Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Trojan


  • This topic is locked This topic is locked
27 replies to this topic

#1 BubleTea

BubleTea

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 11 September 2012 - 05:57 PM

Hello,

Whenever I google something and click on a link, occasionally, I get redirected to sites that contain fake ads and other malicious content. Not only is this happening to Google, but it also happens to other search engines like Bing. Also, the result is the same when I've tried using a different web browser. I've tried using several methods of removing like using TDSSKiller and Malwarebytes, but nothing suspicious comes up.

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Patrick at 17:58:02 on 2012-09-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2911.1977 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: YouTube to MP3 Converter: {e71596b0-a83b-453d-82c1-4be99947c65f} - c:\users\patrick\appdata\local\sevas-s\youtube to mp3 converter\browserextensions\ie\YouTubeDownloaderExtension.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized
uRun: [Facebook Update] "c:\users\patrick\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\patrick\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\patrick\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\patrick\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\patrick\appdata\local\facebook\messenger\2.1.4631.0\FacebookMessenger.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{4C9E1DC9-D0E3-4F31-9E0B-41B3147B1D57} : DhcpNameServer = 107.16.189.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{68AC8B16-471C-4F0E-B940-C9858100A1F8} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{68AC8B16-471C-4F0E-B940-C9858100A1F8}\7556374796E675966496 : DhcpNameServer = 64.80.84.98 64.80.84.108
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-8 242240]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\splashdl\splashdl.sys\config\SIONExportService.exe [2011-7-8 337784]
S2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-17 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-17 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-17 1343400]
.
=============== Created Last 30 ================
.
2012-09-10 20:44:28 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3b2a3db0-137c-4e7e-99e5-0f75b8670def}\mpengine.dll
2012-09-09 15:15:18 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-08 21:56:01 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-08 21:55:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-09-07 23:52:03 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-09-05 15:35:11 -------- d-----r- c:\program files\Skype
2012-09-04 15:01:11 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-09-04 02:17:57 -------- d-----w- c:\users\patrick\appdata\local\CRE
2012-09-04 02:17:54 -------- d-----w- c:\program files\Conduit
2012-09-04 02:17:52 -------- d-----w- c:\users\patrick\appdata\local\Conduit
2012-09-04 02:17:51 -------- d-----w- c:\program files\uTorrentControl_v2
2012-09-04 02:17:40 -------- d-----w- c:\program files\uTorrent
2012-09-04 02:15:53 -------- d-----w- c:\users\patrick\appdata\roaming\uTorrent
2012-09-03 23:57:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-02 15:11:30 -------- d-----w- c:\windows\zh-TW
2012-09-02 15:11:27 -------- d-----w- c:\windows\system32\zh-CHT
2012-09-02 15:11:15 -------- d-----w- c:\windows\system32\drivers\zh-TW
2012-09-02 15:11:15 -------- d-----w- c:\windows\system32\drivers\umdf\zh-TW
2012-09-02 15:11:14 -------- d-----w- c:\windows\system32\drivers\zh-HK
2012-09-02 15:11:10 -------- d-----w- c:\windows\system32\wbem\zh-TW
2012-09-02 15:11:07 -------- d-----w- c:\windows\system32\wbem\zh-HK
2012-09-02 15:05:02 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-tw\LXKPTPRC.DLL.mui
2012-09-02 15:04:52 424448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwcht.dll
2012-09-02 15:04:52 15720448 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchtr.dll
2012-08-23 18:41:35 -------- d-----w- c:\windows\pss
2012-08-23 04:52:26 -------- d-----w- c:\users\patrick\appdata\local\temp
2012-08-23 04:52:20 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-08-23 04:34:34 98816 ----a-w- c:\windows\sed.exe
2012-08-23 04:34:34 518144 ----a-w- c:\windows\SWREG.exe
2012-08-23 04:34:34 256000 ----a-w- c:\windows\PEV.exe
2012-08-23 04:34:34 208896 ----a-w- c:\windows\MBR.exe
2012-08-15 16:50:13 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 16:50:12 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 16:50:12 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 16:50:11 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 16:50:09 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 16:50:08 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 16:50:07 769024 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-08-15 15:22:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 15:22:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:59:24.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:53 AM

Posted 11 September 2012 - 08:57 PM

Hello BubleTea, and welcome to BC!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

:step1: Warning!!

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

:step2:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

:step3:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

==========

What I would like to see in your next reply!

  • The aswMBR log
  • The TDSSKiller log

bloopie

#3 BubleTea

BubleTea
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 11 September 2012 - 11:33 PM

Hi bloopie,

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 23:37:34
-----------------------------
23:37:34.378 OS Version: Windows 6.1.7601 Service Pack 1
23:37:34.378 Number of processors: 2 586 0x170A
23:37:34.393 ComputerName: PATRICK-VAIO UserName: Patrick
23:37:35.782 Initialize success
23:37:42.412 AVAST engine defs: 12091101
23:38:44.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:38:44.655 Disk 0 Vendor: FUJITSU_MHZ2320BH_G1 00410009 Size: 305245MB BusType: 11
23:38:44.686 Disk 0 MBR read successfully
23:38:44.686 Disk 0 MBR scan
23:38:44.686 Disk 0 Windows 7 default MBR code
23:38:44.702 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10691 MB offset 2048
23:38:44.717 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 21897216
23:38:44.749 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 294452 MB offset 22102016
23:38:44.764 Disk 0 scanning sectors +625139712
23:38:44.827 Disk 0 scanning C:\Windows\system32\drivers
23:38:54.608 Service scanning
23:39:08.351 Service MpKsl1df7a697 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E005DE2-CD54-4E5E-A3BB-F3F7F99070B7}\MpKsl1df7a697.sys **LOCKED** 32
23:39:23.187 Modules scanning
23:39:30.191 Disk 0 trace - called modules:
23:39:30.223 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
23:39:30.223 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8608d030]
23:39:30.238 3 CLASSPNP.SYS[8b07f59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bc4908]
23:39:31.361 AVAST engine scan C:\Windows
23:39:33.733 AVAST engine scan C:\Windows\system32
23:43:05.626 AVAST engine scan C:\Windows\system32\drivers
23:43:21.086 AVAST engine scan C:\Users\Patrick
23:45:15.122 AVAST engine scan C:\ProgramData
23:45:47.944 Scan finished successfully
23:46:50.407 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
23:46:50.423 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"

And here is the TDSSKiller log. It didn't find anything, unfortunately.

23:53:38.0678 1352 WfpLwf - ok
23:53:38.0710 1352 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
23:53:38.0725 1352 WimFltr - ok
23:53:38.0741 1352 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:53:38.0741 1352 WIMMount - ok
23:53:38.0803 1352 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:53:38.0881 1352 WinDefend - ok
23:53:38.0881 1352 WinHttpAutoProxySvc - ok
23:53:38.0959 1352 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:53:39.0006 1352 Winmgmt - ok
23:53:39.0053 1352 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:53:39.0115 1352 WinRM - ok
23:53:39.0162 1352 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:53:39.0209 1352 WinUsb - ok
23:53:39.0271 1352 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:53:39.0349 1352 Wlansvc - ok
23:53:39.0365 1352 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:53:39.0412 1352 WmiAcpi - ok
23:53:39.0443 1352 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:53:39.0505 1352 wmiApSrv - ok
23:53:39.0599 1352 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:53:39.0692 1352 WMPNetworkSvc - ok
23:53:39.0724 1352 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:53:39.0755 1352 WPCSvc - ok
23:53:39.0786 1352 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:53:39.0817 1352 WPDBusEnum - ok
23:53:39.0833 1352 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:53:39.0880 1352 ws2ifsl - ok
23:53:39.0942 1352 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
23:53:39.0973 1352 wscsvc - ok
23:53:39.0973 1352 WSearch - ok
23:53:40.0082 1352 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:53:40.0176 1352 wuauserv - ok
23:53:40.0192 1352 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:53:40.0254 1352 WudfPf - ok
23:53:40.0316 1352 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:53:40.0379 1352 WUDFRd - ok
23:53:40.0441 1352 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:53:40.0488 1352 wudfsvc - ok
23:53:40.0519 1352 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:53:40.0566 1352 WwanSvc - ok
23:53:40.0613 1352 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
23:53:40.0644 1352 yukonw7 - ok
23:53:40.0660 1352 ================ Scan global ===============================
23:53:40.0691 1352 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:53:40.0706 1352 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:53:40.0722 1352 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
23:53:40.0753 1352 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:53:40.0784 1352 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:53:40.0784 1352 [Global] - ok
23:53:40.0784 1352 ================ Scan MBR ==================================
23:53:40.0800 1352 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:53:41.0408 1352 \Device\Harddisk0\DR0 - ok
23:53:41.0408 1352 ================ Scan VBR ==================================
23:53:41.0408 1352 [ 903CABD2B11A3357CA885AAE17D7E56B ] \Device\Harddisk0\DR0\Partition1
23:53:41.0408 1352 \Device\Harddisk0\DR0\Partition1 - ok
23:53:41.0440 1352 [ 79FD2A7462E3ED3511A3C68CB1A14E9C ] \Device\Harddisk0\DR0\Partition2
23:53:41.0440 1352 \Device\Harddisk0\DR0\Partition2 - ok
23:53:41.0455 1352 ============================================================
23:53:41.0455 1352 Scan finished
23:53:41.0455 1352 ============================================================
23:53:41.0471 1308 Detected object count: 0
23:53:41.0471 1308 Actual detected object count: 0

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:53 AM

Posted 12 September 2012 - 08:07 AM

Hi again,

It looks like you've ran Combofix on this machine a few weeks ago. Combofix is a very powerful tool and should not be used by anyone who is not trained in it's use!

However, since it's been run, please post me the logfile from Combofix. The logfile can be found at C:\Combofix.txt

==========

You still have not yet responded to this:

Please tell me if you have your original Windows CD/DVD available.


==========

Now let's also get a log from FRST, you will need the use of a USB device:

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.[/list]
==========

In your next reply, please provide the following:

  • The logfile from C:\Combofix.txt
  • The FRST.txt from your flashdrive
  • An answer to my question
bloopie

#5 BubleTea

BubleTea
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 12 September 2012 - 03:59 PM

Hello again bloopie,

I apologize for using Combofix without consulting an expert. I was unaware of the consequences of using it and will proceed with more caution next time.

Here's the Combofix log:


ComboFix 12-09-12.03 - Patrick 09/12/2012 15:51:35.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2911.1950 [GMT -4:00]
Running from: c:\users\Patrick\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-12 19:56 . 2012-09-12 19:56 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2012-09-12 19:56 . 2012-09-12 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 03:31 . 2012-09-12 03:31 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E005DE2-CD54-4E5E-A3BB-F3F7F99070B7}\offreg.dll
2012-09-11 23:12 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E005DE2-CD54-4E5E-A3BB-F3F7F99070B7}\mpengine.dll
2012-09-11 20:39 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-10 20:44 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-08 21:56 . 2012-09-08 21:56 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-08 21:55 . 2012-09-08 21:56 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-09-07 23:52 . 2012-09-08 00:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-09-05 15:35 . 2012-09-05 15:35 -------- d-----w- c:\program files\Common Files\Skype
2012-09-05 15:35 . 2012-09-05 15:35 -------- d-----r- c:\program files\Skype
2012-09-04 15:01 . 2007-05-24 01:22 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-09-04 02:17 . 2012-09-04 02:17 -------- d-----w- c:\users\Patrick\AppData\Local\CRE
2012-09-04 02:17 . 2012-09-04 02:17 -------- d-----w- c:\program files\Conduit
2012-09-04 02:17 . 2012-09-04 02:17 -------- d-----w- c:\users\Patrick\AppData\Local\Conduit
2012-09-04 02:17 . 2012-09-04 02:17 -------- d-----w- c:\program files\uTorrentControl_v2
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\zh-CHT
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\drivers\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\drivers\zh-HK
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\wbem\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\wbem\zh-HK
2012-09-02 15:05 . 2009-07-13 23:51 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\zh-TW\LXKPTPRC.DLL.mui
2012-09-02 15:04 . 2009-07-13 22:15 424448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwcht.dll
2012-09-02 15:04 . 2009-07-13 22:07 15720448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwchtr.dll
2012-08-23 04:52 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-08-15 16:50 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 16:50 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 16:50 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 16:50 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 16:50 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 16:50 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 16:50 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 15:22 . 2012-04-02 18:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 15:22 . 2011-09-17 21:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-12-10 20:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
2012-03-23 08:13 107328 ----a-w- c:\users\Patrick\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Facebook Update"="c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Facebook Messenger.lnk - c:\users\Patrick\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2012-05-30 17:18 4331392 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-13 00:00 136176 ----atw- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-16 19:33 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\splashdl\SPLASHDL.SYS\config\SIONExportService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:22]
.
2012-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000Core.job
- c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:42]
.
2012-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000UA.job
- c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:42]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000Core.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 00:00]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000UA.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-12 15:58:19
ComboFix-quarantined-files.txt 2012-09-12 19:58
ComboFix2.txt 2012-09-03 23:58
ComboFix3.txt 2012-08-23 17:54
ComboFix4.txt 2012-08-23 04:58
.
Pre-Run: 241,010,909,184 bytes free
Post-Run: 242,172,915,712 bytes free
.
- - End Of File - - 8C343705627AAF60079604BE02FF5A00

I also apologize for not responding to your question earlier. Yes, I do have the original Windows CD File available.

I tried to get you the FRST log file but when I went to Advanced Boot Options, the option "Repair your computer" wasn't available. I've also tried using the other method by using a CD/DVD. I inserted the DVD but it didn't boot from the start. I also don't know how to access BIOS settings.

Thank you for the help. I truly appreciate it!

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:53 AM

Posted 12 September 2012 - 04:38 PM

Hi again,

That last run of Combofix was the 4th time you ran the tool. I only wanted you to post me the log of the previous run, not to run it again. Please follow my instructions carefully okay?

Thank you for the help. I truly appreciate it!

It's my pleasure! :)

I've also tried using the other method by using a CD/DVD. I inserted the DVD but it didn't boot from the start. I also don't know how to access BIOS settings.

There are a couple of ways to access the BIOS and change the boot order depending on the make of your computer. Sometimes you can just start tapping the F2 key just after your press the power button to turn on your computer. Sometimes it's the DEL key, sometimes F11.

Have a look here for help on that.

Post me the resultant FRST.txt when successful, or post back here if you don't understand or need more help. :thumbup2:

bloopie

#7 BubleTea

BubleTea
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 12 September 2012 - 07:14 PM

Hello,

Once again, I apologize for not being able to follow the most simple directions. Haha

This log should be it:

ComboFix 12-09-03.07 - Patrick 09/03/2012 19:51:34.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2911.1984 [GMT -4:00]
Running from: c:\users\Patrick\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 23:56 . 2012-09-03 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 23:50 . 2012-09-03 23:50 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26265B0D-BB1B-4C76-B160-4102726EF8DD}\MpKslbd316286.sys
2012-09-03 23:35 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26265B0D-BB1B-4C76-B160-4102726EF8DD}\mpengine.dll
2012-09-02 15:50 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\zh-CHT
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\drivers\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\drivers\zh-HK
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\wbem\zh-TW
2012-09-02 15:11 . 2012-09-02 15:11 -------- d-----w- c:\windows\system32\wbem\zh-HK
2012-09-02 15:05 . 2009-07-13 23:51 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\zh-TW\LXKPTPRC.DLL.mui
2012-09-02 15:04 . 2009-07-13 22:15 424448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwcht.dll
2012-09-02 15:04 . 2009-07-13 22:07 15720448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwchtr.dll
2012-08-23 04:52 . 2012-09-03 23:56 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2012-08-23 04:52 . 2009-07-13 23:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-08-15 16:50 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 16:50 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 16:50 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 16:50 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 16:50 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 16:50 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 16:50 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 15:22 . 2012-04-02 18:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 15:22 . 2011-09-17 21:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-12-10 20:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-10 21:43 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:43 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:43 805376 ----a-w- c:\windows\system32\cdosys.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E71596B0-A83B-453D-82C1-4BE99947C65F}]
2012-03-23 08:13 107328 ----a-w- c:\users\Patrick\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-11-09 17049736]
"Facebook Update"="c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 172824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Facebook Messenger.lnk - c:\users\Patrick\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2012-05-30 17:18 4331392 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-13 00:00 136176 ----atw- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-11-09 19:42 17049736 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-16 19:33 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKslbd316286;MpKslbd316286;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26265B0D-BB1B-4C76-B160-4102726EF8DD}\MpKslbd316286.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\splashdl\SPLASHDL.SYS\config\SIONExportService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24597555
*NewlyCreated* - MPKSLBD316286
*Deregistered* - 24597555
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:22]
.
2012-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000Core.job
- c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:42]
.
2012-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000UA.job
- c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 22:42]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000Core.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 00:00]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000UA.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1628)
c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-09-03 19:58:32
ComboFix-quarantined-files.txt 2012-09-03 23:58
ComboFix2.txt 2012-08-23 17:54
ComboFix3.txt 2012-08-23 04:58
.
Pre-Run: 250,852,536,320 bytes free
Post-Run: 250,461,675,520 bytes free
.
- - End Of File - - D855B5AA3D307F0961DA0F7000BDC587

As for the FRST.txt file, I tried the setup, but apparently I'm lacking the proper disk. I think I may have misunderstood the original Windows CD/DVD to be something else. I have an upgrade disk from Windows Vista to Windows 7 specifically for Sony computers, so I'm not sure if this is what you mean by the original Windows DVD. If it's not, then no, I don't have the original Windows CD/DVD.

Sorry for the misunderstanding.

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:53 AM

Posted 13 September 2012 - 07:20 AM

Hi again,

Okay, now see if you can get me a FRST log from my previous post.

Are you able to do that?

bloopie

#9 BubleTea

BubleTea
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 13 September 2012 - 08:43 PM

Hi,

I don't think I can get the FRST file. I followed your directions and I couldn't access the System Recovery Options. When I went to the Advanced Boot Options by tapping F8, I didn't see the option to "Repair your computer". I tried the other method of accessing it but I lacked the proper disc. Are there other options?

Thanks.

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:53 AM

Posted 13 September 2012 - 09:17 PM

Hello again,

Sorry about that, I misunderstood you!

Do you know of a colleague or friend that has Windows 7 Ultimate edition CD you could borrow? That would be helpful.

Are you still getting redirected?

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

bloopie

#11 BubleTea

BubleTea
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 14 September 2012 - 10:20 PM

Hello bloopie,

That's ok haha. I think I was a bit ambiguous.

I'm not sure at the moment. I'll ask others and I'll let you know as soon as possible. And does it have to be the Windows 7 Ultimate Edition CD? I believe my version is Home Premium if it makes a difference.

The redirecting only happens on some days. For example, I didn't encounter any yesterday, but the day before that, I ran into it approximately three times. It's completely random. What I noticed was that I won't get redirected when I go really known sites such as Wikipedia, YouTube, etc.

Here's the OTL.txt file:

OTL logfile created on: 9/14/2012 11:07:54 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Patrick\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.84 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 52.45% Memory free
5.68 Gb Paging File | 3.99 Gb Available in Paging File | 70.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.55 Gb Total Space | 225.72 Gb Free Space | 78.50% Space Free | Partition Type: NTFS

Computer Name: PATRICK-VAIO | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/14 23:06:37 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2012/09/05 10:36:36 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Patrick\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
PRC - [2012/08/02 04:52:46 | 003,337,064 | ---- | M] (Sevas-S) -- C:\Users\Patrick\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3converter.exe
PRC - [2012/08/02 04:52:06 | 002,876,776 | ---- | M] (Sevas-S) -- C:\Users\Patrick\AppData\Local\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/15 01:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/07/08 11:41:52 | 000,337,784 | -H-- | M] (Splashtop Inc.) -- C:\SPLASHDL\SPLASHDL.SYS\config\SIONExportService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 10:36:56 | 022,425,008 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Facebook\Messenger\2.1.4631.0\libcef.dll
MOD - [2012/09/05 10:36:30 | 000,287,152 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Facebook\Messenger\2.1.4631.0\CefSharp.WinForms.dll
MOD - [2012/09/05 10:36:26 | 000,452,528 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Facebook\Messenger\2.1.4631.0\CefSharp.dll
MOD - [2012/08/29 22:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 22:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 22:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 22:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/29 22:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/29 22:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 22:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 22:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/06/14 14:08:39 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 14:07:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 14:07:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 11:17:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 11:16:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 11:15:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 11:15:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 11:15:22 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/08/15 11:22:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/15 01:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012/01/18 23:15:30 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/17 17:38:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/08 11:41:52 | 000,337,784 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\SPLASHDL\SPLASHDL.SYS\config\SIONExportService.exe -- (Splashtop MDES)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Patrick\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/08 17:56:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/05/09 23:35:29 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/08/03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120309014101685&tb_oid=09-03-2012&tb_mrud=15-06-2012


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 3A B0 53 A7 71 CC 01 [binary data]
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\SearchScopes\{2A09E218-8886-445A-BDC3-405D853B892B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120309014101685&tb_oid=09-03-2012&tb_mrud=15-06-2012
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledAddons: {431C1F32-DB85-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: {B18B1E5C-4D81-11E1-9C00-AFEB4824019B}:1.1.4
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@sevas.com/mysmarttabnpapi;version=1.0.0: C:\Users\Patrick\AppData\Local\Sevas-S\My Smart Tabs\BrowserExtensions\Firefox\components\npmysmarttabnpapi.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Patrick\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}: C:\Users\Patrick\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\Firefox [2012/08/04 09:04:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{431C1F32-DB85-11E1-8270-B8AC6F996F26}: C:\Users\Patrick\AppData\Local\{431C1F32-DB85-11E1-8270-B8AC6F996F26}\ [2012/07/31 23:02:03 | 000,000,000 | ---D | M]

[2011/09/12 20:46:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Extensions
[2012/09/03 22:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\p8vqonvv.default\extensions
[2012/09/03 22:17:57 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\p8vqonvv.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/08/12 21:16:28 | 000,000,000 | ---D | M] ("Youtube to MP3 Converter") -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\p8vqonvv.default\extensions\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}
[2012/06/14 20:45:35 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\p8vqonvv.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2012/07/24 21:12:23 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\p8vqonvv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/31 23:02:03 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\PATRICK\APPDATA\LOCAL\{431C1F32-DB85-11E1-8270-B8AC6F996F26}
[2012/04/13 15:37:22 | 000,099,136 | ---- | M] (SEVAS-S LLC) -- C:\Program Files\mozilla firefox\plugins\npmysmarttabnpapi.dll

========== Chrome ==========

CHR - homepage: http://www.nytimes.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.nytimes.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: YouTube Downloader Npapi (Enabled) = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnlpomffplbggocdfbghngdfkingkkpg\1.1.3_0\YouTubeDownloaderNpapi.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: My Smart Tabs (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmysmarttabnpapi.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Patrick\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: uTorrentControl_v2 = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: Youtube to MP3 Converter = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnlpomffplbggocdfbghngdfkingkkpg\1.1.3_0\
CHR - Extension: Gmail = C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/12 15:56:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\Patrick\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000..\Run: [Facebook Update] C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Patrick\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3830558389-1779596432-1078645036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C9E1DC9-D0E3-4F31-9E0B-41B3147B1D57}: DhcpNameServer = 107.16.189.1 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68AC8B16-471C-4F0E-B940-C9858100A1F8}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 23:06:36 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2012/09/12 15:58:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/12 15:58:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/12 15:58:21 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\temp
[2012/09/11 23:18:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Patrick\Desktop\aswMBR.exe
[2012/09/11 16:39:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/11 16:39:53 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/11 16:39:53 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/11 16:39:52 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/08 17:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/09/08 17:56:01 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/09/08 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/09/07 19:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/09/07 15:51:24 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/09/05 11:35:11 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/09/05 11:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/05 11:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/03 22:17:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\CRE
[2012/09/03 22:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/09/03 22:17:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Conduit
[2012/09/03 22:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2
[2012/09/02 11:11:30 | 000,000,000 | ---D | C] -- C:\Windows\zh-TW
[2012/09/02 11:11:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CHT
[2012/09/02 11:11:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2012/09/02 11:11:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
[2012/09/02 11:05:22 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\rdpwd.sys.mui
[2012/09/02 11:05:21 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\rdvgkmd.sys.mui
[2012/09/02 11:05:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\battc.sys.mui
[2012/09/02 11:05:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\usbport.sys.mui
[2012/09/02 11:05:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\tsusbhub.sys.mui
[2012/09/02 11:05:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\tsusbflt.sys.mui
[2012/09/02 11:05:16 | 000,010,752 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\zh-TW\k57nd60x.sys.mui
[2012/09/02 11:05:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\volsnap.sys.mui
[2012/09/02 11:05:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\portcls.sys.mui
[2012/09/02 11:05:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vhdmp.sys.mui
[2012/09/02 11:05:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\wd.sys.mui
[2012/09/02 11:05:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\usbhub.sys.mui
[2012/09/02 11:05:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\umbus.sys.mui
[2012/09/02 11:05:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\tpm.sys.mui
[2012/09/02 11:05:03 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\pscr.sys.mui
[2012/09/02 11:05:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\serscan.sys.mui
[2012/09/02 11:04:59 | 000,030,720 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\zh-TW\yk62x86.sys.mui
[2012/09/02 11:04:59 | 000,010,240 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\zh-TW\e1e6032.sys.mui
[2012/09/02 11:04:59 | 000,008,704 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\zh-TW\E1G60I32.sys.mui
[2012/09/02 11:04:59 | 000,004,096 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\zh-TW\e100b325.sys.mui
[2012/09/02 11:04:59 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\zh-TW\getn62.sys.mui
[2012/09/02 11:04:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\rndismpx.sys.mui
[2012/09/02 11:04:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\rndismp6.sys.mui
[2012/09/02 11:04:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\pcmcia.sys.mui
[2012/09/02 11:04:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vwifibus.sys.mui
[2012/09/02 11:04:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\mpio.sys.mui
[2012/09/02 11:04:58 | 000,010,752 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\zh-TW\b57nd60x.sys.mui
[2012/09/02 11:04:58 | 000,010,240 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\zh-TW\e1y6032.sys.mui
[2012/09/02 11:04:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\msdsm.sys.mui
[2012/09/02 11:04:58 | 000,006,144 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\zh-TW\e1q6032.sys.mui
[2012/09/02 11:04:58 | 000,006,144 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\zh-TW\e1k6032.sys.mui
[2012/09/02 11:04:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\serial.sys.mui
[2012/09/02 11:04:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\i8042prt.sys.mui
[2012/09/02 11:04:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\sermouse.sys.mui
[2012/09/02 11:04:58 | 000,003,584 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\zh-TW\bcm4sbxp.sys.mui
[2012/09/02 11:04:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\mouclass.sys.mui
[2012/09/02 11:04:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\parvdm.sys.mui
[2012/09/02 11:04:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\parport.sys.mui
[2012/09/02 11:04:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\MTConfig.sys.mui
[2012/09/02 11:04:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\mouhid.sys.mui
[2012/09/02 11:04:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ataport.sys.mui
[2012/09/02 11:04:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\amdide.sys.mui
[2012/09/02 11:04:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\afd.sys.mui
[2012/09/02 11:04:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\bfe.dll.mui
[2012/09/02 11:04:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ws2ifsl.sys.mui
[2012/09/02 11:04:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\wdf01000.sys.mui
[2012/09/02 11:04:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\tcpip.sys.mui
[2012/09/02 11:04:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\tunnel.sys.mui
[2012/09/02 11:04:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\modem.sys.mui
[2012/09/02 11:04:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\usbrpm.sys.mui
[2012/09/02 11:04:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\fvevol.sys.mui
[2012/09/02 11:04:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\scfilter.sys.mui
[2012/09/02 11:04:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\pacer.sys.mui
[2012/09/02 11:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\rdbss.sys.mui
[2012/09/02 11:04:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\qwavedrv.sys.mui
[2012/09/02 11:04:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\partmgr.sys.mui
[2012/09/02 11:04:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ntfs.sys.mui
[2012/09/02 11:04:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\nwifi.sys.mui
[2012/09/02 11:04:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ndis.sys.mui
[2012/09/02 11:04:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ndisuio.sys.mui
[2012/09/02 11:04:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ndiscap.sys.mui
[2012/09/02 11:04:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\mountmgr.sys.mui
[2012/09/02 11:04:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\luafv.sys.mui
[2012/09/02 11:04:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\http.sys.mui
[2012/09/02 11:04:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\fltmgr.sys.mui
[2012/09/02 11:04:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\volmgrx.sys.mui
[2012/09/02 11:04:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\pnpmem.sys.mui
[2012/09/02 11:04:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\pci.sys.mui
[2012/09/02 11:04:23 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrSerIb.sys.mui
[2012/09/02 11:04:23 | 000,005,120 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\zh-TW\ltmdmnt.sys.mui
[2012/09/02 11:04:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\wacompen.sys.mui
[2012/09/02 11:04:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\hdaudbus.sys.mui
[2012/09/02 11:04:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\IPMIDrv.sys.mui
[2012/09/02 11:04:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\HdAudio.sys.mui
[2012/09/02 11:04:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vdrvroot.sys.mui
[2012/09/02 11:04:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\mssmbios.sys.mui
[2012/09/02 11:04:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\kbdclass.sys.mui
[2012/09/02 11:04:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\isapnp.sys.mui
[2012/09/02 11:04:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ULIAGPKX.SYS.mui
[2012/09/02 11:04:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\hidbth.sys.mui
[2012/09/02 11:04:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\VIAAGP.SYS.mui
[2012/09/02 11:04:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\SISAGP.SYS.mui
[2012/09/02 11:04:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\NV_AGP.SYS.mui
[2012/09/02 11:04:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\kbdhid.sys.mui
[2012/09/02 11:04:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\AMDAGP.SYS.mui
[2012/09/02 11:04:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\AGP440.sys.mui
[2012/09/02 11:04:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\viac7.sys.mui
[2012/09/02 11:04:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\processr.sys.mui
[2012/09/02 11:04:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\intelppm.sys.mui
[2012/09/02 11:04:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\amdppm.sys.mui
[2012/09/02 11:04:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\amdk8.sys.mui
[2012/09/02 11:04:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\ohci1394.sys.mui
[2012/09/02 11:04:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\1394ohci.sys.mui
[2012/09/02 11:04:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\acpi.sys.mui
[2012/09/02 11:04:22 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrSerId.sys.mui
[2012/09/02 11:04:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\bthport.sys.mui
[2012/09/02 11:04:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\bthpan.sys.mui
[2012/09/02 11:04:22 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\GAGP30KX.SYS.mui
[2012/09/02 11:04:22 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\Dot4usb.sys.mui
[2012/09/02 11:04:22 | 000,002,560 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\zh-TW\atikmdag.sys.mui
[2012/09/02 11:04:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\UAGP35.SYS.mui
[2012/09/02 11:04:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\disk.sys.mui
[2012/09/02 11:04:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\cdrom.sys.mui
[2012/09/02 11:04:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\BTHUSB.SYS.mui
[2012/09/02 11:04:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\bthenum.sys.mui
[2012/09/02 11:04:22 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrParwdm.sys.mui
[2012/08/23 14:41:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/23 00:34:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/23 00:34:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/23 00:34:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/23 00:34:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/23 00:33:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/18 17:53:49 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Patrick\Desktop\tdsskiller.exe
[2012/08/16 00:22:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 00:22:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 00:22:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 00:22:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 00:22:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 00:22:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 00:22:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/14 23:06:37 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2012/09/14 23:00:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 22:25:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000UA.job
[2012/09/14 22:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/14 22:09:08 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000Core.job
[2012/09/14 21:57:44 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000UA.job
[2012/09/14 15:47:49 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 15:47:49 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 15:44:53 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/14 15:44:53 | 000,388,140 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2012/09/14 15:44:53 | 000,372,038 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2012/09/14 15:44:53 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/14 15:44:53 | 000,105,382 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2012/09/14 15:44:53 | 000,100,468 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2012/09/14 15:40:27 | 2289,315,840 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 15:56:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/11 23:51:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Patrick\Desktop\tdsskiller.exe
[2012/09/11 23:46:50 | 000,000,512 | ---- | M] () -- C:\Users\Patrick\Desktop\MBR.dat
[2012/09/11 23:34:22 | 362,826,487 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/11 23:18:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Patrick\Desktop\aswMBR.exe
[2012/09/11 17:56:02 | 000,000,156 | ---- | M] () -- C:\Users\Patrick\defogger_reenable
[2012/09/09 11:25:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3830558389-1779596432-1078645036-1000Core.job
[2012/09/08 17:56:01 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/09/07 18:01:54 | 000,002,108 | -H-- | M] () -- C:\Users\Patrick\Documents\Default.rdp
[2012/09/07 15:51:24 | 000,001,326 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/09/05 11:35:11 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/04 00:30:50 | 000,002,425 | ---- | M] () -- C:\Users\Patrick\Desktop\Google Chrome.lnk
[2012/09/02 11:10:54 | 000,117,840 | ---- | M] () -- C:\Windows\System32\prfi0404.dat
[2012/09/02 11:10:54 | 000,031,548 | ---- | M] () -- C:\Windows\System32\prfd0404.dat
[2012/08/25 18:40:45 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/22 13:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/22 13:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/08/18 15:52:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/16 09:46:53 | 000,420,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/11 23:46:50 | 000,000,512 | ---- | C] () -- C:\Users\Patrick\Desktop\MBR.dat
[2012/09/11 23:34:22 | 362,826,487 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/11 17:56:00 | 000,000,156 | ---- | C] () -- C:\Users\Patrick\defogger_reenable
[2012/09/02 11:12:29 | 000,388,140 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2012/09/02 11:12:29 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2012/09/02 11:12:29 | 000,100,468 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2012/09/02 11:12:29 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2012/08/25 18:40:45 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/23 00:34:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/23 00:34:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/23 00:34:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/23 00:34:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/23 00:34:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 22:46:05 | 000,000,355 | ---- | C] () -- C:\Users\Patrick\Homegroup - Shortcut.lnk
[2011/12/20 01:16:12 | 000,009,694 | -HS- | C] () -- C:\Users\Patrick\AppData\Local\6u47cy4c82y108
[2011/12/20 01:16:12 | 000,009,694 | -HS- | C] () -- C:\ProgramData\6u47cy4c82y108
[2011/12/16 22:22:38 | 000,010,956 | -HS- | C] () -- C:\Users\Patrick\AppData\Local\c3jp76t5ut3cjc
[2011/12/16 22:22:38 | 000,010,956 | -HS- | C] () -- C:\ProgramData\c3jp76t5ut3cjc
[2011/09/17 18:21:33 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/09/17 18:19:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/16 15:14:29 | 000,372,038 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2011/09/16 15:14:29 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2011/09/16 15:14:29 | 000,105,382 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2011/09/16 15:14:29 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2011/07/08 11:41:32 | 000,571,824 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2011/06/03 13:27:02 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/06/03 13:27:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/06/03 13:27:02 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/06/03 12:44:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/06/03 12:43:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >

By minimize, do you mean attaching the file? Sorry if I messed it up.

#12 BubleTea

BubleTea
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 14 September 2012 - 10:22 PM

Hi bloopie,

Sorry. I forgot to attach the Extras.txt file on my other reply.

Attached Files



#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:53 AM

Posted 14 September 2012 - 10:34 PM

Thanks for that BubleTea!! :thumbup2:

It should be a Windows 7 Ultimate edition CD, and home premium would be best. I'm not sure if that exact CD is needed, but that's what I'm aiming for. I will check on that tomorrow as well for you!

Please allow me some time to go over your logs. I will post back tomorrow (daytime) as it's nearly midnight here in New York, and I need some sleep. :wacko:

Look for my post tomorrow! :)

bloopie

#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:53 AM

Posted 15 September 2012 - 01:21 PM

Hi again,

Do you only get redirected when using one web browser? I see you have both FF and Chrome installed. Which browsers do you get redirected with?

Also, do you use Search Scopes? If you don't know what it is, then we can remove it. :thumbup2:

Let me know what happens! :)

bloopie

#15 BubleTea

BubleTea
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 16 September 2012 - 11:23 AM

Hi,

Yes, I used Firefox at one point and the redirecting also happened there. I thought switching to Google Chrome would help but it didn't.

I also don't know what Search Scopes are.

Thanks again. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users