 5032 clr_optimization_v4.0.30319_32 - ok
14:01:18.0563 5032 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:01:18.0565 5032 clr_optimization_v4.0.30319_64 - ok
14:01:18.0589 5032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:01:18.0589 5032 CmBatt - ok
14:01:18.0596 5032 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:01:18.0597 5032 cmdide - ok
14:01:18.0667 5032 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:01:18.0672 5032 CNG - ok
14:01:18.0708 5032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:01:18.0708 5032 Compbatt - ok
14:01:18.0753 5032 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:01:18.0754 5032 CompositeBus - ok
14:01:18.0762 5032 COMSysApp - ok
14:01:18.0782 5032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:01:18.0783 5032 crcdisk - ok
14:01:18.0823 5032 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
14:01:18.0825 5032 CryptSvc - ok
14:01:19.0009 5032 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:01:19.0016 5032 cvhsvc - ok
14:01:19.0080 5032 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:01:19.0087 5032 DcomLaunch - ok
14:01:19.0128 5032 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:01:19.0132 5032 defragsvc - ok
14:01:19.0215 5032 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:01:19.0217 5032 DfsC - ok
14:01:19.0258 5032 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:01:19.0262 5032 Dhcp - ok
14:01:19.0272 5032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:01:19.0273 5032 discache - ok
14:01:19.0320 5032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:01:19.0321 5032 Disk - ok
14:01:19.0381 5032 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:01:19.0384 5032 Dnscache - ok
14:01:19.0426 5032 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:01:19.0428 5032 dot3svc - ok
14:01:19.0448 5032 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:01:19.0449 5032 DPS - ok
14:01:19.0474 5032 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:01:19.0475 5032 drmkaud - ok
14:01:19.0531 5032 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:01:19.0533 5032 dtsoftbus01 - ok
14:01:19.0626 5032 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:01:19.0633 5032 DXGKrnl - ok
14:01:19.0669 5032 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:01:19.0670 5032 EapHost - ok
14:01:19.0919 5032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:01:19.0934 5032 ebdrv - ok
14:01:20.0067 5032 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:01:20.0068 5032 EFS - ok
14:01:20.0195 5032 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:01:20.0201 5032 ehRecvr - ok
14:01:20.0239 5032 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:01:20.0240 5032 ehSched - ok
14:01:20.0362 5032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:01:20.0367 5032 elxstor - ok
14:01:20.0381 5032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:01:20.0381 5032 ErrDev - ok
14:01:20.0437 5032 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:01:20.0441 5032 EventSystem - ok
14:01:20.0484 5032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:01:20.0486 5032 exfat - ok
14:01:20.0520 5032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:01:20.0522 5032 fastfat - ok
14:01:20.0595 5032 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:01:20.0602 5032 Fax - ok
14:01:20.0625 5032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:01:20.0626 5032 fdc - ok
14:01:20.0645 5032 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:01:20.0646 5032 fdPHost - ok
14:01:20.0661 5032 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:01:20.0662 5032 FDResPub - ok
14:01:20.0699 5032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:01:20.0700 5032 FileInfo - ok
14:01:20.0709 5032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:01:20.0709 5032 Filetrace - ok
14:01:20.0725 5032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:01:20.0725 5032 flpydisk - ok
14:01:20.0762 5032 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:01:20.0765 5032 FltMgr - ok
14:01:20.0889 5032 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
14:01:20.0899 5032 FontCache - ok
14:01:20.0963 5032 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:20.0964 5032 FontCache3.0.0.0 - ok
14:01:21.0009 5032 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:01:21.0010 5032 FsDepends - ok
14:01:21.0056 5032 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
14:01:21.0057 5032 Fs_Rec - ok
14:01:21.0098 5032 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:01:21.0100 5032 fvevol - ok
14:01:21.0125 5032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:01:21.0126 5032 gagp30kx - ok
14:01:21.0209 5032 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:01:21.0211 5032 GameConsoleService - ok
14:01:21.0271 5032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:01:21.0271 5032 GEARAspiWDM - ok
14:01:21.0350 5032 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:01:21.0358 5032 gpsvc - ok
14:01:21.0375 5032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:01:21.0375 5032 hcw85cir - ok
14:01:21.0426 5032 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:01:21.0428 5032 HDAudBus - ok
14:01:21.0451 5032 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:01:21.0452 5032 HECIx64 - ok
14:01:21.0471 5032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:01:21.0471 5032 HidBatt - ok
14:01:21.0492 5032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:01:21.0493 5032 HidBth - ok
14:01:21.0526 5032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:01:21.0527 5032 HidIr - ok
14:01:21.0556 5032 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:01:21.0557 5032 hidserv - ok
14:01:21.0569 5032 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:01:21.0570 5032 HidUsb - ok
14:01:21.0602 5032 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:01:21.0604 5032 hkmsvc - ok
14:01:21.0639 5032 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:01:21.0643 5032 HomeGroupListener - ok
14:01:21.0682 5032 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:01:21.0685 5032 HomeGroupProvider - ok
14:01:21.0751 5032 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:01:21.0752 5032 HP Health Check Service - ok
14:01:21.0800 5032 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:01:21.0802 5032 hpqwmiex - ok
14:01:21.0834 5032 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:01:21.0835 5032 HpSAMD - ok
14:01:21.0927 5032 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:01:21.0934 5032 HTTP - ok
14:01:21.0950 5032 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:01:21.0950 5032 hwpolicy - ok
14:01:21.0987 5032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:01:21.0988 5032 i8042prt - ok
14:01:22.0056 5032 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
14:01:22.0061 5032 iaStor - ok
14:01:22.0134 5032 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:01:22.0135 5032 IAStorDataMgrSvc - ok
14:01:22.0219 5032 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:01:22.0223 5032 iaStorV - ok
14:01:22.0401 5032 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:01:22.0408 5032 idsvc - ok
14:01:22.0440 5032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:01:22.0441 5032 iirsp - ok
14:01:22.0518 5032 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:01:22.0526 5032 IKEEXT - ok
14:01:22.0693 5032 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
14:01:22.0711 5032 IntcAzAudAddService - ok
14:01:22.0843 5032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:01:22.0843 5032 intelide - ok
14:01:22.0862 5032 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:01:22.0863 5032 intelppm - ok
14:01:22.0890 5032 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:01:22.0892 5032 IPBusEnum - ok
14:01:22.0927 5032 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:22.0928 5032 IpFilterDriver - ok
14:01:22.0992 5032 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:01:22.0998 5032 iphlpsvc - ok
14:01:23.0014 5032 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:01:23.0015 5032 IPMIDRV - ok
14:01:23.0029 5032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:01:23.0031 5032 IPNAT - ok
14:01:23.0167 5032 iPod Service (f0eac938ecc1b2764d04ce16f8627e56) C:\Program Files\iPod\bin\iPodService.exe
14:01:23.0176 5032 iPod Service - ok
14:01:23.0199 5032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:01:23.0199 5032 IRENUM - ok
14:01:23.0238 5032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:01:23.0239 5032 isapnp - ok
14:01:23.0280 5032 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:01:23.0283 5032 iScsiPrt - ok
14:01:23.0306 5032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:01:23.0306 5032 kbdclass - ok
14:01:23.0332 5032 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:01:23.0333 5032 kbdhid - ok
14:01:23.0384 5032 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:01:23.0385 5032 KeyIso - ok
14:01:23.0443 5032 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:01:23.0444 5032 KSecDD - ok
14:01:23.0470 5032 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:01:23.0472 5032 KSecPkg - ok
14:01:23.0495 5032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:01:23.0496 5032 ksthunk - ok
14:01:23.0551 5032 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:01:23.0555 5032 KtmRm - ok
14:01:23.0618 5032 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
14:01:23.0622 5032 LanmanServer - ok
14:01:23.0657 5032 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:01:23.0660 5032 LanmanWorkstation - ok
14:01:23.0733 5032 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:01:23.0734 5032 LightScribeService - ok
14:01:23.0764 5032 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:01:23.0765 5032 lltdio - ok
14:01:23.0814 5032 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:01:23.0818 5032 lltdsvc - ok
14:01:23.0842 5032 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:01:23.0843 5032 lmhosts - ok
14:01:23.0885 5032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:01:23.0887 5032 LSI_FC - ok
14:01:23.0914 5032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:01:23.0915 5032 LSI_SAS - ok
14:01:23.0939 5032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:01:23.0940 5032 LSI_SAS2 - ok
14:01:23.0965 5032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:01:23.0967 5032 LSI_SCSI - ok
14:01:23.0994 5032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:01:23.0995 5032 luafv - ok
14:01:24.0030 5032 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:01:24.0032 5032 Mcx2Svc - ok
14:01:24.0056 5032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:01:24.0056 5032 megasas - ok
14:01:24.0105 5032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:01:24.0108 5032 MegaSR - ok
14:01:24.0139 5032 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:24.0141 5032 MMCSS - ok
14:01:24.0169 5032 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:01:24.0170 5032 Modem - ok
14:01:24.0199 5032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:01:24.0199 5032 monitor - ok
14:01:24.0315 5032 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
14:01:24.0315 5032 motmodem - ok
14:01:24.0343 5032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:01:24.0344 5032 mouclass - ok
14:01:24.0380 5032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:01:24.0380 5032 mouhid - ok
14:01:24.0414 5032 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:01:24.0415 5032 mountmgr - ok
14:01:24.0496 5032 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:01:24.0497 5032 MozillaMaintenance - ok
14:01:24.0524 5032 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:01:24.0525 5032 mpio - ok
14:01:24.0540 5032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:01:24.0541 5032 mpsdrv - ok
14:01:24.0621 5032 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:01:24.0627 5032 MpsSvc - ok
14:01:24.0651 5032 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:01:24.0651 5032 MRxDAV - ok
14:01:24.0701 5032 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:24.0702 5032 mrxsmb - ok
14:01:24.0770 5032 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:24.0772 5032 mrxsmb10 - ok
14:01:24.0789 5032 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:24.0790 5032 mrxsmb20 - ok
14:01:24.0815 5032 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:01:24.0816 5032 msahci - ok
14:01:24.0844 5032 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:01:24.0845 5032 msdsm - ok
14:01:24.0878 5032 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:01:24.0880 5032 MSDTC - ok
14:01:24.0913 5032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:01:24.0914 5032 Msfs - ok
14:01:24.0935 5032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:01:24.0936 5032 mshidkmdf - ok
14:01:24.0949 5032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:01:24.0949 5032 msisadrv - ok
14:01:24.0977 5032 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:01:24.0979 5032 MSiSCSI - ok
14:01:24.0981 5032 msiserver - ok
14:01:24.0996 5032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:01:24.0997 5032 MSKSSRV - ok
14:01:25.0002 5032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:25.0002 5032 MSPCLOCK - ok
14:01:25.0006 5032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:01:25.0006 5032 MSPQM - ok
14:01:25.0040 5032 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:01:25.0043 5032 MsRPC - ok
14:01:25.0064 5032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:01:25.0064 5032 mssmbios - ok
14:01:25.0068 5032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:01:25.0068 5032 MSTEE - ok
14:01:25.0079 5032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:01:25.0079 5032 MTConfig - ok
14:01:25.0092 5032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:01:25.0092 5032 Mup - ok
14:01:25.0153 5032 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:01:25.0156 5032 napagent - ok
14:01:25.0200 5032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:01:25.0202 5032 NativeWifiP - ok
14:01:25.0290 5032 NAVENG (251bdfbc76acc5590c8975dee780147e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS
14:01:25.0292 5032 NAVENG - ok
14:01:25.0434 5032 NAVEX15 (d3862ab9e0008d30685494e1035a1ce7) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS
14:01:25.0448 5032 NAVEX15 - ok
14:01:25.0656 5032 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:01:25.0665 5032 NDIS - ok
14:01:25.0683 5032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:25.0684 5032 NdisCap - ok
14:01:25.0705 5032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:25.0706 5032 NdisTapi - ok
14:01:25.0721 5032 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:25.0722 5032 Ndisuio - ok
14:01:25.0750 5032 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:25.0751 5032 NdisWan - ok
14:01:25.0776 5032 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:01:25.0777 5032 NDProxy - ok
14:01:25.0792 5032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:01:25.0792 5032 NetBIOS - ok
14:01:25.0829 5032 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:01:25.0831 5032 NetBT - ok
14:01:25.0858 5032 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:01:25.0859 5032 Netlogon - ok
14:01:25.0931 5032 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:01:25.0935 5032 Netman - ok
14:01:25.0981 5032 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:01:25.0987 5032 netprofm - ok
14:01:26.0080 5032 netr28x (254af6df67eafa8c6e0aa0d316487673) C:\Windows\system32\DRIVERS\netr28x.sys
14:01:26.0087 5032 netr28x - ok
14:01:26.0156 5032 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:01:26.0157 5032 NetTcpPortSharing - ok
14:01:26.0194 5032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:01:26.0195 5032 nfrd960 - ok
14:01:26.0304 5032 NIS (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
14:01:26.0306 5032 NIS - ok
14:01:26.0378 5032 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:01:26.0382 5032 NlaSvc - ok
14:01:26.0405 5032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:01:26.0406 5032 Npfs - ok
14:01:26.0416 5032 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:01:26.0418 5032 nsi - ok
14:01:26.0426 5032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:01:26.0427 5032 nsiproxy - ok
14:01:26.0590 5032 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:01:26.0604 5032 Ntfs - ok
14:01:26.0703 5032 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:01:26.0703 5032 Null - ok
14:01:26.0771 5032 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:01:26.0773 5032 nvraid - ok
14:01:26.0798 5032 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:01:26.0799 5032 nvstor - ok
14:01:26.0843 5032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:01:26.0845 5032 nv_agp - ok
14:01:26.0871 5032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:01:26.0872 5032 ohci1394 - ok
14:01:26.0978 5032 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:01:26.0979 5032 ose - ok
14:01:27.0368 5032 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:01:27.0386 5032 osppsvc - ok
14:01:27.0519 5032 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:27.0523 5032 p2pimsvc - ok
14:01:27.0571 5032 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:01:27.0576 5032 p2psvc - ok
14:01:27.0611 5032 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:01:27.0612 5032 Parport - ok
14:01:27.0665 5032 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
14:01:27.0666 5032 partmgr - ok
14:01:27.0694 5032 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:01:27.0698 5032 PcaSvc - ok
14:01:27.0741 5032 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:01:27.0743 5032 pci - ok
14:01:27.0766 5032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:01:27.0767 5032 pciide - ok
14:01:27.0799 5032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:01:27.0801 5032 pcmcia - ok
14:01:27.0824 5032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:01:27.0824 5032 pcw - ok
14:01:27.0885 5032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:01:27.0890 5032 PEAUTH - ok
14:01:27.0976 5032 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:01:27.0978 5032 PerfHost - ok
14:01:28.0105 5032 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:01:28.0117 5032 pla - ok
14:01:28.0206 5032 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:01:28.0212 5032 PlugPlay - ok
14:01:28.0255 5032 PnkBstrA - ok
14:01:28.0275 5032 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:01:28.0277 5032 PNRPAutoReg - ok
14:01:28.0328 5032 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:01:28.0332 5032 PNRPsvc - ok
14:01:28.0398 5032 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:01:28.0403 5032 PolicyAgent - ok
14:01:28.0451 5032 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:01:28.0455 5032 Power - ok
14:01:28.0518 5032 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:01:28.0519 5032 PptpMiniport - ok
14:01:28.0544 5032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:01:28.0545 5032 Processor - ok
14:01:28.0580 5032 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
14:01:28.0583 5032 ProfSvc - ok
14:01:28.0626 5032 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:01:28.0627 5032 ProtectedStorage - ok
14:01:28.0661 5032 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:01:28.0663 5032 Psched - ok
14:01:28.0795 5032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:01:28.0807 5032 ql2300 - ok
14:01:28.0934 5032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:01:28.0936 5032 ql40xx - ok
14:01:28.0980 5032 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:01:28.0984 5032 QWAVE - ok
14:01:29.0004 5032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:01:29.0005 5032 QWAVEdrv - ok
14:01:29.0020 5032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:01:29.0021 5032 RasAcd - ok
14:01:29.0053 5032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:29.0054 5032 RasAgileVpn - ok
14:01:29.0082 5032 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:01:29.0084 5032 RasAuto - ok
14:01:29.0102 5032 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:29.0103 5032 Rasl2tp - ok
14:01:29.0143 5032 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:01:29.0147 5032 RasMan - ok
14:01:29.0166 5032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:29.0167 5032 RasPppoe - ok
14:01:29.0191 5032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:01:29.0192 5032 RasSstp - ok
14:01:29.0234 5032 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:01:29.0238 5032 rdbss - ok
14:01:29.0261 5032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:01:29.0261 5032 rdpbus - ok
14:01:29.0298 5032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:29.0299 5032 RDPCDD - ok
14:01:29.0309 5032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:01:29.0309 5032 RDPENCDD - ok
14:01:29.0319 5032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:01:29.0320 5032 RDPREFMP - ok
14:01:29.0381 5032 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
14:01:29.0384 5032 RDPWD - ok
14:01:29.0433 5032 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:01:29.0435 5032 rdyboost - ok
14:01:29.0465 5032 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:01:29.0467 5032 RemoteAccess - ok
14:01:29.0506 5032 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:01:29.0509 5032 RemoteRegistry - ok
14:01:29.0525 5032 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:01:29.0528 5032 RpcEptMapper - ok
14:01:29.0538 5032 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:01:29.0540 5032 RpcLocator - ok
14:01:29.0594 5032 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:01:29.0600 5032 RpcSs - ok
14:01:29.0625 5032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:01:29.0626 5032 rspndr - ok
14:01:29.0677 5032 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:01:29.0679 5032 RTL8167 - ok
14:01:29.0726 5032 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:01:29.0727 5032 SamSs - ok
14:01:29.0759 5032 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:01:29.0760 5032 sbp2port - ok
14:01:29.0797 5032 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:01:29.0801 5032 SCardSvr - ok
14:01:29.0812 5032 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:01:29.0812 5032 scfilter - ok
14:01:29.0942 5032 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:01:29.0955 5032 Schedule - ok
14:01:29.0983 5032 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:01:29.0984 5032 SCPolicySvc - ok
14:01:30.0005 5032 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:01:30.0008 5032 SDRSVC - ok
14:01:30.0059 5032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:01:30.0059 5032 secdrv - ok
14:01:30.0086 5032 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:01:30.0088 5032 seclogon - ok
14:01:30.0105 5032 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:01:30.0107 5032 SENS - ok
14:01:30.0121 5032 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:01:30.0123 5032 SensrSvc - ok
14:01:30.0150 5032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:01:30.0151 5032 Serenum - ok
14:01:30.0180 5032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:01:30.0181 5032 Serial - ok
14:01:30.0208 5032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:01:30.0208 5032 sermouse - ok
14:01:30.0241 5032 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:01:30.0244 5032 SessionEnv - ok
14:01:30.0285 5032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:01:30.0285 5032 sffdisk - ok
14:01:30.0291 5032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:01:30.0292 5032 sffp_mmc - ok
14:01:30.0297 5032 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:01:30.0297 5032 sffp_sd - ok
14:01:30.0317 5032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:01:30.0318 5032 sfloppy - ok
14:01:30.0428 5032 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:01:30.0435 5032 Sftfs - ok
14:01:30.0574 5032 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:01:30.0579 5032 sftlist - ok
14:01:30.0616 5032 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:01:30.0619 5032 Sftplay - ok
14:01:30.0634 5032 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:01:30.0635 5032 Sftredir - ok
14:01:30.0680 5032 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:01:30.0680 5032 Sftvol - ok
14:01:30.0710 5032 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:01:30.0712 5032 sftvsa - ok
14:01:30.0756 5032 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:01:30.0760 5032 SharedAccess - ok
14:01:30.0807 5032 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:01:30.0812 5032 ShellHWDetection - ok
14:01:30.0851 5032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:01:30.0852 5032 SiSRaid2 - ok
14:01:30.0864 5032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:01:30.0865 5032 SiSRaid4 - ok
14:01:30.0892 5032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:01:30.0894 5032 Smb - ok
14:01:30.0928 5032 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:01:30.0930 5032 SNMPTRAP - ok
14:01:30.0944 5032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:01:30.0945 5032 spldr - ok
14:01:31.0029 5032 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:01:31.0036 5032 Spooler - ok
14:01:31.0297 5032 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:01:31.0315 5032 sppsvc - ok
14:01:31.0420 5032 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:01:31.0422 5032 sppuinotify - ok
14:01:31.0523 5032 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
14:01:31.0528 5032 SRTSP - ok
14:01:31.0535 5032 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
14:01:31.0536 5032 SRTSPX - ok
14:01:31.0618 5032 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:01:31.0623 5032 srv - ok
14:01:31.0670 5032 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:01:31.0674 5032 srv2 - ok
14:01:31.0700 5032 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:01:31.0702 5032 srvnet - ok
14:01:31.0738 5032 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:01:31.0742 5032 SSDPSRV - ok
14:01:31.0763 5032 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:01:31.0766 5032 SstpSvc - ok
14:01:31.0820 5032 Steam Client Service - ok
14:01:31.0841 5032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:01:31.0841 5032 stexstor - ok
14:01:31.0904 5032 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:01:31.0912 5032 stisvc - ok
14:01:31.0928 5032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:01:31.0929 5032 swenum - ok
14:01:31.0998 5032 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:01:32.0005 5032 swprv - ok
14:01:32.0150 5032 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:01:32.0166 5032 SysMain - ok
14:01:32.0288 5032 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:01:32.0291 5032 TabletInputService - ok
14:01:32.0342 5032 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:01:32.0347 5032 TapiSrv - ok
14:01:32.0363 5032 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:01:32.0366 5032 TBS - ok
14:01:32.0571 5032 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
14:01:32.0586 5032 Tcpip - ok
14:01:32.0770 5032 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
14:01:32.0787 5032 TCPIP6 - ok
14:01:32.0859 5032 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:01:32.0860 5032 tcpipreg - ok
14:01:32.0875 5032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:01:32.0876 5032 TDPIPE - ok
14:01:32.0926 5032 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:01:32.0927 5032 TDTCP - ok
14:01:32.0950 5032 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:01:32.0951 5032 tdx - ok
14:01:32.0989 5032 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:01:32.0990 5032 TermDD - ok
14:01:33.0064 5032 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:01:33.0071 5032 TermService - ok
14:01:33.0083 5032 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:01:33.0085 5032 Themes - ok
14:01:33.0106 5032 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:01:33.0107 5032 THREADORDER - ok
14:01:33.0124 5032 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:01:33.0127 5032 TrkWks - ok
14:01:33.0188 5032 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:01:33.0190 5032 TrustedInstaller - ok
14:01:33.0213 5032 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:33.0214 5032 tssecsrv - ok
14:01:33.0240 5032 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:01:33.0241 5032 tunnel - ok
14:01:33.0268 5032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:01:33.0269 5032 uagp35 - ok
14:01:33.0310 5032 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:01:33.0313 5032 udfs - ok
14:01:33.0342 5032 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:01:33.0344 5032 UI0Detect - ok
14:01:33.0376 5032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:01:33.0377 5032 uliagpkx - ok
14:01:33.0392 5032 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:01:33.0393 5032 umbus - ok
14:01:33.0415 5032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:01:33.0415 5032 UmPass - ok
14:01:33.0460 5032 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:01:33.0465 5032 upnphost - ok
14:01:33.0529 5032 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:33.0530 5032 usbccgp - ok
14:01:33.0555 5032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:01:33.0556 5032 usbcir - ok
14:01:33.0582 5032 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
14:01:33.0583 5032 usbehci - ok
14:01:33.0655 5032 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:01:33.0658 5032 usbhub - ok
14:01:33.0700 5032 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:01:33.0701 5032 usbohci - ok
14:01:33.0721 5032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:01:33.0721 5032 usbprint - ok
14:01:33.0784 5032 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:33.0785 5032 USBSTOR - ok
14:01:33.0836 5032 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
14:01:33.0837 5032 usbuhci - ok
14:01:33.0857 5032 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:01:33.0859 5032 UxSms - ok
14:01:33.0901 5032 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:01:33.0902 5032 VaultSvc - ok
14:01:33.0917 5032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:01:33.0918 5032 vdrvroot - ok
14:01:33.0971 5032 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:01:33.0978 5032 vds - ok
14:01:33.0997 5032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:33.0998 5032 vga - ok
14:01:34.0013 5032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:01:34.0014 5032 VgaSave - ok
14:01:34.0043 5032 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:01:34.0045 5032 vhdmp - ok
14:01:34.0063 5032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:01:34.0064 5032 viaide - ok
14:01:34.0100 5032 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:01:34.0101 5032 volmgr - ok
14:01:34.0142 5032 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:01:34.0146 5032 volmgrx - ok
14:01:34.0183 5032 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:01:34.0186 5032 volsnap - ok
14:01:34.0220 5032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:01:34.0222 5032 vsmraid - ok
14:01:34.0373 5032 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:01:34.0384 5032 VSS - ok
14:01:34.0493 5032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:01:34.0494 5032 vwifibus - ok
14:01:34.0510 5032 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:01:34.0511 5032 vwififlt - ok
14:01:34.0558 5032 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:01:34.0561 5032 W32Time - ok
14:01:34.0583 5032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:01:34.0584 5032 WacomPen - ok
14:01:34.0609 5032 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:34.0610 5032 WANARP - ok
14:01:34.0617 5032 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:34.0618 5032 Wanarpv6 - ok
14:01:34.0739 5032 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:01:34.0750 5032 WatAdminSvc - ok
14:01:34.0879 5032 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:01:34.0894 5032 wbengine - ok
14:01:35.0012 5032 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:01:35.0016 5032 WbioSrvc - ok
14:01:35.0086 5032 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:01:35.0091 5032 wcncsvc - ok
14:01:35.0107 5032 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:01:35.0109 5032 WcsPlugInService - ok
14:01:35.0140 5032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:01:35.0140 5032 Wd - ok
14:01:35.0214 5032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:01:35.0220 5032 Wdf01000 - ok
14:01:35.0241 5032 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:35.0244 5032 WdiServiceHost - ok
14:01:35.0248 5032 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:01:35.0251 5032 WdiSystemHost - ok
14:01:35.0318 5032 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:01:35.0323 5032 WebClient - ok
14:01:35.0354 5032 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:01:35.0358 5032 Wecsvc - ok
14:01:35.0374 5032 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:01:35.0377 5032 wercplsupport - ok
14:01:35.0402 5032 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:01:35.0405 5032 WerSvc - ok
14:01:35.0434 5032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:35.0435 5032 WfpLwf - ok
14:01:35.0448 5032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:01:35.0449 5032 WIMMount - ok
14:01:35.0488 5032 WinDefend - ok
14:01:35.0495 5032 WinHttpAutoProxySvc - ok
14:01:35.0569 5032 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:01:35.0571 5032 Winmgmt - ok
14:01:35.0750 5032 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:01:35.0767 5032 WinRM - ok
14:01:35.0940 5032 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:01:35.0950 5032 Wlansvc - ok
14:01:36.0173 5032 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:01:36.0182 5032 wlidsvc - ok
14:01:36.0282 5032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:01:36.0282 5032 WmiAcpi - ok
14:01:36.0347 5032 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:01:36.0350 5032 wmiApSrv - ok
14:01:36.0380 5032 WMPNetworkSvc - ok
14:01:36.0414 5032 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:01:36.0417 5032 WPCSvc - ok
14:01:36.0441 5032 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:01:36.0444 5032 WPDBusEnum - ok
14:01:36.0465 5032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:01:36.0466 5032 ws2ifsl - ok
14:01:36.0541 5032 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
14:01:36.0544 5032 wscsvc - ok
14:01:36.0548 5032 WSearch - ok
14:01:36.0729 5032 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
14:01:36.0752 5032 wuauserv - ok
14:01:36.0882 5032 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:01:36.0884 5032 WudfPf - ok
14:01:36.0920 5032 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:36.0922 5032 WUDFRd - ok
14:01:36.0946 5032 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:01:36.0949 5032 wudfsvc - ok
14:01:36.0986 5032 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:01:36.0990 5032 WwanSvc - ok
14:01:37.0078 5032 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
14:01:37.0080 5032 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
14:01:37.0108 5032 MBR (0x1B8) (6616fd42e74abccaac9e63bae605184f) \Device\Harddisk0\DR0
14:01:37.0399 5032 \Device\Harddisk0\DR0 - ok
14:01:37.0403 5032 Boot (0x1200) (ffc775f718f031d9489408db44fff320) \Device\Harddisk0\DR0\Partition0
14:01:37.0405 5032 \Device\Harddisk0\DR0\Partition0 - ok
14:01:37.0415 5032 Boot (0x1200) (9c12b9c3221d91054b5342cc9d08b994) \Device\Harddisk0\DR0\Partition1
14:01:37.0417 5032 \Device\Harddisk0\DR0\Partition1 - ok
14:01:37.0455 5032 Boot (0x1200) (8e57596c94ca384598df078c6e6990a6) \Device\Harddisk0\DR0\Partition2
14:01:37.0457 5032 \Device\Harddisk0\DR0\Partition2 - ok
14:01:37.0457 5032 ============================================================
14:01:37.0457 5032 Scan finished
14:01:37.0457 5032 ============================================================
14:01:37.0471 5504 Detected object count: 0
14:01:37.0471 5504 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-14 14:03:33
-----------------------------
14:03:33.401 OS Version: Windows x64 6.1.7600
14:03:33.401 Number of processors: 8 586 0x1E05
14:03:33.401 ComputerName: AARON-PC UserName: Aaron
14:03:35.828 Initialize success
14:04:19.084 AVAST engine defs: 12051400
14:04:25.131 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:04:25.134 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 8
14:04:25.150 Disk 0 MBR read successfully
14:04:25.155 Disk 0 MBR scan
14:04:25.163 Disk 0 unknown MBR code
14:04:25.168 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:04:25.181 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942445 MB offset 206848
14:04:25.221 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11322 MB offset 1930334208
14:04:25.276 Disk 0 scanning C:\Windows\system32\drivers
14:04:37.199 Service scanning
14:05:00.210 Modules scanning
14:05:00.224 Disk 0 trace - called modules:
14:05:00.241 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:05:00.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bac060]
14:05:00.261 3 CLASSPNP.SYS[fffff88001ab543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077fe050]
14:05:02.811 AVAST engine scan C:\Windows
14:05:08.178 AVAST engine scan C:\Windows\system32
14:08:32.019 AVAST engine scan C:\Windows\system32\drivers
14:08:46.985 AVAST engine scan C:\Users\Aaron
14:13:59.318 File: C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44d47de1-57630758 **INFECTED** Win32:MalOb-IG [Cryp]
14:44:11.342 AVAST engine scan C:\ProgramData
14:57:33.078 Scan finished successfully
15:08:12.275 Disk 0 MBR has been saved successfully to "C:\Users\Aaron\Desktop\MBR.dat"
15:08:12.285 The log file has been saved successfully to "C:\Users\Aaron\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 15 May 2012 - 07:42 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
AtJob::
Folder::
C:\Users\Aaron\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33

File::
c:\windows\system32\f7n0En.com_

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Slafter

Slafter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 15 May 2012 - 09:25 AM

Hi,

After running combofix, the recommended for you pop-ups continue and my browser has started redirecting me again. =(


ComboFix 12-05-15.03 - Aaron 05/15/2012 10:08:06.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.5024 [GMT -4:00]
Running from: c:\users\Aaron\Desktop\ComboFix.exe
Command switches used :: c:\users\Aaron\Desktop\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\f7n0En.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At10.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At8.job
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 14:14 . 2012-05-15 14:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-15 14:14 . 2012-05-15 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 18:58 . 2012-05-10 18:58 -------- d-----w- c:\program files\7-Zip
2012-05-01 05:58 . 2012-05-01 05:58 -------- d-----w- c:\windows\system32\Macromed
2012-04-25 16:47 . 2012-04-25 16:47 -------- d-----w- c:\users\Aaron\AppData\Roaming\OpenOffice.org
2012-04-25 16:46 . 2012-04-25 16:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-04-24 20:33 . 2012-04-24 20:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-24 20:33 . 2012-04-24 20:33 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 20:33 . 2012-04-24 20:33 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-23 18:44 . 2012-04-25 02:17 -------- d-----w- c:\users\Aaron\AppData\Local\WMTools Downloaded Files
2012-04-23 18:33 . 2012-04-23 18:33 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2012-04-23 17:31 . 2012-04-23 17:31 -------- d-----w- c:\windows\en
2012-04-23 17:28 . 2012-04-23 17:28 -------- d-----w- c:\program files\Windows Live
2012-04-23 17:27 . 2012-04-23 17:27 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-23 17:24 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2012-04-23 17:24 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-04-23 17:24 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-04-23 17:24 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-04-23 17:21 . 2012-04-23 17:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\DSETUP.dll
2012-04-23 17:21 . 2012-04-23 17:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\DXSETUP.exe
2012-04-23 17:21 . 2012-04-23 17:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\89761d951cd217509\dsetup32.dll
2012-04-23 17:21 . 2012-04-23 17:21 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\DSETUP.dll
2012-04-23 17:21 . 2012-04-23 17:21 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\DXSETUP.exe
2012-04-23 17:21 . 2012-04-23 17:21 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\860246a41cd217508\dsetup32.dll
2012-04-23 17:21 . 2012-04-23 17:21 -------- d-----w- c:\program files (x86)\Audacity
2012-04-23 17:19 . 2012-04-27 17:14 -------- d-----w- c:\users\Aaron\AppData\Local\Windows Live
2012-04-20 13:17 . 2012-04-20 13:39 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-04-20 13:16 . 2012-04-20 13:17 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 02:12 . 2010-08-19 23:20 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-15 02:12 . 2010-08-19 23:20 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-15 02:12 . 2010-08-19 23:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-21 14:53 . 2010-08-19 23:20 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-04 19:56 . 2011-11-04 23:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 07:09 . 2012-03-16 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 07:09 . 2012-03-16 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 07:09 . 2012-03-16 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 07:09 . 2012-03-16 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 07:09 . 2012-03-16 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 07:09 . 2012-03-16 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 07:09 . 2012-03-16 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 07:09 . 2012-03-16 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 07:09 . 2012-03-16 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 07:09 . 2012-03-16 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 07:09 . 2012-03-16 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 07:09 . 2012-03-16 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 07:09 . 2012-03-16 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 07:09 . 2012-03-16 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 07:09 . 2012-03-16 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 07:09 . 2012-03-16 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 07:09 . 2012-03-16 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 07:09 . 2012-03-16 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 07:09 . 2012-03-16 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 07:09 . 2012-03-16 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 07:09 . 2012-03-16 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 07:09 . 2012-03-16 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 07:09 . 2012-03-16 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 07:09 . 2012-03-16 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 07:09 . 2012-03-16 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 07:09 . 2012-03-16 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 07:09 . 2012-03-16 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 07:09 . 2012-03-16 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 07:09 . 2012-03-16 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 07:09 . 2012-03-16 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 07:09 . 2012-03-16 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 07:09 . 2012-03-16 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 07:09 . 2012-03-16 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 07:09 . 2012-03-16 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-03 21:53 . 2010-08-28 21:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:54 . 2012-04-12 07:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 07:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 07:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 07:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 07:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 07:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 07:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 07:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 07:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 07:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 14:18 . 2010-08-10 18:04 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-14_13.33.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-10 17:28 . 2012-05-15 11:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-10 17:28 . 2012-05-13 20:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-10 17:28 . 2012-05-13 20:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-10 17:28 . 2012-05-15 11:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-15 11:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-13 20:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:34 . 2012-05-15 05:15 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-05-13 23:00 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Octoshape Streaming Services"="c:\users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 00:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 96970942
*NewlyCreated* - ASWMBR
*Deregistered* - 96970942
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\HPCeeScheduleForAaron.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\wvjtflfe.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 4
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*V*ќ6\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\SecuROM\License information*]
"datasecu"=hex:ee,78,b7,74,bf,1d,1b,0e,60,19,f8,04,bb,57,47,98,ee,3a,6e,3e,75,
6d,64,38,d9,11,07,a7,35,e2,58,cf,56,ed,4e,aa,7b,d2,f2,4b,0d,5f,10,8f,b4,68,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-15 10:16:10
ComboFix-quarantined-files.txt 2012-05-15 14:16
ComboFix2.txt 2012-05-14 13:35
ComboFix3.txt 2011-12-01 15:09
.
Pre-Run: 134,727,737,344 bytes free
Post-Run: 134,808,903,680 bytes free
.
- - End Of File - - 130A89446419677542B96D7BEA4A79EC

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 15 May 2012 - 09:53 AM

Reset IE::

Lets Reset IE to see if it help help things out

  • Start Internet Explorer.
  • On the Tools menu, click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE
    you can go here to see a step by step on how to do this - RESET IE

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Slafter

Slafter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 15 May 2012 - 10:43 AM

I usually use Firefox for browsing but the same redirects and pop-ups happen in IE as well. After resetting IE the redirects and pop-ups continue.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 15 May 2012 - 12:14 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Slafter

Slafter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 15 May 2012 - 01:18 PM

Hi,

OTL logfile created on: 5/15/2012 2:03:12 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Aaron\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 4.98 Gb Available Physical Memory | 62.50% Memory free
15.92 Gb Paging File | 13.26 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.36 Gb Total Space | 124.96 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
Drive D: | 11.06 Gb Total Space | 1.60 Gb Free Space | 14.49% Space Free | Partition Type: NTFS

Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Origin\QtGui4.dll ()
MOD - C:\Program Files (x86)\Origin\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Origin\QtXml4.dll ()
MOD - C:\Program Files (x86)\Origin\QtCore4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qtiff4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D4B1DDED-FC80-4258-9CBA-DF0592C2CEA8}
IE:64bit: - HKLM\..\SearchScopes\{D4B1DDED-FC80-4258-9CBA-DF0592C2CEA8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {D4B1DDED-FC80-4258-9CBA-DF0592C2CEA8}
IE - HKLM\..\SearchScopes\{D4B1DDED-FC80-4258-9CBA-DF0592C2CEA8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\..\SearchScopes,DefaultScope = {D4B1DDED-FC80-4258-9CBA-DF0592C2CEA8}
IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\..\SearchScopes\{D4B1DDED-FC80-4258-9CBA-DF0592C2CEA8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\..\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/24 16:33:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/09 15:32:00 | 000,000,000 | ---D | M]

[2010/08/10 13:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions
[2012/05/02 19:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\wvjtflfe.default\extensions
[2012/03/30 12:33:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\wvjtflfe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/25 12:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/25 12:45:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/04/24 16:33:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/03 17:53:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/01 13:02:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 23:05:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/25 08:42:59 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001..\Run: [Octoshape Streaming Services] C:\Users\Aaron\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/15 14:01:13 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2012/05/15 11:37:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/15 10:16:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/14 14:03:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Aaron\Desktop\aswMBR(1).exe
[2012/05/14 14:00:53 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aaron\Desktop\tdsskiller.exe
[2012/05/14 09:21:14 | 004,494,798 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\ComboFix.exe
[2012/05/12 16:03:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2012/05/10 14:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/10 14:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/09 14:10:22 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\AvA Football #2
[2012/05/08 16:18:40 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/08 16:18:40 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 16:18:40 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/08 16:18:40 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/08 16:18:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/08 16:18:11 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/08 16:18:10 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/08 16:18:10 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/01 01:58:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/30 11:01:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Facebook appropriate
[2012/04/27 13:13:53 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{39D7C1F1-92DB-42A8-89A1-31AB008EA655}
[2012/04/27 13:13:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F54EBDA4-7E9A-4A3D-B919-C23C930D9334}
[2012/04/26 23:46:02 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{43556E0D-CEAE-46E3-B036-753BD41418AB}
[2012/04/26 23:45:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D1A480EC-03C8-4A5F-9B4E-2C43613ACAF3}
[2012/04/26 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{18D531C7-7A5E-4DF1-8CDA-5C0118D2CA94}
[2012/04/26 11:44:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7BBE9EBB-B042-42EE-A6F3-144645D6535C}
[2012/04/25 23:44:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{8CF456AD-7A60-48BE-8873-D5EABB928F98}
[2012/04/25 23:44:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{BC8FB0CB-4344-478F-A70C-789E842FB194}
[2012/04/25 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Teke Wars
[2012/04/25 16:25:54 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\TKE Chat
[2012/04/25 12:47:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\OpenOffice.org
[2012/04/25 12:47:19 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/04/25 12:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/04/25 12:45:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/25 12:45:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/25 12:45:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/25 11:43:47 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{7EEFFDD8-A6CE-40F3-AA59-78CE363ED1E0}
[2012/04/25 11:43:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3AE85F30-1EA6-4FFF-B763-A114B342CCE4}
[2012/04/25 00:46:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Some douchers at my house
[2012/04/24 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Formal Video SP12
[2012/04/24 18:16:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{EBA14D49-3EA4-47C2-8F00-4E6F2122D6BA}
[2012/04/24 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F250105D-3DD9-4B62-809F-B153098E3932}
[2012/04/24 16:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/24 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/23 18:42:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Brother Pics
[2012/04/23 18:28:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Ass Body Spray
[2012/04/23 18:13:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\Brosecticide
[2012/04/23 14:44:03 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\WMTools Downloaded Files
[2012/04/23 14:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2012/04/23 13:37:52 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B588AFCF-7337-417D-BFEA-D389B86B42B2}
[2012/04/23 13:37:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{CF0A1322-B34A-4292-96A8-C9BDDAAE4F82}
[2012/04/23 13:31:52 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/23 13:31:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/04/23 13:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/23 13:24:45 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2012/04/23 13:24:45 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2012/04/23 13:24:45 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2012/04/23 13:24:45 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2012/04/23 13:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/04/23 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Windows Live
[2012/04/20 09:39:05 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Documents\Diablo III
[2012/04/20 09:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012/04/20 09:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Beta
[2012/04/20 09:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/04/19 17:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3

========== Files - Modified Within 30 Days ==========

[2012/05/15 14:01:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2012/05/15 10:06:37 | 004,494,798 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\ComboFix.exe
[2012/05/14 22:12:31 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/05/14 22:12:31 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/14 22:12:09 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/05/14 15:08:12 | 000,000,512 | ---- | M] () -- C:\Users\Aaron\Desktop\MBR.dat
[2012/05/14 14:03:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Aaron\Desktop\aswMBR(1).exe
[2012/05/14 14:00:53 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aaron\Desktop\tdsskiller.exe
[2012/05/14 09:16:45 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 09:16:45 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 09:16:45 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/12 16:03:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2012/05/12 16:03:13 | 000,000,168 | ---- | M] () -- C:\Users\Aaron\defogger_reenable
[2012/05/11 21:32:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 21:32:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 21:24:35 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAaron.job
[2012/05/11 21:24:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 21:24:08 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 03:27:02 | 000,358,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/30 10:41:07 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/04/27 17:05:21 | 003,966,439 | ---- | M] () -- C:\Users\Aaron\Desktop\12 Gumball Machine.mp3
[2012/04/26 14:26:43 | 001,540,694 | ---- | M] () -- C:\Users\Aaron\Desktop\Free Chilly.mp3
[2012/04/25 15:52:03 | 005,898,368 | ---- | M] () -- C:\Users\Aaron\Desktop\Say Yeah.mp3
[2012/04/25 15:51:52 | 009,967,803 | ---- | M] () -- C:\Users\Aaron\Desktop\Good Feeling.mp3
[2012/04/25 15:51:37 | 011,395,929 | ---- | M] () -- C:\Users\Aaron\Desktop\Lights (Bassnectar Remix).mp3
[2012/04/25 02:29:24 | 006,367,770 | ---- | M] () -- C:\Users\Aaron\Desktop\Can I Kick It.mp3
[2012/04/24 22:22:15 | 000,012,800 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/23 18:37:01 | 002,206,708 | ---- | M] () -- C:\Users\Aaron\Desktop\Star Wars Theme Song.mp3
[2012/04/21 10:53:52 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2012/05/14 15:08:12 | 000,000,512 | ---- | C] () -- C:\Users\Aaron\Desktop\MBR.dat
[2012/05/12 16:09:36 | 000,302,592 | ---- | C] () -- C:\Users\Aaron\Desktop\gmer.exe
[2012/05/12 16:03:13 | 000,000,168 | ---- | C] () -- C:\Users\Aaron\defogger_reenable
[2012/04/26 14:26:40 | 001,540,694 | ---- | C] () -- C:\Users\Aaron\Desktop\Free Chilly.mp3
[2012/04/25 02:29:14 | 006,367,770 | ---- | C] () -- C:\Users\Aaron\Desktop\Can I Kick It.mp3
[2012/04/25 01:00:43 | 011,395,929 | ---- | C] () -- C:\Users\Aaron\Desktop\Lights (Bassnectar Remix).mp3
[2012/04/25 00:35:49 | 009,967,803 | ---- | C] () -- C:\Users\Aaron\Desktop\Good Feeling.mp3
[2012/04/24 17:06:03 | 003,966,439 | ---- | C] () -- C:\Users\Aaron\Desktop\12 Gumball Machine.mp3
[2012/04/23 18:37:31 | 000,012,800 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/23 18:36:41 | 002,206,708 | ---- | C] () -- C:\Users\Aaron\Desktop\Star Wars Theme Song.mp3
[2012/04/23 14:33:20 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2012/04/23 13:56:14 | 005,898,368 | ---- | C] () -- C:\Users\Aaron\Desktop\Say Yeah.mp3
[2012/04/23 13:31:24 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/23 13:31:13 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/23 13:30:53 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/23 13:30:25 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/23 13:21:19 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/12/01 10:51:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/01 10:51:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/01 10:51:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/01 10:51:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/01 10:51:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 17:16:57 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\f7n0En.com_
[2011/11/25 20:55:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\f7n0En.com.b
[2011/11/25 20:52:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\506HW7H6.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/17 13:01:24 | 000,139,532 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/16 01:47:35 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/01/06 23:39:10 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/09/28 08:03:54 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/27 23:24:54 | 000,008,876 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat
[2010/08/19 19:20:25 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/19 19:20:24 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/08/19 19:20:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 15 May 2012 - 07:00 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE:64bit: - HKLM\..\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2382676811-1094255629-3978454532-1001\..\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    [2011/11/26 17:16:57 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\f7n0En.com_
    [2011/11/25 20:55:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\f7n0En.com.b
    [2011/11/25 20:52:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\506HW7H6.dat
    O1 - Hosts: 217.23.4.166 www.google-analytics.com.
    O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    O1 - Hosts: 217.23.4.166 www.statcounter.com.
    O1 - Hosts: 178.250.45.15 www.google-analytics.com.
    O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    O1 - Hosts: 178.250.45.15 www.statcounter.com.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Slafter

Slafter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 15 May 2012 - 11:05 PM

Hi,

Redirects and pop-ups still there.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}\ not found.
Registry key HKEY_USERS\S-1-5-21-2382676811-1094255629-3978454532-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F391AE97-155B-4FB5-BE9B-2A2AE7F32086}\ not found.
C:\Windows\SysWOW64\f7n0En.com_ moved successfully.
C:\Windows\SysWOW64\f7n0En.com.b moved successfully.
C:\ProgramData\506HW7H6.dat moved successfully.
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Aaron\Desktop\cmd.bat deleted successfully.
C:\Users\Aaron\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Aaron
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Aaron
->Flash cache emptied: 8917179 bytes

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 9.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05152012_203053

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:49 PM

Posted 18 May 2012 - 12:33 AM

Please download RogueKiller

Save to the Desktop
Close all windows and browsers
Windows Seven: Right-click the downloaded file and select 'Run as Administrator'
Press: SCAN
A report opens on the Desktop: RKreport.txt

Please copy/paste the RKreport.txt , and provide it in your reply.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right-click on the downloaded icon and select: Rename
Then, rename it to winlogon.exe and try again
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Slafter

Slafter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 May 2012 - 08:41 AM

Hi,

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Aaron [Admin rights]
Mode: Scan -- Date: 05/18/2012 09:34:37

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost
::1 localhost
217.23.4.166 www.google-analytics.com.
217.23.4.166 ad-emea.doubleclick.net.
217.23.4.166 www.statcounter.com.
178.250.45.15 www.google-analytics.com.
178.250.45.15 ad-emea.doubleclick.net.
178.250.45.15 www.statcounter.com.


MBR Check:

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 3f80fc3defdb5ceb3f4b5c4332c99d6e
[BSP] 9006b614b814c894c5bb1128e5f21743 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942445 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930334208 | Size: 11322 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users