Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 7 Antispyware 2012 Virus on PC [Solved]

Started by SARKID , Dec 10 2011 12:07 PM

  • This topic is locked This topic is locked

#1
SARKID
Posted 10 December 2011 - 12:07 PM

SARKID

    Member

  • Member
  • PipPip
  • 33 posts
This bugger snuck on through what I believe was a fake windows security update. I installed a Windows update like normal and then it reared it ugly head. It popped up a fake virus scanner window and a fake windows security window. It forcibly disabled windows security, McAfee realtime scanning, and my McAfee Firewall and won't let me turn any of them back on or run Malwarebytes. As soon as I try, it instantly turns them off again. The fake virus scanner popup has stopped showing up, but the virus is still here. I tried following the instructions here (http://www.bleepingc...ntispyware-2012) and while it did allow me to open Malwarebytes, it didn't find anything in the full scan (neither did McAfee). HELP PLEASE!

Here's my OTL log

OTL logfile created on: 12/10/2011 11:43:06 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DTurkal\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.48 Gb Available Physical Memory | 79.09% Memory free
23.98 Gb Paging File | 21.09 Gb Available in Paging File | 87.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.02 Gb Total Space | 402.74 Gb Free Space | 45.20% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 0.01 Gb Free Space | 0.02% Space Free | Partition Type: NTFS

Computer Name: DANNY-PC | User Name: DTurkal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 11:34:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DTurkal\Desktop\OTL.exe
PRC - [2011/11/11 17:27:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/16 12:11:48 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/07 13:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
PRC - [2009/06/04 21:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/08/02 18:46:02 | 000,110,685 | ---- | M] () -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
PRC - [2007/08/02 18:45:58 | 000,262,239 | ---- | M] () -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2007/08/02 18:45:36 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe
PRC - [2007/08/02 18:45:24 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/16 11:29:53 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/11 17:27:20 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 13:27:45 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/15 14:04:38 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/08/02 18:46:12 | 000,065,631 | ---- | M] () -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSchMgr.dll
MOD - [2007/08/02 18:46:12 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvcps.dll
MOD - [2007/08/02 18:46:10 | 000,233,573 | ---- | M] () -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapEngine.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/03/17 15:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/10/06 21:59:27 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/06 21:59:21 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/13 05:18:51 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/16 10:00:38 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/16 12:11:48 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/04/13 18:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 06:41:10 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 06:41:02 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 06:40:22 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/08/02 18:46:02 | 000,110,685 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/08/02 18:45:58 | 000,262,239 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/08/02 18:45:24 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/06 21:59:22 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/31 09:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 09:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/04/13 18:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/04 08:11:24 | 001,557,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2009/10/29 18:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 11:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 07:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/01/13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2005/03/22 03:43:10 | 000,120,320 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hdaudbusTest.sys -- (HDAudBusTest)
DRV - [2010/05/31 09:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/05/30 20:16:22 | 000,006,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\DTurkal\AppData\Local\Temp\ATICDSDr.sys -- (ATICDSDr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 C8 60 B5 65 AA CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\DTurkal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/03 19:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/11/16 00:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/11 17:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/30 17:55:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/03 19:20:46 | 000,000,000 | ---D | M]

[2010/10/19 22:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTurkal\AppData\Roaming\Mozilla\Extensions
[2010/10/19 22:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTurkal\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/08 22:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTurkal\AppData\Roaming\Mozilla\Firefox\Profiles\6bjghci5.default\extensions
[2011/08/24 23:02:27 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\DTurkal\AppData\Roaming\Mozilla\Firefox\Profiles\6bjghci5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/12/08 22:12:33 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\DTurkal\AppData\Roaming\Mozilla\Firefox\Profiles\6bjghci5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/12/06 12:50:13 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\DTurkal\AppData\Roaming\Mozilla\Firefox\Profiles\6bjghci5.default\extensions\[email protected]
[2011/11/16 00:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/16 00:42:51 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
() (No name found) -- C:\USERS\DTURKAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6BJGHCI5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/11 17:27:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/11 17:27:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111109170637.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111109170637.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CMCService] C:\Program Files (x86)\ATI\Catalyst Media Center\CMCService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\DTurkal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://rmgis.ruekert...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CD960A-FC93-4ED7-A343-9B14B1161D5D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/08 14:30:18 | 000,000,048 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 11:34:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DTurkal\Desktop\OTL.exe
[2011/12/10 00:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/12/09 18:06:03 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Users\DTurkal\AppData\Local\jyr.exe
[2011/12/06 12:53:21 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\Desktop\Adobe PhotoShop 7.0
[2011/11/29 18:31:22 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\AppData\Local\Microsoft Games
[2011/11/29 17:44:56 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\AppData\Roaming\Audacity
[2011/11/29 17:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2011/11/27 18:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/27 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/27 18:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/27 18:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/17 00:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/17 00:13:59 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sheepshead
[2011/11/17 00:13:57 | 000,000,000 | ---D | C] -- C:\sheep
[2011/11/15 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[2011/11/15 18:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2011/11/15 01:33:11 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\AppData\Roaming\Malwarebytes
[2011/11/15 01:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/15 01:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/15 01:31:44 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/15 01:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/13 23:38:01 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\AppData\Local\Spotify
[2011/11/13 23:37:59 | 000,000,000 | ---D | C] -- C:\Users\DTurkal\AppData\Roaming\Spotify
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 11:34:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DTurkal\Desktop\OTL.exe
[2011/12/10 11:30:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 00:30:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 00:29:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 00:29:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/10 00:27:05 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/12/10 00:24:26 | 000,010,270 | -HS- | M] () -- C:\Users\DTurkal\AppData\Local\t6le76k8mp5pca
[2011/12/10 00:24:26 | 000,010,270 | -HS- | M] () -- C:\ProgramData\t6le76k8mp5pca
[2011/12/10 00:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/10 00:21:45 | 1065,938,942 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 15:33:44 | 000,001,178 | ---- | M] () -- C:\Users\DTurkal\Desktop\Adobe Photoshop 7.0.1.lnk
[2011/12/06 15:32:21 | 000,001,372 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/12/06 12:57:32 | 000,002,094 | ---- | M] () -- C:\Users\DTurkal\.recently-used.xbel
[2011/11/29 17:43:54 | 000,001,155 | ---- | M] () -- C:\Users\DTurkal\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/11/27 18:51:48 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/17 00:31:44 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/17 00:13:59 | 000,001,420 | ---- | M] () -- C:\Users\DTurkal\Desktop\Shortcut to sheepshd.exe.LNK
[2011/11/15 01:31:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 23:38:00 | 000,000,929 | ---- | M] () -- C:\Users\DTurkal\Desktop\Spotify.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 18:06:09 | 000,010,270 | -HS- | C] () -- C:\Users\DTurkal\AppData\Local\t6le76k8mp5pca
[2011/12/09 18:06:09 | 000,010,270 | -HS- | C] () -- C:\ProgramData\t6le76k8mp5pca
[2011/12/06 15:33:44 | 000,001,178 | ---- | C] () -- C:\Users\DTurkal\Desktop\Adobe Photoshop 7.0.1.lnk
[2011/12/06 15:32:21 | 000,001,372 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/12/06 15:32:20 | 000,001,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.1.lnk
[2011/12/06 15:32:20 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.1.lnk
[2011/12/06 12:57:32 | 000,002,094 | ---- | C] () -- C:\Users\DTurkal\.recently-used.xbel
[2011/11/29 17:43:54 | 000,001,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/11/29 17:43:54 | 000,001,155 | ---- | C] () -- C:\Users\DTurkal\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/11/27 18:51:48 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/17 00:31:44 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/17 00:13:59 | 000,001,420 | ---- | C] () -- C:\Users\DTurkal\Desktop\Shortcut to sheepshd.exe.LNK
[2011/11/15 01:31:48 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 23:38:00 | 000,000,929 | ---- | C] () -- C:\Users\DTurkal\Desktop\Spotify.lnk
[2011/11/13 23:38:00 | 000,000,915 | ---- | C] () -- C:\Users\DTurkal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/09/06 21:09:44 | 000,000,132 | ---- | C] () -- C:\Users\DTurkal\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/09/06 21:09:05 | 000,000,132 | ---- | C] () -- C:\Users\DTurkal\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/03 19:15:24 | 000,221,344 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/09/03 19:15:24 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/03 11:01:08 | 000,146,396 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/27 15:56:46 | 000,001,746 | ---- | C] () -- C:\Users\DTurkal\AppData\Roaming\ImperatorProfile0.dat
[2010/10/16 12:11:50 | 000,218,496 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/10/16 12:11:48 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/10/16 12:11:48 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/11/19 12:23:42 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\syx45326.dat
[2009/11/19 11:59:45 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/11/19 11:52:44 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/06 18:14:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/15 14:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll

========== LOP Check ==========

[2011/08/01 10:00:01 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\.minecraft
[2011/11/29 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\Audacity
[2011/09/06 19:28:29 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/20 16:06:44 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\Chime
[2011/08/04 19:21:57 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\Codemasters
[2011/09/06 17:07:27 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/04/02 13:50:49 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\GARMIN
[2011/12/06 12:57:32 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\gtk-2.0
[2011/09/24 15:02:33 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\Notepad++
[2010/11/07 13:27:33 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\OpenOffice.org
[2011/10/16 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\Ringtone Expressions
[2011/12/09 00:14:38 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\Spotify
[2011/03/10 00:45:41 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\Stereoscopic Player
[2010/10/26 16:07:23 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\SystemRequirementsLab
[2011/12/10 00:23:06 | 000,000,000 | ---D | M] -- C:\Users\DTurkal\AppData\Roaming\uTorrent
[2011/07/11 23:34:34 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 13 December 2011 - 02:30 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello SARKID and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/10 00:24:26 | 000,010,270 | -HS- | M] () -- C:\Users\DTurkal\AppData\Local\t6le76k8mp5pca
    [2011/12/10 00:24:26 | 000,010,270 | -HS- | M] () -- C:\ProgramData\t6le76k8mp5pca
    [2011/12/09 18:06:03 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Users\DTurkal\AppData\Local\jyr.exe


    :Files
    ipconfig /flushdns /c
    C:\Users\DTurkal\AppData\Local\t6le76k8mp5pca
    C:\ProgramData\t6le76k8mp5pca

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
SARKID
Posted 13 December 2011 - 03:39 AM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL Log

========== OTL ==========
C:\Users\DTurkal\AppData\Local\t6le76k8mp5pca moved successfully.
C:\ProgramData\t6le76k8mp5pca moved successfully.
File C:\Users\DTurkal\AppData\Local\jyr.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\DTurkal\Desktop\cmd.bat deleted successfully.
C:\Users\DTurkal\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\DTurkal\AppData\Local\t6le76k8mp5pca not found.
File\Folder C:\ProgramData\t6le76k8mp5pca not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12132011_030758
  • 0

#4
SARKID
Posted 13 December 2011 - 03:41 AM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
GMER indicated that it found no issues, and the report log was empty/blank
  • 0

#5
maliprog
Posted 13 December 2011 - 05:12 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's continue.

Step 1

Please update Malwarebytes and do Quick Scan. Post log after the scan.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.


Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 4

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 5

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • TDSSKiller log
  • aswMBR log
  • AVP log
It would be helpful if you could post each log in separate post
  • 0

#6
SARKID
Posted 13 December 2011 - 04:17 PM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8346

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/13/2011 11:45:48 AM
mbam-log-2011-12-13 (11-45-48).txt

Scan type: Quick scan
Objects scanned: 201122
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
SARKID
Posted 13 December 2011 - 04:19 PM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
TDSSKiller

11:47:38.0817 4156 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:47:39.0237 4156 ============================================================
11:47:39.0237 4156 Current date / time: 2011/12/13 11:47:39.0237
11:47:39.0237 4156 SystemInfo:
11:47:39.0237 4156
11:47:39.0237 4156 OS Version: 6.1.7601 ServicePack: 1.0
11:47:39.0237 4156 Product type: Workstation
11:47:39.0237 4156 ComputerName: DANNY-PC
11:47:39.0238 4156 UserName: DTurkal
11:47:39.0238 4156 Windows directory: C:\Windows
11:47:39.0238 4156 System windows directory: C:\Windows
11:47:39.0238 4156 Running under WOW64
11:47:39.0238 4156 Processor architecture: Intel x64
11:47:39.0238 4156 Number of processors: 8
11:47:39.0238 4156 Page size: 0x1000
11:47:39.0238 4156 Boot type: Normal boot
11:47:39.0238 4156 ============================================================
11:47:39.0634 4156 Initialize success
11:47:46.0895 5168 ============================================================
11:47:46.0895 5168 Scan started
11:47:46.0896 5168 Mode: Manual;
11:47:46.0896 5168 ============================================================
11:47:47.0311 5168 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:47:47.0312 5168 1394ohci - ok
11:47:47.0333 5168 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:47:47.0373 5168 ACPI - ok
11:47:47.0408 5168 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:47:47.0443 5168 AcpiPmi - ok
11:47:47.0484 5168 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:47:47.0494 5168 adp94xx - ok
11:47:47.0617 5168 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:47:47.0627 5168 adpahci - ok
11:47:47.0674 5168 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:47:47.0680 5168 adpu320 - ok
11:47:47.0711 5168 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:47:47.0749 5168 AFD - ok
11:47:47.0822 5168 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:47:47.0827 5168 agp440 - ok
11:47:47.0855 5168 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:47:47.0859 5168 aliide - ok
11:47:47.0875 5168 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:47:47.0877 5168 amdide - ok
11:47:47.0905 5168 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:47:47.0909 5168 AmdK8 - ok
11:47:47.0956 5168 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:47:47.0959 5168 AmdPPM - ok
11:47:47.0979 5168 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:47:48.0017 5168 amdsata - ok
11:47:48.0039 5168 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:47:48.0045 5168 amdsbs - ok
11:47:48.0058 5168 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:47:48.0059 5168 amdxata - ok
11:47:48.0146 5168 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:47:48.0204 5168 AppID - ok
11:47:48.0257 5168 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:47:48.0260 5168 arc - ok
11:47:48.0317 5168 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:47:48.0322 5168 arcsas - ok
11:47:48.0364 5168 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:47:48.0368 5168 AsyncMac - ok
11:47:48.0437 5168 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:47:48.0438 5168 atapi - ok
11:47:48.0503 5168 ATIAVPCI (2fdf783e6285c3765de5520296df1cab) C:\Windows\system32\DRIVERS\atinavrr.sys
11:47:48.0551 5168 ATIAVPCI - ok
11:47:48.0626 5168 ATICDSDr (944a91bb93c1187a7aaf11e24f4bafd0) C:\Users\DTurkal\AppData\Local\Temp\ATICDSDr.sys
11:47:48.0701 5168 ATICDSDr - ok
11:47:48.0835 5168 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
11:47:48.0890 5168 atikmdag - ok
11:47:48.0972 5168 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:47:48.0982 5168 b06bdrv - ok
11:47:48.0999 5168 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:47:49.0006 5168 b57nd60a - ok
11:47:49.0041 5168 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:47:49.0045 5168 Beep - ok
11:47:49.0071 5168 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:47:49.0076 5168 blbdrive - ok
11:47:49.0178 5168 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:47:49.0179 5168 bowser - ok
11:47:49.0208 5168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:47:49.0213 5168 BrFiltLo - ok
11:47:49.0225 5168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:47:49.0230 5168 BrFiltUp - ok
11:47:49.0248 5168 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:47:49.0256 5168 Brserid - ok
11:47:49.0277 5168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:47:49.0282 5168 BrSerWdm - ok
11:47:49.0325 5168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:47:49.0329 5168 BrUsbMdm - ok
11:47:49.0364 5168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:47:49.0367 5168 BrUsbSer - ok
11:47:49.0381 5168 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:47:49.0384 5168 BTHMODEM - ok
11:47:49.0415 5168 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:47:49.0420 5168 cdfs - ok
11:47:49.0490 5168 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:47:49.0523 5168 cdrom - ok
11:47:49.0567 5168 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
11:47:49.0600 5168 cfwids - ok
11:47:49.0621 5168 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:47:49.0624 5168 circlass - ok
11:47:49.0724 5168 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:47:49.0731 5168 CLFS - ok
11:47:49.0790 5168 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:47:49.0793 5168 CmBatt - ok
11:47:49.0856 5168 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:47:49.0860 5168 cmdide - ok
11:47:49.0898 5168 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:47:49.0901 5168 CNG - ok
11:47:49.0914 5168 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:47:49.0918 5168 Compbatt - ok
11:47:49.0942 5168 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:47:49.0977 5168 CompositeBus - ok
11:47:50.0032 5168 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:47:50.0034 5168 crcdisk - ok
11:47:50.0092 5168 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:47:50.0093 5168 DfsC - ok
11:47:50.0122 5168 DIRECTIO - ok
11:47:50.0173 5168 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:47:50.0173 5168 discache - ok
11:47:50.0234 5168 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:47:50.0235 5168 Disk - ok
11:47:50.0318 5168 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:47:50.0322 5168 Dot4 - ok
11:47:50.0356 5168 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:47:50.0388 5168 Dot4Print - ok
11:47:50.0442 5168 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:47:50.0446 5168 dot4usb - ok
11:47:50.0515 5168 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:47:50.0520 5168 drmkaud - ok
11:47:50.0560 5168 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:47:50.0603 5168 DXGKrnl - ok
11:47:50.0622 5168 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
11:47:50.0628 5168 e1express - ok
11:47:50.0698 5168 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:47:50.0735 5168 ebdrv - ok
11:47:50.0810 5168 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:47:50.0819 5168 elxstor - ok
11:47:50.0865 5168 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:47:50.0868 5168 ErrDev - ok
11:47:50.0900 5168 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:47:50.0906 5168 exfat - ok
11:47:50.0958 5168 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:47:50.0964 5168 fastfat - ok
11:47:51.0006 5168 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:47:51.0010 5168 fdc - ok
11:47:51.0052 5168 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:47:51.0052 5168 FileInfo - ok
11:47:51.0076 5168 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:47:51.0079 5168 Filetrace - ok
11:47:51.0099 5168 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:47:51.0102 5168 flpydisk - ok
11:47:51.0148 5168 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:47:51.0149 5168 FltMgr - ok
11:47:51.0167 5168 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:47:51.0171 5168 FsDepends - ok
11:47:51.0229 5168 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:47:51.0230 5168 Fs_Rec - ok
11:47:51.0286 5168 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:47:51.0288 5168 fvevol - ok
11:47:51.0311 5168 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:47:51.0315 5168 gagp30kx - ok
11:47:51.0361 5168 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:47:51.0394 5168 GEARAspiWDM - ok
11:47:51.0441 5168 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:47:51.0443 5168 hcw85cir - ok
11:47:51.0518 5168 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:47:51.0553 5168 HdAudAddService - ok
11:47:51.0614 5168 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:47:51.0615 5168 HDAudBus - ok
11:47:51.0636 5168 HDAudBusTest (5eaaee8d1acea72fb7c1ba5f21e79fcb) C:\Windows\system32\DRIVERS\HDAudBusTest.sys
11:47:51.0671 5168 HDAudBusTest - ok
11:47:51.0705 5168 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:47:51.0708 5168 HidBatt - ok
11:47:51.0720 5168 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:47:51.0724 5168 HidBth - ok
11:47:51.0746 5168 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:47:51.0748 5168 HidIr - ok
11:47:51.0796 5168 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:47:51.0828 5168 HidUsb - ok
11:47:51.0895 5168 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:47:51.0930 5168 HpSAMD - ok
11:47:51.0943 5168 htsym - ok
11:47:51.0996 5168 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:47:52.0000 5168 HTTP - ok
11:47:52.0013 5168 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:47:52.0013 5168 hwpolicy - ok
11:47:52.0105 5168 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:47:52.0111 5168 i8042prt - ok
11:47:52.0171 5168 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:47:52.0206 5168 iaStor - ok
11:47:52.0275 5168 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:47:52.0315 5168 iaStorV - ok
11:47:52.0342 5168 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:47:52.0347 5168 iirsp - ok
11:47:52.0412 5168 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
11:47:52.0447 5168 IntcAzAudAddService - ok
11:47:52.0502 5168 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:47:52.0504 5168 intelide - ok
11:47:52.0546 5168 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:47:52.0547 5168 intelppm - ok
11:47:52.0594 5168 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:47:52.0630 5168 IpFilterDriver - ok
11:47:52.0684 5168 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:47:52.0720 5168 IPMIDRV - ok
11:47:52.0748 5168 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:47:52.0753 5168 IPNAT - ok
11:47:52.0824 5168 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:47:52.0828 5168 IRENUM - ok
11:47:52.0875 5168 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:47:52.0878 5168 isapnp - ok
11:47:52.0896 5168 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:47:52.0938 5168 iScsiPrt - ok
11:47:52.0983 5168 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
11:47:53.0021 5168 JRAID - ok
11:47:53.0081 5168 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:47:53.0085 5168 kbdclass - ok
11:47:53.0111 5168 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:47:53.0144 5168 kbdhid - ok
11:47:53.0164 5168 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:47:53.0164 5168 KSecDD - ok
11:47:53.0188 5168 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:47:53.0189 5168 KSecPkg - ok
11:47:53.0239 5168 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:47:53.0243 5168 ksthunk - ok
11:47:53.0290 5168 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:47:53.0294 5168 lltdio - ok
11:47:53.0415 5168 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
11:47:53.0454 5168 LMIInfo - ok
11:47:53.0540 5168 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
11:47:53.0572 5168 lmimirr - ok
11:47:53.0627 5168 LMIRfsClientNP - ok
11:47:53.0663 5168 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
11:47:53.0664 5168 LMIRfsDriver - ok
11:47:53.0701 5168 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:47:53.0705 5168 LSI_FC - ok
11:47:53.0758 5168 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:47:53.0762 5168 LSI_SAS - ok
11:47:53.0784 5168 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:47:53.0787 5168 LSI_SAS2 - ok
11:47:53.0814 5168 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:47:53.0818 5168 LSI_SCSI - ok
11:47:53.0845 5168 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:47:53.0846 5168 luafv - ok
11:47:53.0941 5168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:47:53.0945 5168 megasas - ok
11:47:53.0971 5168 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:47:53.0979 5168 MegaSR - ok
11:47:54.0021 5168 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
11:47:54.0054 5168 mfeapfk - ok
11:47:54.0124 5168 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
11:47:54.0159 5168 mfeavfk - ok
11:47:54.0178 5168 mfeavfk01 - ok
11:47:54.0220 5168 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
11:47:54.0261 5168 mfefirek - ok
11:47:54.0318 5168 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
11:47:54.0322 5168 mfehidk - ok
11:47:54.0364 5168 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:47:54.0397 5168 mfenlfk - ok
11:47:54.0434 5168 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
11:47:54.0468 5168 mferkdet - ok
11:47:54.0523 5168 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
11:47:54.0525 5168 mfewfpk - ok
11:47:54.0571 5168 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
11:47:54.0571 5168 MOBKFilter - ok
11:47:54.0596 5168 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:47:54.0598 5168 Modem - ok
11:47:54.0659 5168 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:47:54.0662 5168 monitor - ok
11:47:54.0720 5168 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:47:54.0723 5168 mouclass - ok
11:47:54.0756 5168 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:47:54.0760 5168 mouhid - ok
11:47:54.0819 5168 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:47:54.0857 5168 mountmgr - ok
11:47:54.0892 5168 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:47:54.0932 5168 mpio - ok
11:47:54.0958 5168 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:47:54.0963 5168 mpsdrv - ok
11:47:54.0995 5168 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:47:55.0037 5168 MRxDAV - ok
11:47:55.0099 5168 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:47:55.0131 5168 mrxsmb - ok
11:47:55.0165 5168 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:47:55.0199 5168 mrxsmb10 - ok
11:47:55.0213 5168 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:47:55.0214 5168 mrxsmb20 - ok
11:47:55.0244 5168 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:47:55.0285 5168 msahci - ok
11:47:55.0319 5168 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:47:55.0364 5168 msdsm - ok
11:47:55.0435 5168 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:47:55.0438 5168 Msfs - ok
11:47:55.0476 5168 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:47:55.0480 5168 mshidkmdf - ok
11:47:55.0498 5168 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:47:55.0500 5168 msisadrv - ok
11:47:55.0529 5168 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:47:55.0535 5168 MSKSSRV - ok
11:47:55.0567 5168 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:47:55.0572 5168 MSPCLOCK - ok
11:47:55.0592 5168 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:47:55.0594 5168 MSPQM - ok
11:47:55.0629 5168 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:47:55.0631 5168 MsRPC - ok
11:47:55.0645 5168 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:47:55.0648 5168 mssmbios - ok
11:47:55.0679 5168 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:47:55.0683 5168 MSTEE - ok
11:47:55.0719 5168 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:47:55.0723 5168 MTConfig - ok
11:47:55.0757 5168 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
11:47:55.0793 5168 MTsensor - ok
11:47:55.0828 5168 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:47:55.0829 5168 Mup - ok
11:47:55.0891 5168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:47:55.0900 5168 NativeWifiP - ok
11:47:55.0967 5168 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:47:55.0972 5168 NDIS - ok
11:47:56.0030 5168 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:47:56.0035 5168 NdisCap - ok
11:47:56.0060 5168 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:56.0064 5168 NdisTapi - ok
11:47:56.0115 5168 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:56.0150 5168 Ndisuio - ok
11:47:56.0240 5168 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:56.0277 5168 NdisWan - ok
11:47:56.0356 5168 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:47:56.0392 5168 NDProxy - ok
11:47:56.0449 5168 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:47:56.0450 5168 NetBIOS - ok
11:47:56.0472 5168 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:47:56.0474 5168 NetBT - ok
11:47:56.0549 5168 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:47:56.0553 5168 nfrd960 - ok
11:47:56.0595 5168 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:47:56.0595 5168 Npfs - ok
11:47:56.0616 5168 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:47:56.0617 5168 nsiproxy - ok
11:47:56.0702 5168 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:47:56.0714 5168 Ntfs - ok
11:47:56.0737 5168 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:47:56.0742 5168 Null - ok
11:47:56.0965 5168 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:47:57.0044 5168 nvlddmkm - ok
11:47:57.0107 5168 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:47:57.0146 5168 nvraid - ok
11:47:57.0171 5168 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:47:57.0210 5168 nvstor - ok
11:47:57.0252 5168 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:47:57.0258 5168 nv_agp - ok
11:47:57.0322 5168 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:47:57.0327 5168 ohci1394 - ok
11:47:57.0361 5168 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:47:57.0365 5168 Parport - ok
11:47:57.0391 5168 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:47:57.0391 5168 partmgr - ok
11:47:57.0410 5168 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:47:57.0448 5168 pci - ok
11:47:57.0466 5168 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:47:57.0467 5168 pciide - ok
11:47:57.0512 5168 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:47:57.0517 5168 pcmcia - ok
11:47:57.0530 5168 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:47:57.0531 5168 pcw - ok
11:47:57.0566 5168 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:47:57.0578 5168 PEAUTH - ok
11:47:57.0699 5168 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:47:57.0735 5168 PptpMiniport - ok
11:47:57.0755 5168 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:47:57.0758 5168 Processor - ok
11:47:57.0812 5168 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:47:57.0813 5168 Psched - ok
11:47:57.0860 5168 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:47:57.0861 5168 PxHlpa64 - ok
11:47:57.0894 5168 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:47:57.0914 5168 ql2300 - ok
11:47:57.0942 5168 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:47:57.0946 5168 ql40xx - ok
11:47:57.0966 5168 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:47:57.0970 5168 QWAVEdrv - ok
11:47:58.0027 5168 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:47:58.0031 5168 RasAcd - ok
11:47:58.0053 5168 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:47:58.0056 5168 RasAgileVpn - ok
11:47:58.0100 5168 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:47:58.0136 5168 Rasl2tp - ok
11:47:58.0158 5168 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:47:58.0163 5168 RasPppoe - ok
11:47:58.0181 5168 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:47:58.0184 5168 RasSstp - ok
11:47:58.0254 5168 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:47:58.0256 5168 rdbss - ok
11:47:58.0282 5168 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:47:58.0287 5168 rdpbus - ok
11:47:58.0309 5168 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:47:58.0311 5168 RDPCDD - ok
11:47:58.0357 5168 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:47:58.0359 5168 RDPENCDD - ok
11:47:58.0370 5168 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:47:58.0371 5168 RDPREFMP - ok
11:47:58.0396 5168 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:47:58.0433 5168 RDPWD - ok
11:47:58.0469 5168 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:47:58.0508 5168 rdyboost - ok
11:47:58.0599 5168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:47:58.0602 5168 rspndr - ok
11:47:58.0638 5168 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:47:58.0675 5168 RTL8167 - ok
11:47:58.0710 5168 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:47:58.0749 5168 sbp2port - ok
11:47:58.0812 5168 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:47:58.0855 5168 scfilter - ok
11:47:58.0886 5168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:47:58.0889 5168 secdrv - ok
11:47:58.0910 5168 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:47:58.0913 5168 Serenum - ok
11:47:58.0941 5168 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:47:58.0944 5168 Serial - ok
11:47:58.0997 5168 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:47:59.0000 5168 sermouse - ok
11:47:59.0031 5168 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:47:59.0035 5168 sffdisk - ok
11:47:59.0048 5168 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:47:59.0052 5168 sffp_mmc - ok
11:47:59.0071 5168 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:47:59.0105 5168 sffp_sd - ok
11:47:59.0128 5168 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:47:59.0131 5168 sfloppy - ok
11:47:59.0187 5168 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:47:59.0191 5168 SiSRaid2 - ok
11:47:59.0211 5168 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:47:59.0215 5168 SiSRaid4 - ok
11:47:59.0233 5168 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:47:59.0238 5168 Smb - ok
11:47:59.0315 5168 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:47:59.0315 5168 spldr - ok
11:47:59.0341 5168 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:47:59.0344 5168 srv - ok
11:47:59.0363 5168 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:47:59.0365 5168 srv2 - ok
11:47:59.0386 5168 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:47:59.0387 5168 srvnet - ok
11:47:59.0463 5168 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:47:59.0466 5168 stexstor - ok
11:47:59.0501 5168 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:47:59.0505 5168 swenum - ok
11:47:59.0580 5168 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:47:59.0594 5168 Tcpip - ok
11:47:59.0655 5168 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:47:59.0664 5168 TCPIP6 - ok
11:47:59.0692 5168 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:47:59.0727 5168 tcpipreg - ok
11:47:59.0745 5168 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:47:59.0750 5168 TDPIPE - ok
11:47:59.0759 5168 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:47:59.0761 5168 TDTCP - ok
11:47:59.0791 5168 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:47:59.0825 5168 tdx - ok
11:47:59.0870 5168 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:47:59.0899 5168 TermDD - ok
11:47:59.0963 5168 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:47:59.0995 5168 tssecsrv - ok
11:48:00.0026 5168 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:48:00.0062 5168 TsUsbFlt - ok
11:48:00.0174 5168 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:48:00.0210 5168 tunnel - ok
11:48:00.0228 5168 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:48:00.0232 5168 uagp35 - ok
11:48:00.0276 5168 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:48:00.0320 5168 udfs - ok
11:48:00.0424 5168 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:48:00.0460 5168 uliagpkx - ok
11:48:00.0503 5168 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:48:00.0539 5168 umbus - ok
11:48:00.0569 5168 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:48:00.0572 5168 UmPass - ok
11:48:00.0614 5168 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:48:00.0646 5168 USBAAPL64 - ok
11:48:00.0695 5168 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:48:00.0727 5168 usbccgp - ok
11:48:00.0761 5168 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:48:00.0766 5168 usbcir - ok
11:48:00.0791 5168 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:48:00.0823 5168 usbehci - ok
11:48:00.0859 5168 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:48:00.0895 5168 usbhub - ok
11:48:00.0940 5168 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:48:00.0943 5168 usbohci - ok
11:48:00.0975 5168 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:48:00.0978 5168 usbprint - ok
11:48:00.0995 5168 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:48:00.0998 5168 usbscan - ok
11:48:01.0031 5168 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:48:01.0031 5168 USBSTOR - ok
11:48:01.0086 5168 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:48:01.0119 5168 usbuhci - ok
11:48:01.0172 5168 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:48:01.0173 5168 vdrvroot - ok
11:48:01.0209 5168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:48:01.0212 5168 vga - ok
11:48:01.0244 5168 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:48:01.0248 5168 VgaSave - ok
11:48:01.0284 5168 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:48:01.0321 5168 vhdmp - ok
11:48:01.0334 5168 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:48:01.0338 5168 viaide - ok
11:48:01.0375 5168 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:48:01.0375 5168 volmgr - ok
11:48:01.0408 5168 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:48:01.0410 5168 volmgrx - ok
11:48:01.0439 5168 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:48:01.0440 5168 volsnap - ok
11:48:01.0475 5168 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:48:01.0481 5168 vsmraid - ok
11:48:01.0504 5168 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:48:01.0507 5168 vwifibus - ok
11:48:01.0529 5168 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:48:01.0534 5168 WacomPen - ok
11:48:01.0585 5168 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:48:01.0618 5168 WANARP - ok
11:48:01.0621 5168 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:48:01.0622 5168 Wanarpv6 - ok
11:48:01.0703 5168 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:48:01.0708 5168 Wd - ok
11:48:01.0757 5168 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:48:01.0760 5168 Wdf01000 - ok
11:48:01.0795 5168 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:48:01.0798 5168 WfpLwf - ok
11:48:01.0808 5168 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:48:01.0810 5168 WIMMount - ok
11:48:01.0892 5168 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:48:01.0925 5168 WinUsb - ok
11:48:01.0990 5168 WmBEnum (14dc5897bc6c4e03c023ad80abb7f539) C:\Windows\system32\drivers\WmBEnum.sys
11:48:02.0023 5168 WmBEnum - ok
11:48:02.0042 5168 WmFilter (2de0a0cea49972c82c7e9d36bd4c1247) C:\Windows\system32\drivers\WmFilter.sys
11:48:02.0075 5168 WmFilter - ok
11:48:02.0150 5168 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:48:02.0153 5168 WmiAcpi - ok
11:48:02.0186 5168 WmVirHid (53c12ae1183f3f7787f1f1835001ccc0) C:\Windows\system32\drivers\WmVirHid.sys
11:48:02.0219 5168 WmVirHid - ok
11:48:02.0245 5168 WmXlCore (c807e470cca24f5e479da4872a7d2121) C:\Windows\system32\drivers\WmXlCore.sys
11:48:02.0278 5168 WmXlCore - ok
11:48:02.0325 5168 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:48:02.0328 5168 ws2ifsl - ok
11:48:02.0364 5168 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:48:02.0397 5168 WudfPf - ok
11:48:02.0449 5168 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:48:02.0483 5168 WUDFRd - ok
11:48:02.0505 5168 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:48:02.0513 5168 \Device\Harddisk0\DR0 - ok
11:48:02.0516 5168 Boot (0x1200) (2806035c561c4cf2c350b38d10f0b01c) \Device\Harddisk0\DR0\Partition0
11:48:02.0517 5168 \Device\Harddisk0\DR0\Partition0 - ok
11:48:02.0522 5168 Boot (0x1200) (2d32aa93f84ae3d7b497a28f21ca14a2) \Device\Harddisk0\DR0\Partition1
11:48:02.0523 5168 \Device\Harddisk0\DR0\Partition1 - ok
11:48:02.0537 5168 Boot (0x1200) (fa2fa0d01bd4ec5ccbef66eff35cd10f) \Device\Harddisk0\DR0\Partition2
11:48:02.0538 5168 \Device\Harddisk0\DR0\Partition2 - ok
11:48:02.0538 5168 ============================================================
11:48:02.0538 5168 Scan finished
11:48:02.0538 5168 ============================================================
11:48:02.0546 6088 Detected object count: 0
11:48:02.0546 6088 Actual detected object count: 0
11:48:11.0228 2392 Deinitialize success


 

aswmbr log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-13 11:48:57
-----------------------------
11:48:57.826 OS Version: Windows x64 6.1.7601 Service Pack 1
11:48:57.826 Number of processors: 8 586 0x1A05
11:48:57.827 ComputerName: DANNY-PC UserName: DTurkal
11:49:00.728 Initialize success
11:50:21.056 AVAST engine defs: 11121301
11:52:22.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:52:22.321 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8
11:52:22.337 Disk 0 MBR read successfully
11:52:22.339 Disk 0 MBR scan
11:52:22.346 Disk 0 Windows VISTA default MBR code
11:52:22.349 Service scanning
11:52:23.850 Modules scanning
11:52:23.854 Disk 0 trace - called modules:
11:52:23.870 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:52:23.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c0a9060]
11:52:23.880 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800b149050]
11:52:26.690 AVAST engine scan C:\Windows
11:52:30.681 AVAST engine scan C:\Windows\system32
11:54:22.745 AVAST engine scan C:\Windows\system32\drivers
11:54:35.393 AVAST engine scan C:\Users\DTurkal
11:56:48.477 Disk 0 MBR has been saved successfully to "C:\Users\DTurkal\Desktop\MBR.dat"
11:56:48.486 The log file has been saved successfully to "C:\Users\DTurkal\Desktop\aswMBR.txt"

Edited by SARKID, 14 December 2011 - 12:17 AM.

  • 0

#8
SARKID
Posted 13 December 2011 - 04:50 PM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
AAAAGGH! I didn't set Kaspersky to "detected threads" when I saved the log. The thing is 23,000 pages long :angry:

I know that it detected and removed 10 different infections. I used the search function and found these to be the ones that were deleted.

12/13/2011 12:11:12 PM Deleted: Trojan-Downloader.Java.OpenConnection.cd C:\Documents and Settings\DTurkal\AppData\Local\Temp\jar_cache4654625022932319910.tmp/tom.class
12/13/2011 12:11:12 PM Deleted: Exploit.Java.Agent.fd C:\Documents and Settings\DTurkal\AppData\Local\Temp\jar_cache4904817381430316530.tmp/vuln/Exploit$1.class
12/13/2011 12:11:16 PM Deleted: Trojan-Downloader.Java.OpenConnection.cc C:\Documents and Settings\DTurkal\AppData\Local\Temp\jar_cache4904817381430316530.tmp/vuln/Exploit.class
12/13/2011 12:11:20 PM Deleted: Exploit.Java.CVE-2010-0842.b C:\Documents and Settings\DTurkal\AppData\Local\Temp\jar_cache5572681973399570174.tmp/kaf.class
12/13/2011 12:11:25 PM Moved to Quarantine: HEUR:Trojan.Win32.Generic C:\Documents and Settings\DTurkal\AppData\Local\Temp\2BD3.tmp
12/13/2011 12:14:58 PM Deleted: Trojan-Downloader.Java.OpenConnection.dk C:\Documents and Settings\DTurkal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\56049c17-360a85ac/glass/lulux.class
12/13/2011 12:14:58 PM Deleted: Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\DTurkal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5416a4d0-41f995dd/glass/boing.class
12/13/2011 12:15:09 PM Deleted: Trojan-Downloader.Java.Agent.jk C:\Documents and Settings\DTurkal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4f063be5-2f4946a0/pocket/object3.class
12/13/2011 12:15:09 PM Deleted: Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\DTurkal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3b022968-1b37da6f/glass/boing.class
12/13/2011 12:16:01 PM Deleted: HEUR:Trojan.Win32.Generic C:\Documents and Settings\DTurkal\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\3703f461-4f2437c8


I'm sorry I messed that up, what should I do?
  • 0

#9
maliprog
Posted 14 December 2011 - 02:45 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SARKID,

You did good job! How is your system now? Any Problems?
  • 0

#10
SARKID
Posted 14 December 2011 - 06:31 AM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I still can't enable my firewall. I also have seven windows updates that showed up today, and since I believe that's how it first got in I'm a bit concerned over installing them.
  • 0

Advertisements

#11
maliprog
Posted 14 December 2011 - 07:23 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try this:

Step 1

Please download repairfirewall.zip from the link bellow on your desktop

Attached File  repairfirewall.zip   222bytes   118 downloads

Extract it and right click on repairupdates.bat choose Run as Administrator
Your Firewall should be enabled now.

Step 2

Open Control Panel and click on Windows Update
Click on 7 important updates are available link
Please write what do you see on that list (all updates that are waiting)

I'll try to see if there is anything suspicious about them.
  • 0

#12
SARKID
Posted 14 December 2011 - 08:52 PM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
The firewall repair didn't work. Windows firewall gave me an error code of 0x80070424, stating that it can't change some of my settings. I also can't turn on my McAfee firewall; it turns off half a second after I try to turn it on.

I got a screenshot of the firewallrepair command prompt.

Posted Image


Here are the windows updates

Cumulative Security Update for ActiveX Killbits for Windows 7 for x64 based systems (KB2618451)
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64 based systems (KB2618444)
Securtiy Update for Windows 7 for x64 based systems (KB2619339)
Securtiy Update for Windows 7 for x64 based systems (KB2620712)
Securtiy Update for Windows 7 for x64 based systems (KB2639417)
Update for Windows 7 for x64 based systems (KB2633952)
Windows Malicious Software Removal Tool x64 - December 2011 (KB890830)


Edited by SARKID, 14 December 2011 - 09:18 PM.

  • 0

#13
SARKID
Posted 14 December 2011 - 10:30 PM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I checked all the updates against the Microsoft website myself. They were all released by Microsoft today but I'll wait for your say so before doing anything.
  • 0

#14
maliprog
Posted 15 December 2011 - 12:41 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi SARKID,

These updates are fine. You can install them. It's strange that you can't turn both firewalls on... maybe there is still some infection left. Let's check...

Step 1

Please download registerdll.zip from the link bellow on your desktop

Attached File  registerdll.zip   199bytes   127 downloads

Extract it and right click on registerdll.bat choose Run as Administrator
Test if your firewall working

Step 2

In search box type cmd
Right click on it and click Run as Administrator
In the command prompt, type sfc /scannow and press Enter. (see screenshot below)

Posted Image

NOTE: This may take a little bit to finish.

Step 3


Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#15
SARKID
Posted 15 December 2011 - 03:17 AM

SARKID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I had to uninstall McAfee in order to get it to stop running. Even then, combofix still saw something left of it. Had no issues though. I still can't enable the windows firewall.

Sidenote, I think I'm going to switch to AVG Professional after this is done. McAfee has failed me too many times, I can get AVG Pro for free, and I still have time to get a refund on my McAfee subscription.


ComboFix 11-12-13.03 - DTurkal 12/15/2011 2:59.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12278.10374 [GMT -6:00]
Running from: c:\users\DTurkal\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\DTurkal\AppData\Local\TempDIR
c:\users\DTurkal\AppData\Local\TempDIR\BetterInstaller.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 09:05 . 2011-12-15 09:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-15 08:18 . 2011-12-15 08:18 -------- d-----w- c:\programdata\McAfee Anti-Theft
2011-12-15 08:16 . 2011-12-15 08:52 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-12-15 08:16 . 2011-12-15 08:52 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-15 08:16 . 2011-12-15 08:17 -------- d-----w- c:\program files\McAfee
2011-12-15 08:15 . 2011-12-15 08:17 -------- d-----w- c:\program files (x86)\McAfee
2011-12-15 03:09 . 2011-12-15 03:09 -------- d-----w- c:\users\DTurkal\AppData\Local\McAfee Anti-Theft
2011-12-13 18:00 . 2011-12-13 18:00 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-13 09:07 . 2011-12-13 09:07 -------- d-----w- C:\_OTL
2011-12-13 09:00 . 2011-12-13 09:00 302592 ----a-w- C:\jrkmqh1j.exe
2011-12-06 21:25 . 1998-10-29 22:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-11-30 00:31 . 2011-11-30 00:34 -------- d-----w- c:\users\DTurkal\AppData\Local\Microsoft Games
2011-11-29 23:44 . 2011-11-29 23:52 -------- d-----w- c:\users\DTurkal\AppData\Roaming\Audacity
2011-11-29 23:43 . 2011-11-29 23:43 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2011-11-28 00:51 . 2011-11-28 00:51 -------- d-----w- c:\program files\iPod
2011-11-28 00:51 . 2011-11-28 00:51 -------- d-----w- c:\program files\iTunes
2011-11-28 00:51 . 2011-11-28 00:51 -------- d-----w- c:\program files (x86)\iTunes
2011-11-17 06:13 . 2011-11-17 06:14 -------- d-----w- C:\sheep
2011-11-16 00:59 . 2011-11-16 00:59 -------- d-----w- c:\program files\Microsoft Research
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 17:29 . 2011-05-15 03:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 03:59 . 2010-10-16 15:53 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 03:59 . 2010-10-16 15:53 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 03:59 . 2010-10-16 15:53 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-29 16:29 . 2011-11-09 22:51 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 22:51 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-09-23 23:17 . 2011-09-23 23:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-23 23:17 . 2011-09-23 23:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-23 23:17 . 2011-09-23 23:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-23 23:17 . 2011-09-23 23:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-23 23:17 . 2011-09-23 23:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-23 23:17 . 2011-09-23 23:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-23 23:17 . 2011-09-23 23:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-23 23:17 . 2011-09-23 23:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-23 23:17 . 2011-09-23 23:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-23 23:17 . 2011-09-23 23:17 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-23 23:17 . 2011-09-23 23:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-23 23:17 . 2011-09-23 23:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-23 23:17 . 2011-09-23 23:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-23 23:17 . 2011-09-23 23:17 448512 ----a-w- c:\windows\system32\html.iec
2011-09-23 23:17 . 2011-09-23 23:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-23 23:17 . 2011-09-23 23:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-23 23:17 . 2011-09-23 23:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-23 23:17 . 2011-09-23 23:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-23 23:17 . 2011-09-23 23:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-23 23:17 . 2011-09-23 23:17 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-23 23:17 . 2011-09-23 23:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-23 23:17 . 2011-09-23 23:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-23 23:17 . 2011-09-23 23:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-23 23:17 . 2011-09-23 23:17 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-23 23:17 . 2011-09-23 23:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-23 23:17 . 2011-09-23 23:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-23 23:17 . 2011-09-23 23:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-23 23:17 . 2011-09-23 23:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-23 23:17 . 2011-09-23 23:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-23 23:17 . 2011-09-23 23:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-23 23:17 . 2011-09-23 23:17 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-23 23:17 . 2011-09-23 23:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-23 23:17 . 2011-09-23 23:17 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-23 23:17 . 2011-09-23 23:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-23 23:17 . 2011-09-23 23:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-23 23:17 . 2011-09-23 23:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 01:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-30 641400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"CMCService"="c:\program files (x86)\ATI\Catalyst Media Center\CMCService.exe" [2007-08-03 172032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\users\DTurkal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-6 113664]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 ATICDSDr;ATICDSDr;c:\users\DTurkal\AppData\Local\Temp\ATICDSDr.sys [x]
R3 DIRECTIO;DIRECTIO;c:\backup\GAMER\BURNTEST\DirectIo.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
R3 HDAudBusTest;Microsoft UAA Bus Test Driver for High Definition Audio;c:\windows\system32\DRIVERS\HDAudBusTest.sys [x]
R3 htsym;Hal test sym8xx driver;c:\windows\system32\DRIVERS\htsym.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 0112561323936993mcinstcleanup;McAfee Application Installer Cleanup (0112561323936993);c:\users\DTurkal\AppData\Local\Temp\011256~1.EXE [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 375176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 03:48]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 03:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 123400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\DTurkal\AppData\Roaming\Mozilla\Firefox\Profiles\6bjghci5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
c:\program files (x86)\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-12-15 03:11:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 09:11
.
Pre-Run: 435,544,330,240 bytes free
Post-Run: 439,381,262,336 bytes free
.
- - End Of File - - B79F3A0C693CCE0202C915EC30270D2C
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP