Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Scour (http://63.209.69.107, http://8.26.70.252)


  • This topic is locked This topic is locked
26 replies to this topic

#1 remedyp

remedyp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 13 July 2012 - 03:13 AM

i have a problem call redirect virus in my firefox need help i try everything

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 13 July 2012 - 11:44 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 remedyp

remedyp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 14 July 2012 - 02:00 AM

hi thank for takeing your time to help me out here is Security Check log

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 2.0.2
AVG PC Tuneup
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 remedyp

remedyp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 14 July 2012 - 02:02 AM

here the dds log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by apple at 3:00:41 on 2012-07-14
Microsoft Windows 7 Ultimate 6.1.7600.1.1252.1.1033.18.12279.10276 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\AOL Desktop 9.7a\waol.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files\AOL Desktop 9.7a\shellmon.exe
C:\Program Files\Common Files\AOL\1337259216\ee\aolsoftware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Users\apple\Downloads\Programs\SecurityCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={AF222A3E-2C3C-4133-89B8-48A3B6875C56}&mid=f9cbe00afa3547d0abf9d14acce4e9e6-cd2df1e2623f5f88ff1445da0acf5da1e623057f&lang=en&ds=st011&pr=sa&d=2012-07-02 06:15:13&v=11.1.0.12&sap=hp
mLocal Page = x:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [HijackThis startup scan] d:\malware\utilities\trend micro\hijackthis\HijackThis.exe /startupscan
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.7a\AOL.EXE" -b
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5600-6600 series\ezprint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"
mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NUSB3MON] "c:\program files\rocketfish\usb 3.0 pci express card driver\application\nusb3mon.exe"
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /RUNONCE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5BA5A429-5E0D-48E2-8547-306C21B8988B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F1A7A0F7-0AFE-43E8-89F2-71BFA757EA3C} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\apple\appdata\roaming\mozilla\firefox\profiles\wedtba28.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8214af30-107d-4b9f-8f06-f930d38e70c9%7D&mid=f9cbe00afa3547d0abf9d14acce4e9e6-cd2df1e2623f5f88ff1445da0acf5da1e623057f&ds=st011&v=11.1.0.12&lang=en&pr=sa&d=2012-07-02%2006%3A15%3A13&sap=ku&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\apple\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2010-10-7 234160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2010-5-12 29792]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 SscVF;SuperCache®;c:\windows\system32\drivers\sscvf.sys [2012-6-22 116456]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2012-6-21 57800]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-6-7 96056]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2010-10-8 131584]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-12 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-9 1258856]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2011-10-15 14976]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-6-28 382312]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-2 935008]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-12 22344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-4-27 64904]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-4-27 146568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-7-7 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-7-7 8456]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2012-2-24 28672]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2011-12-20 735232]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-19 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-07-13 10:54:03 -------- d-----w- c:\users\apple\appdata\local\temp
2012-07-13 10:47:36 208896 ----a-w- c:\windows\MBR.exe
2012-07-12 07:53:41 -------- d-----w- c:\program files\i-Funbox DevTeam
2012-07-12 07:45:25 -------- d-s---w- C:\ComboFix
2012-07-12 06:44:22 -------- d-----w- c:\users\apple\appdata\roaming\RealHideIP
2012-07-12 06:44:22 -------- d-----w- c:\programdata\RealHideIP
2012-07-12 06:43:35 -------- d-----w- c:\program files\RealHideIP
2012-07-12 05:56:44 -------- d-----w- c:\users\apple\appdata\local\ElevatedDiagnostics
2012-07-11 12:21:50 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 12:58:28 -------- d-----w- C:\MRI_Updates
2012-07-10 07:46:07 -------- d-----w- c:\programdata\Geek Squad
2012-07-09 17:04:19 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-09 17:04:19 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-07-09 17:04:19 3959144 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-09 17:04:19 2836328 ----a-w- c:\windows\system32\nvsvc.dll
2012-07-09 17:04:19 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-09 17:03:57 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-09 17:03:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-09 17:00:36 19828072 ----a-w- c:\windows\system32\nvoglv32.dll
2012-07-09 17:00:36 12388712 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-07-09 17:00:36 10770280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-09 17:00:35 884072 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-07-09 17:00:35 7699304 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-09 17:00:35 2573160 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-09 17:00:35 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-07-09 17:00:35 1865064 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-09 17:00:35 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-09 17:00:35 15290216 ----a-w- c:\windows\system32\nvd3dum.dll
2012-07-09 17:00:35 1007464 ----a-w- c:\windows\system32\nvdispco32.dll
2012-07-09 09:54:06 -------- d-----w- c:\users\apple\appdata\roaming\ImTOO
2012-07-09 09:11:02 -------- d-----w- c:\users\apple\appdata\local\QuickPar
2012-07-09 09:09:19 -------- d-----w- c:\program files\QuickPar
2012-07-08 09:00:08 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-08 05:52:37 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e61afd0f-3274-4a8b-b928-27cef65fa3b0}\mpengine.dll
2012-07-07 16:25:19 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-07 12:32:21 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-07-07 12:32:21 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-07-07 12:32:20 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-07-07 12:32:20 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-07-07 12:32:20 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2012-07-07 12:32:10 -------- d-----w- c:\program files\EaseUS
2012-07-04 23:45:39 -------- d-----w- c:\program files\Rocketfish
2012-07-04 23:45:02 -------- d-----w- c:\programdata\Downloaded Installations
2012-07-04 19:30:04 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2c2de976-cf08-4473-9783-d1e2d95f9d83}\gapaengine.dll
2012-07-02 10:16:48 -------- d-----w- c:\users\apple\appdata\roaming\PowerISO
2012-07-02 10:15:30 -------- d-----w- c:\users\apple\appdata\local\AVG Secure Search
2012-07-02 10:15:11 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-02 10:15:09 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-02 10:15:08 -------- d-----w- c:\program files\AVG Secure Search
2012-07-02 10:14:12 -------- d--h--w- c:\programdata\Common Files
2012-06-28 21:44:42 428904 ----a-w- c:\windows\system32\nvStreaming.exe
2012-06-23 20:39:07 -------- d-----w- c:\program files\PFConfig
2012-06-22 18:59:15 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-22 18:59:15 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-22 18:59:14 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-22 18:59:09 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-22 18:59:08 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-22 16:55:57 3948600 ----a-w- c:\windows\system32\ntkrlICE.exe
2012-06-22 14:53:40 116456 ----a-w- c:\windows\system32\drivers\sscvf.sys
2012-06-22 14:53:34 -------- d-----w- c:\program files\SuperSpeed
2012-06-21 07:53:00 57800 ----a-w- c:\windows\system32\drivers\CBDisk.sys
2012-06-21 07:52:48 -------- d-----w- c:\programdata\Mediafour
2012-06-21 07:52:48 -------- d-----w- c:\program files\common files\Mediafour
2012-06-21 07:52:11 -------- d-----w- c:\program files\Mediafour
2012-06-20 08:50:27 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-20 08:50:25 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-20 08:49:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-20 08:49:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-20 08:49:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 05:56:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 05:56:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 05:56:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 05:56:06 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 18:49:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 18:49:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 12:38:43 259072 ----a-w- c:\windows\system32\services.exe
2012-06-09 02:43:19 65856 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-04 09:45:15 87608 ----a-w- c:\users\apple\appdata\roaming\inst.exe
2012-06-04 09:45:15 47360 ----a-w- c:\users\apple\appdata\roaming\pcouffin.sys
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 04:10:50 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-17 11:30:01 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-05-04 11:26:30 194432 ----a-w- c:\windows\system32\VfCfgDlgs.dll
2012-05-04 11:26:28 66424 ----a-w- c:\windows\system32\VfCfg.exe
2012-05-04 11:26:24 131960 ----a-w- c:\windows\system32\VfCfgSh.dll
2012-05-04 11:26:16 26488 ----a-w- c:\windows\system32\SscVfPcp.dll
2012-05-04 11:26:04 116456 ----a-w- c:\windows\system32\drivers\SscVF.BAK
2012-04-23 11:26:26 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-20 22:50:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-20 22:50:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
.
============= FINISH: 3:01:00.53 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2011 5:48:12 PM
System Uptime: 7/14/2012 2:12:28 AM (1 hours ago)
.
Motherboard: DELL Inc. | | 0P270J
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 200.6 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP127: 7/12/2012 9:01:53 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
abgx360 v1.0.6
Adobe AIR
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Audition CS5.5
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.3.13 (Unicode)
AVG PC Tuneup
AVG Security Toolbar
Bing Desktop
Blu-ray Converter Ultimate 1.4.0.8
Bonjour
CompuApps SwissKnife
ConvertXtoDVD 4.1.19.365
CursorFX
Deckadance
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EaseUS Partition Master 9.1.1 Home Edition
FL Studio 10
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
iCloud
iFunbox (v1.98.948.666), iFunbox DevTeam
IL Download Manager
ImgBurn
ImTOO DVD Audio Ripper
Internet Download Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
KORG Legacy Collection - ANALOG EDITION 2007
LADSPA_plugins-win-0.4.15
Lexmark 5600-6600 Series
LUXONIX Purity
MacDrive 8
magicJack
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.1
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MusicLab RealGuitar 2.0
NewsLeecher v5.0 Beta 15
NVIDIA 3D Vision Controller Driver 304.79
NVIDIA 3D Vision Driver 304.79
NVIDIA Control Panel 304.79
NVIDIA Graphics Driver 304.79
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Pavtube Blu-ray Video Converter Ultimate Ver 4.0.2.2902
PFConfig 1.0.296
PowerISO
QuickPar 0.9
QuickTime
Real Hide IP
reFX Nexus 2.2.1
reFX Nexus VSTi RTAS v2.2.0
Rocketfish USB 3.0 PCI Express Card Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Sql Server Customer Experience Improvement Program
SuperCache 5
Tone2 Gladiator VSTi v2.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB DATA INPUT MESSAGE SYSTEM ¢ñ (V1.1)
Viewpoint Media Player
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VoiceOver Kit
WBFS Manager 3.0
WinRAR 4.01 (32-bit)
Xiph QuickTime Components
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 7:35:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user apple-PC\UpdatusUser SID (S-1-5-21-2467889200-3825364765-2544583091-1008) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/7/2012 8:07:28 AM, Error: Disk [15] - The device, \Device\Harddisk1\DR16, is not ready for access yet.
7/7/2012 6:49:52 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.
7/14/2012 2:13:27 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/14/2012 2:13:27 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/14/2012 2:13:02 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/13/2012 7:51:42 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:688 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.1589.0, AS: 1.129.1589.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/13/2012 7:48:28 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:680 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.1589.0, AS: 1.129.1589.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/13/2012 7:43:32 AM, Error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error The specified resource name cannot be found in the image file..
7/13/2012 7:40:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:688 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.1589.0, AS: 1.129.1589.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/13/2012 7:36:13 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:688 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.1589.0, AS: 1.129.1589.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/13/2012 7:32:59 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:696 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.1589.0, AS: 1.129.1589.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/13/2012 7:29:37 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:696 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.1589.0, AS: 1.129.1589.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/13/2012 7:25:53 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:692 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.1589.0, AS: 1.129.1589.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
7/13/2012 7:03:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
7/13/2012 7:02:19 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 7:02:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/13/2012 7:02:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/13/2012 7:02:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/13/2012 7:02:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CBDisk discache MDFSYSNT MDPMGRNT MpFilter SCDEmu spldr Wanarpv6
7/13/2012 7:02:00 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 7:02:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/13/2012 6:51:51 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/13/2012 6:47:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
7/12/2012 4:27:11 AM, Error: cdrom [15] - The device, \Device\CdRom2, is not ready for access yet.
7/12/2012 4:27:11 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort7.
7/12/2012 3:35:14 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/12/2012 3:35:03 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/12/2012 2:55:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CBDisk discache ehdrv MDFSYSNT MDPMGRNT MpFilter SCDEmu spldr Wanarpv6
.
==== End Of File ===========================

Edited by remedyp, 14 July 2012 - 02:04 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 14 July 2012 - 08:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 remedyp

remedyp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 15 July 2012 - 09:00 AM

nope still same thing with firefox redirect here log for combofix


ComboFix 12-07-14.01 - apple 07/15/2012 9:31.1.8 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.2102 [GMT -4:00]
Running from: c:\users\apple\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\apple\AppData\Roaming\inst.exe
c:\windows\system32\ntkrlICE.exe
.
---- Previous Run -------
.
C:\Install.exe
c:\users\apple\AppData\Local\AOL\Adobe\rtfzrvfnz.dll
c:\users\apple\AppData\Roaming\inst.exe
c:\windows\system32\ntkrlICE.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 13:38 . 2012-07-15 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 10:54 . 2012-07-15 13:40 -------- d-----w- c:\users\apple\AppData\Local\temp
2012-07-12 07:53 . 2012-07-12 07:53 -------- d-----w- c:\program files\i-Funbox DevTeam
2012-07-12 06:44 . 2012-07-12 06:46 -------- d-----w- c:\programdata\RealHideIP
2012-07-12 06:44 . 2012-07-12 06:44 -------- d-----w- c:\users\apple\AppData\Roaming\RealHideIP
2012-07-12 06:43 . 2012-07-12 06:44 -------- d-----w- c:\program files\RealHideIP
2012-07-12 05:56 . 2012-07-12 05:56 -------- d-----w- c:\users\apple\AppData\Local\ElevatedDiagnostics
2012-07-11 12:21 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 12:58 . 2012-07-10 12:58 -------- d-----w- C:\MRI_Updates
2012-07-10 07:46 . 2012-07-10 07:46 -------- d-----w- c:\programdata\Geek Squad
2012-07-09 17:04 . 2012-07-15 13:29 -------- d-----w- c:\users\UpdatusUser
2012-07-09 17:04 . 2012-06-28 23:28 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-09 17:04 . 2012-06-28 23:28 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-09 17:04 . 2012-06-28 23:28 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-07-09 17:04 . 2012-06-28 23:27 2836328 ----a-w- c:\windows\system32\nvsvc.dll
2012-07-09 17:04 . 2012-06-28 23:27 3959144 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-09 17:03 . 2012-06-29 03:17 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-09 17:03 . 2012-07-09 17:03 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-09 17:00 . 2012-06-29 03:17 19828072 ----a-w- c:\windows\system32\nvoglv32.dll
2012-07-09 17:00 . 2012-06-29 03:17 12388712 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-07-09 17:00 . 2012-06-29 03:17 10770280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-09 17:00 . 2012-06-29 03:17 884072 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-07-09 17:00 . 2012-06-29 03:17 7699304 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-09 17:00 . 2012-06-29 03:17 2573160 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-09 17:00 . 2012-06-29 03:17 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-07-09 17:00 . 2012-06-29 03:17 1865064 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-09 17:00 . 2012-06-29 03:17 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-09 17:00 . 2012-06-29 03:17 15290216 ----a-w- c:\windows\system32\nvd3dum.dll
2012-07-09 17:00 . 2012-06-29 03:17 1007464 ----a-w- c:\windows\system32\nvdispco32.dll
2012-07-09 09:54 . 2012-07-09 09:54 -------- d-----w- c:\users\apple\AppData\Roaming\ImTOO
2012-07-09 09:11 . 2012-07-09 10:43 -------- d-----w- c:\users\apple\AppData\Local\QuickPar
2012-07-09 09:09 . 2012-07-09 09:09 -------- d-----w- c:\program files\QuickPar
2012-07-08 09:00 . 2012-07-08 09:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-08 05:52 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E61AFD0F-3274-4A8B-B928-27CEF65FA3B0}\mpengine.dll
2012-07-07 16:25 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-07 12:32 . 2012-05-17 21:36 2468520 ----a-w- c:\windows\system32\BootMan.exe
2012-07-07 12:32 . 2011-07-29 17:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-07-07 12:32 . 2011-07-29 17:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2012-07-07 12:32 . 2011-07-29 17:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-07-07 12:32 . 2011-07-29 17:54 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2012-07-07 12:32 . 2012-07-07 12:32 -------- d-----w- c:\program files\EaseUS
2012-07-04 23:46 . 2012-07-04 23:46 -------- d-----w- c:\program files\InstallShield Installation Information
2012-07-04 23:45 . 2012-07-04 23:45 -------- d-----w- c:\program files\Rocketfish
2012-07-04 23:45 . 2012-07-04 23:45 -------- d-----w- c:\programdata\Downloaded Installations
2012-07-04 19:30 . 2012-02-09 17:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C2DE976-CF08-4473-9783-D1E2D95F9D83}\gapaengine.dll
2012-07-02 10:16 . 2012-07-02 10:16 -------- d-----w- c:\users\apple\AppData\Roaming\PowerISO
2012-07-02 10:15 . 2012-07-02 10:15 -------- d-----w- c:\users\apple\AppData\Local\AVG Secure Search
2012-07-02 10:15 . 2012-07-02 10:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-02 10:15 . 2012-07-02 10:15 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-02 10:15 . 2012-07-02 10:15 -------- d-----w- c:\program files\AVG Secure Search
2012-07-02 10:14 . 2012-07-02 10:14 -------- d--h--w- c:\programdata\Common Files
2012-06-28 21:44 . 2012-06-28 21:44 428904 ----a-w- c:\windows\system32\nvStreaming.exe
2012-06-23 20:39 . 2012-06-23 20:39 -------- d-----w- c:\program files\PFConfig
2012-06-22 18:59 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-22 18:59 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-22 18:59 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-22 18:59 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-22 18:59 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-22 14:53 . 2012-06-22 16:32 116456 ----a-w- c:\windows\system32\drivers\sscvf.sys
2012-06-22 14:53 . 2012-06-22 14:53 -------- d-----w- c:\program files\SuperSpeed
2012-06-21 07:53 . 2010-05-12 18:42 57800 ----a-w- c:\windows\system32\drivers\CBDisk.sys
2012-06-21 07:52 . 2012-06-21 07:52 -------- d-----w- c:\program files\Common Files\Mediafour
2012-06-21 07:52 . 2012-06-21 07:52 -------- d-----w- c:\programdata\Mediafour
2012-06-21 07:52 . 2012-06-21 07:52 -------- d-----w- c:\program files\Mediafour
2012-06-20 08:50 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-20 08:50 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-20 08:49 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-20 08:49 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-20 08:49 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 05:56 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 05:56 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 05:56 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 05:56 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 05:56 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 05:56 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 05:56 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 05:56 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 05:56 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 18:49 . 2012-04-02 14:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 18:49 . 2011-10-15 05:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 02:43 . 2012-06-09 02:43 65856 ----a-w- c:\windows\system32\drivers\WMDrive.sys
2012-06-04 09:45 . 2011-12-06 23:59 47360 ----a-w- c:\users\apple\AppData\Roaming\pcouffin.sys
2012-05-31 04:10 . 2012-05-31 04:10 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-17 11:30 . 2012-03-10 23:44 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-05-04 11:26 . 2012-05-04 11:26 194432 ----a-w- c:\windows\system32\VfCfgDlgs.dll
2012-05-04 11:26 . 2012-05-04 11:26 66424 ----a-w- c:\windows\system32\VfCfg.exe
2012-05-04 11:26 . 2012-05-04 11:26 131960 ----a-w- c:\windows\system32\VfCfgSh.dll
2012-05-04 11:26 . 2012-05-04 11:26 26488 ----a-w- c:\windows\system32\SscVfPcp.dll
2012-05-04 11:26 . 2012-06-22 16:32 116456 ----a-w- c:\windows\system32\drivers\SscVF.BAK
2012-04-23 11:26 . 2012-06-07 06:18 96056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-20 22:50 . 2012-04-20 22:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-21 06:31 . 2012-02-01 17:08 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-02 10:15 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-14 3491264]
"HijackThis startup scan"="d:\malware\Utilities\Trend Micro\HijackThis\HijackThis.exe" [BU]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7a\AOL.EXE" [2012-04-20 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
"EzPrint"="c:\program files\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"NUSB3MON"="c:\program files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe" [2010-04-27 113288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 SscVF;SuperCacheŽ; [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:49]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2467889200-3825364765-2544583091-1000Core.job
- c:\users\apple\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:30]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2467889200-3825364765-2544583091-1000UA.job
- c:\users\apple\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-09 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={AF222A3E-2C3C-4133-89B8-48A3B6875C56}&mid=f9cbe00afa3547d0abf9d14acce4e9e6-cd2df1e2623f5f88ff1445da0acf5da1e623057f&lang=en&ds=st011&pr=sa&d=2012-07-02 06:15&v=11.1.0.12&sap=hp
mLocal Page = x:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8214af30-107d-4b9f-8f06-f930d38e70c9%7D&mid=f9cbe00afa3547d0abf9d14acce4e9e6-cd2df1e2623f5f88ff1445da0acf5da1e623057f&ds=st011&v=11.1.0.12&lang=en&pr=sa&d=2012-07-02%2006%3A15%3A13&sap=ku&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ed,3d,76,f6,a3,e9,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,cc,b8,00,78,ac,2b,4a,af,83,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,cc,b8,00,78,ac,2b,4a,af,83,bd,\
.
[HKEY_USERS\S-1-5-21-2467889200-3825364765-2544583091-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1a,68,0b,98,2d,c4,3f,48,b7,92,28,a6,74,fb,94,c5,0f,6b,b2,b8,fe,
a3,e9,4b,40,e5,f5,14,c7,fa,6f,89,bf,8e,08,dc,70,98,1f,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2467889200-3825364765-2544583091-1000_Classes\CLSID\{c7dab058-5227-4c89-85bb-f58443c23f32}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a8
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2524)
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-15 09:44:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 13:44
ComboFix2.txt 2012-07-13 06:56
.
Pre-Run: 224,733,028,352 bytes free
Post-Run: 224,257,867,776 bytes free
.
- - End Of File - - 08A08792335C9573BCD2CE14C62FE4A5

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 15 July 2012 - 11:22 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 remedyp

remedyp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 15 July 2012 - 11:55 AM

here tdsskiller log

12:51:41.0227 2536 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
12:51:41.0450 2536 ============================================================
12:51:41.0450 2536 Current date / time: 2012/07/15 12:51:41.0450
12:51:41.0450 2536 SystemInfo:
12:51:41.0450 2536
12:51:41.0450 2536 OS Version: 6.1.7601 ServicePack: 1.0
12:51:41.0450 2536 Product type: Workstation
12:51:41.0450 2536 ComputerName: APPLE-PC
12:51:41.0450 2536 UserName: apple
12:51:41.0450 2536 Windows directory: C:\Windows
12:51:41.0451 2536 System windows directory: C:\Windows
12:51:41.0451 2536 Processor architecture: Intel x86
12:51:41.0451 2536 Number of processors: 8
12:51:41.0451 2536 Page size: 0x1000
12:51:41.0451 2536 Boot type: Normal boot
12:51:41.0451 2536 ============================================================
12:51:42.0970 2536 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:51:42.0981 2536 ============================================================
12:51:42.0981 2536 \Device\Harddisk0\DR0:
12:51:42.0981 2536 MBR partitions:
12:51:42.0981 2536 Initialize success
12:51:42.0981 2536 ============================================================
12:51:44.0102 3004 ============================================================
12:51:44.0102 3004 Scan started
12:51:44.0102 3004 Mode: Manual;
12:51:44.0102 3004 ============================================================
12:51:44.0537 3004 1394ohci - ok
12:51:44.0541 3004 ACPI - ok
12:51:44.0545 3004 AcpiPmi - ok
12:51:44.0576 3004 Adobe LM Service - ok
12:51:44.0608 3004 AdobeARMservice - ok
12:51:44.0622 3004 AdobeFlashPlayerUpdateSvc - ok
12:51:44.0625 3004 adp94xx - ok
12:51:44.0627 3004 adpahci - ok
12:51:44.0630 3004 adpu320 - ok
12:51:44.0632 3004 AeLookupSvc - ok
12:51:44.0637 3004 AFD - ok
12:51:44.0640 3004 agp440 - ok
12:51:44.0641 3004 aic78xx - ok
12:51:44.0646 3004 ALG - ok
12:51:44.0647 3004 aliide - ok
12:51:44.0650 3004 amdagp - ok
12:51:44.0652 3004 amdide - ok
12:51:44.0653 3004 AmdK8 - ok
12:51:44.0656 3004 AmdPPM - ok
12:51:44.0658 3004 amdsata - ok
12:51:44.0660 3004 amdsbs - ok
12:51:44.0662 3004 amdxata - ok
12:51:44.0670 3004 AOL ACS - ok
12:51:44.0672 3004 AppID - ok
12:51:44.0675 3004 AppIDSvc - ok
12:51:44.0677 3004 Appinfo - ok
12:51:44.0681 3004 Apple Mobile Device - ok
12:51:44.0683 3004 AppMgmt - ok
12:51:44.0685 3004 arc - ok
12:51:44.0687 3004 arcsas - ok
12:51:44.0691 3004 aspnet_state - ok
12:51:44.0696 3004 AsyncMac - ok
12:51:44.0698 3004 atapi - ok
12:51:44.0701 3004 AudioEndpointBuilder - ok
12:51:44.0703 3004 Audiosrv - ok
12:51:44.0706 3004 AxInstSV - ok
12:51:44.0707 3004 b06bdrv - ok
12:51:44.0710 3004 b57nd60x - ok
12:51:44.0715 3004 BDESVC - ok
12:51:44.0717 3004 Beep - ok
12:51:44.0727 3004 BFE - ok
12:51:44.0736 3004 BingDesktopUpdate - ok
12:51:44.0752 3004 BITCOMET_HELPER_SERVICE - ok
12:51:44.0753 3004 BITS - ok
12:51:44.0756 3004 blbdrive - ok
12:51:44.0760 3004 Bonjour Service - ok
12:51:44.0762 3004 bowser - ok
12:51:44.0765 3004 BrFiltLo - ok
12:51:44.0766 3004 BrFiltUp - ok
12:51:44.0768 3004 BridgeMP - ok
12:51:44.0771 3004 Browser - ok
12:51:44.0773 3004 Brserid - ok
12:51:44.0776 3004 BrSerWdm - ok
12:51:44.0778 3004 BrUsbMdm - ok
12:51:44.0780 3004 BrUsbSer - ok
12:51:44.0782 3004 BTHMODEM - ok
12:51:44.0785 3004 bthserv - ok
12:51:44.0788 3004 catchme - ok
12:51:44.0792 3004 CBDisk - ok
12:51:44.0796 3004 cdfs - ok
12:51:44.0798 3004 cdrom - ok
12:51:44.0801 3004 CertPropSvc - ok
12:51:44.0803 3004 circlass - ok
12:51:44.0806 3004 CLFS - ok
12:51:44.0808 3004 clr_optimization_v2.0.50727_32 - ok
12:51:44.0811 3004 clr_optimization_v4.0.30319_32 - ok
12:51:44.0813 3004 CmBatt - ok
12:51:44.0815 3004 cmdide - ok
12:51:44.0817 3004 CNG - ok
12:51:44.0820 3004 Compbatt - ok
12:51:44.0822 3004 CompositeBus - ok
12:51:44.0825 3004 COMSysApp - ok
12:51:44.0827 3004 crcdisk - ok
12:51:44.0831 3004 CryptSvc - ok
12:51:44.0832 3004 CSC - ok
12:51:44.0835 3004 CscService - ok
12:51:44.0837 3004 dc3d - ok
12:51:44.0841 3004 DcomLaunch - ok
12:51:44.0843 3004 defragsvc - ok
12:51:44.0846 3004 DfsC - ok
12:51:44.0850 3004 Dhcp - ok
12:51:44.0852 3004 discache - ok
12:51:44.0855 3004 Disk - ok
12:51:44.0857 3004 Dnscache - ok
12:51:44.0858 3004 dot3svc - ok
12:51:44.0861 3004 DPS - ok
12:51:44.0863 3004 drmkaud - ok
12:51:44.0866 3004 DXGKrnl - ok
12:51:44.0868 3004 EapHost - ok
12:51:44.0871 3004 ebdrv - ok
12:51:44.0873 3004 EFS - ok
12:51:44.0875 3004 ehRecvr - ok
12:51:44.0877 3004 ehSched - ok
12:51:44.0880 3004 elxstor - ok
12:51:44.0882 3004 epmntdrv - ok
12:51:44.0885 3004 ErrDev - ok
12:51:44.0893 3004 EuGdiDrv - ok
12:51:44.0896 3004 EventSystem - ok
12:51:44.0898 3004 exfat - ok
12:51:44.0901 3004 fastfat - ok
12:51:44.0903 3004 Fax - ok
12:51:44.0906 3004 fdc - ok
12:51:44.0907 3004 fdPHost - ok
12:51:44.0910 3004 FDResPub - ok
12:51:44.0912 3004 FileInfo - ok
12:51:44.0913 3004 Filetrace - ok
12:51:44.0920 3004 FLEXnet Licensing Service - ok
12:51:44.0921 3004 flpydisk - ok
12:51:44.0923 3004 FltMgr - ok
12:51:44.0926 3004 FontCache - ok
12:51:44.0928 3004 FontCache3.0.0.0 - ok
12:51:44.0931 3004 FsDepends - ok
12:51:44.0932 3004 Fs_Rec - ok
12:51:44.0935 3004 FTDIBUS - ok
12:51:44.0937 3004 FTSER2K - ok
12:51:44.0943 3004 fvevol - ok
12:51:44.0946 3004 gagp30kx - ok
12:51:44.0948 3004 GEARAspiWDM - ok
12:51:44.0950 3004 gpsvc - ok
12:51:44.0952 3004 hcw85cir - ok
12:51:44.0955 3004 HdAudAddService - ok
12:51:44.0957 3004 HDAudBus - ok
12:51:44.0960 3004 HidBatt - ok
12:51:44.0962 3004 HidBth - ok
12:51:44.0965 3004 HidIr - ok
12:51:44.0967 3004 hidserv - ok
12:51:44.0970 3004 HidUsb - ok
12:51:44.0972 3004 hkmsvc - ok
12:51:44.0973 3004 HomeGroupListener - ok
12:51:44.0976 3004 HomeGroupProvider - ok
12:51:44.0978 3004 HpSAMD - ok
12:51:44.0981 3004 HTTP - ok
12:51:44.0983 3004 hwpolicy - ok
12:51:44.0985 3004 i8042prt - ok
12:51:44.0987 3004 iaStorV - ok
12:51:45.0002 3004 IDMWFP - ok
12:51:45.0005 3004 idsvc - ok
12:51:45.0007 3004 iirsp - ok
12:51:45.0010 3004 IKEEXT - ok
12:51:45.0012 3004 intelide - ok
12:51:45.0015 3004 intelppm - ok
12:51:45.0017 3004 IPBusEnum - ok
12:51:45.0020 3004 IpFilterDriver - ok
12:51:45.0021 3004 iphlpsvc - ok
12:51:45.0023 3004 IPMIDRV - ok
12:51:45.0026 3004 IPNAT - ok
12:51:45.0031 3004 iPod Service - ok
12:51:45.0032 3004 IRENUM - ok
12:51:45.0037 3004 isapnp - ok
12:51:45.0040 3004 iScsiPrt - ok
12:51:45.0047 3004 ivusb - ok
12:51:45.0048 3004 k57nd60x - ok
12:51:45.0052 3004 kbdclass - ok
12:51:45.0055 3004 kbdhid - ok
12:51:45.0057 3004 KeyIso - ok
12:51:45.0060 3004 KSecDD - ok
12:51:45.0061 3004 KSecPkg - ok
12:51:45.0063 3004 KtmRm - ok
12:51:45.0065 3004 LanmanServer - ok
12:51:45.0067 3004 LanmanWorkstation - ok
12:51:45.0072 3004 libusb0 - ok
12:51:45.0075 3004 lltdio - ok
12:51:45.0088 3004 lltdsvc - ok
12:51:45.0091 3004 lmhosts - ok
12:51:45.0095 3004 LSI_FC - ok
12:51:45.0097 3004 LSI_SAS - ok
12:51:45.0100 3004 LSI_SAS2 - ok
12:51:45.0102 3004 LSI_SCSI - ok
12:51:45.0105 3004 luafv - ok
12:51:45.0107 3004 lxdu_device - ok
12:51:45.0110 3004 MacDrive8Service - ok
12:51:45.0112 3004 MBAMProtector - ok
12:51:45.0115 3004 MBAMService - ok
12:51:45.0117 3004 Mcx2Svc - ok
12:51:45.0121 3004 MDFSYSNT - ok
12:51:45.0123 3004 MDPMGRNT - ok
12:51:45.0125 3004 megasas - ok
12:51:45.0127 3004 MegaSR - ok
12:51:45.0130 3004 Microsoft SharePoint Workspace Audit Service - ok
12:51:45.0132 3004 MMCSS - ok
12:51:45.0135 3004 Modem - ok
12:51:45.0137 3004 monitor - ok
12:51:45.0138 3004 mouclass - ok
12:51:45.0141 3004 mouhid - ok
12:51:45.0142 3004 mountmgr - ok
12:51:45.0146 3004 MozillaMaintenance - ok
12:51:45.0150 3004 MpFilter - ok
12:51:45.0152 3004 mpio - ok
12:51:45.0153 3004 mpsdrv - ok
12:51:45.0173 3004 MpsSvc - ok
12:51:45.0176 3004 MRxDAV - ok
12:51:45.0177 3004 mrxsmb - ok
12:51:45.0180 3004 mrxsmb10 - ok
12:51:45.0182 3004 mrxsmb20 - ok
12:51:45.0183 3004 msahci - ok
12:51:45.0186 3004 msdsm - ok
12:51:45.0187 3004 MSDTC - ok
12:51:45.0191 3004 Msfs - ok
12:51:45.0193 3004 mshidkmdf - ok
12:51:45.0196 3004 msisadrv - ok
12:51:45.0197 3004 MSiSCSI - ok
12:51:45.0200 3004 msiserver - ok
12:51:45.0202 3004 MSKSSRV - ok
12:51:45.0205 3004 MSPCLOCK - ok
12:51:45.0206 3004 MSPQM - ok
12:51:45.0208 3004 MsRPC - ok
12:51:45.0211 3004 mssmbios - ok
12:51:45.0213 3004 MSSQL$SQLEXPRESS - ok
12:51:45.0216 3004 MSSQLServerADHelper100 - ok
12:51:45.0218 3004 MSTEE - ok
12:51:45.0220 3004 MTConfig - ok
12:51:45.0222 3004 Mup - ok
12:51:45.0225 3004 napagent - ok
12:51:45.0227 3004 NativeWifiP - ok
12:51:45.0230 3004 NDIS - ok
12:51:45.0231 3004 NdisCap - ok
12:51:45.0233 3004 NdisTapi - ok
12:51:45.0236 3004 Ndisuio - ok
12:51:45.0238 3004 NdisWan - ok
12:51:45.0248 3004 NDProxy - ok
12:51:45.0251 3004 NetBIOS - ok
12:51:45.0253 3004 NetBT - ok
12:51:45.0256 3004 Netlogon - ok
12:51:45.0260 3004 Netman - ok
12:51:45.0261 3004 NetMsmqActivator - ok
12:51:45.0263 3004 NetPipeActivator - ok
12:51:45.0266 3004 netprofm - ok
12:51:45.0268 3004 netr28u - ok
12:51:45.0270 3004 NetTcpActivator - ok
12:51:45.0272 3004 NetTcpPortSharing - ok
12:51:45.0276 3004 nfrd960 - ok
12:51:45.0278 3004 NisDrv - ok
12:51:45.0281 3004 NisSrv - ok
12:51:45.0282 3004 NlaSvc - ok
12:51:45.0285 3004 Npfs - ok
12:51:45.0287 3004 nsi - ok
12:51:45.0290 3004 nsiproxy - ok
12:51:45.0292 3004 Ntfs - ok
12:51:45.0295 3004 Null - ok
12:51:45.0297 3004 nusb3hub - ok
12:51:45.0300 3004 nusb3xhc - ok
12:51:45.0302 3004 nvlddmkm - ok
12:51:45.0305 3004 nvraid - ok
12:51:45.0307 3004 nvstor - ok
12:51:45.0311 3004 nvsvc - ok
12:51:45.0313 3004 nvUpdatusService - ok
12:51:45.0316 3004 nv_agp - ok
12:51:45.0317 3004 ohci1394 - ok
12:51:45.0320 3004 ose - ok
12:51:45.0322 3004 osppsvc - ok
12:51:45.0326 3004 p2pimsvc - ok
12:51:45.0327 3004 p2psvc - ok
12:51:45.0330 3004 Parport - ok
12:51:45.0332 3004 partmgr - ok
12:51:45.0335 3004 Parvdm - ok
12:51:45.0336 3004 PcaSvc - ok
12:51:45.0338 3004 pci - ok
12:51:45.0341 3004 pciide - ok
12:51:45.0342 3004 pcmcia - ok
12:51:45.0345 3004 pcouffin - ok
12:51:45.0347 3004 pcw - ok
12:51:45.0350 3004 PEAUTH - ok
12:51:45.0352 3004 PeerDistSvc - ok
12:51:45.0358 3004 pla - ok
12:51:45.0362 3004 PlugPlay - ok
12:51:45.0365 3004 PNRPAutoReg - ok
12:51:45.0367 3004 PNRPsvc - ok
12:51:45.0368 3004 PolicyAgent - ok
12:51:45.0372 3004 Power - ok
12:51:45.0375 3004 PptpMiniport - ok
12:51:45.0377 3004 Processor - ok
12:51:45.0378 3004 ProfSvc - ok
12:51:45.0381 3004 ProtectedStorage - ok
12:51:45.0383 3004 Psched - ok
12:51:45.0386 3004 ql2300 - ok
12:51:45.0387 3004 ql40xx - ok
12:51:45.0390 3004 QWAVE - ok
12:51:45.0391 3004 QWAVEdrv - ok
12:51:45.0393 3004 RasAcd - ok
12:51:45.0396 3004 RasAgileVpn - ok
12:51:45.0398 3004 RasAuto - ok
12:51:45.0401 3004 Rasl2tp - ok
12:51:45.0403 3004 RasMan - ok
12:51:45.0405 3004 RasPppoe - ok
12:51:45.0407 3004 RasSstp - ok
12:51:45.0408 3004 rdbss - ok
12:51:45.0411 3004 rdpbus - ok
12:51:45.0413 3004 RDPCDD - ok
12:51:45.0416 3004 RDPDR - ok
12:51:45.0420 3004 RDPENCDD - ok
12:51:45.0422 3004 RDPREFMP - ok
12:51:45.0446 3004 RdpVideoMiniport - ok
12:51:45.0448 3004 RDPWD - ok
12:51:45.0451 3004 rdyboost - ok
12:51:45.0453 3004 RemoteAccess - ok
12:51:45.0455 3004 RemoteRegistry - ok
12:51:45.0457 3004 RimUsb - ok
12:51:45.0460 3004 RpcEptMapper - ok
12:51:45.0462 3004 RpcLocator - ok
12:51:45.0463 3004 RpcSs - ok
12:51:45.0466 3004 RsFx0105 - ok
12:51:45.0468 3004 rspndr - ok
12:51:45.0471 3004 s3cap - ok
12:51:45.0473 3004 SamSs - ok
12:51:45.0476 3004 SBKUPNT - ok
12:51:45.0478 3004 sbp2port - ok
12:51:45.0480 3004 SCardSvr - ok
12:51:45.0488 3004 SCDEmu - ok
12:51:45.0490 3004 scfilter - ok
12:51:45.0492 3004 Schedule - ok
12:51:45.0495 3004 SCPolicySvc - ok
12:51:45.0496 3004 SDRSVC - ok
12:51:45.0498 3004 secdrv - ok
12:51:45.0501 3004 seclogon - ok
12:51:45.0502 3004 SENS - ok
12:51:45.0505 3004 SensrSvc - ok
12:51:45.0507 3004 Serenum - ok
12:51:45.0508 3004 Serial - ok
12:51:45.0511 3004 sermouse - ok
12:51:45.0516 3004 SessionEnv - ok
12:51:45.0518 3004 sffdisk - ok
12:51:45.0521 3004 sffp_mmc - ok
12:51:45.0523 3004 sffp_sd - ok
12:51:45.0525 3004 sfloppy - ok
12:51:45.0537 3004 SharedAccess - ok
12:51:45.0540 3004 ShellHWDetection - ok
12:51:45.0542 3004 SI3132 - ok
12:51:45.0545 3004 SiFilter - ok
12:51:45.0547 3004 SiRemFil - ok
12:51:45.0550 3004 sisagp - ok
12:51:45.0552 3004 SiSRaid2 - ok
12:51:45.0553 3004 SiSRaid4 - ok
12:51:45.0556 3004 Smb - ok
12:51:45.0560 3004 SNMPTRAP - ok
12:51:45.0562 3004 spldr - ok
12:51:45.0565 3004 Spooler - ok
12:51:45.0566 3004 sppsvc - ok
12:51:45.0568 3004 sppuinotify - ok
12:51:45.0571 3004 SQLAgent$SQLEXPRESS - ok
12:51:45.0573 3004 SQLBrowser - ok
12:51:45.0575 3004 SQLWriter - ok
12:51:45.0577 3004 srv - ok
12:51:45.0580 3004 srv2 - ok
12:51:45.0581 3004 srvnet - ok
12:51:45.0583 3004 ssadbus - ok
12:51:45.0586 3004 ssadmdfl - ok
12:51:45.0588 3004 ssadmdm - ok
12:51:45.0590 3004 ssadserd - ok
12:51:45.0596 3004 SscVF - ok
12:51:45.0597 3004 SSDPSRV - ok
12:51:45.0600 3004 SstpSvc - ok
12:51:45.0602 3004 Stereo Service - ok
12:51:45.0605 3004 stexstor - ok
12:51:45.0607 3004 StiSvc - ok
12:51:45.0608 3004 storflt - ok
12:51:45.0611 3004 storvsc - ok
12:51:45.0613 3004 swenum - ok
12:51:45.0615 3004 swprv - ok
12:51:45.0617 3004 Synth3dVsc - ok
12:51:45.0620 3004 SysMain - ok
12:51:45.0621 3004 TabletInputService - ok
12:51:45.0623 3004 TapiSrv - ok
12:51:45.0626 3004 TBS - ok
12:51:45.0628 3004 Tcpip - ok
12:51:45.0631 3004 TCPIP6 - ok
12:51:45.0633 3004 tcpipreg - ok
12:51:45.0637 3004 TDPIPE - ok
12:51:45.0638 3004 TDTCP - ok
12:51:45.0641 3004 tdx - ok
12:51:45.0643 3004 TermDD - ok
12:51:45.0645 3004 TermService - ok
12:51:45.0647 3004 Themes - ok
12:51:45.0650 3004 THREADORDER - ok
12:51:45.0651 3004 TrkWks - ok
12:51:45.0653 3004 TrustedInstaller - ok
12:51:45.0657 3004 tssecsrv - ok
12:51:45.0658 3004 TsUsbFlt - ok
12:51:45.0661 3004 tsusbhub - ok
12:51:45.0663 3004 tunnel - ok
12:51:45.0666 3004 uagp35 - ok
12:51:45.0668 3004 udfs - ok
12:51:45.0672 3004 UI0Detect - ok
12:51:45.0675 3004 uliagpkx - ok
12:51:45.0677 3004 umbus - ok
12:51:45.0678 3004 UmPass - ok
12:51:45.0681 3004 UmRdpService - ok
12:51:45.0683 3004 upnphost - ok
12:51:45.0686 3004 USBAAPL - ok
12:51:45.0688 3004 usbaudio - ok
12:51:45.0691 3004 usbccgp - ok
12:51:45.0693 3004 usbcir - ok
12:51:45.0696 3004 usbehci - ok
12:51:45.0698 3004 usbhub - ok
12:51:45.0700 3004 usbohci - ok
12:51:45.0702 3004 usbprint - ok
12:51:45.0705 3004 usbscan - ok
12:51:45.0707 3004 USBSTOR - ok
12:51:45.0708 3004 usbuhci - ok
12:51:45.0711 3004 UxSms - ok
12:51:45.0713 3004 VaultSvc - ok
12:51:45.0716 3004 vdrvroot - ok
12:51:45.0717 3004 vds - ok
12:51:45.0720 3004 vga - ok
12:51:45.0722 3004 VgaSave - ok
12:51:45.0725 3004 VGPU - ok
12:51:45.0726 3004 vhdmp - ok
12:51:45.0728 3004 viaagp - ok
12:51:45.0731 3004 ViaC7 - ok
12:51:45.0732 3004 viaide - ok
12:51:45.0735 3004 vmbus - ok
12:51:45.0737 3004 VMBusHID - ok
12:51:45.0738 3004 volmgr - ok
12:51:45.0741 3004 volmgrx - ok
12:51:45.0743 3004 volsnap - ok
12:51:45.0746 3004 vsmraid - ok
12:51:45.0747 3004 VSS - ok
12:51:45.0762 3004 vToolbarUpdater11.2.0 - ok
12:51:45.0765 3004 vwifibus - ok
12:51:45.0796 3004 vwififlt - ok
12:51:45.0798 3004 W32Time - ok
12:51:45.0802 3004 WacomPen - ok
12:51:45.0805 3004 WANARP - ok
12:51:45.0807 3004 Wanarpv6 - ok
12:51:45.0810 3004 wanatw - ok
12:51:45.0812 3004 WatAdminSvc - ok
12:51:45.0815 3004 wbengine - ok
12:51:45.0816 3004 WbioSrvc - ok
12:51:45.0818 3004 wcncsvc - ok
12:51:45.0821 3004 WcsPlugInService - ok
12:51:45.0823 3004 Wd - ok
12:51:45.0826 3004 WDC_SAM - ok
12:51:45.0827 3004 Wdf01000 - ok
12:51:45.0830 3004 WdiServiceHost - ok
12:51:45.0832 3004 WdiSystemHost - ok
12:51:45.0833 3004 WebClient - ok
12:51:45.0836 3004 Wecsvc - ok
12:51:45.0837 3004 wercplsupport - ok
12:51:45.0841 3004 WerSvc - ok
12:51:45.0843 3004 WfpLwf - ok
12:51:45.0846 3004 WIMMount - ok
12:51:45.0847 3004 WinDefend - ok
12:51:45.0851 3004 WinHttpAutoProxySvc - ok
12:51:45.0853 3004 Winmgmt - ok
12:51:45.0856 3004 WinRM - ok
12:51:45.0861 3004 WinUsb - ok
12:51:45.0862 3004 Wlansvc - ok
12:51:45.0865 3004 WmiAcpi - ok
12:51:45.0867 3004 wmiApSrv - ok
12:51:45.0870 3004 WMPNetworkSvc - ok
12:51:45.0871 3004 WPCSvc - ok
12:51:45.0873 3004 WPDBusEnum - ok
12:51:45.0876 3004 ws2ifsl - ok
12:51:45.0878 3004 wscsvc - ok
12:51:45.0881 3004 WSearch - ok
12:51:45.0883 3004 wuauserv - ok
12:51:45.0886 3004 WudfPf - ok
12:51:45.0888 3004 WUDFRd - ok
12:51:45.0891 3004 wudfsvc - ok
12:51:45.0893 3004 WwanSvc - ok
12:51:45.0900 3004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:51:46.0051 3004 \Device\Harddisk0\DR0 - ok
12:51:46.0051 3004 ============================================================
12:51:46.0051 3004 Scan finished
12:51:46.0051 3004 ============================================================
12:51:46.0057 5124 Detected object count: 0
12:51:46.0057 5124 Actual detected object count: 0
12:52:05.0739 2880 Deinitialize success

#9 remedyp

remedyp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 15 July 2012 - 12:03 PM

here the aswmrb log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 12:52:01
-----------------------------
12:52:01.331 OS Version: Windows 6.1.7601 Service Pack 1
12:52:01.331 Number of processors: 8 586 0x1A05
12:52:01.332 ComputerName: APPLE-PC UserName: apple
12:52:04.358 Initialize success
12:52:31.286 AVAST engine defs: 12071500
12:52:43.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
12:52:43.650 Disk 0 Vendor: ST2000DL001-9VT156 CC93 Size: 1907729MB BusType: 11
12:52:43.651 Disk 0 MBR read successfully
12:52:43.653 Disk 0 MBR scan
12:52:43.656 Disk 0 Windows 7 default MBR code
12:52:43.658 Disk 0 Partition 1 80 (A) 42 SFS NTFS 1907726 MB offset 63
12:52:43.693 Disk 0 Partition 2 00 42 SFS 1 MB offset 3907024064
12:52:43.698 Disk 0 scanning sectors +3907027120
12:52:43.720 Disk 0 scanning C:\Windows\system32\drivers
12:52:43.723 Service scanning
12:53:05.421 Modules scanning
12:53:06.011 Disk 0 trace - called modules:
12:53:06.027 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
12:53:06.353 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87190768]
12:53:06.357 3 CLASSPNP.SYS[8c2ac59e] -> nt!IofCallDriver -> [0x86d5dc18]
12:53:06.361 5 ACPI.sys[8ba223d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x86d05908]
12:53:09.182 AVAST engine scan C:\
12:53:09.186 Scan finished successfully
12:54:01.567 Disk 0 MBR has been saved successfully to "C:\Users\apple\AppData\Roaming\IDM\MBR.dat"
12:54:01.571 The log file has been saved successfully to "C:\Users\apple\AppData\Roaming\IDM\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 15 July 2012 - 12:19 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 remedyp

remedyp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 16 July 2012 - 05:28 AM

here otl log

OTL logfile created on: 7/16/2012 6:12:50 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\apple\Downloads\Programs
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 48.68% Memory free
5.98 Gb Paging File | 3.96 Gb Available in Paging File | 66.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1863.01 Gb Total Space | 209.12 Gb Free Space | 11.22% Space Free | Partition Type: NTFS

Computer Name: APPLE-PC | User Name: apple | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\apple\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\AOL Desktop 9.7a\shellmon.exe (AOL Inc.)
PRC - C:\Program Files\AOL Desktop 9.7a\waol.exe (AOL Inc.)
PRC - C:\Program Files\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe (AOL Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc.)
PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
PRC - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Program Files\Common Files\AOL\1337259216\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AOL Desktop 9.7a\zlib.dll ()
MOD - C:\Program Files\AOL Desktop 9.7a\components\Tier2Svc.dll ()
MOD - C:\Program Files\AOL Desktop 9.7a\components\DataSvcs.dll ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Stardock\CursorFX\zlib1.dll ()
MOD - C:\Program Files\Lexmark 5600-6600 Series\iptk.dll ()
MOD - C:\Program Files\Lexmark 5600-6600 Series\lxduptp.dll ()


========== Win32 Services (SafeList) ==========

SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (BingDesktopUpdate) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (SscVF) -- C:\Windows\System32\drivers\SscVF.BAK (SuperSpeed LLC)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MDFSYSNT) -- C:\Windows\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (MDPMGRNT) -- C:\Windows\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV - (CBDisk) -- C:\Windows\System32\drivers\CBDisk.sys (EldoS Corporation)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- C:\Windows\System32\drivers\SI3132.sys (Silicon Image, Inc)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (SBKUPNT) -- C:\Windows\System32\drivers\SBKUPNT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={AF222A3E-2C3C-4133-89B8-48A3B6875C56}&mid=f9cbe00afa3547d0abf9d14acce4e9e6-cd2df1e2623f5f88ff1445da0acf5da1e623057f&lang=en&ds=st011&pr=sa&d=2012-07-02 06:15:13&v=11.1.0.12&sap=hp
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 1C A5 E9 26 58 CD 01 [binary data]
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PF&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=A3C460B3-D2C6-4FE3-BD31-8D82267EF1A8&apn_sauid=2097F18D-6410-4740-926C-ADB01883184B
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={AF222A3E-2C3C-4133-89B8-48A3B6875C56}&mid=f9cbe00afa3547d0abf9d14acce4e9e6-cd2df1e2623f5f88ff1445da0acf5da1e623057f&lang=en&ds=st011&pr=sa&d=2012-07-02 06:15:13&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B8214af30-107d-4b9f-8f06-f930d38e70c9%7D&mid=f9cbe00afa3547d0abf9d14acce4e9e6-cd2df1e2623f5f88ff1445da0acf5da1e623057f&ds=st011&v=11.1.0.12&lang=en&pr=sa&d=2012-07-02%2006%3A15%3A13&sap=ku&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\apple\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\apple\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/02 06:15:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/21 02:31:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\apple\AppData\Roaming\IDM\idmmzcc5 [2012/06/14 05:00:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/21 02:31:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\apple\AppData\Roaming\IDM\idmmzcc5 [2012/06/14 05:00:30 | 000,000,000 | ---D | M]

[2011/10/14 17:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apple\AppData\Roaming\Mozilla\Extensions
[2012/07/15 02:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions
[2012/01/02 02:08:34 | 000,000,000 | ---D | M] (Translate This!) -- C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack
[2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\searchplugins\askcom.xml
[2012/05/03 00:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 05:00:30 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\APPLE\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/07/12 02:44:29 | 000,004,527 | ---- | M] () (No name found) -- C:\USERS\APPLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEDTBA28.DEFAULT\EXTENSIONS\SUPPORT@REAL-HIDE-IP.COM.XPI
[2009/07/13 19:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\APPLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEDTBA28.DEFAULT\EXTENSIONS\YYVNYOSTMB@YYVNYOSTMB.ORG.XPI
[2012/06/21 02:31:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/02 06:15:06 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\apple\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: No name found = C:\Users\apple\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\apple\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\apple\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\apple\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Users\apple\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/07/12 02:33:50 | 000,000,051 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000..\Run: [Adobe] C:\Users\apple\AppData\Local\AOL\Adobe\rtfzrvfnz.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000..\Run: [HijackThis startup scan] D:\Malware\Utilities\Trend Micro\HijackThis\HijackThis.exe /startupscan File not found
O4 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BA5A429-5E0D-48E2-8547-306C21B8988B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A7A0F7-0AFE-43E8-89F2-71BFA757EA3C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dcb5ce06-fdcd-11e0-8f27-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dcb5ce06-fdcd-11e0-8f27-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/15 09:44:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/13 06:54:03 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Local\temp
[2012/07/12 03:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
[2012/07/12 03:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\i-Funbox DevTeam
[2012/07/12 03:45:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/12 03:43:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/12 03:42:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/12 02:44:22 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Roaming\RealHideIP
[2012/07/12 02:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RealHideIP
[2012/07/12 02:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP
[2012/07/12 02:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\RealHideIP
[2012/07/12 01:56:44 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Local\ElevatedDiagnostics
[2012/07/11 08:24:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 08:24:08 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 08:24:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 08:24:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 08:24:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 08:24:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 08:24:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 08:21:50 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 08:19:55 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 08:19:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/11 08:19:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/10 08:58:28 | 000,000,000 | ---D | C] -- C:\MRI_Updates
[2012/07/10 03:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2012/07/09 13:04:19 | 003,959,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/07/09 13:04:19 | 002,836,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/07/09 13:04:19 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/07/09 13:04:19 | 000,062,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/07/09 13:03:57 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/07/09 13:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/09 13:00:36 | 019,828,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/07/09 13:00:36 | 012,388,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/07/09 13:00:36 | 010,770,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/07/09 13:00:35 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/07/09 13:00:35 | 015,290,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/07/09 13:00:35 | 007,699,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/07/09 13:00:35 | 002,573,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/07/09 13:00:35 | 002,422,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/07/09 13:00:35 | 001,865,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/07/09 13:00:35 | 001,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/07/09 13:00:35 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/07/09 05:54:06 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Roaming\ImTOO
[2012/07/09 05:11:02 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Local\QuickPar
[2012/07/09 05:09:19 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012/07/09 05:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012/07/09 05:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2012/07/08 05:00:08 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/07 08:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.1.1 Home Edition
[2012/07/07 08:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2012/07/04 19:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012/07/04 19:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocketfish USB 3.0 PCI Express Card Driver
[2012/07/04 19:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Rocketfish
[2012/07/04 19:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/07/02 06:16:48 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Roaming\PowerISO
[2012/07/02 06:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/07/02 06:15:30 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Local\AVG Secure Search
[2012/07/02 06:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/02 06:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/02 06:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/02 06:14:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/29 00:36:38 | 000,000,000 | ---D | C] -- C:\Users\apple\Desktop\MultiBeast - Lion Edition
[2012/06/29 00:36:38 | 000,000,000 | ---D | C] -- C:\Users\apple\Desktop\__MACOSX
[2012/06/27 20:22:50 | 000,000,000 | ---D | C] -- C:\Users\apple\Documents\2012-06-25_23-14-17_200
[2012/06/23 16:39:11 | 000,000,000 | ---D | C] -- C:\Users\apple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2012/06/23 16:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\PFConfig
[2012/06/22 12:55:57 | 003,948,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrlICE.exe
[2012/06/22 12:32:50 | 000,116,456 | ---- | C] (SuperSpeed LLC) -- C:\Windows\System32\drivers\SscVF.BAK
[2012/06/22 10:53:40 | 000,116,456 | ---- | C] (SuperSpeed LLC) -- C:\Windows\System32\drivers\sscvf.sys
[2012/06/22 10:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperSpeed
[2012/06/22 10:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\SuperSpeed
[2012/06/21 03:53:00 | 000,057,800 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\CBDisk.sys
[2012/06/21 03:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive 8
[2012/06/21 03:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mediafour
[2012/06/21 03:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mediafour
[2012/06/21 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2012/06/21 03:51:02 | 000,000,000 | ---D | C] -- C:\Users\apple\Desktop\Mediafour.MacDrive.v8.0.7.38.Incl.Keymaker-CORE
[2012/06/20 04:50:27 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/20 04:49:41 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/20 04:49:41 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/20 04:49:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/19 01:56:52 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 01:56:52 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 01:56:28 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 01:56:28 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 01:56:28 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 01:56:06 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 01:56:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/03/21 17:59:44 | 000,032,072 | ---- | C] (Microsoft Corporation) -- C:\Users\apple\AppData\Roaming\BBUO3O09BG.exe
[2011/12/06 19:59:50 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\apple\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/16 05:52:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467889200-3825364765-2544583091-1000UA.job
[2012/07/16 05:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 03:52:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2467889200-3825364765-2544583091-1000Core.job
[2012/07/16 00:35:40 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 00:35:40 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 00:28:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/16 00:28:10 | 2408,828,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/15 08:08:00 | 000,731,978 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/15 08:08:00 | 000,149,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/15 02:54:19 | 000,000,038 | ---- | M] () -- C:\Users\apple\Documents\burnout_NTSC.dvd
[2012/07/15 02:51:10 | 000,008,414 | ---- | M] () -- C:\Users\apple\Documents\burnout_NTSC.mds
[2012/07/15 02:51:09 | 3540,549,631 | ---- | M] () -- C:\Users\apple\Documents\burnout_NTSC.iso
[2012/07/13 08:04:44 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/13 04:42:16 | 000,000,512 | ---- | M] () -- C:\Users\apple\Documents\MBR.dat
[2012/07/13 04:35:40 | 000,000,000 | ---- | M] () -- C:\Users\apple\defogger_reenable
[2012/07/12 14:49:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/12 14:49:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/12 03:53:43 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/07/12 02:43:36 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Real Hide IP.lnk
[2012/07/12 02:33:50 | 000,000,051 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/11 23:48:56 | 000,002,363 | ---- | M] () -- C:\Users\apple\Desktop\Google Chrome.lnk
[2012/07/11 17:19:59 | 000,430,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 04:03:04 | 000,000,043 | ---- | M] () -- C:\GSMRIDevice.tag
[2012/07/09 05:09:20 | 000,000,929 | ---- | M] () -- C:\Users\apple\Desktop\QuickPar.lnk
[2012/07/07 08:32:21 | 000,001,352 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
[2012/07/02 07:44:11 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/07/02 07:44:11 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/07/02 06:15:35 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2012/06/28 23:17:00 | 019,828,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/06/28 23:17:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/06/28 23:17:00 | 015,290,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/06/28 23:17:00 | 012,388,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/06/28 23:17:00 | 010,770,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/06/28 23:17:00 | 007,699,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/06/28 23:17:00 | 002,573,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/06/28 23:17:00 | 002,422,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/06/28 23:17:00 | 001,865,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/06/28 23:17:00 | 001,007,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/06/28 23:17:00 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/06/28 23:17:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/06/28 23:17:00 | 000,012,796 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/06/28 19:28:04 | 000,108,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/06/28 19:28:03 | 000,062,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/06/28 19:27:26 | 002,836,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/06/28 19:27:23 | 003,959,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/06/28 17:44:42 | 000,428,904 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012/06/27 20:22:50 | 005,348,973 | ---- | M] () -- C:\Users\apple\Documents\2012-06-25_23-14-17_200.zip
[2012/06/23 16:39:27 | 000,000,969 | ---- | M] () -- C:\Users\apple\Desktop\PFConfig.lnk
[2012/06/22 13:40:56 | 000,206,312 | RHS- | M] () -- C:\XELDZ
[2012/06/22 12:32:50 | 000,116,456 | ---- | M] (SuperSpeed LLC) -- C:\Windows\System32\drivers\sscvf.sys
[2012/06/22 10:53:35 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\SuperCache.lnk
[2012/06/21 03:25:28 | 000,000,931 | ---- | M] () -- C:\Users\apple\Application Data\Microsoft\Internet Explorer\Quick Launch\NewsLeecher.lnk
[2012/06/21 03:25:28 | 000,000,907 | ---- | M] () -- C:\Users\apple\Desktop\NewsLeecher.lnk
[2012/06/18 01:45:28 | 000,383,786 | RHS- | M] () -- C:\bootmgr

========== Files Created - No Company Name ==========

[2012/07/15 02:54:19 | 000,000,038 | ---- | C] () -- C:\Users\apple\Documents\burnout_NTSC.dvd
[2012/07/15 02:51:10 | 000,008,414 | ---- | C] () -- C:\Users\apple\Documents\burnout_NTSC.mds
[2012/07/15 02:34:08 | 3540,549,631 | ---- | C] () -- C:\Users\apple\Documents\burnout_NTSC.iso
[2012/07/13 06:47:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/13 04:39:32 | 000,000,512 | ---- | C] () -- C:\Users\apple\Documents\MBR.dat
[2012/07/13 04:35:40 | 000,000,000 | ---- | C] () -- C:\Users\apple\defogger_reenable
[2012/07/12 03:53:43 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\iFunbox.lnk
[2012/07/12 02:43:36 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Real Hide IP.lnk
[2012/07/10 04:03:04 | 000,000,043 | ---- | C] () -- C:\GSMRIDevice.tag
[2012/07/09 13:00:36 | 000,012,796 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/07/09 05:09:20 | 000,000,929 | ---- | C] () -- C:\Users\apple\Desktop\QuickPar.lnk
[2012/07/08 04:54:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{56ead431-5c7d-1d81-27d8-86643138d9b6}\L\00000004.@
[2012/07/07 08:32:21 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/07/07 08:32:21 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/07/07 08:32:21 | 000,001,352 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.1.1 Home Edition.lnk
[2012/07/07 08:32:20 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/07/07 08:32:20 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/07/07 08:32:20 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/07/01 11:00:55 | 2501,902,336 | ---- | C] () -- C:\Users\apple\Desktop\window 7.iso
[2012/06/28 17:44:42 | 000,428,904 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/06/27 20:22:41 | 005,348,973 | ---- | C] () -- C:\Users\apple\Documents\2012-06-25_23-14-17_200.zip
[2012/06/23 16:39:11 | 000,000,969 | ---- | C] () -- C:\Users\apple\Desktop\PFConfig.lnk
[2012/06/22 10:53:35 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\SuperCache.lnk
[2012/06/18 01:57:32 | 000,206,312 | RHS- | C] () -- C:\XELDZ
[2012/03/21 18:00:16 | 000,000,033 | ---- | C] () -- C:\Users\apple\AppData\Roaming\venom
[2012/02/20 15:16:10 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{56ead431-5c7d-1d81-27d8-86643138d9b6}\@
[2012/02/20 15:16:10 | 000,002,048 | -HS- | C] () -- C:\Users\apple\AppData\Local\{56ead431-5c7d-1d81-27d8-86643138d9b6}\@
[2012/02/07 13:15:30 | 000,000,033 | ---- | C] () -- C:\Windows\System32\deck.ini
[2012/01/30 11:32:39 | 000,000,008 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/01/03 03:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2012/01/03 01:46:56 | 000,007,604 | ---- | C] () -- C:\Users\apple\AppData\Local\Resmon.ResmonCfg
[2011/12/19 17:13:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/12/19 17:11:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/12/06 19:59:50 | 000,087,608 | ---- | C] () -- C:\Users\apple\AppData\Roaming\inst.exe
[2011/12/06 19:59:50 | 000,007,887 | ---- | C] () -- C:\Users\apple\AppData\Roaming\pcouffin.cat
[2011/12/06 19:59:50 | 000,001,144 | ---- | C] () -- C:\Users\apple\AppData\Roaming\pcouffin.inf
[2011/10/26 16:10:03 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2011/10/26 16:10:03 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2011/10/26 16:07:22 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2011/10/26 16:07:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2011/10/26 16:07:21 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2011/10/26 16:07:19 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2011/10/26 16:07:19 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2011/10/26 16:07:19 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2011/10/26 16:07:19 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2011/10/26 16:07:19 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2011/10/26 16:07:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2011/10/26 16:07:19 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2011/10/26 16:07:18 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2011/10/26 16:07:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2011/10/26 16:07:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2011/10/26 16:07:18 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2011/10/26 16:07:05 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2011/10/26 16:07:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2011/10/26 16:07:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2011/10/15 20:21:29 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2011/10/15 20:21:29 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2011/10/15 20:21:29 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2011/10/15 20:21:29 | 000,000,308 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2011/10/15 20:21:25 | 000,002,944 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/10/14 18:40:06 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/03 13:42:00 | 000,006,764 | ---- | C] () -- C:\Windows\System32\SscVfPcp.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 16 July 2012 - 11:57 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O3 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000..\Run: [HijackThis startup scan] D:\Malware\Utilities\Trend Micro\HijackThis\HijackThis.exe /startupscan File not found
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex File not found
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4  
    O33 - MountPoints2\{dcb5ce06-fdcd-11e0-8f27-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
    IE - HKU\S-1-5-21-2467889200-3825364765-2544583091-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PF&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=A3C460B3-D2C6-4FE3-BD31-8D82267EF1A8&apn_sauid=2097F18D-6410-4740-926C-ADB01883184B
    [2012/01/02 02:08:34 | 000,000,000 | ---D | M] (Translate This!) -- C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack
    [2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\searchplugins\askcom.xml
    [2009/07/13 19:11:12 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\APPLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEDTBA28.DEFAULT\EXTENSIONS\YYVNYOSTMB@YYVNYOSTMB.ORG.XPI
    :Files
    C:\Users\apple\AppData\Local\{56ead431-5c7d-1d81-27d8-86643138d9b6}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 remedyp

remedyp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 PM

Posted 17 July 2012 - 08:27 AM

here log the for otl


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_USERS\S-1-5-21-2467889200-3825364765-2544583091-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2467889200-3825364765-2544583091-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HijackThis startup scan deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcb5ce06-fdcd-11e0-8f27-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcb5ce06-fdcd-11e0-8f27-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_USERS\S-1-5-21-2467889200-3825364765-2544583091-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-google-translate-lib folder moved successfully.
Folder move failed. C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-google-translate-data\settings_folder scheduled to be moved on reboot.
Folder move failed. C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-google-translate-data scheduled to be moved on reboot.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\windows folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\utils folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\traits folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\tabs folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\keyboard folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\events folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\dom folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib\content folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-lib folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-api-utils-data folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-addon-kit-lib folder moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-addon-kit-data folder moved successfully.
Folder move failed. C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources scheduled to be moved on reboot.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\components folder moved successfully.
Folder move failed. C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack scheduled to be moved on reboot.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\searchplugins\askcom.xml moved successfully.
C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\yyvnyostmb@yyvnyostmb.org.xpi moved successfully.
========== FILES ==========
C:\Users\apple\AppData\Local\{56ead431-5c7d-1d81-27d8-86643138d9b6}\U folder moved successfully.
C:\Users\apple\AppData\Local\{56ead431-5c7d-1d81-27d8-86643138d9b6}\L folder moved successfully.
C:\Users\apple\AppData\Local\{56ead431-5c7d-1d81-27d8-86643138d9b6} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\apple\Downloads\Programs\cmd.bat deleted successfully.
C:\Users\apple\Downloads\Programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: apple
->Java cache emptied: 21921 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: apple
->Flash cache emptied: 2965 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56475 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07172012_010035

Files\Folders moved on Reboot...
File\Folder C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-google-translate-data\settings_folder not found!
File\Folder C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-google-translate-data not found!
File\Folder C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources not found!
File\Folder C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack not found!

PendingFileRenameOperations files...
File C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-google-translate-data\settings_folder not found!
File C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources\jid0-k75tfrgfoxphfezmj9cku5ecglc-at-jetpack-google-translate-data not found!
File C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack\resources not found!
File C:\Users\apple\AppData\Roaming\Mozilla\Firefox\Profiles\wedtba28.default\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack not found!

Registry entries deleted on Reboot...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 17 July 2012 - 08:57 PM

how are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 19 July 2012 - 11:44 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users