Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yet another case of google redirect malware!

Started by mikelai , Mar 09 2011 01:16 PM

  • Please log in to reply

#1
mikelai
Posted 09 March 2011 - 01:16 PM

mikelai

    Member

  • Member
  • PipPip
  • 31 posts
Hi there, I recently detected the google redirect malware on my machine. I ran Malwarebytes Anti-Malware and it detected some infected files which I cleaned, but the problem still persists. Can anyone help me get rid of this?? Thanks so much in advance.

Here's my OTL log:

OTL logfile created on: 3/9/2011 9:15:37 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mikelai\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 58.23 Gb Free Space | 58.23% Space Free | Partition Type: NTFS
Drive D: | 123.93 Gb Total Space | 51.00 Gb Free Space | 41.15% Space Free | Partition Type: NTFS
Drive Z: | 14.73 Gb Total Space | 7.54 Gb Free Space | 51.19% Space Free | Partition Type: NTFS

Computer Name: MIKELAI-PC | User Name: mikelai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/09 07:25:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
PRC - [2011/03/05 18:41:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 19:40:30 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/08 13:24:02 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/12/17 01:38:14 | 003,251,800 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2010/11/01 20:51:29 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Program Files\Putty\putty.exe
PRC - [2010/11/01 09:27:42 | 001,515,520 | ---- | M] (Don HO [email protected]) -- C:\Program Files\Notepad++\notepad++.exe
PRC - [2010/09/21 01:42:38 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/09/21 01:42:08 | 014,539,312 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-vmx.exe
PRC - [2010/09/21 01:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/09/21 01:42:00 | 004,078,128 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmplayer.exe
PRC - [2010/09/21 01:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010/09/21 01:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010/09/21 01:41:24 | 000,178,736 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-unity-helper.exe
PRC - [2010/09/21 00:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/07/12 08:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/04 05:34:59 | 000,722,280 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010/03/04 05:34:58 | 000,808,296 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/03/04 05:34:56 | 004,752,744 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 16:00:08 | 000,312,624 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2008/07/15 17:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/15 17:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/02 22:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/06/20 07:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 18:53:20 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/06/19 18:53:20 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/06/19 07:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/11 18:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/05/22 13:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/30 18:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 18:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/25 13:40:24 | 000,408,064 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\Magic-i Visual Effects.exe
PRC - [2007/11/12 19:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/09 07:25:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/21 01:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 01:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 01:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 00:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 05:34:56 | 004,752,744 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2008/07/15 17:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/02 22:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/20 07:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 18:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/06/19 07:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/11 22:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/11 22:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/22 13:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 13:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 18:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 18:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 18:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 00:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 00:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 00:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/04/30 18:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 18:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/25 13:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 19:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/03/08 23:57:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA6E8E10-C459-4E67-9EDE-2834C12C7B76}\MpKsl6d4e0a5d.sys -- (MpKsl6d4e0a5d)
DRV - [2010/11/04 14:12:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/11/02 08:44:27 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.2.23752.0.sys -- (DisplayLinkUsbPort)
DRV - [2010/09/21 01:42:46 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/09/21 01:42:44 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/09/21 01:41:08 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/09/21 01:40:04 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/09/21 00:42:32 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/09/20 22:18:14 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/09/20 22:18:14 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/08/19 12:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/04 05:35:26 | 000,165,488 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2010/03/04 05:35:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2008/07/11 15:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/06/27 16:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/20 16:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/09 16:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/06 16:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/03/10 03:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 16:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 18:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sitejabber.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: {878279CD-F1DB-432A-8EE1-21D1DE4DFB50}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}: C:\Users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50} [2011/03/02 08:11:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 18:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 18:41:38 | 000,000,000 | ---D | M]

[2010/11/01 20:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Extensions
[2011/03/07 19:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions
[2011/01/30 09:37:06 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/02/08 08:45:30 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions\[email protected]
[2011/02/11 13:13:24 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions\[email protected]
[2011/03/07 19:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/01 19:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/02 08:11:03 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MIKELAI\APPDATA\LOCAL\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}
[2010/12/01 19:54:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 08:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/01/26 09:50:09 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.168.19.128 sitejabber.1
O1 - Hosts: 192.168.19.128 sitejabber.2
O1 - Hosts: 192.168.19.128 sitejabber.nsf
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (SiteJabber Reviews) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SiteJabber Reviews) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\mikelai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5921167c-e63a-11df-a117-001dba22f08f}\Shell\AutoRun\command - "" = H:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{5921167c-e63a-11df-a117-001dba22f08f}\Shell\Install\command - "" = H:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 07:25:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
[2011/03/07 07:34:56 | 010,050,902 | ---- | C] (http://www.codecpack.com) -- C:\Users\mikelai\Desktop\Codecs6030_allin1.exe
[2011/03/07 07:26:30 | 000,000,000 | ---D | C] -- C:\Users\mikelai\Desktop\ffdshow-20020617-src
[2011/03/06 20:07:18 | 017,021,024 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\mikelai\Desktop\FreeVideoToMP3Converter(2).exe
[2011/03/06 19:01:23 | 000,000,000 | ---D | C] -- C:\Users\mikelai\Documents\DVDVideoSoft
[2011/03/06 19:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/03/06 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\mikelai\AppData\Roaming\DVDVideoSoft
[2011/03/06 19:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/03/06 19:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/03/06 19:00:09 | 016,985,400 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\mikelai\Desktop\FreeVideoToMp3Converter.exe
[2011/03/02 08:11:03 | 000,000,000 | ---D | C] -- C:\Users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}
[2011/02/17 18:59:43 | 000,000,000 | ---D | C] -- C:\Users\mikelai\Desktop\ario-horizontale-tracked
[2011/02/14 14:13:01 | 000,000,000 | ---D | C] -- C:\Users\mikelai\AppData\Roaming\Malwarebytes
[2011/02/14 14:12:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/14 14:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/14 14:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/14 14:12:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/14 14:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/14 09:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/03/09 09:13:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2262687940-302562853-2256944313-1000UA.job
[2011/03/09 09:12:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/09 07:34:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 07:34:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 07:31:17 | 001,261,440 | ---- | M] () -- C:\Users\mikelai\Desktop\tdsskiller.zip
[2011/03/09 07:25:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
[2011/03/09 03:20:21 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2262687940-302562853-2256944313-1000Core.job
[2011/03/07 17:26:26 | 000,367,013 | ---- | M] () -- C:\Users\mikelai\Desktop\conversation_tab.png
[2011/03/07 13:22:54 | 000,000,600 | ---- | M] () -- C:\Users\mikelai\AppData\Local\PUTTY.RND
[2011/03/07 10:33:44 | 000,494,842 | ---- | M] () -- C:\Users\mikelai\Desktop\function.fsockopen.php
[2011/03/07 07:36:23 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/03/07 07:36:10 | 010,050,902 | ---- | M] (http://www.codecpack.com) -- C:\Users\mikelai\Desktop\Codecs6030_allin1.exe
[2011/03/07 03:32:14 | 000,003,268 | ---- | M] () -- C:\Windows\mozy.blk
[2011/03/07 03:32:14 | 000,003,064 | ---- | M] () -- C:\Windows\mozy.flt
[2011/03/06 22:43:59 | 000,033,792 | ---- | M] () -- C:\Users\mikelai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 21:00:53 | 000,607,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/06 21:00:53 | 000,105,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/06 20:08:01 | 017,021,024 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\mikelai\Desktop\FreeVideoToMP3Converter(2).exe
[2011/03/06 19:00:24 | 016,985,400 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\mikelai\Desktop\FreeVideoToMp3Converter.exe
[2011/03/05 21:24:47 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/03 10:11:04 | 000,459,929 | ---- | M] () -- C:\Users\mikelai\Desktop\advisor page.png
[2011/03/02 22:19:25 | 000,000,120 | ---- | M] () -- C:\Users\mikelai\AppData\Local\Xcabeduvak.dat
[2011/03/02 08:11:04 | 000,000,000 | ---- | M] () -- C:\Users\mikelai\AppData\Local\Fwihuraran.bin
[2011/02/24 19:25:24 | 000,037,412 | ---- | M] () -- C:\Users\mikelai\Desktop\2_25 Tahoe Weekend Menu.pdf
[2011/02/24 03:55:52 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2011/02/16 15:00:14 | 000,208,732 | R--- | M] () -- C:\Users\mikelai\Desktop\comments.png
[2011/02/11 08:41:05 | 000,417,885 | ---- | M] () -- C:\Users\mikelai\Desktop\NAAG pages sitejabber 2.png
[2011/02/10 08:44:53 | 000,001,547 | ---- | M] () -- C:\Users\mikelai\Application Data\Microsoft\Internet Explorer\Quick Launch\Workout.lnk
[2011/02/10 08:43:17 | 000,001,201 | ---- | M] () -- C:\Users\mikelai\Application Data\Microsoft\Internet Explorer\Quick Launch\Data.lnk
[2011/02/08 13:19:42 | 000,000,600 | ---- | M] () -- C:\Users\mikelai\AppData\Roaming\winscp.rnd

========== Files Created - No Company Name ==========

[2011/03/09 07:31:14 | 001,261,440 | ---- | C] () -- C:\Users\mikelai\Desktop\tdsskiller.zip
[2011/03/07 17:26:23 | 000,367,013 | ---- | C] () -- C:\Users\mikelai\Desktop\conversation_tab.png
[2011/03/07 10:33:41 | 000,494,842 | ---- | C] () -- C:\Users\mikelai\Desktop\function.fsockopen.php
[2011/03/03 10:11:01 | 000,459,929 | ---- | C] () -- C:\Users\mikelai\Desktop\advisor page.png
[2011/03/02 08:11:04 | 000,000,120 | ---- | C] () -- C:\Users\mikelai\AppData\Local\Xcabeduvak.dat
[2011/03/02 08:11:04 | 000,000,000 | ---- | C] () -- C:\Users\mikelai\AppData\Local\Fwihuraran.bin
[2011/02/24 19:25:24 | 000,037,412 | ---- | C] () -- C:\Users\mikelai\Desktop\2_25 Tahoe Weekend Menu.pdf
[2011/02/16 15:00:17 | 000,208,732 | R--- | C] () -- C:\Users\mikelai\Desktop\comments.png
[2011/02/14 14:54:18 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/11 08:41:00 | 000,417,885 | ---- | C] () -- C:\Users\mikelai\Desktop\NAAG pages sitejabber 2.png
[2010/12/13 08:44:15 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/12/04 03:20:52 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/02 16:50:39 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/11/19 14:12:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/17 18:52:19 | 000,000,680 | ---- | C] () -- C:\Users\mikelai\AppData\Local\d3d9caps.dat
[2010/11/16 09:45:35 | 000,144,456 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/11/14 21:22:23 | 000,033,792 | ---- | C] () -- C:\Users\mikelai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 03:16:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/03 03:16:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/02 08:44:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2010/11/02 08:44:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2010/11/01 21:26:47 | 000,000,600 | ---- | C] () -- C:\Users\mikelai\AppData\Local\PUTTY.RND
[2010/11/01 21:05:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/01 20:53:31 | 000,000,600 | ---- | C] () -- C:\Users\mikelai\AppData\Roaming\winscp.rnd
[2010/11/01 20:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/01 19:49:57 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/08/01 10:11:00 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/01 10:11:00 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/01 10:11:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/08/01 10:11:00 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/01 10:10:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,342,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,607,186 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,105,380 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/14 02:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/03/06 18:02:10 | 000,000,000 | ---D | M] -- C:\Users\mikelai\AppData\Roaming\Azureus
[2010/12/13 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\mikelai\AppData\Roaming\Desktop Apps
[2011/03/06 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\mikelai\AppData\Roaming\DVDVideoSoft
[2011/02/05 06:59:13 | 000,000,000 | ---D | M] -- C:\Users\mikelai\AppData\Roaming\InterVideo
[2010/11/30 21:51:15 | 000,000,000 | ---D | M] -- C:\Users\mikelai\AppData\Roaming\Mobipocket
[2010/11/01 22:00:25 | 000,000,000 | ---D | M] -- C:\Users\mikelai\AppData\Roaming\Notepad++
[2010/11/01 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\mikelai\AppData\Roaming\Subversion
[2011/03/05 21:23:55 | 000,021,874 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 12 March 2011 - 09:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:Services

:OTL
O2 - BHO: (SiteJabber Reviews) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - File not found
O3 - HKLM\..\Toolbar: (SiteJabber Reviews) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
[2011/03/02 22:19:25 | 000,000,120 | ---- | M] () -- C:\Users\mikelai\AppData\Local\Xcabeduvak.dat
[2011/03/02 08:11:04 | 000,000,000 | ---- | M] () -- C:\Users\mikelai\AppData\Local\Fwihuraran.bin


:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
then run OTL by right clicking and Run As Administrator and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again by right clicking and Run As Administrator and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Download TDSSKiller to your desktop
http://support.kaspe.../tdsskiller.exe
Right click and Run As administrator. Copy and paste the log.

Post Back (copy/paste the .txt files, do not use attachments)

I do not see an anti-virus. Please download and save the free Avast 6 install program
http://www.avast.com...ivirus-download to your desktop then right click on it and Run As Administrator.
Make sure it updates then have it scan your system.

After following the above, post back with:

OTL Logs
Combofix log
MBRCheck log
TDSSKiller log


Ron
  • 0

#3
mikelai
Posted 12 March 2011 - 09:17 PM

mikelai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi ron, thanks for helping me out!

here's the log from the OTL fix (i'll continue with the other steps now):

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
C:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe moved successfully.
C:\Users\mikelai\AppData\Local\Xcabeduvak.dat moved successfully.
C:\Users\mikelai\AppData\Local\Fwihuraran.bin moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mikelai
->Temp folder emptied: 640153342 bytes
->Temporary Internet Files folder emptied: 10036658 bytes
->Java cache emptied: 56967 bytes
->FireFox cache emptied: 103724962 bytes
->Google Chrome cache emptied: 6819005 bytes
->Flash cache emptied: 108701 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26837323 bytes
RecycleBin emptied: 288315298 bytes

Total Files Cleaned = 1,026.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03122011_190705

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3088.log moved successfully.
File\Folder C:\Windows\temp\TMP000000045949D1BDCEE3F91B not found!
C:\Windows\temp\~DF1766.tmp moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
mikelai
Posted 12 March 2011 - 09:24 PM

mikelai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi ron, here is the other OTL log from the most recent scan:

OTL logfile created on: 3/12/2011 7:18:20 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mikelai\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 58.45 Gb Free Space | 58.45% Space Free | Partition Type: NTFS
Drive D: | 123.93 Gb Total Space | 51.10 Gb Free Space | 41.23% Space Free | Partition Type: NTFS

Computer Name: MIKELAI-PC | User Name: mikelai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/10 17:22:22 | 000,147,456 | ---- | M] (Pro Softnet Corporation) -- C:\IDrive\IDriveE Service.exe
PRC - [2011/03/09 07:25:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
PRC - [2011/03/05 18:41:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 19:40:30 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/08 13:24:02 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/09/21 01:42:38 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/09/21 01:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/09/21 01:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010/09/21 01:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010/09/21 00:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/04 05:34:59 | 000,722,280 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010/03/04 05:34:58 | 000,808,296 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/03/04 05:34:56 | 004,752,744 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 16:00:08 | 000,312,624 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2008/07/15 17:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/15 17:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/02 22:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/06/20 07:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 18:53:20 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/06/19 18:53:20 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/06/19 07:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/11 18:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/05/22 13:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/30 18:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 18:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/25 13:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2008/01/20 18:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/11/12 19:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/09 07:25:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/10 17:22:22 | 000,147,456 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2010/09/21 01:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 01:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 01:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 00:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/04 05:34:56 | 004,752,744 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2008/07/15 17:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/02 22:06:17 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/20 07:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 18:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/06/19 07:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/11 22:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/11 22:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/22 13:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 13:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 18:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 18:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 18:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 00:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 00:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 00:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/04/30 18:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 18:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/25 13:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 19:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/03/12 19:12:26 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\MpKsl8133e85c.sys -- (MpKsl8133e85c)
DRV - [2011/03/12 08:27:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\MpKsl585f1388.sys -- (MpKsl585f1388)
DRV - [2010/11/04 14:12:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/11/02 08:44:27 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.2.23752.0.sys -- (DisplayLinkUsbPort)
DRV - [2010/09/21 01:42:46 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/09/21 01:42:44 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/09/21 01:41:08 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/09/21 01:40:04 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/09/21 00:42:32 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/09/20 22:18:14 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/09/20 22:18:14 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/08/19 12:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/04 05:35:26 | 000,165,488 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2010/03/04 05:35:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2008/07/11 15:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/06/27 16:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/20 16:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/09 16:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/06 16:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/03/10 03:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 16:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 18:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sitejabber.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: {878279CD-F1DB-432A-8EE1-21D1DE4DFB50}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}: C:\Users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50} [2011/03/02 08:11:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 18:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 18:41:38 | 000,000,000 | ---D | M]

[2010/11/01 20:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Extensions
[2011/03/11 22:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions
[2011/01/30 09:37:06 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/02/08 08:45:30 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions\[email protected]
[2011/02/11 13:13:24 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\extensions\[email protected]
[2011/03/11 22:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/01 19:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/02 08:11:03 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MIKELAI\APPDATA\LOCAL\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}
[2010/12/01 19:54:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 08:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/03/12 19:08:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [IDriveE Startup] C:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Users\mikelai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\mikelai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5921167c-e63a-11df-a117-001dba22f08f}\Shell\AutoRun\command - "" = H:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{5921167c-e63a-11df-a117-001dba22f08f}\Shell\Install\command - "" = H:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 19:07:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/11 18:19:50 | 000,229,376 | ---- | C] (Pro-SoftNet Corporation, USA) -- C:\Windows\System32\IDrLocale.dll
[2011/03/11 18:19:47 | 000,000,000 | ---D | C] -- C:\Users\mikelai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDrive
[2011/03/11 18:19:40 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2011/03/11 18:19:35 | 001,323,008 | ---- | C] (Pro Soft Net Corporation) -- C:\Windows\System32\IDriveEService.dll
[2011/03/11 18:19:29 | 000,135,168 | ---- | C] (Pro-Softnet Corporation) -- C:\Windows\System32\LogMail.dll
[2011/03/11 18:19:29 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSWINSCK.OCX
[2011/03/11 18:19:27 | 000,086,016 | ---- | C] (Streamnet India) -- C:\Windows\System32\IBwinUtil.ocx
[2011/03/11 18:19:26 | 000,143,360 | ---- | C] (Herman & Associates) -- C:\Windows\System32\HLButton.ocx
[2011/03/11 18:19:26 | 000,028,672 | ---- | C] (Checks Unlimited) -- C:\Windows\System32\Disable_X.ocx
[2011/03/11 18:19:26 | 000,024,576 | ---- | C] (Streamnet India) -- C:\Windows\System32\IBcalendarser.ocx
[2011/03/11 18:19:25 | 000,103,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asctrls.ocx
[2011/03/11 18:19:25 | 000,000,000 | ---D | C] -- C:\IDrive
[2011/03/09 09:32:26 | 000,000,000 | ---D | C] -- C:\Users\mikelai\Desktop\tdsskiller
[2011/03/09 07:25:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
[2011/03/07 07:26:30 | 000,000,000 | ---D | C] -- C:\Users\mikelai\Desktop\ffdshow-20020617-src
[2011/03/06 19:01:23 | 000,000,000 | ---D | C] -- C:\Users\mikelai\Documents\DVDVideoSoft
[2011/03/06 19:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/03/06 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\mikelai\AppData\Roaming\DVDVideoSoft
[2011/03/06 19:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/03/06 19:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/03/06 19:00:09 | 016,985,400 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\mikelai\Desktop\FreeVideoToMp3Converter.exe
[2011/03/02 08:11:03 | 000,000,000 | ---D | C] -- C:\Users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}
[2011/02/17 18:59:43 | 000,000,000 | ---D | C] -- C:\Users\mikelai\Desktop\ario-horizontale-tracked
[2011/02/14 14:13:01 | 000,000,000 | ---D | C] -- C:\Users\mikelai\AppData\Roaming\Malwarebytes
[2011/02/14 14:12:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/14 14:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/14 14:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/14 14:12:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/14 14:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/14 09:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2011/03/12 19:19:35 | 004,286,145 | ---- | M] () -- C:\Users\mikelai\Desktop\george.exe
[2011/03/12 19:19:13 | 000,607,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/12 19:19:13 | 000,105,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/12 19:13:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2262687940-302562853-2256944313-1000UA.job
[2011/03/12 19:12:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/12 19:12:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/12 19:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/12 19:12:09 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/12 19:08:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/12 03:33:13 | 000,003,268 | ---- | M] () -- C:\Windows\mozy.blk
[2011/03/12 03:33:13 | 000,003,064 | ---- | M] () -- C:\Windows\mozy.flt
[2011/03/12 03:13:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2262687940-302562853-2256944313-1000Core.job
[2011/03/11 18:19:49 | 000,001,454 | ---- | M] () -- C:\Users\mikelai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk
[2011/03/11 15:17:54 | 000,265,815 | ---- | M] () -- C:\Users\mikelai\Desktop\write review redesign SEO.png
[2011/03/10 17:18:50 | 001,323,008 | ---- | M] (Pro Soft Net Corporation) -- C:\Windows\System32\IDriveEService.dll
[2011/03/09 07:25:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mikelai\Desktop\OTL.exe
[2011/03/07 13:22:54 | 000,000,600 | ---- | M] () -- C:\Users\mikelai\AppData\Local\PUTTY.RND
[2011/03/07 10:33:44 | 000,494,842 | ---- | M] () -- C:\Users\mikelai\Desktop\function.fsockopen.php
[2011/03/07 07:36:23 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011/03/06 22:43:59 | 000,033,792 | ---- | M] () -- C:\Users\mikelai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 19:00:24 | 016,985,400 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\mikelai\Desktop\FreeVideoToMp3Converter.exe
[2011/03/03 10:11:04 | 000,459,929 | ---- | M] () -- C:\Users\mikelai\Desktop\advisor page.png
[2011/02/24 03:55:52 | 000,000,824 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2011/02/11 08:41:05 | 000,417,885 | ---- | M] () -- C:\Users\mikelai\Desktop\NAAG pages sitejabber 2.png

========== Files Created - No Company Name ==========

[2011/03/12 19:18:55 | 004,286,145 | ---- | C] () -- C:\Users\mikelai\Desktop\george.exe
[2011/03/11 18:19:49 | 000,001,454 | ---- | C] () -- C:\Users\mikelai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk
[2011/03/11 18:19:46 | 000,003,841 | ---- | C] () -- C:\Windows\System32\server.pem
[2011/03/11 18:19:42 | 000,569,368 | ---- | C] () -- C:\Windows\System32\olelib.tlb
[2011/03/11 18:19:42 | 000,022,212 | ---- | C] () -- C:\Windows\System32\olelib2.tlb
[2011/03/11 18:19:36 | 000,026,032 | ---- | C] () -- C:\Windows\System32\IDriveEXceedCryReg.exe
[2011/03/11 18:19:35 | 000,000,095 | ---- | C] () -- C:\Windows\System32\RegisterIDriveEDll.bat
[2011/03/11 18:19:29 | 000,147,130 | ---- | C] () -- C:\Windows\System32\CRYPT32.LIB
[2011/03/11 18:19:29 | 000,117,982 | ---- | C] () -- C:\Windows\System32\ADVAPI32.LIB
[2011/03/11 18:19:29 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011/03/11 18:19:28 | 000,000,730 | ---- | C] () -- C:\Windows\System32\rootcert.pem
[2011/03/11 18:19:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IBColIml.ocx
[2011/03/11 15:17:50 | 000,265,815 | ---- | C] () -- C:\Users\mikelai\Desktop\write review redesign SEO.png
[2011/03/07 10:33:41 | 000,494,842 | ---- | C] () -- C:\Users\mikelai\Desktop\function.fsockopen.php
[2011/03/03 10:11:01 | 000,459,929 | ---- | C] () -- C:\Users\mikelai\Desktop\advisor page.png
[2011/02/14 14:54:18 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/11 08:41:00 | 000,417,885 | ---- | C] () -- C:\Users\mikelai\Desktop\NAAG pages sitejabber 2.png
[2010/12/13 08:44:15 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/12/04 03:20:52 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/02 16:50:39 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/11/19 14:12:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/17 18:52:19 | 000,000,680 | ---- | C] () -- C:\Users\mikelai\AppData\Local\d3d9caps.dat
[2010/11/16 09:45:35 | 000,144,456 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/11/14 21:22:23 | 000,033,792 | ---- | C] () -- C:\Users\mikelai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 03:16:48 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/03 03:16:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/02 08:44:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2010/11/02 08:44:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2010/11/01 21:26:47 | 000,000,600 | ---- | C] () -- C:\Users\mikelai\AppData\Local\PUTTY.RND
[2010/11/01 21:05:40 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/01 20:53:31 | 000,000,600 | ---- | C] () -- C:\Users\mikelai\AppData\Roaming\winscp.rnd
[2010/11/01 20:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/01 19:49:57 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/08/01 10:11:00 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/01 10:11:00 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/08/01 10:11:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/08/01 10:11:00 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/01 10:10:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,342,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,607,186 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,105,380 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/10/14 02:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

< End of report >
  • 0

#5
mikelai
Posted 12 March 2011 - 09:46 PM

mikelai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi ron, here is the contents of the ComboFix.txt file:

ComboFix 11-03-12.01 - mikelai 03/12/2011 19:30:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2938.1974 [GMT -8:00]
Running from: c:\users\mikelai\Desktop\george.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}
c:\users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}\chrome.manifest
c:\users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}\chrome\content\_cfg.js
c:\users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}\chrome\content\overlay.xul
c:\users\mikelai\AppData\Local\{878279CD-F1DB-432A-8EE1-21D1DE4DFB50}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 03:38 . 2011-03-13 03:38 -------- d-----w- c:\users\mikelai\AppData\Local\temp
2011-03-13 03:38 . 2011-03-13 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 03:12 . 2011-03-13 03:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\MpKsl8133e85c.sys
2011-03-13 03:07 . 2011-03-13 03:07 -------- d-----w- C:\_OTL
2011-03-12 16:27 . 2011-03-12 16:27 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\MpKsl585f1388.sys
2011-03-12 16:25 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\mpengine.dll
2011-03-07 03:01 . 2011-03-07 03:01 -------- d-----w- c:\users\mikelai\AppData\Roaming\DVDVideoSoft
2011-03-07 03:01 . 2011-03-07 04:09 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-03-07 03:00 . 2011-03-07 03:00 -------- d-----w- c:\program files\DVDVideoSoft
2011-02-16 15:06 . 2010-11-09 00:06 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-02-14 22:13 . 2011-02-14 22:13 -------- d-----w- c:\users\mikelai\AppData\Roaming\Malwarebytes
2011-02-14 22:12 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 22:12 . 2011-02-14 22:12 -------- d-----w- c:\programdata\Malwarebytes
2011-02-14 22:12 . 2011-02-14 22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-14 22:12 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-14 17:08 . 2011-02-14 17:08 -------- d-----w- c:\program files\Common Files\Skype
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 15:36 . 2011-02-01 23:58 737280 ----a-w- c:\windows\iun6002.exe
2011-02-11 06:54 . 2010-11-03 06:27 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 21:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 21:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\mikelai\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-10 136176]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2011-02-24 188416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\mikelai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
IDrive Tray.lnk - c:\idrive\IDriveEReg2ini.exe [2011-3-11 292296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOLDDI.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.LNK
backup=c:\windows\pss\AOLDDI.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 03:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 11:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartWiHelper]
2008-06-27 20:45 77824 ----a-w- c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-08-01 20:53 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOMyMemCenter]
2008-02-29 20:39 679936 ----a-w- c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 22:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 18:21 385024 ----a-w- c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-05-20 20:48 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
R1 MpKsl4761d036;MpKsl4761d036;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44A08134-9DA9-46B6-A0B1-22F1943D4041}\MpKsl4761d036.sys [x]
R1 MpKsl65578d46;MpKsl65578d46;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D784A8F-4AF4-43C9-B6F0-82AB9E591121}\MpKsl65578d46.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23752.0.sys [2010-11-02 21888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-03-04 13936]
S1 MpKsl585f1388;MpKsl585f1388;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\MpKsl585f1388.sys [2011-03-12 28752]
S1 MpKsl8133e85c;MpKsl8133e85c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\MpKsl8133e85c.sys [2011-03-13 28752]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-03-04 4752744]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2011-03-11 147456]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-04 6656]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-03-25 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-09-21 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-09-21 539184]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-01-31 17408]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-03-04 165488]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8133E85C
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262687940-302562853-2256944313-1000Core.job
- c:\users\mikelai\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 11:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262687940-302562853-2256944313-1000UA.job
- c:\users\mikelai\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 11:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sitejabber.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\mikelai\AppData\Roaming\Mozilla\Firefox\Profiles\rx4wwu7y.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: YSlow: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-12 19:38
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-12 19:40:57
ComboFix-quarantined-files.txt 2011-03-13 03:40
.
Pre-Run: 62,675,224,064 bytes free
Post-Run: 62,605,225,984 bytes free
.
- - End Of File - - 05A202F2784CB275CB1C241214D06B19
  • 0

#6
mikelai
Posted 12 March 2011 - 09:49 PM

mikelai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi ron, here's the MRBCheck output:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NS140E
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 164):
0x8244E000 \SystemRoot\system32\ntkrnlpa.exe
0x8241B000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046F000 \SystemRoot\system32\PSHED.dll
0x80480000 \SystemRoot\system32\BOOTVID.dll
0x80488000 \SystemRoot\system32\CLFS.SYS
0x804C9000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AD6000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B08000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B18000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82B22000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8340E000 \SystemRoot\system32\drivers\ndis.sys
0x83519000 \SystemRoot\system32\drivers\msrpc.sys
0x83544000 \SystemRoot\system32\drivers\NETIO.SYS
0x8360E000 \SystemRoot\System32\drivers\tcpip.sys
0x836F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A60D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A71C000 \SystemRoot\system32\drivers\volsnap.sys
0x8A755000 \SystemRoot\System32\Drivers\spldr.sys
0x8A75D000 \SystemRoot\System32\Drivers\mup.sys
0x8A76C000 \SystemRoot\System32\drivers\ecache.sys
0x8A793000 \SystemRoot\system32\drivers\dlkmdldr.sys
0x8A79A000 \SystemRoot\system32\drivers\disk.sys
0x8A7AB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7CC000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A7E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A7ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E407000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EAEA000 \SystemRoot\system32\drivers\dlkmd.sys
0x8EB2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBC9000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBD6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8357E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x837E0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x82B93000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8EC04000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8EF8B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EF9B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EFA9000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0x8EFBA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8EFD4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EFE7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EFF2000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x835BC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EFF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EBF0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EFF9000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x835E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x82BE2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EFFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x80797000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x805A9000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A600000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807C5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x837F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82BF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805EA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F009000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F01E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F02E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F030000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F05A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F064000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F071000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x8F074000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x8F077000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F0AB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F807000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FA13000 \SystemRoot\system32\drivers\portcls.sys
0x8FA40000 \SystemRoot\system32\drivers\drmk.sys
0x8FA65000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FAA2000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F0BC000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FBA5000 \SystemRoot\system32\drivers\modem.sys
0x8FBB2000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8FBD5000 \SystemRoot\system32\DRIVERS\mozy.sys
0x8FBE8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FBF1000 \SystemRoot\System32\Drivers\Null.SYS
0x8FBF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F179000 \SystemRoot\System32\drivers\vga.sys
0x8F185000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F1A6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F1AE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F1B6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F1C1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F1CF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F1D8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90204000 \SystemRoot\system32\DRIVERS\smb.sys
0x90218000 \SystemRoot\system32\drivers\afd.sys
0x90260000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90292000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x9029B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x902B1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x902BF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x902D2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9030E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90318000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3E717-E01C-4E8E-A5E1-C7161192A1F8}\MpKsl585f1388.sys
0x9031E000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x9031F000 \SystemRoot\System32\Drivers\dfsc.sys
0x90336000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9034D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9036E000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x90377000 \SystemRoot\System32\Drivers\crashdmp.sys
0x83712000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x98090000 \SystemRoot\System32\win32k.sys
0x90384000 \SystemRoot\System32\drivers\Dxapi.sys
0x9038E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x982B0000 \SystemRoot\System32\TSDDD.dll
0x982D0000 \SystemRoot\System32\cdd.dll
0x9039D000 \SystemRoot\system32\drivers\luafv.sys
0xAAA08000 \SystemRoot\system32\drivers\spsys.sys
0xAAAB7000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0xAAAC5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAAAD5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAAAFF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAB09000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAB1C000 \SystemRoot\system32\drivers\HTTP.sys
0xAAB89000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAABA6000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAABBF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAABD4000 \SystemRoot\system32\drivers\mrxdav.sys
0x903B8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAD60E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAD647000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD65F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD686000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD6EC000 \??\C:\Windows\system32\drivers\hcmon.sys
0xAD6F6000 \??\C:\Windows\system32\Drivers\vmci.sys
0xAD706000 \??\C:\Windows\system32\Drivers\vmx86.sys
0xAD7D5000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xAD7E7000 \??\C:\Windows\system32\drivers\iPodDrv.sys
0xAD7EF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAEC0B000 \SystemRoot\system32\drivers\peauth.sys
0xAECE9000 \SystemRoot\system32\drivers\regi.sys
0xAECEB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAECF5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAED01000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0xAED06000 \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
0xAED0A000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAED12000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAED27000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAED3F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAED55000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xAED57000 \??\C:\Users\mikelai\AppData\Local\Temp\catchme.sys
0xAED66000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xAED6F000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{357F8394-31BF-472A-B209-C02177B3813D}\MpKsl22093e8d.sys
0x77770000 \Windows\System32\ntdll.dll

Processes (total 85):
0 System Idle Process
4 System
500 C:\Windows\System32\smss.exe
628 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
744 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1032 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1188 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\audiodg.exe
1416 C:\Windows\System32\SLsvc.exe
1444 C:\Windows\System32\svchost.exe
1584 C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
1620 C:\Windows\RTKAUDIOSERVICE.EXE
1672 C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
1972 C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
2016 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\wlanext.exe
928 C:\Windows\System32\spoolsv.exe
1096 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\taskeng.exe
1832 C:\Windows\System32\taskeng.exe
2068 C:\Windows\System32\dllhost.exe
2172 C:\Program Files\Sony\VAIO Care\VCsystray.exe
2180 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
2388 C:\Program Files\Bonjour\mDNSResponder.exe
2440 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2592 C:\IDrive\IDriveE Service.exe
2612 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2660 C:\Windows\System32\svchost.exe
2672 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2784 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2804 C:\Windows\System32\svchost.exe
2832 C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
2860 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2892 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2956 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2972 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
3000 dllhost.exe
3008 C:\Windows\System32\vmnat.exe
3048 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
3080 C:\Windows\System32\svchost.exe
3116 C:\Windows\System32\SearchIndexer.exe
3224 C:\Program Files\VMware\VMware Player\vmware-authd.exe
3272 WUDFHost.exe
3376 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3400 C:\Windows\System32\vmnetdhcp.exe
3476 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
3652 WmiPrvSE.exe
3708 dllhost.exe
3804 igfxext.exe
3856 igfxsrvc.exe
3968 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
4060 C:\Windows\System32\dwm.exe
892 C:\Windows\System32\hkcmd.exe
2092 C:\Windows\System32\igfxpers.exe
3828 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2400 C:\Program Files\VMware\VMware Player\hqtray.exe
3824 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1432 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2224 C:\Windows\System32\igfxsrvc.exe
1252 C:\Program Files\MozyHome\mozystat.exe
4184 C:\Windows\System32\mobsync.exe
5028 C:\Program Files\Windows Media Player\wmpnscfg.exe
5144 C:\Program Files\Windows Media Player\wmpnetwk.exe
5884 C:\Program Files\MozyHome\mozybackup.exe
5988 C:\Program Files\MozyHome\mozybackup.exe
4976 C:\Program Files\Microsoft Security Essentials\msseces.exe
5216 C:\Windows\System32\wuauclt.exe
1508 C:\Windows\explorer.exe
5568 C:\Program Files\Mozilla Firefox\firefox.exe
2288 C:\Program Files\Mozilla Firefox\plugin-container.exe
4580 C:\Windows\servicing\TrustedInstaller.exe
4392 C:\Windows\System32\notepad.exe
4332 C:\Windows\System32\SearchProtocolHost.exe
1844 C:\Windows\System32\SearchFilterHost.exe
1944 MpCmdRun.exe
4516 C:\Users\mikelai\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`3d300000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`3d400000 (NTFS)

PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAB

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
  • 0

#7
mikelai
Posted 12 March 2011 - 09:52 PM

mikelai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi ron, and finally, here's the report from the TDSSKiller utility:

2011/03/12 19:50:31.0189 1936 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/12 19:50:31.0448 1936 ================================================================================
2011/03/12 19:50:31.0449 1936 SystemInfo:
2011/03/12 19:50:31.0449 1936
2011/03/12 19:50:31.0449 1936 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/12 19:50:31.0449 1936 Product type: Workstation
2011/03/12 19:50:31.0449 1936 ComputerName: MIKELAI-PC
2011/03/12 19:50:31.0451 1936 UserName: mikelai
2011/03/12 19:50:31.0451 1936 Windows directory: C:\Windows
2011/03/12 19:50:31.0451 1936 System windows directory: C:\Windows
2011/03/12 19:50:31.0451 1936 Processor architecture: Intel x86
2011/03/12 19:50:31.0451 1936 Number of processors: 2
2011/03/12 19:50:31.0451 1936 Page size: 0x1000
2011/03/12 19:50:31.0451 1936 Boot type: Normal boot
2011/03/12 19:50:31.0451 1936 ================================================================================
2011/03/12 19:50:32.0310 1936 Initialize success
2011/03/12 19:50:50.0934 4988 ================================================================================
2011/03/12 19:50:50.0935 4988 Scan started
2011/03/12 19:50:50.0935 4988 Mode: Manual;
2011/03/12 19:50:50.0935 4988 ================================================================================
2011/03/12 19:50:51.0453 4988 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/12 19:50:51.0629 4988 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/12 19:50:51.0698 4988 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/12 19:50:51.0762 4988 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/12 19:50:51.0822 4988 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/12 19:50:51.0998 4988 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/12 19:50:52.0059 4988 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/12 19:50:52.0196 4988 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/12 19:50:52.0282 4988 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/12 19:50:52.0355 4988 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/12 19:50:52.0416 4988 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/12 19:50:52.0467 4988 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/12 19:50:52.0528 4988 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/12 19:50:52.0650 4988 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/12 19:50:52.0732 4988 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/12 19:50:52.0850 4988 ArcSoftKsUFilter (6b3ab8f67b37402a4174caa45002903e) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/03/12 19:50:52.0945 4988 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/12 19:50:53.0026 4988 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/12 19:50:53.0158 4988 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/03/12 19:50:53.0336 4988 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/12 19:50:53.0407 4988 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/12 19:50:53.0521 4988 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/12 19:50:53.0574 4988 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/12 19:50:53.0628 4988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/12 19:50:53.0751 4988 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/12 19:50:53.0820 4988 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/12 19:50:53.0881 4988 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/12 19:50:53.0944 4988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/12 19:50:54.0042 4988 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/12 19:50:54.0256 4988 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/12 19:50:54.0313 4988 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/12 19:50:54.0441 4988 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/12 19:50:54.0516 4988 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/12 19:50:54.0650 4988 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/12 19:50:54.0709 4988 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/12 19:50:54.0772 4988 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/12 19:50:54.0830 4988 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/12 19:50:54.0888 4988 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/12 19:50:55.0050 4988 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/12 19:50:55.0205 4988 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/12 19:50:55.0377 4988 DisplayLinkUsbPort (59256cbce79a542105dd83d5810abe55) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23752.0.sys
2011/03/12 19:50:55.0492 4988 dlkmd (42a247b1e1cd127c007f5bd1fa14052f) C:\Windows\system32\drivers\dlkmd.sys
2011/03/12 19:50:55.0712 4988 dlkmdldr (b0a027364265d1fca68c27c9596dda0f) C:\Windows\system32\drivers\dlkmdldr.sys
2011/03/12 19:50:55.0846 4988 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/03/12 19:50:56.0033 4988 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/12 19:50:56.0122 4988 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/12 19:50:56.0308 4988 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/12 19:50:56.0435 4988 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/12 19:50:56.0590 4988 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/12 19:50:56.0741 4988 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/12 19:50:56.0927 4988 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/12 19:50:56.0990 4988 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/12 19:50:57.0078 4988 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/12 19:50:57.0202 4988 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/12 19:50:57.0262 4988 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/12 19:50:57.0367 4988 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/12 19:50:57.0441 4988 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/12 19:50:57.0549 4988 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/12 19:50:57.0614 4988 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/12 19:50:57.0803 4988 hcmon (6934d249d27aab3a0d86e4da9c3ae006) C:\Windows\system32\drivers\hcmon.sys
2011/03/12 19:50:57.0896 4988 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/12 19:50:57.0957 4988 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/12 19:50:58.0044 4988 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/12 19:50:58.0099 4988 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/12 19:50:58.0215 4988 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/12 19:50:58.0313 4988 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/12 19:50:58.0421 4988 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/12 19:50:58.0574 4988 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/12 19:50:58.0726 4988 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/12 19:50:58.0805 4988 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/03/12 19:50:59.0022 4988 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/12 19:50:59.0094 4988 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/12 19:50:59.0176 4988 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/12 19:50:59.0244 4988 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/12 19:50:59.0479 4988 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/12 19:50:59.0589 4988 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/12 19:50:59.0854 4988 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/12 19:51:00.0043 4988 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/12 19:51:00.0112 4988 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/12 19:51:00.0248 4988 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/12 19:51:00.0387 4988 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/12 19:51:00.0451 4988 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/12 19:51:00.0563 4988 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\Windows\system32\drivers\iPodDrv.sys
2011/03/12 19:51:00.0640 4988 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/12 19:51:00.0707 4988 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/12 19:51:00.0793 4988 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/12 19:51:00.0868 4988 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/12 19:51:00.0935 4988 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/12 19:51:01.0014 4988 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/12 19:51:01.0103 4988 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/12 19:51:01.0233 4988 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/12 19:51:01.0350 4988 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/12 19:51:01.0476 4988 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/12 19:51:01.0548 4988 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/12 19:51:01.0617 4988 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/12 19:51:01.0659 4988 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/12 19:51:01.0812 4988 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/12 19:51:01.0877 4988 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/12 19:51:02.0017 4988 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/12 19:51:02.0110 4988 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/12 19:51:02.0199 4988 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/12 19:51:02.0332 4988 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/12 19:51:02.0398 4988 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/12 19:51:02.0513 4988 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/12 19:51:02.0648 4988 mozyFilter (b8e08bfcab2be31804cea983d2094faf) C:\Windows\system32\DRIVERS\mozy.sys
2011/03/12 19:51:02.0797 4988 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/12 19:51:02.0908 4988 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/12 19:51:03.0043 4988 MpKsl22093e8d (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{357F8394-31BF-472A-B209-C02177B3813D}\MpKsl22093e8d.sys
2011/03/12 19:51:03.0279 4988 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/12 19:51:03.0331 4988 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/12 19:51:03.0455 4988 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/12 19:51:03.0518 4988 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/12 19:51:03.0591 4988 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/12 19:51:03.0761 4988 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/12 19:51:03.0908 4988 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/12 19:51:04.0061 4988 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/12 19:51:04.0148 4988 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/12 19:51:04.0298 4988 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/12 19:51:04.0360 4988 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/12 19:51:04.0523 4988 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/12 19:51:04.0609 4988 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/12 19:51:04.0674 4988 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/12 19:51:04.0733 4988 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/12 19:51:04.0860 4988 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/12 19:51:04.0962 4988 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/12 19:51:05.0034 4988 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/12 19:51:05.0190 4988 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/12 19:51:05.0376 4988 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/12 19:51:05.0426 4988 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/12 19:51:05.0545 4988 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/12 19:51:05.0633 4988 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/12 19:51:05.0721 4988 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/12 19:51:05.0780 4988 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/12 19:51:05.0832 4988 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/12 19:51:06.0117 4988 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/03/12 19:51:06.0238 4988 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/12 19:51:06.0305 4988 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/12 19:51:06.0449 4988 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/12 19:51:06.0579 4988 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/12 19:51:06.0679 4988 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/12 19:51:06.0771 4988 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/12 19:51:06.0835 4988 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/12 19:51:06.0904 4988 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/12 19:51:06.0987 4988 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/12 19:51:07.0218 4988 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/12 19:51:07.0308 4988 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/12 19:51:07.0401 4988 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/12 19:51:07.0470 4988 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/12 19:51:07.0579 4988 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/12 19:51:07.0636 4988 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/12 19:51:07.0713 4988 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/12 19:51:07.0816 4988 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/12 19:51:08.0030 4988 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/12 19:51:08.0098 4988 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/12 19:51:08.0186 4988 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/12 19:51:08.0266 4988 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/12 19:51:08.0383 4988 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/12 19:51:08.0430 4988 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/12 19:51:08.0533 4988 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/12 19:51:08.0570 4988 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/12 19:51:08.0656 4988 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/12 19:51:08.0734 4988 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/12 19:51:08.0852 4988 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/12 19:51:08.0943 4988 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/12 19:51:09.0078 4988 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/12 19:51:09.0143 4988 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/12 19:51:09.0254 4988 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/12 19:51:09.0324 4988 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/12 19:51:09.0393 4988 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/03/12 19:51:09.0537 4988 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/12 19:51:09.0684 4988 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/03/12 19:51:09.0839 4988 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
2011/03/12 19:51:09.0935 4988 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/03/12 19:51:10.0069 4988 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/12 19:51:10.0167 4988 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/12 19:51:10.0341 4988 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/12 19:51:10.0436 4988 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/12 19:51:10.0588 4988 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/12 19:51:10.0648 4988 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/12 19:51:10.0757 4988 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/12 19:51:10.0941 4988 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/03/12 19:51:11.0007 4988 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/12 19:51:11.0086 4988 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/12 19:51:11.0147 4988 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/12 19:51:11.0252 4988 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/12 19:51:11.0403 4988 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/12 19:51:11.0468 4988 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/12 19:51:11.0532 4988 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/12 19:51:11.0644 4988 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/12 19:51:11.0863 4988 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/12 19:51:12.0013 4988 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2011/03/12 19:51:12.0168 4988 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/12 19:51:12.0301 4988 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/12 19:51:12.0445 4988 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/12 19:51:12.0542 4988 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/12 19:51:12.0650 4988 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/12 19:51:12.0694 4988 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/12 19:51:12.0837 4988 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/12 19:51:12.0992 4988 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/03/12 19:51:13.0115 4988 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/12 19:51:13.0187 4988 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/12 19:51:13.0268 4988 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/12 19:51:13.0338 4988 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/12 19:51:13.0419 4988 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/12 19:51:13.0486 4988 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/12 19:51:13.0673 4988 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/12 19:51:13.0750 4988 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/12 19:51:13.0806 4988 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/12 19:51:13.0879 4988 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/12 19:51:14.0032 4988 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/12 19:51:14.0214 4988 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/12 19:51:14.0340 4988 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/12 19:51:14.0410 4988 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/12 19:51:14.0507 4988 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/12 19:51:14.0571 4988 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/12 19:51:14.0738 4988 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/12 19:51:14.0864 4988 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/12 19:51:14.0937 4988 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/12 19:51:15.0012 4988 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/12 19:51:15.0162 4988 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/12 19:51:15.0266 4988 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/12 19:51:15.0418 4988 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/12 19:51:15.0497 4988 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/12 19:51:15.0653 4988 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/12 19:51:15.0713 4988 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/12 19:51:15.0969 4988 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/12 19:51:16.0027 4988 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/12 19:51:16.0111 4988 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/12 19:51:16.0188 4988 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/12 19:51:16.0309 4988 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/12 19:51:16.0465 4988 vmci (c560b5363ad494541deda5da539fb870) C:\Windows\system32\Drivers\vmci.sys
2011/03/12 19:51:16.0552 4988 vmkbd (45e341e59f14cd88a64fdbe74ed0dd13) C:\Windows\system32\drivers\VMkbd.sys
2011/03/12 19:51:16.0610 4988 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/03/12 19:51:16.0706 4988 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/03/12 19:51:16.0785 4988 VMnetuserif (c4172c1661789d50f27e222288132a72) C:\Windows\system32\drivers\vmnetuserif.sys
2011/03/12 19:51:16.0975 4988 vmx86 (2177f7269c6cc6a5657f1779eaa6c460) C:\Windows\system32\Drivers\vmx86.sys
2011/03/12 19:51:17.0069 4988 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/12 19:51:17.0170 4988 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/12 19:51:17.0231 4988 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/12 19:51:17.0296 4988 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/12 19:51:17.0401 4988 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
2011/03/12 19:51:17.0571 4988 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/12 19:51:17.0626 4988 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/12 19:51:17.0670 4988 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/12 19:51:17.0746 4988 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/12 19:51:17.0806 4988 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/12 19:51:17.0935 4988 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/03/12 19:51:18.0008 4988 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/12 19:51:18.0161 4988 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/12 19:51:18.0326 4988 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/12 19:51:18.0408 4988 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/12 19:51:18.0591 4988 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/12 19:51:18.0673 4988 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/12 19:51:18.0827 4988 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/03/12 19:51:18.0977 4988 ================================================================================
2011/03/12 19:51:18.0977 4988 Scan finished
2011/03/12 19:51:18.0977 4988 ================================================================================
  • 0

#8
RKinner
Posted 13 March 2011 - 12:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Are you still getting redirected? If so do you have a router? What make and model? If it is wireless are you using encryption on the link?

Ron
  • 0

#9
mikelai
Posted 13 March 2011 - 12:48 AM

mikelai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi ron, it's hard for me to tell because the problem was spotty to begin with. i can keep monitoring and let you know if i still see any problems. but should it be gone now? should all the steps i went through have fixed the problem?
  • 0

#10
RKinner
Posted 13 March 2011 - 12:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Hard to say. I removed some suspicious stuff with the first OTL scrip then Combofix removed something I probably should have removed but missed because it used a common name. The scans look clean now but there still could be some hidden stuff or the router itself could have been compromised. It's common these days for malware to change the DNS info in the router. If that's the case it's still there and the router will need to be reset. Usually there is a button on the back (sometimes you need a thin pointy object to get to it). You hold it down for 30 seconds and then the router will go back to factory specs. Problem with that is some DSL routers need configuration info in order to work and if you use encryption you will have to reenter that information too. Alternatively you can log on to the router and check the DNS address it is using and make sure they are dynamic (learned from your ISP) and not static ones. Also remove any static routes that might have been added.

Ron
  • 0

#11
mikelai
Posted 13 March 2011 - 01:06 AM

mikelai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
okay, we restarted our router recently, so i think it might be okay. i've tried searching on google a couple of times and it seems to be okay. thanks so much for your help again. i'll let you know if i see any more problems!
  • 0

#12
RKinner
Posted 13 March 2011 - 01:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We need to clean up System Restore. The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Now delete the folder C:\Program Files\Java

Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the Yahoo toolbar.


To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past. Theya re also foistin a mcafee program on you. I'd uncheck that or uninstall it afterward if you miss it.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox

If you have a router log on to it and change the default password to something else.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP