Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan (?) followed by crashes. [Solved]


  • This topic is locked This topic is locked

#1
dcrookston

dcrookston

    Member

  • Member
  • PipPip
  • 24 posts
So I visited a web page that had apparently been compromised, because as soon as I opened it I started getting a request to run Explorer.exe. (The actual Windows program, not something else named Explorer - I was confused at first because it should have already been running, so I thought it was a trick, but I kept clicking "cancel" and it would immediately pop back up. In the brief half-second between clicking "cancel" and having it reappear, I would try to navigate in order to run TFC, but of course I couldn't since... no Explorer.) I also found a process with an unfamiliar name running (just numbers and letters), so I killed it. There was also a new temporary file, I think called nib.exe, which I deleted after rebooting in safe mode. (I'm assuming the name is random, so it probably doesn't tell you much.) I ran TFC, rebooted, and then discovered that my .exe association had been messed with - probably going to nib.exe, because I couldn't run any programs. (If I right-clicked an .exe and ran it as administrator it worked fine.) I fired up my browser and found a program called exeHelper (.com ;) ) that fixed the .exe association problem. After that I ran MBAM, which identified a few registry values (and cleaned them up) but found no files.

Me not being the brightest bulb on the tree, I went back to using Firefox (despite it's obviously having a serious security flaw that hasn't been patched yet) and had the same thing happen yesterday. Did the same dance, only now Windows is crashing from time to time. Here's the Windows crash details:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: CD9CEF88
BCP2: 00000002
BCP3: 00000000
BCP4: 8242D6F2
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini121311-02.dmp
C:\Users\Dan\AppData\Local\temp\WER-6443855-0.sysdata.xml
C:\Users\Dan\AppData\Local\temp\WER6124.tmp.version.txt

I looked for the files in my AppData folder but couldn't find them. (Yes, I showed hidden files and protected system files ;) )

Here's my OTL log:


OTL logfile created on: 12/13/2011 10:37:39 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 49.75% Memory free
5.94 Gb Paging File | 4.43 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 81.47 Gb Free Space | 36.26% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Dan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Windows\System32\PING.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ADVService) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (RtkHDMIService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 8D 55 B1 63 AA CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 10:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 09:45:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F6CF31A0-AE3D-4990-94B3-ED759D7FCCA7}: C:\Users\Dan\AppData\Local\{F6CF31A0-AE3D-4990-94B3-ED759D7FCCA7}

[2010/01/03 12:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/01/03 12:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/24 02:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8g2o5puw.default\extensions
[2011/11/24 02:23:11 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8g2o5puw.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011/11/11 23:28:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8g2o5puw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/10 10:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 10:56:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/21 09:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/06/30 21:26:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 10:56:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{800525D2-7165-4A2A-B13E-4763DA668997}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2F78EB2-EF8E-46D5-BD4A-1DF13FF2BA8C}: DhcpNameServer = 217.10.96.44 217.10.96.65
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{025368d5-abb9-11df-af15-001e3debee80}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{025368d5-abb9-11df-af15-001e3debee80}\Shell\Install\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 04:04:04 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\School Application Docs
[2011/11/28 01:39:08 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[2011/11/26 01:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/11/22 04:17:34 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\School Financials

========== Files - Modified Within 30 Days ==========

[2011/12/13 10:35:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040134827-1233584846-3129121331-1000UA.job
[2011/12/13 10:31:11 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/13 10:26:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/13 08:52:10 | 000,664,124 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/13 08:52:10 | 000,128,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/13 08:44:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 08:44:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 08:44:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/13 08:44:14 | 3082,850,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 08:44:12 | 281,311,025 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/13 01:45:31 | 000,001,578 | -HS- | M] () -- C:\Users\Dan\AppData\Local\3r60vx8f63t456
[2011/12/13 01:45:31 | 000,001,578 | -HS- | M] () -- C:\ProgramData\3r60vx8f63t456
[2011/12/12 23:35:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040134827-1233584846-3129121331-1000Core.job
[2011/12/10 02:21:35 | 000,017,491 | ---- | M] () -- C:\Users\Dan\_viminfo
[2011/12/10 02:21:35 | 000,000,439 | ---- | M] () -- C:\Users\Dan\Desktop\fix.reg
[2011/12/10 02:14:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/10 02:11:24 | 000,000,342 | ---- | M] () -- C:\Users\Dan\Desktop\fix.reg~
[2011/12/10 01:44:12 | 000,010,884 | -HS- | M] () -- C:\ProgramData\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/12/10 01:44:11 | 000,010,884 | -HS- | M] () -- C:\Users\Dan\AppData\Local\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/12/10 01:23:12 | 000,395,264 | ---- | M] () -- C:\Users\Dan\Documents\7y3D4K.exe
[2011/12/07 12:01:23 | 000,000,600 | ---- | M] () -- C:\Users\Dan\AppData\Local\PUTTY.RND
[2011/11/28 01:38:49 | 000,414,465 | ---- | M] () -- C:\Users\Dan\Documents\EVEMon_Settings_3179.xml.bak
[2011/11/26 13:22:02 | 000,002,255 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/12/13 02:28:25 | 3082,850,304 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/13 01:44:54 | 000,001,578 | -HS- | C] () -- C:\Users\Dan\AppData\Local\3r60vx8f63t456
[2011/12/13 01:44:54 | 000,001,578 | -HS- | C] () -- C:\ProgramData\3r60vx8f63t456
[2011/12/10 02:11:24 | 000,000,439 | ---- | C] () -- C:\Users\Dan\Desktop\fix.reg
[2011/12/10 02:11:24 | 000,000,342 | ---- | C] () -- C:\Users\Dan\Desktop\fix.reg~
[2011/12/10 01:23:12 | 000,395,264 | ---- | C] () -- C:\Users\Dan\Documents\7y3D4K.exe
[2011/12/10 01:23:08 | 000,010,884 | -HS- | C] () -- C:\Users\Dan\AppData\Local\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/12/10 01:23:08 | 000,010,884 | -HS- | C] () -- C:\ProgramData\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/11/28 01:39:36 | 000,414,465 | ---- | C] () -- C:\Users\Dan\Documents\EVEMon_Settings_3179.xml.bak
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/25 13:04:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/25 13:04:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/30 04:24:07 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2011/02/15 22:06:53 | 000,000,652 | ---- | C] () -- C:\Windows\ActivStats.INI
[2011/01/27 19:05:35 | 000,241,664 | ---- | C] () -- C:\Windows\System32\hppapr04.DLL
[2011/01/27 19:05:35 | 000,000,526 | ---- | C] () -- C:\Windows\System32\hppapr04.DAT
[2010/02/15 21:47:51 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/04 20:22:12 | 000,023,888 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\UserTile.png
[2009/09/10 22:14:13 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/12 19:04:46 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/03/26 15:18:07 | 000,134,072 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2009/03/26 11:01:50 | 000,000,025 | ---- | C] () -- C:\Windows\SW_Win2000X24.DLL
[2009/03/26 11:00:42 | 000,001,470 | ---- | C] () -- C:\Windows\CITP_SearchHistory.INI
[2009/03/26 11:00:35 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2009/03/26 11:00:35 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2009/03/26 11:00:35 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2009/03/26 11:00:35 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2009/03/15 13:35:20 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/18 16:54:22 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2009/01/25 18:49:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/05 15:33:28 | 000,353,792 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2008/12/05 15:33:28 | 000,107,520 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008/10/21 15:01:07 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/09/29 07:26:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/09/26 11:17:09 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/26 11:17:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/21 18:32:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/12 08:09:51 | 000,000,600 | ---- | C] () -- C:\Users\Dan\AppData\Local\PUTTY.RND
[2008/09/12 08:06:39 | 000,000,245 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\.slime-history.eld
[2008/09/03 08:51:43 | 000,222,208 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/03 00:42:39 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2008/06/18 15:19:13 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/06/18 12:48:50 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/06/18 12:48:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/18 12:48:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/06/18 12:48:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/18 12:48:29 | 002,144,744 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/18 12:48:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll
[2008/06/18 12:48:29 | 000,100,900 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/18 12:48:28 | 000,469,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/18 12:23:58 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/06/18 12:02:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/06/18 11:57:25 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/06/18 11:54:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/07 12:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/10/30 12:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/05 15:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/05/31 09:13:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2007/04/16 05:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,749,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,704,434 | ---- | C] () -- C:\Windows\System32\PerfStringBackup_bak.INI
[2006/11/02 05:33:01 | 000,664,124 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,128,732 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/07 19:07:38 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/09/23 22:35:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.emacs.d
[2009/07/10 17:32:21 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.maltego
[2011/10/26 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.purple
[2009/01/10 19:45:20 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Amazon
[2010/09/17 02:22:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Barnes & Noble
[2011/01/21 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Elluminate
[2011/11/28 01:40:09 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\EVEMon
[2011/10/21 00:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\FileZilla
[2008/09/05 18:11:27 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Flickr
[2011/07/10 23:43:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\go
[2009/10/31 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\gtk-2.0
[2010/08/22 13:47:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\InterVideo
[2008/10/05 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mount&Blade
[2009/10/04 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PeerNetworking
[2011/07/21 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PureEdge
[2010/09/12 05:54:52 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Stardock
[2009/04/02 14:50:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Subversion
[2009/02/18 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Template
[2008/11/20 10:34:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Three Rings Design
[2010/11/17 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TS3Client
[2011/12/13 10:44:09 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2011/12/10 02:14:52 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Thanks for your help!
  • 0

Advertisements


#2
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Just now I got a message saying that TCP/IP Ping command has stopped working. Here's the details:

Problem signature:
Problem Event Name: APPCRASH
Application Name: ping.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47919130
Fault Module Name: StackHash_7666
Fault Module Version: 6.0.6002.18327
Fault Module Timestamp: 4cb73436
Exception Code: c0000374
Exception Offset: 000b06fc
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: 7666
Additional Information 2: 208613db8dd3537cb6d25cd4215c50ce
Additional Information 3: 4621
Additional Information 4: 3324da66a12575547623355a79fa4191

Dunno if this helps or not.

Edited to add: Yet another crash, here's the info:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: B58DE400
BCP2: 00000002
BCP3: 00000000
BCP4: 82478429
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini121311-03.dmp
C:\Users\Dan\AppData\Local\temp\WER-2388063-0.sysdata.xml
C:\Users\Dan\AppData\Local\temp\WER3FFC.tmp.version.txt

Edited by dcrookston, 13 December 2011 - 11:24 PM.

  • 0

#3
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello dcrookston and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

Step 2

Go to Start then Run... and type (For Vista/7 type this in Start -> Search box):

compmgmt.msc

From the left panel click Disk management and maximize the window.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

To print screen please download ClickShoot.exe on your desktop
Run the program and when you are ready press [Print Screen] button on your keyboard
Post ClickShoot_HHMMSS.jpg it creates here for me.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

  • Screenshot
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#4
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I couldn't get the click-program working, so I just used MS Paint. The image is attached.

My computer is running "normally" (not slow or anything), but now and then TCP/IP crashes. I also don't use Firefox any more, since that seems to make things worse.

Here's the ComboFix log:

ComboFix 11-12-19.03 - Dan 12/20/2011 1:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1858 [GMT -5:00]
Running from: c:\users\Dan\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3r60vx8f63t456
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\$NtUninstallKB21332$\1587875313\@
c:\windows\$NtUninstallKB21332$\1587875313\bckfg.tmp
c:\windows\$NtUninstallKB21332$\1587875313\cfg.ini
c:\windows\$NtUninstallKB21332$\1587875313\Desktop.ini
c:\windows\$NtUninstallKB21332$\1587875313\keywords
c:\windows\$NtUninstallKB21332$\1587875313\kwrd.dll
c:\windows\$NtUninstallKB21332$\1587875313\L\qnbwvoto
c:\windows\$NtUninstallKB21332$\1587875313\lsflt7.ver
c:\windows\$NtUninstallKB21332$\1587875313\U\[email protected]
c:\windows\$NtUninstallKB21332$\1587875313\U\[email protected]
c:\windows\$NtUninstallKB21332$\1587875313\U\[email protected]
c:\windows\$NtUninstallKB21332$\1587875313\U\[email protected]
c:\windows\$NtUninstallKB21332$\1587875313\U\[email protected]
c:\windows\$NtUninstallKB21332$\1587875313\U\[email protected]
c:\windows\$NtUninstallKB21332$\3162167822
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 06:47 . 2011-12-20 06:47 -------- d-----w- c:\users\Dan\AppData\Local\temp
2011-12-20 06:47 . 2011-12-20 06:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-20 06:47 . 2011-12-20 06:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-12-20 06:47 . 2011-12-20 06:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 06:47 . 2011-12-20 06:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-20 06:25 . 2011-12-20 06:25 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-12-20 06:25 . 2011-12-20 06:25 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-12-20 06:25 . 2011-12-20 06:25 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-12-20 06:25 . 2011-12-20 06:25 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-12-20 06:25 . 2011-12-20 06:25 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-12-20 06:25 . 2011-12-20 06:25 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-12-20 06:25 . 2011-12-20 06:25 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-12-20 06:25 . 2011-12-20 06:25 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-12-20 06:25 . 2011-12-20 06:25 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-12-20 06:25 . 2011-12-20 06:25 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-12-20 06:25 . 2011-12-20 06:25 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-12-20 06:25 . 2011-12-20 06:25 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-12-20 06:24 . 2011-12-20 06:24 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-12-20 06:24 . 2011-12-20 06:24 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-12-20 06:24 . 2011-12-20 06:24 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-12-20 06:24 . 2011-12-20 06:24 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-12-20 06:24 . 2011-12-20 06:24 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-12-14 05:20 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 05:20 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 05:20 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 05:20 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 05:20 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 05:20 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-09 16:38 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A1BFE87-9D2D-47F3-A5B5-630A833299ED}\mpengine.dll
2011-11-26 06:56 . 2011-12-01 05:11 -------- d-----w- c:\programdata\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 05:04 . 2011-07-11 15:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 05:43 . 2009-08-18 15:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-10-10 05:43 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-01 06:27 . 2011-10-01 06:27 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-01 06:27 . 2011-10-01 06:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-01 06:27 . 2011-10-01 06:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-01 06:27 . 2011-10-01 06:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-01 06:27 . 2011-10-01 06:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-01 06:27 . 2011-10-01 06:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-01 06:27 . 2011-10-01 06:27 367104 ----a-w- c:\windows\system32\html.iec
2011-10-01 06:27 . 2011-10-01 06:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-01 06:27 . 2011-10-01 06:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-01 06:27 . 2011-10-01 06:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-01 06:27 . 2011-10-01 06:27 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-01 06:27 . 2011-10-01 06:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-01 06:27 . 2011-10-01 06:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-01 06:27 . 2011-10-01 06:27 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-01 06:27 . 2011-10-01 06:27 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-01 06:27 . 2011-10-01 06:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-01 06:27 . 2011-10-01 06:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-01 06:26 . 2011-10-01 06:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-01 06:25 . 2011-10-01 06:25 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-10-01 06:25 . 2011-10-01 06:25 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-10-01 06:25 . 2011-10-01 06:25 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-10-01 06:25 . 2011-10-01 06:25 2873344 ----a-w- c:\windows\system32\mf.dll
2011-10-01 06:25 . 2011-10-01 06:25 98816 ----a-w- c:\windows\system32\mfps.dll
2011-10-01 06:25 . 2011-10-01 06:25 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-10-01 06:25 . 2011-10-01 06:25 586240 ----a-w- c:\windows\system32\stobject.dll
2011-10-01 06:25 . 2011-10-01 06:25 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-01 06:25 . 2011-10-01 06:25 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-01 06:25 . 2011-10-01 06:25 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-10-01 06:25 . 2011-10-01 06:25 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-10-01 06:25 . 2011-10-01 06:25 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-01 06:25 . 2011-10-01 06:25 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-10-01 06:25 . 2011-10-01 06:25 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-01 06:25 . 2011-10-01 06:25 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-01 06:25 . 2011-10-01 06:25 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-01 06:25 . 2011-10-01 06:25 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-01 06:25 . 2011-10-01 06:25 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-10-01 06:25 . 2011-10-01 06:25 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-01 06:25 . 2011-10-01 06:25 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-10-01 06:25 . 2011-10-01 06:25 37376 ----a-w- c:\windows\system32\cdd.dll
2011-10-01 06:25 . 2011-10-01 06:25 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-10-01 06:25 . 2011-10-01 06:25 258048 ----a-w- c:\windows\system32\winspool.drv
2011-10-01 06:25 . 2011-10-01 06:25 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-01 06:25 . 2011-10-01 06:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-01 06:25 . 2011-10-01 06:25 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-01 06:25 . 2011-10-01 06:25 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-01 06:23 . 2011-10-01 06:23 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-10-01 06:23 . 2011-10-01 06:23 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-01 06:23 . 2011-10-01 06:23 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-01 06:23 . 2011-10-01 06:23 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-01 06:23 . 2011-10-01 06:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-01 06:23 . 2011-10-01 06:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-01 06:23 . 2011-10-01 06:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-01 06:23 . 2011-10-01 06:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-09-28 22:45 . 2011-09-28 22:45 15453832 ----a-w- c:\windows\system32\xlive.dll
2011-09-28 22:45 . 2011-09-28 22:45 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2011-11-10 15:56 . 2011-06-04 05:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 10:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 10:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-14 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 141848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ActivClient Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
backup=c:\windows\pss\ActivClient Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=c:\windows\pss\MozyHome Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-05-15 23:08 293168 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
2008-03-26 22:48 1093632 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-23 00:38 122880 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
2008-10-13 06:28 4789760 ----a-w- c:\program files\Curse\CurseClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Dan\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-12 08:22 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
2007-04-25 18:28 954368 ----a-w- c:\program files\HP\Dfawep\bin\hpbdfawep.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 17:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 03:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2005-07-04 13:50 643072 ----a-w- c:\program files\PureEdge\Viewer 6.5\masqform.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-02-17 08:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 19:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartWiHelper]
2008-06-27 20:45 77824 ----a-w- c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-04-14 18:24 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 01:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOMyMemCenter]
2008-02-29 20:39 679936 ----a-w- c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 22:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-02-19 19:25 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4040134827-1233584846-3129121331-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-12-12 28464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:42]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 23:42]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4040134827-1233584846-3129121331-1000Core.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 02:16]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4040134827-1233584846-3129121331-1000UA.job
- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 02:16]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8g2o5puw.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 01:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-20 01:51:56
ComboFix-quarantined-files.txt 2011-12-20 06:51
.
Pre-Run: 82,799,448,064 bytes free
Post-Run: 82,844,889,088 bytes free
.
- - End Of File - - 67130E2330388AC57DC72FE7F4AE5477

Attached Thumbnails

  • disk_mgmt.jpg

  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Combofix did great job and removed main infection. Let's see what we have left on your system.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.


Step 2


Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
  • ZIP MBR.dat file created by aswMBR and attach it to your post
Step 3



  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • MBR.dat attached
  • New OTL log
It would be helpful if you could post each log in separate post
  • 0

#6
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
00:48:01.0151 4644 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
00:48:01.0639 4644 ============================================================
00:48:01.0639 4644 Current date / time: 2011/12/22 00:48:01.0639
00:48:01.0639 4644 SystemInfo:
00:48:01.0639 4644
00:48:01.0640 4644 OS Version: 6.0.6002 ServicePack: 2.0
00:48:01.0640 4644 Product type: Workstation
00:48:01.0640 4644 ComputerName: DAN-PC
00:48:01.0640 4644 UserName: Dan
00:48:01.0640 4644 Windows directory: C:\Windows
00:48:01.0640 4644 System windows directory: C:\Windows
00:48:01.0640 4644 Processor architecture: Intel x86
00:48:01.0640 4644 Number of processors: 2
00:48:01.0640 4644 Page size: 0x1000
00:48:01.0641 4644 Boot type: Normal boot
00:48:01.0641 4644 ============================================================
00:48:02.0388 4644 Initialize success
00:48:05.0598 5200 ============================================================
00:48:05.0599 5200 Scan started
00:48:05.0599 5200 Mode: Manual;
00:48:05.0599 5200 ============================================================
00:48:06.0218 5200 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:48:06.0225 5200 ACPI - ok
00:48:06.0648 5200 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:48:06.0693 5200 adp94xx - ok
00:48:06.0824 5200 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:48:06.0833 5200 adpahci - ok
00:48:06.0935 5200 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:48:06.0939 5200 adpu160m - ok
00:48:07.0013 5200 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:48:07.0018 5200 adpu320 - ok
00:48:07.0260 5200 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:48:07.0268 5200 AFD - ok
00:48:07.0342 5200 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:48:07.0344 5200 agp440 - ok
00:48:07.0422 5200 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:48:07.0426 5200 aic78xx - ok
00:48:07.0490 5200 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:48:07.0492 5200 aliide - ok
00:48:07.0564 5200 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:48:07.0567 5200 amdagp - ok
00:48:07.0622 5200 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:48:07.0624 5200 amdide - ok
00:48:07.0710 5200 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:48:07.0713 5200 AmdK7 - ok
00:48:07.0780 5200 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:48:07.0782 5200 AmdK8 - ok
00:48:07.0877 5200 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:48:07.0882 5200 ApfiltrService - ok
00:48:08.0010 5200 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:48:08.0014 5200 arc - ok
00:48:08.0110 5200 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:48:08.0114 5200 arcsas - ok
00:48:08.0274 5200 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:48:08.0276 5200 AsyncMac - ok
00:48:08.0422 5200 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
00:48:08.0424 5200 atapi - ok
00:48:08.0630 5200 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys
00:48:08.0770 5200 atikmdag - ok
00:48:08.0893 5200 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:48:08.0894 5200 Beep - ok
00:48:08.0979 5200 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:48:08.0981 5200 blbdrive - ok
00:48:09.0085 5200 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:48:09.0088 5200 bowser - ok
00:48:09.0173 5200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:48:09.0175 5200 BrFiltLo - ok
00:48:09.0218 5200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:48:09.0219 5200 BrFiltUp - ok
00:48:09.0308 5200 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:48:09.0312 5200 Brserid - ok
00:48:09.0353 5200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:48:09.0356 5200 BrSerWdm - ok
00:48:09.0432 5200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:48:09.0434 5200 BrUsbMdm - ok
00:48:09.0484 5200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:48:09.0486 5200 BrUsbSer - ok
00:48:09.0596 5200 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
00:48:09.0598 5200 BthEnum - ok
00:48:09.0657 5200 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:48:09.0659 5200 BTHMODEM - ok
00:48:09.0741 5200 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
00:48:09.0745 5200 BthPan - ok
00:48:09.0846 5200 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
00:48:09.0869 5200 BTHPORT - ok
00:48:09.0936 5200 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
00:48:09.0938 5200 BTHUSB - ok
00:48:10.0023 5200 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
00:48:10.0026 5200 btwaudio - ok
00:48:10.0074 5200 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
00:48:10.0078 5200 btwavdt - ok
00:48:10.0119 5200 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:48:10.0121 5200 btwl2cap - ok
00:48:10.0188 5200 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
00:48:10.0190 5200 btwrchid - ok
00:48:10.0259 5200 catchme - ok
00:48:10.0335 5200 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:48:10.0338 5200 cdfs - ok
00:48:10.0440 5200 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:48:10.0443 5200 cdrom - ok
00:48:10.0494 5200 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:48:10.0496 5200 circlass - ok
00:48:10.0583 5200 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:48:10.0590 5200 CLFS - ok
00:48:10.0707 5200 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:48:10.0708 5200 CmBatt - ok
00:48:10.0781 5200 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:48:10.0783 5200 cmdide - ok
00:48:10.0837 5200 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:48:10.0838 5200 Compbatt - ok
00:48:10.0891 5200 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:48:10.0892 5200 crcdisk - ok
00:48:10.0932 5200 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:48:10.0934 5200 Crusoe - ok
00:48:11.0063 5200 DfsC (26032a55c99e8140b9ab85f665bf8660) C:\Windows\system32\Drivers\dfsc.sys
00:48:11.0066 5200 DfsC - ok
00:48:11.0174 5200 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:48:11.0176 5200 disk - ok
00:48:11.0272 5200 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
00:48:11.0274 5200 DMICall - ok
00:48:11.0363 5200 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:48:11.0365 5200 drmkaud - ok
00:48:11.0498 5200 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:48:11.0532 5200 DXGKrnl - ok
00:48:11.0584 5200 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:48:11.0588 5200 E1G60 - ok
00:48:11.0743 5200 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:48:11.0748 5200 Ecache - ok
00:48:11.0860 5200 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:48:11.0883 5200 elxstor - ok
00:48:11.0937 5200 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:48:11.0939 5200 ErrDev - ok
00:48:12.0081 5200 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:48:12.0086 5200 exfat - ok
00:48:12.0198 5200 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:48:12.0203 5200 fastfat - ok
00:48:12.0272 5200 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:48:12.0274 5200 fdc - ok
00:48:12.0354 5200 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:48:12.0356 5200 FileInfo - ok
00:48:12.0412 5200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:48:12.0414 5200 Filetrace - ok
00:48:12.0492 5200 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:48:12.0494 5200 flpydisk - ok
00:48:12.0599 5200 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:48:12.0606 5200 FltMgr - ok
00:48:12.0731 5200 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:48:12.0732 5200 Fs_Rec - ok
00:48:12.0814 5200 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:48:12.0816 5200 gagp30kx - ok
00:48:12.0893 5200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
00:48:12.0895 5200 GEARAspiWDM - ok
00:48:13.0019 5200 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:48:13.0026 5200 HdAudAddService - ok
00:48:13.0173 5200 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:48:13.0207 5200 HDAudBus - ok
00:48:13.0263 5200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:48:13.0266 5200 HidBth - ok
00:48:13.0354 5200 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:48:13.0356 5200 HidIr - ok
00:48:13.0547 5200 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:48:13.0549 5200 HidUsb - ok
00:48:13.0602 5200 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:48:13.0604 5200 HpCISSs - ok
00:48:13.0664 5200 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\Windows\system32\drivers\hpfxbulk.sys
00:48:13.0666 5200 HPFXBULK - ok
00:48:13.0780 5200 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:48:13.0786 5200 HSFHWAZL - ok
00:48:13.0906 5200 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:48:13.0951 5200 HSF_DPV - ok
00:48:14.0009 5200 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:48:14.0016 5200 HSXHWAZL - ok
00:48:14.0123 5200 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:48:14.0146 5200 HTTP - ok
00:48:14.0225 5200 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:48:14.0227 5200 i2omp - ok
00:48:14.0314 5200 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:48:14.0316 5200 i8042prt - ok
00:48:14.0414 5200 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
00:48:14.0419 5200 iaStor - ok
00:48:14.0506 5200 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:48:14.0513 5200 iaStorV - ok
00:48:14.0709 5200 igfx (3ad2602f927b7220fc9ccd23cbb4282c) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:48:14.0787 5200 igfx - ok
00:48:14.0845 5200 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:48:14.0848 5200 iirsp - ok
00:48:15.0032 5200 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
00:48:15.0111 5200 IntcAzAudAddService - ok
00:48:15.0204 5200 IntcHdmiAddService (b358c8578d206e1cdd3e81e3b54a1f54) C:\Windows\system32\drivers\IntcHdmi.sys
00:48:15.0208 5200 IntcHdmiAddService - ok
00:48:15.0294 5200 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:48:15.0296 5200 intelide - ok
00:48:15.0364 5200 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:48:15.0367 5200 intelppm - ok
00:48:15.0408 5200 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:48:15.0411 5200 IpFilterDriver - ok
00:48:15.0444 5200 IpInIp - ok
00:48:15.0508 5200 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:48:15.0511 5200 IPMIDRV - ok
00:48:15.0564 5200 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:48:15.0567 5200 IPNAT - ok
00:48:15.0687 5200 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:48:15.0689 5200 IRENUM - ok
00:48:15.0732 5200 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:48:15.0735 5200 isapnp - ok
00:48:15.0843 5200 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:48:15.0849 5200 iScsiPrt - ok
00:48:15.0900 5200 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:48:15.0902 5200 iteatapi - ok
00:48:15.0997 5200 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:48:16.0000 5200 iteraid - ok
00:48:16.0055 5200 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:48:16.0058 5200 kbdclass - ok
00:48:16.0116 5200 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
00:48:16.0118 5200 kbdhid - ok
00:48:16.0253 5200 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:48:16.0276 5200 KSecDD - ok
00:48:16.0395 5200 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:48:16.0398 5200 lltdio - ok
00:48:16.0482 5200 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:48:16.0486 5200 LSI_FC - ok
00:48:16.0545 5200 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:48:16.0549 5200 LSI_SAS - ok
00:48:16.0609 5200 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:48:16.0613 5200 LSI_SCSI - ok
00:48:16.0699 5200 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:48:16.0703 5200 luafv - ok
00:48:16.0772 5200 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
00:48:16.0774 5200 MBAMProtector - ok
00:48:16.0843 5200 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:48:16.0845 5200 mdmxsdk - ok
00:48:16.0917 5200 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:48:16.0919 5200 megasas - ok
00:48:17.0029 5200 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:48:17.0040 5200 MegaSR - ok
00:48:17.0113 5200 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:48:17.0115 5200 Modem - ok
00:48:17.0155 5200 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:48:17.0158 5200 monitor - ok
00:48:17.0205 5200 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:48:17.0208 5200 mouclass - ok
00:48:17.0271 5200 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:48:17.0274 5200 mouhid - ok
00:48:17.0361 5200 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:48:17.0370 5200 MountMgr - ok
00:48:17.0484 5200 mozyFilter (957f5e54b0bc53dc5bebe8327dd154d9) C:\Windows\system32\DRIVERS\mozy.sys
00:48:17.0487 5200 mozyFilter - ok
00:48:17.0565 5200 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:48:17.0569 5200 mpio - ok
00:48:17.0651 5200 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:48:17.0654 5200 mpsdrv - ok
00:48:17.0722 5200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:48:17.0724 5200 Mraid35x - ok
00:48:17.0858 5200 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:48:17.0862 5200 MRxDAV - ok
00:48:17.0971 5200 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:48:17.0975 5200 mrxsmb - ok
00:48:18.0066 5200 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:48:18.0073 5200 mrxsmb10 - ok
00:48:18.0115 5200 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:48:18.0118 5200 mrxsmb20 - ok
00:48:18.0219 5200 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:48:18.0221 5200 msahci - ok
00:48:18.0319 5200 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:48:18.0323 5200 msdsm - ok
00:48:18.0381 5200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:48:18.0383 5200 Msfs - ok
00:48:18.0493 5200 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:48:18.0496 5200 msisadrv - ok
00:48:18.0599 5200 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:48:18.0600 5200 MSKSSRV - ok
00:48:18.0676 5200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:48:18.0678 5200 MSPCLOCK - ok
00:48:18.0719 5200 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:48:18.0720 5200 MSPQM - ok
00:48:18.0825 5200 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:48:18.0830 5200 MsRPC - ok
00:48:18.0909 5200 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:48:18.0912 5200 mssmbios - ok
00:48:19.0002 5200 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:48:19.0004 5200 MSTEE - ok
00:48:19.0094 5200 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:48:19.0096 5200 Mup - ok
00:48:19.0218 5200 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:48:19.0223 5200 NativeWifiP - ok
00:48:19.0317 5200 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:48:19.0340 5200 NDIS - ok
00:48:19.0436 5200 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:48:19.0439 5200 NdisTapi - ok
00:48:19.0482 5200 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:48:19.0484 5200 Ndisuio - ok
00:48:19.0617 5200 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:48:19.0622 5200 NdisWan - ok
00:48:19.0668 5200 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:48:19.0671 5200 NDProxy - ok
00:48:19.0730 5200 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:48:19.0732 5200 NetBIOS - ok
00:48:19.0842 5200 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:48:19.0848 5200 netbt - ok
00:48:20.0098 5200 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
00:48:20.0221 5200 NETw5v32 - ok
00:48:20.0296 5200 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:48:20.0299 5200 nfrd960 - ok
00:48:20.0408 5200 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:48:20.0411 5200 Npfs - ok
00:48:20.0451 5200 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:48:20.0453 5200 nsiproxy - ok
00:48:20.0580 5200 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:48:20.0626 5200 Ntfs - ok
00:48:20.0709 5200 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:48:20.0712 5200 ntrigdigi - ok
00:48:20.0759 5200 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:48:20.0761 5200 Null - ok
00:48:20.0809 5200 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:48:20.0813 5200 nvraid - ok
00:48:20.0888 5200 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:48:20.0891 5200 nvstor - ok
00:48:20.0965 5200 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:48:20.0969 5200 nv_agp - ok
00:48:21.0012 5200 NwlnkFlt - ok
00:48:21.0056 5200 NwlnkFwd - ok
00:48:21.0167 5200 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:48:21.0170 5200 ohci1394 - ok
00:48:21.0289 5200 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:48:21.0293 5200 Parport - ok
00:48:21.0388 5200 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:48:21.0392 5200 partmgr - ok
00:48:21.0463 5200 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:48:21.0465 5200 Parvdm - ok
00:48:21.0570 5200 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:48:21.0575 5200 pci - ok
00:48:21.0655 5200 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
00:48:21.0657 5200 pciide - ok
00:48:21.0724 5200 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:48:21.0730 5200 pcmcia - ok
00:48:21.0850 5200 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:48:21.0882 5200 PEAUTH - ok
00:48:21.0983 5200 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:48:21.0990 5200 PptpMiniport - ok
00:48:22.0061 5200 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:48:22.0064 5200 Processor - ok
00:48:22.0199 5200 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:48:22.0202 5200 PSched - ok
00:48:22.0270 5200 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
00:48:22.0275 5200 PxHelp20 - ok
00:48:22.0504 5200 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:48:22.0573 5200 ql2300 - ok
00:48:22.0907 5200 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:48:22.0921 5200 ql40xx - ok
00:48:23.0019 5200 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:48:23.0021 5200 QWAVEdrv - ok
00:48:23.0097 5200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:48:23.0099 5200 RasAcd - ok
00:48:23.0166 5200 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:48:23.0170 5200 Rasl2tp - ok
00:48:23.0266 5200 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:48:23.0269 5200 RasPppoe - ok
00:48:23.0379 5200 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:48:23.0383 5200 RasSstp - ok
00:48:23.0478 5200 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:48:23.0486 5200 rdbss - ok
00:48:23.0550 5200 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:48:23.0552 5200 RDPCDD - ok
00:48:23.0629 5200 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:48:23.0636 5200 rdpdr - ok
00:48:23.0702 5200 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:48:23.0704 5200 RDPENCDD - ok
00:48:23.0801 5200 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:48:23.0807 5200 RDPWD - ok
00:48:23.0889 5200 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
00:48:23.0891 5200 regi - ok
00:48:24.0020 5200 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
00:48:24.0025 5200 RFCOMM - ok
00:48:24.0129 5200 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:48:24.0131 5200 rimsptsk - ok
00:48:24.0189 5200 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
00:48:24.0190 5200 risdptsk - ok
00:48:24.0290 5200 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:48:24.0297 5200 rspndr - ok
00:48:24.0408 5200 RTHDMIAzAudService (f175b21f20b60958295f9221f11fed9f) C:\Windows\system32\drivers\RtHDMIV.sys
00:48:24.0413 5200 RTHDMIAzAudService - ok
00:48:24.0493 5200 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:48:24.0497 5200 sbp2port - ok
00:48:24.0621 5200 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
00:48:24.0625 5200 sdbus - ok
00:48:24.0735 5200 SecDrv (c71394d99a04ca76484492f590c9cba5) C:\Windows\system32\drivers\SECDRV.SYS
00:48:24.0738 5200 SecDrv - ok
00:48:24.0804 5200 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:48:24.0806 5200 Serenum - ok
00:48:24.0868 5200 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:48:24.0872 5200 Serial - ok
00:48:24.0948 5200 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:48:24.0950 5200 sermouse - ok
00:48:25.0060 5200 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
00:48:25.0062 5200 SFEP - ok
00:48:25.0140 5200 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:48:25.0143 5200 sffdisk - ok
00:48:25.0191 5200 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:48:25.0193 5200 sffp_mmc - ok
00:48:25.0262 5200 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:48:25.0264 5200 sffp_sd - ok
00:48:25.0319 5200 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
00:48:25.0322 5200 sfloppy - ok
00:48:25.0395 5200 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:48:25.0407 5200 sisagp - ok
00:48:25.0488 5200 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:48:25.0490 5200 SiSRaid2 - ok
00:48:25.0557 5200 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:48:25.0561 5200 SiSRaid4 - ok
00:48:25.0703 5200 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:48:25.0710 5200 Smb - ok
00:48:25.0863 5200 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:48:25.0866 5200 spldr - ok
00:48:26.0026 5200 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:48:26.0036 5200 srv - ok
00:48:26.0096 5200 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:48:26.0101 5200 srv2 - ok
00:48:26.0160 5200 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:48:26.0164 5200 srvnet - ok
00:48:26.0253 5200 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:48:26.0256 5200 swenum - ok
00:48:26.0325 5200 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:48:26.0327 5200 Symc8xx - ok
00:48:26.0388 5200 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:48:26.0390 5200 Sym_hi - ok
00:48:26.0445 5200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:48:26.0448 5200 Sym_u3 - ok
00:48:26.0602 5200 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:48:26.0637 5200 Tcpip - ok
00:48:26.0736 5200 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:48:26.0750 5200 Tcpip6 - ok
00:48:26.0836 5200 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:48:26.0839 5200 tcpipreg - ok
00:48:26.0922 5200 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:48:26.0925 5200 TDPIPE - ok
00:48:26.0975 5200 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:48:26.0977 5200 TDTCP - ok
00:48:27.0087 5200 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:48:27.0090 5200 tdx - ok
00:48:27.0170 5200 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:48:27.0173 5200 TermDD - ok
00:48:27.0286 5200 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:48:27.0289 5200 tssecsrv - ok
00:48:27.0351 5200 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:48:27.0353 5200 tunmp - ok
00:48:27.0414 5200 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
00:48:27.0417 5200 tunnel - ok
00:48:27.0461 5200 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:48:27.0464 5200 uagp35 - ok
00:48:27.0580 5200 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:48:27.0588 5200 udfs - ok
00:48:27.0668 5200 UIUSys - ok
00:48:27.0723 5200 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:48:27.0726 5200 uliagpkx - ok
00:48:27.0781 5200 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:48:27.0789 5200 uliahci - ok
00:48:27.0857 5200 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:48:27.0861 5200 UlSata - ok
00:48:27.0915 5200 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:48:27.0920 5200 ulsata2 - ok
00:48:27.0984 5200 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:48:27.0988 5200 umbus - ok
00:48:28.0060 5200 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
00:48:28.0062 5200 USBAAPL - ok
00:48:28.0156 5200 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:48:28.0159 5200 usbccgp - ok
00:48:28.0267 5200 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
00:48:28.0270 5200 USBCCID - ok
00:48:28.0346 5200 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:48:28.0350 5200 usbcir - ok
00:48:28.0427 5200 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:48:28.0430 5200 usbehci - ok
00:48:28.0536 5200 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:48:28.0542 5200 usbhub - ok
00:48:28.0604 5200 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:48:28.0607 5200 usbohci - ok
00:48:28.0677 5200 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:48:28.0679 5200 usbprint - ok
00:48:28.0771 5200 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:48:28.0774 5200 usbscan - ok
00:48:28.0859 5200 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:48:28.0863 5200 USBSTOR - ok
00:48:28.0943 5200 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:48:28.0946 5200 usbuhci - ok
00:48:29.0017 5200 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:48:29.0022 5200 usbvideo - ok
00:48:29.0163 5200 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:48:29.0165 5200 vga - ok
00:48:29.0203 5200 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:48:29.0206 5200 VgaSave - ok
00:48:29.0256 5200 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:48:29.0259 5200 viaagp - ok
00:48:29.0331 5200 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:48:29.0334 5200 ViaC7 - ok
00:48:29.0384 5200 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:48:29.0386 5200 viaide - ok
00:48:29.0467 5200 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:48:29.0470 5200 volmgr - ok
00:48:29.0570 5200 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:48:29.0579 5200 volmgrx - ok
00:48:29.0672 5200 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:48:29.0680 5200 volsnap - ok
00:48:29.0751 5200 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:48:29.0756 5200 vsmraid - ok
00:48:29.0866 5200 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:48:29.0869 5200 WacomPen - ok
00:48:29.0914 5200 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:48:29.0917 5200 Wanarp - ok
00:48:29.0936 5200 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:48:29.0938 5200 Wanarpv6 - ok
00:48:30.0010 5200 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:48:30.0012 5200 Wd - ok
00:48:30.0091 5200 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:48:30.0114 5200 Wdf01000 - ok
00:48:30.0242 5200 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
00:48:30.0248 5200 WimFltr - ok
00:48:30.0336 5200 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:48:30.0347 5200 winachsf - ok
00:48:30.0443 5200 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
00:48:30.0446 5200 WmiAcpi - ok
00:48:30.0541 5200 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
00:48:30.0544 5200 WpdUsb - ok
00:48:30.0642 5200 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:48:30.0644 5200 ws2ifsl - ok
00:48:30.0755 5200 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:48:30.0757 5200 WSDPrintDevice - ok
00:48:30.0848 5200 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:48:30.0851 5200 WUDFRd - ok
00:48:30.0912 5200 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
00:48:30.0915 5200 XAudio - ok
00:48:31.0031 5200 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
00:48:31.0040 5200 yukonwlh - ok
00:48:31.0081 5200 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:48:31.0102 5200 \Device\Harddisk0\DR0 - ok
00:48:31.0109 5200 Boot (0x1200) (5e2613cedf382a008b62807e49c724ab) \Device\Harddisk0\DR0\Partition0
00:48:31.0115 5200 \Device\Harddisk0\DR0\Partition0 - ok
00:48:31.0116 5200 ============================================================
00:48:31.0116 5200 Scan finished
00:48:31.0116 5200 ============================================================
00:48:31.0142 3528 Detected object count: 0
00:48:31.0142 3528 Actual detected object count: 0
  • 0

#7
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Attached File  MBR.zip   554bytes   25 downloads

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-22 00:50:10
-----------------------------
00:50:10.075 OS Version: Windows 6.0.6002 Service Pack 2
00:50:10.075 Number of processors: 2 586 0x1706
00:50:10.077 ComputerName: DAN-PC UserName: Dan
00:50:11.850 Initialize success
00:50:25.652 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:50:25.657 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
00:50:25.662 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005f
00:50:25.668 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
00:50:25.674 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000060
00:50:25.680 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
00:50:25.708 Disk 0 MBR read successfully
00:50:25.715 Disk 0 MBR scan
00:50:25.722 Disk 0 Windows VISTA default MBR code
00:50:25.737 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8401 MB offset 2048
00:50:25.761 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230072 MB offset 17207296
00:50:25.773 Disk 0 scanning sectors +488395120
00:50:25.848 Disk 0 scanning C:\Windows\system32\drivers
00:50:34.901 Service scanning
00:50:37.012 Modules scanning
00:50:45.994 Disk 0 trace - called modules:
00:50:46.032 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll
00:50:46.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863bcac8]
00:50:46.055 3 CLASSPNP.SYS[8a5a28b3] -> nt!IofCallDriver -> [0x859fcc20]
00:50:46.066 Scan finished successfully
00:51:01.651 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\GTG\MBR.dat"
00:51:01.731 The log file has been saved successfully to "C:\Users\Dan\Desktop\GTG\aswMBR.txt"

Edited by dcrookston, 22 December 2011 - 12:01 AM.

  • 0

#8
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTL logfile created on: 12/22/2011 12:52:19 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dan\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 41.33% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 73.11 Gb Free Space | 32.54% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Dan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ADVService) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (RtkHDMIService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (DfsC) -- C:\Windows\System32\drivers\dfsc.sys ()
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 8D 55 B1 63 AA CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 10:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/16 09:45:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F6CF31A0-AE3D-4990-94B3-ED759D7FCCA7}: C:\Users\Dan\AppData\Local\{F6CF31A0-AE3D-4990-94B3-ED759D7FCCA7}

[2010/01/03 12:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2010/01/03 12:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/24 02:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8g2o5puw.default\extensions
[2011/11/24 02:23:11 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8g2o5puw.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011/11/11 23:28:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\8g2o5puw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/10 10:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 10:56:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/21 09:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/06/30 21:26:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 10:56:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/20 01:47:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{800525D2-7165-4A2A-B13E-4763DA668997}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2F78EB2-EF8E-46D5-BD4A-1DF13FF2BA8C}: DhcpNameServer = 217.10.96.44 217.10.96.65
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 01:52:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/20 01:51:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\temp
[2011/12/20 01:10:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/20 01:10:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/20 01:10:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/20 01:10:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/20 01:10:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/20 01:04:17 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\GTG
[2011/12/20 00:39:09 | 000,693,545 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Dan\Desktop\ClickShoot.exe
[2011/12/13 11:55:42 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[2011/11/30 04:04:04 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\School Application Docs
[2011/11/26 01:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/11/22 04:17:34 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\School Financials

========== Files - Modified Within 30 Days ==========

[2011/12/22 00:35:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040134827-1233584846-3129121331-1000UA.job
[2011/12/22 00:26:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 23:35:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4040134827-1233584846-3129121331-1000Core.job
[2011/12/21 23:24:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 23:24:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 10:26:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/20 01:47:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/20 01:32:40 | 000,664,124 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 01:32:40 | 000,128,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 01:24:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 01:24:03 | 3082,850,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 01:22:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/20 01:09:23 | 000,000,570 | ---- | M] () -- C:\Users\Dan\Desktop\ComboFix - Shortcut.lnk
[2011/12/20 00:57:48 | 000,900,601 | ---- | M] () -- C:\Users\Dan\Desktop\ClickShoot_005747.jpg
[2011/12/20 00:36:08 | 000,693,545 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Dan\Desktop\ClickShoot.exe
[2011/12/15 12:36:17 | 000,002,651 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/12/15 01:37:04 | 000,222,208 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 04:20:06 | 267,097,169 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/14 00:41:12 | 001,749,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 11:54:07 | 000,414,305 | ---- | M] () -- C:\Users\Dan\Documents\EVEMon_Settings_3179.xml.bak
[2011/12/13 01:45:31 | 000,001,578 | -HS- | M] () -- C:\Users\Dan\AppData\Local\3r60vx8f63t456
[2011/12/10 02:21:35 | 000,017,491 | ---- | M] () -- C:\Users\Dan\_viminfo
[2011/12/10 01:44:12 | 000,010,884 | -HS- | M] () -- C:\ProgramData\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/12/10 01:44:11 | 000,010,884 | -HS- | M] () -- C:\Users\Dan\AppData\Local\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/12/07 12:01:23 | 000,000,600 | ---- | M] () -- C:\Users\Dan\AppData\Local\PUTTY.RND
[2011/11/26 13:22:02 | 000,002,255 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/12/20 01:10:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/20 01:10:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/20 01:10:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/20 01:10:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/20 01:10:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/20 01:09:23 | 000,000,570 | ---- | C] () -- C:\Users\Dan\Desktop\ComboFix - Shortcut.lnk
[2011/12/20 00:57:48 | 000,900,601 | ---- | C] () -- C:\Users\Dan\Desktop\ClickShoot_005747.jpg
[2011/12/14 13:03:13 | 000,002,651 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/12/13 02:28:25 | 3082,850,304 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/13 01:44:54 | 000,001,578 | -HS- | C] () -- C:\Users\Dan\AppData\Local\3r60vx8f63t456
[2011/12/10 01:23:08 | 000,010,884 | -HS- | C] () -- C:\Users\Dan\AppData\Local\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/12/10 01:23:08 | 000,010,884 | -HS- | C] () -- C:\ProgramData\kwfqfs4h2vmx4rll2kcy3p852k7g
[2011/11/28 01:39:36 | 000,414,305 | ---- | C] () -- C:\Users\Dan\Documents\EVEMon_Settings_3179.xml.bak
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/25 13:04:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/25 13:04:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/26 21:19:44 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/30 04:24:07 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2011/02/15 22:06:53 | 000,000,652 | ---- | C] () -- C:\Windows\ActivStats.INI
[2011/01/27 19:05:35 | 000,241,664 | ---- | C] () -- C:\Windows\System32\hppapr04.DLL
[2011/01/27 19:05:35 | 000,000,526 | ---- | C] () -- C:\Windows\System32\hppapr04.DAT
[2010/02/15 21:47:51 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/04 20:22:12 | 000,023,888 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\UserTile.png
[2009/09/10 22:14:13 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/12 19:04:46 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/03/26 15:18:07 | 000,134,072 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2009/03/26 11:01:50 | 000,000,025 | ---- | C] () -- C:\Windows\SW_Win2000X24.DLL
[2009/03/26 11:00:42 | 000,001,470 | ---- | C] () -- C:\Windows\CITP_SearchHistory.INI
[2009/03/26 11:00:35 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2009/03/26 11:00:35 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2009/03/26 11:00:35 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2009/03/26 11:00:35 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2009/03/15 13:35:20 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/18 16:54:22 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2009/01/25 18:49:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/05 15:33:28 | 000,353,792 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2008/12/05 15:33:28 | 000,107,520 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008/10/21 15:01:07 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/09/29 07:26:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2008/09/26 11:17:09 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/26 11:17:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/21 18:32:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/12 08:09:51 | 000,000,600 | ---- | C] () -- C:\Users\Dan\AppData\Local\PUTTY.RND
[2008/09/12 08:06:39 | 000,000,245 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\.slime-history.eld
[2008/09/03 08:51:43 | 000,222,208 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/03 00:42:39 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2008/06/18 15:19:13 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/06/18 12:48:50 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/06/18 12:48:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/18 12:48:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/06/18 12:48:30 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/18 12:48:29 | 002,144,744 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/18 12:48:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll
[2008/06/18 12:48:29 | 000,100,900 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/18 12:48:28 | 000,469,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/18 12:23:58 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/06/18 12:02:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/06/18 11:57:25 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/06/18 11:54:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/07 12:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/10/30 12:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/05 15:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/05/31 09:13:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2007/04/16 05:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,749,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,704,434 | ---- | C] () -- C:\Windows\System32\PerfStringBackup_bak.INI
[2006/11/02 05:33:01 | 000,664,124 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,128,732 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/10/07 19:07:38 | 000,011,376 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/09/23 22:35:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.emacs.d
[2009/07/10 17:32:21 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.maltego
[2011/10/26 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.purple
[2009/01/10 19:45:20 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Amazon
[2010/09/17 02:22:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Barnes & Noble
[2011/01/21 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Elluminate
[2011/12/13 11:56:27 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\EVEMon
[2011/10/21 00:56:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\FileZilla
[2008/09/05 18:11:27 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Flickr
[2011/07/10 23:43:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\go
[2009/10/31 19:10:30 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\gtk-2.0
[2010/08/22 13:47:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\InterVideo
[2008/10/05 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mount&Blade
[2009/10/04 20:22:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PeerNetworking
[2011/07/21 22:08:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PureEdge
[2010/09/12 05:54:52 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Stardock
[2009/04/02 14:50:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Subversion
[2009/02/18 16:54:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Template
[2008/11/20 10:34:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Three Rings Design
[2011/12/18 21:22:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TS3Client
[2011/12/20 01:08:39 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2011/12/20 01:22:34 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#9
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
There you go :) Thank you so much for your help!
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi dcrookston,

Some leftovers to remove...

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/13 01:45:31 | 000,001,578 | -HS- | M] () -- C:\Users\Dan\AppData\Local\3r60vx8f63t456
    [2011/12/10 01:44:12 | 000,010,884 | -HS- | M] () -- C:\ProgramData\kwfqfs4h2vmx4rll2kcy3p852k7g
    [2011/12/10 01:44:11 | 000,010,884 | -HS- | M] () -- C:\Users\Dan\AppData\Local\kwfqfs4h2vmx4rll2kcy3p852k7g

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

How is your system now? Any problems?

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

Advertisements


#11
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
When I ran that OTL fix, my computer locked up with [emptytemp] and [Reboot] left in the box. I ran TFC (through the task manager - Explorer wasn't responding) and rebooted. I haven't re-run OTL though.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Run Malwarebytes now and post log. After that test your system and tell me what problems you have now.
  • 0

#13
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dan :: DAN-PC [administrator]

Protection: Enabled

12/28/2011 12:58:40 AM
mbam-log-2011-12-28 (00-58-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196684
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


System seems to be running fine, I haven't had a TCP crash in a while. I have questions about what I was infected with, how it got in, etc. Mostly what I'm wondering is what it had access to. I log into my bank often, and I buy things online now and then. Is it possible that it has those credentials? Do I need to change all my passwords now? Is there software that I should have updated but didn't that allowed the virus to get in?
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi dcrookston,

You were infected with ZerroAccess. It is advanced rootkit that usually comes with many other malware and infect system with them. You can read more Here

It's always good idea to change your passwords time to time. That is good habit. You can do it now to avoid problems.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#15
dcrookston

dcrookston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay, I did these things. TFC hung the first time I ran it, so I killed it and used task manager to restart it. (Shouldn't Windows automatically restart Explorer if the process that killed it dies?) Everything seems to be running fine now - I'll update my software, too. Is there anything else after that?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP