Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware in webpages

Started by fiction123 , Dec 24 2011 08:19 AM

  • Please log in to reply

#1
fiction123
Posted 24 December 2011 - 08:19 AM

fiction123

    New Member

  • Member
  • Pip
  • 9 posts
Hello there,
Starting somewhere in last 1-2 weeks, I have started getting this unwelcome addition to all my webpages. That is, in most pages, I get couple of words underlines, and when you hover over, you get a drop-down box, with ads varying from, win-iphone, wrinkels etc. It's same problem as described in this thread;

I have run what as instructed in the thread, however, no result. I still get the hyperlinks, in all my webpages.

I have run OTL scan, and here is the result.


OTL logfile created on: 12/23/2011 3:34:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\matt\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.45% Memory free
5.99 Gb Paging File | 4.47 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 180.15 Gb Total Space | 4.43 Gb Free Space | 2.46% Space Free | Partition Type: NTFS
Drive F: | 13.94 Gb Total Space | 13.83 Gb Free Space | 99.23% Space Free | Partition Type: NTFS

Computer Name: MATT-ACER | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 15:33:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Downloads\OTL.exe
PRC - [2011/12/22 22:25:20 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\matt\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/12/15 18:15:44 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/15 18:15:42 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\matt\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/05 19:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/10/29 18:46:22 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/20 09:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/06/02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2007/11/21 02:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/16 12:40:49 | 000,181,760 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2011.1207.3_0\plugin\ace.dll
MOD - [2011/12/07 11:16:28 | 000,411,192 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 11:16:27 | 003,767,864 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 11:14:56 | 000,122,952 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 11:14:55 | 000,222,280 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 11:14:53 | 001,746,504 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 07:22:33 | 008,593,056 | ---- | M] () -- C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/15 18:15:42 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/17 17:27:57 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2011/02/08 17:46:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/06/02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/12 10:07:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/09/06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 20:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/17 17:27:57 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2011/02/09 11:08:49 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/28 07:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 22:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2008/06/02 09:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/03/28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 4F 2D AF FE 4A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.4
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\matt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\matt\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/29 18:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/08/31 12:20:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/31 12:26:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/29 18:46:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 18:47:32 | 000,000,000 | ---D | M]

[2011/02/28 16:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2011/05/28 01:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mdjso503.default\extensions
[2011/03/03 03:05:01 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mdjso503.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2011/03/03 03:05:21 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mdjso503.default\extensions\[email protected]
[2011/10/28 15:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/24 21:13:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/18 13:28:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/28 15:14:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/29 18:46:57 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MDJSO503.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/24 13:31:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/28 15:13:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/24 13:31:33 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/24 13:31:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/24 13:31:33 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/24 13:31:33 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/24 13:31:33 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\matt\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files\OnLive\Plugin\npolgdet.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\matt\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Guitar Pro Viewer = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\
CHR - Extension: Timer = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.7.4_0\
CHR - Extension: The Godfather: Five Families = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl\1.0_0\
CHR - Extension: Tesco Food = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffibhmnkceoelgabpnpaaojflglampjb\0.41_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Premiumplay Codec-C = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.13.21_0\
CHR - Extension: Gtalklet = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijcfiakajpjojbebgmoahoddbeafckk\0.6.1.4_0\
CHR - Extension: Google Talk = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2011.1207.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/12/22 22:17:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\matt\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe ()
O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe ()
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D2BCBCE-E33F-4BCA-8C68-B6A0BFE29D4F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3444FF1-9906-410C-88F9-A8F23168B5CA}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 22:24:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/22 22:20:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/22 22:00:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/22 22:00:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/22 22:00:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/22 22:00:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/22 22:00:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/22 22:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/22 21:58:58 | 004,348,814 | R--- | C] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/12/22 20:15:18 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Zipped Backup
[2011/12/22 20:13:46 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2011/12/22 20:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/22 20:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/22 20:13:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/22 20:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/22 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{8B774A40-4CBF-467F-9EC8-AAF53CD03E47}
[2011/12/22 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{242CA047-3EC5-4587-B70D-C542A416D3D4}
[2011/12/17 16:16:26 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{86498E8F-04C9-40F3-BBBB-A4D76E9D43CF}
[2011/12/17 16:16:12 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{6C7C026D-3D76-4F7C-BCC9-2BA3D2537641}
[2011/12/17 16:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/12/17 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\matt\Adobe Flash Professional CS5.5
[2011/12/15 18:08:45 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/15 18:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/15 18:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/15 18:07:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/15 17:56:02 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{32802DFF-2AF1-4583-884A-6A6909BDB4FB}
[2011/12/15 17:55:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{2643CA56-0410-48D9-BBFB-FBBF567DF90D}
[2011/12/14 23:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/14 23:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/14 23:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/14 23:35:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/14 23:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/14 23:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/14 23:07:10 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{288A1636-3729-49E9-B8CE-C5222B96429D}
[2011/12/14 23:06:53 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{8B987059-6C5C-4E8B-970A-2F366A6FD132}
[2011/12/14 15:45:55 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Flash stuff
[2011/12/13 08:49:23 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{F3B94DEC-2BC9-48B1-8B94-BF4C7D327EC3}
[2011/12/13 08:49:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{80692E58-D9C0-493F-8CE0-40D35267052A}
[2011/12/12 19:25:10 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{2291914E-1E7B-42CE-A532-E497CB7EAC31}
[2011/12/12 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{C2FE3F30-A3AE-4BA4-A5CB-55E403370C5F}
[2011/12/12 06:34:21 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{D4F99A5F-3CF2-4406-A21F-FACF6D8D0980}
[2011/12/12 06:33:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{065DF82E-1A8B-4812-9F05-991C52AA1D87}
[2011/12/11 18:33:31 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{D44039EE-94FC-4590-A04D-7DF9F0E127F6}
[2011/12/11 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{57D25182-645A-41DF-B3AE-61969C3FA14E}
[2011/12/09 17:49:54 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{E270089D-742E-46D4-B593-8D3185470CF7}
[2011/12/09 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{0D3EA1EE-5FF3-4156-966A-3AA8B952FDE2}
[2011/12/09 03:49:22 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{F510098B-C834-45EB-8777-5172E908F6FC}
[2011/12/09 03:49:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{EC025071-72E7-467A-9706-1470906B1137}
[2011/12/08 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{BC57D04F-FD72-4BF9-A483-2F8CE929809B}
[2011/12/08 10:33:43 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{FCA7B1F2-6932-44BB-A871-FA661B2F64E6}
[2011/12/07 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{B3FA3647-F8C7-4106-A465-E27DAAAD1114}
[2011/12/07 14:20:29 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{43871044-AFF5-4FC7-8D6F-C9D47A68B6BA}
[2011/12/06 10:46:10 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{65D5BD26-0777-48C7-9CD9-613B4ED42C2F}
[2011/12/06 10:45:56 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{BC593FE0-F435-4CD5-910B-9A40FB8871C2}
[2011/12/05 22:11:47 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{958A5D97-A2D1-4C0F-B8FD-BC7CE122F3D7}
[2011/12/05 22:11:24 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{9CEE439B-ACD6-486C-B4E7-787BDF7846B8}
[2011/12/05 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{2FF48DC2-431A-4E0C-9D8D-B3B98123DA4E}
[2011/12/05 10:10:56 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{C15367A3-EAB0-4C3A-8AA0-AA1684CD2508}
[2011/12/05 08:30:43 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Java testing
[2011/12/04 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{6294B8CA-229E-4549-A45E-F17DD766D9A2}
[2011/12/04 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{4BABDE9C-CABC-4D83-8E49-B58CCCA9E6DA}
[2011/12/04 09:22:54 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{C1DAA934-9A2A-4CA9-8675-CA320F4A48D2}
[2011/12/04 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{A6241251-0C7D-4C74-A02F-F245AAC32EE3}
[2011/12/03 10:31:42 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{9BC47E7B-F825-4125-A280-5C1C69F30511}
[2011/12/03 10:31:28 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{86D5A400-8D04-44E7-80A6-95D1C550F5F0}
[2011/12/02 22:21:05 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{9B1437F3-44F7-472E-BA57-DA00BC9CD184}
[2011/12/02 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{3B662762-FB8F-4309-AA5E-4EA921D171EE}
[2011/12/02 10:20:20 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{936D4710-28F4-4E12-9130-59DE5C712169}
[2011/12/02 10:19:21 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{CC48EADB-09A8-45A6-A747-6C0BE47C197C}
[2011/12/01 12:56:46 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{EBEF21AE-2341-4B74-84A5-F6E185742E53}
[2011/12/01 12:56:39 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{1D64944A-0BF1-401A-87D7-27FABAD9C61A}
[2011/11/30 22:15:58 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{EE34C60E-A4C8-412D-BA42-9609567186CC}
[2011/11/30 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{B13657FC-F424-4D16-B927-E95AFF9A9BBB}
[2011/11/30 09:53:37 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{AADD2810-A12C-48C5-8AE2-096135E5F64D}
[2011/11/30 09:53:23 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{FC1395E8-2FEF-4D50-BF2A-FABB50C6A441}
[2011/11/29 15:37:11 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{4D2B09FC-C020-4EC5-A1CD-5BAED5E1B6E9}
[2011/11/29 15:37:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\{5EA7BAB7-30B9-4E6B-994F-8EC2E2C6894D}
[2011/11/28 18:42:20 | 000,000,000 | ---D | C] -- C:\Users\matt\.netbeans-derby
[2011/11/28 18:12:04 | 000,000,000 | ---D | C] -- C:\Users\matt\.m2
[2011/11/28 18:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apache Software Foundation
[2011/11/28 18:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\glassfish-3.1.1
[2011/11/28 18:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
[2011/11/28 18:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.0.1

========== Files - Modified Within 30 Days ==========

[2011/12/23 15:26:52 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 15:26:52 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 15:21:34 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3186710311-4044173172-2494515370-1000UA.job
[2011/12/23 15:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 11:34:54 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/12/23 11:34:50 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/23 11:34:43 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2011/12/23 11:33:55 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 22:17:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/22 21:58:39 | 004,348,814 | R--- | M] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/12/22 20:13:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 19:36:29 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/22 19:36:29 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/22 19:25:41 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3186710311-4044173172-2494515370-1000Core.job
[2011/12/22 19:15:42 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/22 19:15:42 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/14 23:05:04 | 000,409,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/05 23:31:26 | 000,000,962 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/28 18:41:55 | 000,000,063 | ---- | M] () -- C:\Users\matt\.asadminpass

========== Files Created - No Company Name ==========

[2011/12/22 22:00:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/22 22:00:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/22 22:00:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/22 22:00:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/22 22:00:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/22 21:09:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/22 20:13:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/28 18:41:54 | 000,000,063 | ---- | C] () -- C:\Users\matt\.asadminpass
[2011/05/24 13:57:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/02 09:32:41 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/02 09:32:41 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/21 11:21:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/17 19:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011/02/18 17:55:36 | 000,000,600 | ---- | C] () -- C:\Users\matt\AppData\Local\PUTTY.RND
[2011/02/17 18:51:00 | 000,000,017 | ---- | C] () -- C:\Users\matt\AppData\Local\resmon.resmoncfg
[2011/02/09 14:05:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 00:58:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2011/02/09 00:56:01 | 000,123,780 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011/02/09 00:56:01 | 000,001,496 | ---- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat
[2011/02/09 00:56:01 | 000,000,728 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/02/09 00:56:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/02/09 00:56:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/02/09 00:56:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/02/09 00:56:01 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/02/09 00:55:27 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/02/09 00:55:27 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/02/09 00:55:27 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/02/09 00:55:27 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,409,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/28 19:57:47 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/11/10 12:37:37 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/02/09 11:42:21 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DAEMON Tools Lite
[2011/12/23 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Dropbox
[2011/10/25 18:34:00 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\GameRanger
[2011/10/27 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2011/02/08 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Notepad++
[2011/10/13 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OnLive App
[2011/10/07 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\POV-Ray
[2011/02/13 06:38:41 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Publish Providers
[2011/10/24 05:54:01 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\SmartDraw
[2011/02/13 06:38:39 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Sony
[2011/03/03 14:38:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\SwanUni
[2011/02/25 16:11:17 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\TeamViewer
[2011/02/09 12:43:17 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\The Creative Assembly
[2011/12/15 00:32:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\uTorrent
[2011/10/19 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WinEdt Team
[2011/12/23 11:34:50 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/11 13:00:33 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/23 11:34:43 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 24 December 2011 - 07:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Since you have already run them please post your Combofix and MBAM logs.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
fiction123
Posted 27 December 2011 - 06:44 AM

fiction123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry for late reply.

ComboFix log:

ComboFix 11-12-23.01 - matt 23/12/2011 16:08:40.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3067.1882 [GMT 0:00]
Running from: c:\users\matt\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 16:20 . 2011-12-23 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-23 16:05 . 2011-12-23 16:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07C0D09B-B24A-458B-94B3-4D42A0F4155E}\offreg.dll
2011-12-23 15:42 . 2011-12-23 15:42 -------- d-----w- C:\_OTL
2011-12-22 20:13 . 2011-12-22 20:13 -------- d-----w- c:\users\matt\AppData\Roaming\Malwarebytes
2011-12-22 20:13 . 2011-12-22 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-12-22 20:13 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-22 20:13 . 2011-12-22 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-20 14:32 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07C0D09B-B24A-458B-94B3-4D42A0F4155E}\mpengine.dll
2011-12-17 15:32 . 2011-12-17 15:56 -------- d-----w- c:\users\matt\Adobe Flash Professional CS5.5
2011-12-15 18:08 . 2011-12-12 10:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-15 18:08 . 2011-12-15 18:08 -------- d-----w- c:\program files\Lavasoft
2011-12-14 23:35 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-14 23:35 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-12-14 23:35 . 2011-12-14 23:35 -------- d-----w- c:\program files\iPod
2011-12-14 23:35 . 2011-12-14 23:35 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-14 23:35 . 2011-12-14 23:35 -------- d-----w- c:\program files\iTunes
2011-12-14 23:33 . 2011-12-14 23:33 -------- d-----w- c:\program files\Apple Software Update
2011-12-14 23:32 . 2011-12-14 23:32 -------- d-----w- c:\program files\Bonjour
2011-12-14 14:26 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 14:26 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 14:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 14:26 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 14:26 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 14:26 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-28 18:42 . 2011-11-28 18:51 -------- d-----w- c:\users\matt\.netbeans-derby
2011-11-28 18:12 . 2011-11-28 18:12 -------- d-----w- c:\users\matt\.m2
2011-11-28 18:09 . 2011-11-28 18:09 -------- d-----w- c:\program files\Apache Software Foundation
2011-11-28 18:07 . 2011-11-28 18:09 -------- d-----w- c:\program files\glassfish-3.1.1
2011-11-28 18:03 . 2011-11-28 18:07 -------- d-----w- c:\program files\NetBeans 7.0.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 18:46 . 2011-02-08 16:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-29 18:46 . 2011-02-08 16:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-28 15:13 . 2011-02-19 10:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-07 08:15 . 2011-10-07 08:15 159744 ----a-r- c:\users\matt\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\PVEngine.ProgramMe_D0CE053E0E5E4C129BAED0F36021E911.exe
2011-10-07 08:15 . 2011-10-07 08:15 159744 ----a-r- c:\users\matt\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\NewShortcut2_D0CE053E0E5E4C129BAED0F36021E911.exe
2011-10-01 11:14 . 2011-10-01 11:14 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 16:03 . 2011-11-09 13:16 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-24 13:31 . 2011-05-24 13:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"OscarEditor"="c:\program files\MOUSE Editor\MouseEditor.exe" [2010-12-23 3344384]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]
"Akamai NetSession Interface"="c:\users\matt\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-29 273528]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
CurseClientStartup.ccip [2011-2-18 0]
Dropbox.lnk - c:\users\matt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-15 2152152]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-12 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-09 218688]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 18:15]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186710311-4044173172-2494515370-1000Core.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 16:16]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3186710311-4044173172-2494515370-1000UA.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 16:16]
.
2011-12-23 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-10-23 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D3444FF1-9906-410C-88F9-A8F23168B5CA}: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\mdjso503.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5672)
c:\users\matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-12-23 16:22:35
ComboFix-quarantined-files.txt 2011-12-23 16:22
ComboFix2.txt 2011-12-22 22:20
.
Pre-Run: 5,180,260,352 bytes free
Post-Run: 5,126,942,720 bytes free
.
- - End Of File - - 05B7F7B009A3C1A58DC8E84029C9F90D


Malwarebyte's Anti-Malware:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122205

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

24/12/2011 01:20:41
mbam-log-2011-12-24 (01-20-40).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 488351
Time elapsed: 8 hour(s), 50 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


  • 0

#4
fiction123
Posted 27 December 2011 - 06:53 AM

fiction123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
TDSSkiller report;

12:45:57.0929 4244 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:45:58.0468 4244 ============================================================
12:45:58.0468 4244 Current date / time: 2011/12/27 12:45:58.0468
12:45:58.0468 4244 SystemInfo:
12:45:58.0468 4244
12:45:58.0468 4244 OS Version: 6.1.7601 ServicePack: 1.0
12:45:58.0468 4244 Product type: Workstation
12:45:58.0468 4244 ComputerName: MATT-ACER
12:45:58.0468 4244 UserName: matt
12:45:58.0468 4244 Windows directory: C:\Windows
12:45:58.0468 4244 System windows directory: C:\Windows
12:45:58.0468 4244 Processor architecture: Intel x86
12:45:58.0468 4244 Number of processors: 2
12:45:58.0468 4244 Page size: 0x1000
12:45:58.0468 4244 Boot type: Normal boot
12:45:58.0468 4244 ============================================================
12:46:00.0257 4244 Initialize success
12:46:12.0175 4284 ============================================================
12:46:12.0175 4284 Scan started
12:46:12.0175 4284 Mode: Manual;
12:46:12.0175 4284 ============================================================
12:46:13.0658 4284 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:46:13.0662 4284 1394ohci - ok
12:46:13.0728 4284 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:46:13.0732 4284 ACPI - ok
12:46:13.0809 4284 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:46:13.0812 4284 AcpiPmi - ok
12:46:13.0957 4284 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:46:13.0964 4284 adp94xx - ok
12:46:14.0029 4284 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:46:14.0035 4284 adpahci - ok
12:46:14.0105 4284 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:46:14.0109 4284 adpu320 - ok
12:46:14.0178 4284 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:46:14.0184 4284 AFD - ok
12:46:14.0244 4284 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:46:14.0247 4284 agp440 - ok
12:46:14.0298 4284 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:46:14.0301 4284 aic78xx - ok
12:46:14.0459 4284 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:46:14.0462 4284 aliide - ok
12:46:14.0549 4284 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:46:14.0553 4284 amdagp - ok
12:46:14.0572 4284 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:46:14.0574 4284 amdide - ok
12:46:14.0612 4284 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:46:14.0614 4284 AmdK8 - ok
12:46:14.0631 4284 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:46:14.0633 4284 AmdPPM - ok
12:46:14.0699 4284 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
12:46:14.0702 4284 amdsata - ok
12:46:14.0779 4284 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:46:14.0784 4284 amdsbs - ok
12:46:14.0858 4284 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
12:46:14.0861 4284 amdxata - ok
12:46:14.0937 4284 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:46:14.0939 4284 AppID - ok
12:46:15.0100 4284 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:46:15.0103 4284 arc - ok
12:46:15.0138 4284 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:46:15.0141 4284 arcsas - ok
12:46:15.0185 4284 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
12:46:15.0188 4284 aswFsBlk - ok
12:46:15.0254 4284 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
12:46:15.0257 4284 aswMonFlt - ok
12:46:15.0267 4284 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
12:46:15.0270 4284 aswRdr - ok
12:46:15.0411 4284 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
12:46:15.0418 4284 aswSnx - ok
12:46:15.0451 4284 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
12:46:15.0457 4284 aswSP - ok
12:46:15.0491 4284 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
12:46:15.0494 4284 aswTdi - ok
12:46:15.0538 4284 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:46:15.0540 4284 AsyncMac - ok
12:46:15.0590 4284 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:46:15.0591 4284 atapi - ok
12:46:15.0703 4284 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:46:15.0710 4284 b06bdrv - ok
12:46:15.0756 4284 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:46:15.0761 4284 b57nd60x - ok
12:46:15.0818 4284 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:46:15.0821 4284 Beep - ok
12:46:15.0875 4284 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:46:15.0878 4284 blbdrive - ok
12:46:16.0047 4284 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:46:16.0050 4284 bowser - ok
12:46:16.0096 4284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:46:16.0100 4284 BrFiltLo - ok
12:46:16.0117 4284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:46:16.0120 4284 BrFiltUp - ok
12:46:16.0167 4284 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:46:16.0172 4284 Brserid - ok
12:46:16.0203 4284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:46:16.0206 4284 BrSerWdm - ok
12:46:16.0232 4284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:16.0235 4284 BrUsbMdm - ok
12:46:16.0263 4284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:46:16.0265 4284 BrUsbSer - ok
12:46:16.0303 4284 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:46:16.0305 4284 BTHMODEM - ok
12:46:16.0441 4284 catchme - ok
12:46:16.0563 4284 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:46:16.0566 4284 cdfs - ok
12:46:16.0695 4284 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
12:46:16.0700 4284 cdrom - ok
12:46:16.0822 4284 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:46:16.0825 4284 circlass - ok
12:46:16.0861 4284 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:46:16.0866 4284 CLFS - ok
12:46:16.0901 4284 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:46:16.0903 4284 CmBatt - ok
12:46:16.0951 4284 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:46:16.0954 4284 cmdide - ok
12:46:16.0980 4284 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
12:46:16.0987 4284 CNG - ok
12:46:17.0013 4284 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:46:17.0015 4284 Compbatt - ok
12:46:17.0088 4284 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:46:17.0092 4284 CompositeBus - ok
12:46:17.0187 4284 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:46:17.0189 4284 crcdisk - ok
12:46:17.0270 4284 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:46:17.0277 4284 CSC - ok
12:46:17.0375 4284 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:46:17.0378 4284 DfsC - ok
12:46:17.0419 4284 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:46:17.0421 4284 discache - ok
12:46:17.0458 4284 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:46:17.0461 4284 Disk - ok
12:46:17.0513 4284 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:46:17.0515 4284 drmkaud - ok
12:46:17.0559 4284 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:46:17.0563 4284 dtsoftbus01 - ok
12:46:17.0632 4284 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:46:17.0643 4284 DXGKrnl - ok
12:46:17.0749 4284 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:46:17.0817 4284 ebdrv - ok
12:46:17.0891 4284 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:46:17.0899 4284 elxstor - ok
12:46:17.0965 4284 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:46:17.0967 4284 ErrDev - ok
12:46:18.0046 4284 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:46:18.0050 4284 exfat - ok
12:46:18.0086 4284 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:46:18.0089 4284 fastfat - ok
12:46:18.0120 4284 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:46:18.0123 4284 fdc - ok
12:46:18.0150 4284 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:46:18.0153 4284 FileInfo - ok
12:46:18.0168 4284 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:46:18.0171 4284 Filetrace - ok
12:46:18.0186 4284 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:46:18.0189 4284 flpydisk - ok
12:46:18.0267 4284 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:46:18.0271 4284 FltMgr - ok
12:46:18.0316 4284 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:46:18.0319 4284 FsDepends - ok
12:46:18.0338 4284 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
12:46:18.0341 4284 Fs_Rec - ok
12:46:18.0422 4284 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:46:18.0426 4284 fvevol - ok
12:46:18.0650 4284 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:46:18.0672 4284 gagp30kx - ok
12:46:18.0863 4284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:46:18.0866 4284 GEARAspiWDM - ok
12:46:18.0904 4284 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:46:18.0906 4284 hcw85cir - ok
12:46:18.0968 4284 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:46:18.0973 4284 HdAudAddService - ok
12:46:19.0052 4284 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:46:19.0055 4284 HDAudBus - ok
12:46:19.0091 4284 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:46:19.0094 4284 HidBatt - ok
12:46:19.0121 4284 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:46:19.0124 4284 HidBth - ok
12:46:19.0163 4284 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:46:19.0166 4284 HidIr - ok
12:46:19.0285 4284 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:46:19.0288 4284 HidUsb - ok
12:46:19.0385 4284 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:46:19.0388 4284 HpSAMD - ok
12:46:19.0510 4284 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:46:19.0535 4284 HSF_DPV - ok
12:46:19.0639 4284 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:46:19.0644 4284 HSXHWAZL - ok
12:46:19.0718 4284 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:46:19.0726 4284 HTTP - ok
12:46:19.0778 4284 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:46:19.0780 4284 hwpolicy - ok
12:46:19.0850 4284 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:46:19.0853 4284 i8042prt - ok
12:46:19.0925 4284 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
12:46:19.0933 4284 iaStorV - ok
12:46:19.0975 4284 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:46:19.0978 4284 iirsp - ok
12:46:20.0039 4284 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
12:46:20.0042 4284 int15 - ok
12:46:20.0137 4284 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
12:46:20.0194 4284 IntcAzAudAddService - ok
12:46:20.0291 4284 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:46:20.0293 4284 intelide - ok
12:46:20.0350 4284 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:46:20.0352 4284 intelppm - ok
12:46:20.0384 4284 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:20.0387 4284 IpFilterDriver - ok
12:46:20.0467 4284 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:46:20.0471 4284 IPMIDRV - ok
12:46:20.0511 4284 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:46:20.0514 4284 IPNAT - ok
12:46:20.0567 4284 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:46:20.0570 4284 IRENUM - ok
12:46:20.0623 4284 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:46:20.0626 4284 isapnp - ok
12:46:20.0683 4284 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:46:20.0688 4284 iScsiPrt - ok
12:46:20.0725 4284 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:46:20.0728 4284 kbdclass - ok
12:46:20.0819 4284 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:46:20.0829 4284 kbdhid - ok
12:46:21.0055 4284 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
12:46:21.0066 4284 KSecDD - ok
12:46:21.0206 4284 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
12:46:21.0210 4284 KSecPkg - ok
12:46:21.0443 4284 L1E (8c804b1ffad1efa952b747e8285c3b76) C:\Windows\system32\DRIVERS\L1E62x86.sys
12:46:21.0446 4284 L1E - ok
12:46:21.0916 4284 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
12:46:21.0917 4284 Lavasoft Kernexplorer - ok
12:46:22.0133 4284 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
12:46:22.0140 4284 Lbd - ok
12:46:22.0371 4284 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:46:22.0375 4284 lltdio - ok
12:46:22.0687 4284 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:46:22.0695 4284 LSI_FC - ok
12:46:23.0063 4284 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:46:23.0070 4284 LSI_SAS - ok
12:46:23.0263 4284 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:46:23.0266 4284 LSI_SAS2 - ok
12:46:23.0560 4284 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:46:23.0564 4284 LSI_SCSI - ok
12:46:23.0677 4284 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:46:23.0681 4284 luafv - ok
12:46:23.0986 4284 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
12:46:23.0987 4284 MBAMProtector - ok
12:46:24.0424 4284 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:46:24.0427 4284 mdmxsdk - ok
12:46:24.0557 4284 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:46:24.0560 4284 megasas - ok
12:46:24.0775 4284 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:46:24.0780 4284 MegaSR - ok
12:46:25.0143 4284 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:46:25.0146 4284 Modem - ok
12:46:25.0328 4284 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:46:25.0330 4284 monitor - ok
12:46:25.0525 4284 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:46:25.0528 4284 mouclass - ok
12:46:25.0902 4284 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:46:25.0907 4284 mouhid - ok
12:46:26.0079 4284 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:46:26.0084 4284 mountmgr - ok
12:46:26.0241 4284 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:46:26.0246 4284 mpio - ok
12:46:26.0326 4284 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:46:26.0328 4284 mpsdrv - ok
12:46:26.0470 4284 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:46:26.0480 4284 MRxDAV - ok
12:46:26.0734 4284 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:26.0738 4284 mrxsmb - ok
12:46:27.0148 4284 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:27.0158 4284 mrxsmb10 - ok
12:46:27.0559 4284 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:27.0562 4284 mrxsmb20 - ok
12:46:27.0687 4284 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:46:27.0689 4284 msahci - ok
12:46:27.0796 4284 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:46:27.0806 4284 msdsm - ok
12:46:27.0892 4284 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:46:27.0895 4284 Msfs - ok
12:46:27.0946 4284 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:46:27.0953 4284 mshidkmdf - ok
12:46:28.0418 4284 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:46:28.0429 4284 msisadrv - ok
12:46:28.0777 4284 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:46:28.0779 4284 MSKSSRV - ok
12:46:29.0019 4284 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:29.0029 4284 MSPCLOCK - ok
12:46:29.0443 4284 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:46:29.0446 4284 MSPQM - ok
12:46:29.0606 4284 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:46:29.0612 4284 MsRPC - ok
12:46:29.0716 4284 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:46:29.0727 4284 mssmbios - ok
12:46:29.0831 4284 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:46:29.0834 4284 MSTEE - ok
12:46:29.0856 4284 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:46:29.0860 4284 MTConfig - ok
12:46:29.0884 4284 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:46:29.0887 4284 Mup - ok
12:46:29.0937 4284 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:46:29.0943 4284 NativeWifiP - ok
12:46:30.0135 4284 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:46:30.0169 4284 NDIS - ok
12:46:30.0479 4284 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:46:30.0482 4284 NdisCap - ok
12:46:30.0526 4284 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:46:30.0529 4284 NdisTapi - ok
12:46:30.0605 4284 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:46:30.0609 4284 Ndisuio - ok
12:46:30.0685 4284 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:46:30.0689 4284 NdisWan - ok
12:46:30.0752 4284 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:46:30.0755 4284 NDProxy - ok
12:46:30.0802 4284 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:46:30.0805 4284 NetBIOS - ok
12:46:30.0860 4284 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:46:30.0866 4284 NetBT - ok
12:46:31.0058 4284 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:46:31.0153 4284 netw5v32 - ok
12:46:31.0312 4284 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:46:31.0315 4284 nfrd960 - ok
12:46:31.0489 4284 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:46:31.0493 4284 Npfs - ok
12:46:31.0534 4284 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:46:31.0537 4284 nsiproxy - ok
12:46:31.0640 4284 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
12:46:31.0675 4284 Ntfs - ok
12:46:31.0716 4284 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:46:31.0719 4284 Null - ok
12:46:32.0066 4284 nvlddmkm (9a55250a7edc9ea12dc3495f5e9f8703) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:46:32.0286 4284 nvlddmkm - ok
12:46:32.0440 4284 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
12:46:32.0444 4284 nvraid - ok
12:46:32.0489 4284 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
12:46:32.0493 4284 nvstor - ok
12:46:32.0572 4284 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:46:32.0576 4284 nv_agp - ok
12:46:32.0639 4284 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:46:32.0643 4284 ohci1394 - ok
12:46:32.0705 4284 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:46:32.0708 4284 Parport - ok
12:46:32.0765 4284 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:46:32.0769 4284 partmgr - ok
12:46:32.0794 4284 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:46:32.0796 4284 Parvdm - ok
12:46:32.0856 4284 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:46:32.0861 4284 pci - ok
12:46:32.0908 4284 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:46:32.0912 4284 pciide - ok
12:46:32.0944 4284 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:46:32.0948 4284 pcmcia - ok
12:46:32.0975 4284 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:46:32.0978 4284 pcw - ok
12:46:33.0007 4284 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:46:33.0016 4284 PEAUTH - ok
12:46:33.0119 4284 Point32 (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
12:46:33.0122 4284 Point32 - ok
12:46:33.0205 4284 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:46:33.0208 4284 PptpMiniport - ok
12:46:33.0252 4284 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:46:33.0255 4284 Processor - ok
12:46:33.0355 4284 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:46:33.0358 4284 Psched - ok
12:46:33.0418 4284 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:46:33.0453 4284 ql2300 - ok
12:46:33.0534 4284 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:46:33.0538 4284 ql40xx - ok
12:46:33.0561 4284 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:46:33.0564 4284 QWAVEdrv - ok
12:46:33.0584 4284 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:46:33.0587 4284 RasAcd - ok
12:46:33.0624 4284 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:46:33.0626 4284 RasAgileVpn - ok
12:46:33.0684 4284 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:33.0687 4284 Rasl2tp - ok
12:46:33.0736 4284 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:33.0739 4284 RasPppoe - ok
12:46:33.0865 4284 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:46:33.0868 4284 RasSstp - ok
12:46:33.0941 4284 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:46:33.0947 4284 rdbss - ok
12:46:33.0963 4284 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:46:33.0965 4284 rdpbus - ok
12:46:34.0028 4284 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:34.0031 4284 RDPCDD - ok
12:46:34.0084 4284 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:46:34.0088 4284 RDPDR - ok
12:46:34.0121 4284 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:46:34.0125 4284 RDPENCDD - ok
12:46:34.0147 4284 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:46:34.0150 4284 RDPREFMP - ok
12:46:34.0201 4284 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
12:46:34.0207 4284 RDPWD - ok
12:46:34.0302 4284 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:46:34.0306 4284 rdyboost - ok
12:46:34.0431 4284 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:46:34.0434 4284 rspndr - ok
12:46:34.0502 4284 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:46:34.0505 4284 s3cap - ok
12:46:34.0561 4284 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:46:34.0565 4284 sbp2port - ok
12:46:34.0628 4284 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:46:34.0633 4284 scfilter - ok
12:46:34.0770 4284 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:46:34.0773 4284 secdrv - ok
12:46:34.0808 4284 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:46:34.0811 4284 Serenum - ok
12:46:34.0829 4284 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:46:34.0832 4284 Serial - ok
12:46:34.0888 4284 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:46:34.0893 4284 sermouse - ok
12:46:34.0935 4284 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:46:34.0937 4284 sffdisk - ok
12:46:34.0965 4284 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:46:34.0967 4284 sffp_mmc - ok
12:46:34.0979 4284 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:46:34.0982 4284 sffp_sd - ok
12:46:35.0031 4284 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:46:35.0034 4284 sfloppy - ok
12:46:35.0107 4284 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:46:35.0110 4284 sisagp - ok
12:46:35.0181 4284 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:46:35.0183 4284 SiSRaid2 - ok
12:46:35.0202 4284 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:46:35.0205 4284 SiSRaid4 - ok
12:46:35.0241 4284 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:46:35.0244 4284 Smb - ok
12:46:35.0275 4284 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:46:35.0278 4284 spldr - ok
12:46:35.0333 4284 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:46:35.0339 4284 srv - ok
12:46:35.0369 4284 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:46:35.0376 4284 srv2 - ok
12:46:35.0432 4284 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:46:35.0437 4284 SrvHsfHDA - ok
12:46:35.0521 4284 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:46:35.0548 4284 SrvHsfV92 - ok
12:46:35.0604 4284 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:46:35.0615 4284 SrvHsfWinac - ok
12:46:35.0660 4284 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:46:35.0665 4284 srvnet - ok
12:46:35.0717 4284 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:46:35.0719 4284 stexstor - ok
12:46:35.0788 4284 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:46:35.0791 4284 storflt - ok
12:46:35.0845 4284 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:46:35.0849 4284 storvsc - ok
12:46:35.0903 4284 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:46:35.0906 4284 swenum - ok
12:46:36.0038 4284 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
12:46:36.0073 4284 Tcpip - ok
12:46:36.0159 4284 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
12:46:36.0168 4284 TCPIP6 - ok
12:46:36.0261 4284 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:46:36.0264 4284 tcpipreg - ok
12:46:36.0320 4284 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:46:36.0323 4284 TDPIPE - ok
12:46:36.0379 4284 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
12:46:36.0382 4284 TDTCP - ok
12:46:36.0437 4284 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:46:36.0441 4284 tdx - ok
12:46:36.0498 4284 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:46:36.0501 4284 TermDD - ok
12:46:36.0545 4284 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:46:36.0548 4284 tssecsrv - ok
12:46:36.0622 4284 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:46:36.0626 4284 TsUsbFlt - ok
12:46:36.0702 4284 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:46:36.0706 4284 tunnel - ok
12:46:36.0737 4284 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:46:36.0740 4284 uagp35 - ok
12:46:36.0788 4284 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:46:36.0794 4284 udfs - ok
12:46:36.0877 4284 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:46:36.0881 4284 uliagpkx - ok
12:46:36.0952 4284 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
12:46:36.0955 4284 umbus - ok
12:46:36.0984 4284 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:46:36.0986 4284 UmPass - ok
12:46:37.0014 4284 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
12:46:37.0017 4284 usbccgp - ok
12:46:37.0058 4284 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:46:37.0061 4284 usbcir - ok
12:46:37.0080 4284 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
12:46:37.0083 4284 usbehci - ok
12:46:37.0116 4284 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
12:46:37.0121 4284 usbhub - ok
12:46:37.0153 4284 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
12:46:37.0156 4284 usbohci - ok
12:46:37.0202 4284 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:46:37.0204 4284 usbprint - ok
12:46:37.0235 4284 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:46:37.0237 4284 USBSTOR - ok
12:46:37.0254 4284 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
12:46:37.0257 4284 usbuhci - ok
12:46:37.0296 4284 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
12:46:37.0301 4284 usbvideo - ok
12:46:37.0440 4284 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:46:37.0481 4284 vdrvroot - ok
12:46:37.0725 4284 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:46:37.0728 4284 vga - ok
12:46:37.0772 4284 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:46:37.0776 4284 VgaSave - ok
12:46:37.0824 4284 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:46:37.0829 4284 vhdmp - ok
12:46:37.0902 4284 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:46:37.0906 4284 viaagp - ok
12:46:37.0953 4284 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:46:37.0956 4284 ViaC7 - ok
12:46:38.0010 4284 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:46:38.0013 4284 viaide - ok
12:46:38.0078 4284 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:46:38.0083 4284 vmbus - ok
12:46:38.0134 4284 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:46:38.0137 4284 VMBusHID - ok
12:46:38.0190 4284 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:46:38.0196 4284 volmgr - ok
12:46:38.0245 4284 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:46:38.0251 4284 volmgrx - ok
12:46:38.0304 4284 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:46:38.0309 4284 volsnap - ok
12:46:38.0343 4284 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:46:38.0348 4284 vsmraid - ok
12:46:38.0368 4284 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:46:38.0372 4284 vwifibus - ok
12:46:38.0405 4284 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:46:38.0408 4284 WacomPen - ok
12:46:38.0482 4284 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:38.0487 4284 WANARP - ok
12:46:38.0492 4284 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:46:38.0494 4284 Wanarpv6 - ok
12:46:38.0639 4284 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:46:38.0642 4284 Wd - ok
12:46:38.0680 4284 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:46:38.0688 4284 Wdf01000 - ok
12:46:38.0746 4284 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:46:38.0749 4284 WfpLwf - ok
12:46:38.0778 4284 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:46:38.0782 4284 WIMMount - ok
12:46:38.0839 4284 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:46:38.0849 4284 winachsf - ok
12:46:38.0974 4284 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
12:46:38.0978 4284 winbondcir - ok
12:46:39.0196 4284 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
12:46:39.0200 4284 WinUsb - ok
12:46:39.0294 4284 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:46:39.0297 4284 WmiAcpi - ok
12:46:39.0350 4284 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:46:39.0352 4284 ws2ifsl - ok
12:46:39.0430 4284 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:46:39.0433 4284 WudfPf - ok
12:46:39.0491 4284 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:46:39.0496 4284 WUDFRd - ok
12:46:39.0633 4284 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
12:46:39.0636 4284 XAudio - ok
12:46:39.0669 4284 MBR (0x1B8) (a3095e5b8060d0d6b97e87ec1bb50c3c) \Device\Harddisk0\DR0
12:46:39.0712 4284 \Device\Harddisk0\DR0 - ok
12:46:39.0748 4284 Boot (0x1200) (823702023795e19fb8b8bc7207b5eb93) \Device\Harddisk0\DR0\Partition0
12:46:39.0750 4284 \Device\Harddisk0\DR0\Partition0 - ok
12:46:39.0779 4284 Boot (0x1200) (7771ea4f37791be3e82d2715fc0782fc) \Device\Harddisk0\DR0\Partition1
12:46:39.0781 4284 \Device\Harddisk0\DR0\Partition1 - ok
12:46:39.0781 4284 ============================================================
12:46:39.0781 4284 Scan finished
12:46:39.0781 4284 ============================================================
12:46:39.0796 5016 Detected object count: 0
12:46:39.0796 5016 Actual detected object count: 0


aswMBR report:

At the end, the fixMBR button was shown.

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-27 12:49:33
-----------------------------
12:49:33.370 OS Version: Windows 6.1.7601 Service Pack 1
12:49:33.370 Number of processors: 2 586 0xF0D
12:49:33.373 ComputerName: MATT-ACER UserName: matt
12:49:47.364 Initialize success
12:49:47.812 AVAST engine defs: 11122700
12:50:17.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:50:17.174 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 11
12:50:19.273 Disk 0 MBR read successfully
12:50:19.276 Disk 0 MBR scan
12:50:19.280 Disk 0 unknown MBR code
12:50:19.286 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 184476 MB offset 2048
12:50:19.317 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14277 MB offset 377808896
12:50:19.321 Disk 0 Partition - 00 05 Extended 39720 MB offset 407050238
12:50:19.354 Disk 0 Partition 3 00 82 Linux swap 8997 MB offset 469970944
12:50:19.359 Disk 0 Partition - 00 05 Extended 29413 MB offset 407050239
12:50:19.406 Disk 0 scanning sectors +488396800
12:50:19.478 Disk 0 scanning C:\Windows\system32\drivers
12:50:32.389 Service scanning
12:50:34.085 Modules scanning
12:50:42.538 Scan finished successfully
12:51:14.168 Disk 0 MBR has been saved successfully to "C:\Users\matt\Desktop\MBR.dat"
12:51:14.174 The log file has been saved successfully to "C:\Users\matt\Desktop\aswMBR.txt"


  • 0

#5
fiction123
Posted 27 December 2011 - 10:22 AM

fiction123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Event log for system;

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/12/2011 16:19:11

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2011 16:13:19
Type: Error Category: 0
Event: 31004 Source: Microsoft-Windows-SharedAccess_NAT
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2011 16:15:06
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_147E&PID_1000\5&57fcd44&0&2.

Log: 'System' Date/Time: 27/12/2011 16:14:11
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 27/12/2011 16:13:33
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.


For application


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/12/2011 16:21:44

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#6
RKinner
Posted 27 December 2011 - 11:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Since none of the logs found anything I assume the problem is still there.

Does this happen in IE, Firefox and Chrome?

Start, Firefox. Click on the Firefox button in the top left. Hover over Help until the menu appears then click on Restart With Add-Ons Disabled. Restart. Firefox will close and reopen. It will ask you if you want to make the changes permanent but we don't want to do that yet so just Continue in Safe Mode. See if you still get your underlines. If not is is one of the add-ons. Firefox, Add-ons, Extensions then Disable all of the extensions. Repeat the first step but this time select Exit. This will close Firefox and get you out of Safe Mode. You will need to manually restart it. If Disabling all of the extensions helped you can go back in and enable them one at a time (restart firefox each time) and see which one it is.

If it's not an extension then get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.

Ron
  • 0

#7
fiction123
Posted 27 December 2011 - 01:05 PM

fiction123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thankyou so much. It was an extension. It's called:

Premiumplay Codec-C 0.72.17
by crossrider


Could you help me remove this extension? I was able to remove it in Chrome, however, it still appears in Firefox(I have disabled it), and there is no remove button.
  • 0

#8
RKinner
Posted 27 December 2011 - 03:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Close Firefox.

Copy the text in the code box by highlighting and Ctrl + c 


:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/08/31 12:20:55 | 000,000,000 | ---D | M]

:files 
C:\ProgramData\CodecCheck

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, it shouldn't need to reboot. Copy and paste the log.
  • 0

#9
fiction123
Posted 28 December 2011 - 10:22 AM

fiction123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey,
Here are the logs

========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox not found.
========== FILES ==========
C:\ProgramData\CodecCheck\firefox\skin folder moved successfully.
C:\ProgramData\CodecCheck\firefox\locale\en-US folder moved successfully.
C:\ProgramData\CodecCheck\firefox\locale folder moved successfully.
C:\ProgramData\CodecCheck\firefox\defaults\preferences folder moved successfully.
C:\ProgramData\CodecCheck\firefox\defaults folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib\facebox\Images folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib\facebox folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome folder moved successfully.
C:\ProgramData\CodecCheck\firefox folder moved successfully.
C:\ProgramData\CodecCheck\chrome folder moved successfully.
C:\ProgramData\CodecCheck folder moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_161858


  • 0

#10
RKinner
Posted 28 December 2011 - 10:25 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
So did that get it? Is the extension still showing in Firefox?
  • 0

#11
fiction123
Posted 28 December 2011 - 01:17 PM

fiction123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yep, it did. Cheers!
  • 0

#12
RKinner
Posted 28 December 2011 - 01:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Good. Cleanup time:

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#13
fiction123
Posted 30 December 2011 - 06:32 AM

fiction123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Done all that you suggested. Turns out I do have couple of programs that were out of date.
Thanks again for your help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP