Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista Internet Security 2012


  • Please log in to reply

#1
soccerpall86

soccerpall86

    Member

  • Member
  • PipPip
  • 28 posts
Hi,

I seem to have picked up the Vista Internet Security 2012 malware. The main window pops up and scans the system. Messages pop up claiming to have found othr viruses. It seems to have embedde itself in the windows security program as the firewall and virus protector. Other than that I can still open up programs and access the internet. I have run Malwarebytes and SuperAntiSpyware, but the program returns.

Thank you for any assistance,
Adam


OTL logfile created on: 12/25/2011 10:32:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\fixspyware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.67% Memory free
4.21 Gb Paging File | 2.19 Gb Available in Paging File | 51.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.65 Gb Total Space | 54.21 Gb Free Space | 51.31% Space Free | Partition Type: NTFS
Drive F: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.74 Gb Total Space | 0.15 Gb Free Space | 3.90% Space Free | Partition Type: FAT32

Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 10:31:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\fixspyware\OTL.com
PRC - [2011/12/24 22:18:32 | 000,342,528 | ---- | M] (Microsoft Corporation) -- C:\Users\Adam\AppData\Local\Temp\Low\fqb.exe
PRC - [2011/12/18 16:57:26 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/08 19:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/22 00:06:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2010/08/06 02:55:38 | 001,807,886 | ---- | M] () -- C:\cygwin\bin\XWin.exe
PRC - [2010/01/23 16:21:20 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/15 15:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006/12/18 22:39:50 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2006/11/28 12:58:40 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2006/11/24 20:58:38 | 000,919,672 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/11/24 13:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/11/24 13:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2006/11/13 08:32:52 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/11/13 08:32:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/11/13 08:32:49 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006/11/11 18:35:36 | 000,043,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2006/10/31 13:32:10 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/09/26 17:48:36 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/09/26 17:46:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/09/20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/08/23 15:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/08/01 15:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/20 22:11:49 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/20 22:11:49 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/12/20 14:33:51 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/20 14:33:51 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/21 19:43:32 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/14 19:54:30 | 000,046,094 | ---- | M] () -- C:\cygwin\bin\cyggcc_s-1.dll
MOD - [2010/08/06 02:55:38 | 001,807,886 | ---- | M] () -- C:\cygwin\bin\XWin.exe
MOD - [2010/08/02 23:52:00 | 000,032,782 | ---- | M] () -- C:\cygwin\bin\cygXrender-1.dll
MOD - [2010/08/02 23:22:10 | 000,053,262 | ---- | M] () -- C:\cygwin\bin\cygXext-6.dll
MOD - [2010/08/02 23:21:04 | 000,018,446 | ---- | M] () -- C:\cygwin\bin\cygXfixes-3.dll
MOD - [2010/08/02 23:17:42 | 000,010,766 | ---- | M] () -- C:\cygwin\bin\cygXau-6.dll
MOD - [2010/08/02 18:58:25 | 000,385,550 | ---- | M] () -- C:\cygwin\bin\cygpixman-1-0.dll
MOD - [2010/08/01 16:04:19 | 000,077,838 | ---- | M] () -- C:\cygwin\bin\cygz.dll
MOD - [2010/04/28 17:48:47 | 000,078,350 | ---- | M] () -- C:\cygwin\bin\cygxcb-1.dll
MOD - [2010/03/17 16:59:16 | 000,459,278 | ---- | M] () -- C:\cygwin\bin\cyggcrypt-11.dll
MOD - [2010/03/17 16:33:16 | 000,015,886 | ---- | M] () -- C:\cygwin\bin\cyggpg-error-0.dll
MOD - [2010/03/02 20:14:03 | 000,503,822 | ---- | M] () -- C:\cygwin\bin\cygfreetype-6.dll
MOD - [2010/02/09 20:52:39 | 000,077,838 | ---- | M] () -- \\?\C:\cygwin\lib\dri\swrast_dri.so
MOD - [2010/02/09 20:52:34 | 002,445,838 | ---- | M] () -- C:\cygwin\bin\cygGL-1.dll
MOD - [2010/02/09 19:51:56 | 001,064,462 | ---- | M] () -- C:\cygwin\bin\cygX11-6.dll
MOD - [2009/10/14 02:09:54 | 000,021,006 | ---- | M] () -- C:\cygwin\bin\cygfontenc-1.dll
MOD - [2009/10/14 02:04:31 | 000,017,422 | ---- | M] () -- C:\cygwin\bin\cygXdmcp-6.dll
MOD - [2009/09/03 03:35:18 | 000,030,734 | ---- | M] () -- C:\cygwin\bin\cygXcursor-1.dll
MOD - [2009/08/04 12:33:24 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll
MOD - [2009/04/03 00:04:06 | 000,031,232 | ---- | M] () -- C:\cygwin\bin\cygintl-8.dll
MOD - [2009/03/01 22:11:27 | 000,061,952 | ---- | M] () -- C:\cygwin\bin\cygbz2-1.dll
MOD - [2007/01/13 02:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007/01/13 02:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006/12/13 16:19:34 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/12/13 16:16:20 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
MOD - [2006/08/01 15:17:26 | 000,106,496 | ---- | M] () -- C:\Program Files\AIM\aimax.dll
MOD - [2006/07/25 16:16:02 | 000,013,312 | ---- | M] () -- C:\Program Files\AIM\oscres.dll
MOD - [2006/07/25 12:54:18 | 000,110,592 | ---- | M] () -- C:\Program Files\AIM\AIM_xmlp.dll
MOD - [2005/06/16 17:46:26 | 000,081,920 | ---- | M] () -- C:\Program Files\AIM\AIMToday.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/15 16:43:19 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/23 16:21:20 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/24 13:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/11/13 20:31:22 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/10/31 13:32:10 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/31 13:32:10 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/10/27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/24 13:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/10/13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/10/11 21:36:02 | 000,741,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/10/11 18:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2006/10/11 18:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/10/09 14:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2006/10/09 14:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/10/04 21:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/10/04 21:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/04 21:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/09/26 17:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/09/26 17:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/09/21 12:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2006/09/20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/09/17 00:08:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/08/29 00:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/08/23 15:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 21:00:12 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\02480951.sys -- (02480951)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/23 16:23:03 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\02480952.sys -- (02480952)
DRV - [2009/10/09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\0248095.sys -- (setup_9.0.0.722_13.05.2011_04-14drv)
DRV - [2009/03/04 14:49:22 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2006/11/30 22:13:46 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/11/30 22:13:46 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/13 22:07:45 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/13 08:32:52 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/10 16:50:53 | 000,227,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/11/10 16:43:38 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/06 04:00:00 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/11/06 04:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/06 04:00:00 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006/11/06 03:09:26 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006/11/03 20:23:02 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/03 20:23:00 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/03 20:22:56 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/10/24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006/10/18 14:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 13:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/06 16:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...iv_eg_self_main

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/23 19:17:14 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOSecurity] C:\Program Files\Sony\VAIO Security Center\VSC.exe ()
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000 File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52E6A162-7BFC-44BC-B657-722AD3F1F773}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 14:33:36 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/20 14:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/20 14:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/20 14:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/20 13:40:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/18 15:22:58 | 000,000,000 | ---D | C] -- C:\Users\Adam\{a667790d-589a-4c50-bff9-9531345c4ade}
[2011/12/18 15:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/12/18 15:11:03 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\bitpim
[2011/12/18 15:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitPim
[2011/12/18 15:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
[2011/12/01 21:05:35 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\DDMSettings

========== Files - Modified Within 30 Days ==========

[2011/12/25 10:32:37 | 000,659,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/25 10:32:37 | 000,125,692 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/25 10:23:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 10:23:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 10:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 22:10:05 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 21:00:12 | 000,128,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\02480951.sys
[2011/12/20 14:33:08 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/20 13:47:40 | 000,000,366 | ---- | M] () -- C:\Users\Adam\Documents\backup_reg_122011.reg
[2011/12/18 16:48:19 | 000,399,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/01 21:59:16 | 000,014,336 | ---- | M] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 19:30:26 | 001,032,291 | ---- | M] () -- C:\Users\Adam\Documents\11.20Norelco$5-$30.pdf

========== Files Created - No Company Name ==========

[2011/12/20 14:33:08 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/20 13:47:40 | 000,000,366 | ---- | C] () -- C:\Users\Adam\Documents\backup_reg_122011.reg
[2011/11/25 19:30:26 | 001,032,291 | ---- | C] () -- C:\Users\Adam\Documents\11.20Norelco$5-$30.pdf
[2011/08/25 10:26:11 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/03/09 03:08:05 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/14 08:33:43 | 000,000,680 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2010/12/02 23:03:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/27 04:30:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/27 04:30:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/01 19:45:14 | 000,014,336 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 16:46:20 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2010/01/23 16:45:14 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2010/01/23 16:32:02 | 001,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/12/18 23:22:07 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2006/12/18 22:39:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2006/12/18 22:26:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/12/18 22:26:47 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/13 18:10:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2006/12/13 16:17:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/12/13 16:16:20 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/30 22:13:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/11/30 22:13:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/30 22:12:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,399,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,659,788 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,125,692 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/02/01 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Aim
[2011/08/25 10:26:37 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DassaultSystemes
[2011/06/15 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Dropbox
[2011/08/25 10:30:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\EDrawings
[2010/12/02 22:36:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\InterVideo
[2011/07/26 07:34:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Philipp Winterberg
[2010/07/05 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Uniblue
[2010/09/20 22:03:56 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\VanDyke
[2011/12/20 20:58:00 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.




Ron
  • 0

#3
soccerpall86

soccerpall86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
ComboFix 11-12-24.10 - Adam 12/25/2011 13:26:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1000 [GMT -5:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TelevisionFanatic
c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat
c:\program files\TelevisionFanaticEI
c:\programdata\pswi_preloaded.exe
c:\windows\$NtUninstallKB44161$
c:\windows\$NtUninstallKB44161$\1387789878\@
c:\windows\$NtUninstallKB44161$\1387789878\bckfg.tmp
c:\windows\$NtUninstallKB44161$\1387789878\cfg.ini
c:\windows\$NtUninstallKB44161$\1387789878\Desktop.ini
c:\windows\$NtUninstallKB44161$\1387789878\keywords
c:\windows\$NtUninstallKB44161$\1387789878\kwrd.dll
c:\windows\$NtUninstallKB44161$\1387789878\L\qnbwvoto
c:\windows\$NtUninstallKB44161$\1387789878\lsflt7.ver
c:\windows\$NtUninstallKB44161$\1387789878\U\[email protected]
c:\windows\$NtUninstallKB44161$\1387789878\U\[email protected]
c:\windows\$NtUninstallKB44161$\1387789878\U\[email protected]
c:\windows\$NtUninstallKB44161$\1387789878\U\[email protected]
c:\windows\$NtUninstallKB44161$\1387789878\U\[email protected]
c:\windows\$NtUninstallKB44161$\1387789878\U\[email protected]
c:\windows\$NtUninstallKB44161$\1948560815
c:\windows\favicon.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 18:43 . 2011-12-25 18:45 -------- d-----w- c:\users\Adam\AppData\Local\temp
2011-12-25 18:43 . 2011-12-25 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 19:33 . 2011-12-20 19:33 -------- d-----w- c:\users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2011-12-20 19:33 . 2011-12-20 19:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-20 19:33 . 2011-12-20 19:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-20 18:40 . 2011-12-20 18:40 -------- d-----w- c:\windows\Sun
2011-12-18 21:57 . 2011-12-18 21:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-18 20:22 . 2011-12-18 20:22 -------- d-----w- c:\users\Adam\{a667790d-589a-4c50-bff9-9531345c4ade}
2011-12-18 20:20 . 2011-12-18 20:20 -------- d-----w- c:\program files\LG Electronics
2011-12-18 20:10 . 2011-12-18 20:10 -------- d-----w- c:\program files\BitPim
2011-12-17 04:00 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4401579-838F-4728-87CE-DC5CE1D81EE6}\mpengine.dll
2011-12-15 21:13 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 21:13 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 21:13 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 21:11 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 21:10 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 21:10 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 21:10 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-02 02:05 . 2011-12-02 02:05 -------- d-----w- c:\users\Adam\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 02:00 . 2011-05-13 01:36 128016 ----a-w- c:\windows\system32\drivers\02480951.sys
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 2150400]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2006-12-19 77824]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-16 3784704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-13 81920]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-13 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-13 106496]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup_9.0.0.722_13.05.2011_04-14.lnk]
path=c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.05.2011_04-14.lnk
backup=c:\windows\pss\setup_9.0.0.722_13.05.2011_04-14.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2006-08-01 20:35 67112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-10-25 05:08 107112 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2004-02-28 17:12 144896 ----a-w- c:\progra~1\AIM\DeadAIM.ocm
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series]
2007-02-15 11:00 179200 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
2006-10-24 15:19 46728 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-10-27 07:18 22696 ----a-w- c:\program files\Norton Internet Security\osCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2006-12-07 01:08 577536 ----a-w- c:\program files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 ute3otu3;AVZ Kernel Driver;c:\windows\system32\Drivers\ute3otu3.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-12 741376]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-10-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 1089536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 02480952;02480952 Boot Guard Driver;c:\windows\system32\DRIVERS\02480952.sys [2009-10-22 37392]
S1 02480951;02480951;c:\windows\system32\DRIVERS\02480951.sys [2011-12-21 128016]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 setup_9.0.0.722_13.05.2011_04-14drv;setup_9.0.0.722_13.05.2011_04-14drv;c:\windows\system32\DRIVERS\0248095.sys [2009-10-10 311312]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-10 227328]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.xfinity.com/?cid=xfactiv_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
SafeBoot-28417250.sys
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 13:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-25 13:49:05
ComboFix-quarantined-files.txt 2011-12-25 18:48
.
Pre-Run: 58,186,139,648 bytes free
Post-Run: 58,770,030,592 bytes free
.
- - End Of File - - 704B80FB0EB605C27B3BAAA017AFBA31


14:00:02.0997 3192 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:00:03.0293 3192 ============================================================
14:00:03.0293 3192 Current date / time: 2011/12/25 14:00:03.0293
14:00:03.0293 3192 SystemInfo:
14:00:03.0293 3192
14:00:03.0293 3192 OS Version: 6.0.6002 ServicePack: 2.0
14:00:03.0293 3192 Product type: Workstation
14:00:03.0293 3192 ComputerName: ADAM-PC
14:00:03.0293 3192 UserName: Adam
14:00:03.0293 3192 Windows directory: C:\Windows
14:00:03.0293 3192 System windows directory: C:\Windows
14:00:03.0293 3192 Processor architecture: Intel x86
14:00:03.0293 3192 Number of processors: 2
14:00:03.0293 3192 Page size: 0x1000
14:00:03.0293 3192 Boot type: Normal boot
14:00:03.0293 3192 ============================================================
14:00:05.0415 3192 Initialize success
14:00:10.0765 1140 ============================================================
14:00:10.0765 1140 Scan started
14:00:10.0765 1140 Mode: Manual;
14:00:10.0765 1140 ============================================================
14:00:12.0232 1140 02480951 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\02480951.sys
14:00:12.0232 1140 02480951 - ok
14:00:12.0325 1140 02480952 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\02480952.sys
14:00:12.0325 1140 02480952 - ok
14:00:12.0403 1140 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:00:12.0450 1140 ACPI - ok
14:00:12.0544 1140 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:00:12.0575 1140 adp94xx - ok
14:00:12.0715 1140 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:00:12.0747 1140 adpahci - ok
14:00:12.0809 1140 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:00:12.0825 1140 adpu160m - ok
14:00:12.0903 1140 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:00:12.0934 1140 adpu320 - ok
14:00:13.0090 1140 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:00:13.0121 1140 AFD - ok
14:00:13.0261 1140 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:00:13.0261 1140 agp440 - ok
14:00:13.0339 1140 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:00:13.0355 1140 aic78xx - ok
14:00:13.0433 1140 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:00:13.0433 1140 aliide - ok
14:00:13.0495 1140 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:00:13.0511 1140 amdagp - ok
14:00:13.0589 1140 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:00:13.0589 1140 amdide - ok
14:00:13.0729 1140 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:00:13.0745 1140 AmdK7 - ok
14:00:13.0807 1140 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:00:13.0823 1140 AmdK8 - ok
14:00:13.0901 1140 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:00:13.0917 1140 ApfiltrService - ok
14:00:14.0213 1140 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:00:14.0229 1140 arc - ok
14:00:14.0338 1140 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:00:14.0353 1140 arcsas - ok
14:00:14.0447 1140 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:00:14.0447 1140 AsyncMac - ok
14:00:14.0525 1140 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:00:14.0525 1140 atapi - ok
14:00:14.0697 1140 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:00:14.0712 1140 Beep - ok
14:00:14.0775 1140 blbdrive - ok
14:00:14.0853 1140 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:00:14.0868 1140 bowser - ok
14:00:14.0962 1140 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:00:14.0977 1140 BrFiltLo - ok
14:00:15.0071 1140 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:00:15.0087 1140 BrFiltUp - ok
14:00:15.0165 1140 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:00:15.0180 1140 Brserid - ok
14:00:15.0243 1140 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:00:15.0258 1140 BrSerWdm - ok
14:00:15.0336 1140 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:00:15.0336 1140 BrUsbMdm - ok
14:00:15.0399 1140 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:00:15.0399 1140 BrUsbSer - ok
14:00:15.0523 1140 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:00:15.0555 1140 BTHMODEM - ok
14:00:15.0648 1140 catchme - ok
14:00:15.0773 1140 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:00:15.0804 1140 cdfs - ok
14:00:15.0913 1140 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
14:00:15.0929 1140 Cdr4_xp - ok
14:00:15.0976 1140 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
14:00:15.0991 1140 Cdralw2k - ok
14:00:16.0085 1140 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:00:16.0116 1140 cdrom - ok
14:00:16.0210 1140 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:00:16.0225 1140 circlass - ok
14:00:16.0335 1140 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:00:16.0366 1140 CLFS - ok
14:00:16.0475 1140 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:00:16.0491 1140 CmBatt - ok
14:00:16.0537 1140 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:00:16.0553 1140 cmdide - ok
14:00:16.0647 1140 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:00:16.0647 1140 Compbatt - ok
14:00:16.0756 1140 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:00:16.0756 1140 crcdisk - ok
14:00:16.0818 1140 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:00:16.0834 1140 Crusoe - ok
14:00:16.0974 1140 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:00:16.0990 1140 DfsC - ok
14:00:17.0130 1140 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:00:17.0146 1140 disk - ok
14:00:17.0224 1140 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
14:00:17.0239 1140 DMICall - ok
14:00:17.0349 1140 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:00:17.0364 1140 drmkaud - ok
14:00:17.0458 1140 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:00:17.0505 1140 DXGKrnl - ok
14:00:17.0629 1140 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:00:17.0661 1140 E1G60 - ok
14:00:17.0754 1140 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:00:17.0785 1140 Ecache - ok
14:00:17.0910 1140 eeCtrl (fb069d8270853023f6e315745b5bbad4) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:00:17.0957 1140 eeCtrl - ok
14:00:18.0113 1140 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:00:18.0144 1140 elxstor - ok
14:00:18.0269 1140 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:00:18.0300 1140 exfat - ok
14:00:18.0378 1140 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:00:18.0394 1140 fastfat - ok
14:00:18.0472 1140 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:00:18.0487 1140 fdc - ok
14:00:18.0581 1140 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:00:18.0612 1140 FileInfo - ok
14:00:18.0721 1140 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:00:18.0737 1140 Filetrace - ok
14:00:18.0846 1140 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:00:18.0862 1140 flpydisk - ok
14:00:18.0940 1140 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:00:18.0940 1140 FltMgr - ok
14:00:19.0018 1140 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:00:19.0018 1140 Fs_Rec - ok
14:00:19.0111 1140 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:00:19.0127 1140 gagp30kx - ok
14:00:19.0423 1140 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:00:19.0501 1140 HdAudAddService - ok
14:00:19.0564 1140 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:00:19.0782 1140 HDAudBus - ok
14:00:19.0938 1140 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:00:19.0954 1140 HidBth - ok
14:00:20.0079 1140 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:00:20.0079 1140 HidIr - ok
14:00:20.0125 1140 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
14:00:20.0172 1140 HidUsb - ok
14:00:20.0235 1140 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:00:20.0250 1140 HpCISSs - ok
14:00:20.0313 1140 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:00:20.0328 1140 HSFHWAZL - ok
14:00:20.0453 1140 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:00:20.0515 1140 HSF_DPV - ok
14:00:20.0687 1140 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:00:20.0703 1140 HSXHWAZL - ok
14:00:20.0796 1140 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:00:20.0843 1140 HTTP - ok
14:00:20.0952 1140 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:00:20.0983 1140 i2omp - ok
14:00:21.0077 1140 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:00:21.0093 1140 i8042prt - ok
14:00:21.0249 1140 ialm (a4fba5b34e69e46315a7c5223a470a17) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:00:21.0327 1140 ialm - ok
14:00:21.0467 1140 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:00:21.0483 1140 iaStorV - ok
14:00:21.0654 1140 IDSvix86 (78432a57d085328cf8baf125985425d2) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys
14:00:21.0670 1140 IDSvix86 - ok
14:00:21.0810 1140 igfx (a4fba5b34e69e46315a7c5223a470a17) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:00:21.0826 1140 igfx - ok
14:00:21.0935 1140 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:00:21.0935 1140 iirsp - ok
14:00:22.0107 1140 IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
14:00:22.0185 1140 IntcAzAudAddService - ok
14:00:22.0309 1140 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:00:22.0325 1140 intelide - ok
14:00:22.0372 1140 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:00:22.0387 1140 intelppm - ok
14:00:22.0465 1140 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:00:22.0481 1140 IpFilterDriver - ok
14:00:22.0528 1140 IpInIp - ok
14:00:22.0606 1140 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:00:22.0621 1140 IPMIDRV - ok
14:00:22.0746 1140 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:00:22.0746 1140 IPNAT - ok
14:00:22.0809 1140 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:00:22.0809 1140 IRENUM - ok
14:00:22.0887 1140 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:00:22.0902 1140 isapnp - ok
14:00:22.0996 1140 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:00:23.0027 1140 iScsiPrt - ok
14:00:23.0152 1140 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:00:23.0167 1140 iteatapi - ok
14:00:23.0245 1140 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:00:23.0261 1140 iteraid - ok
14:00:23.0355 1140 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:00:23.0355 1140 kbdclass - ok
14:00:23.0417 1140 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
14:00:23.0417 1140 kbdhid - ok
14:00:23.0526 1140 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:00:23.0526 1140 KSecDD - ok
14:00:23.0698 1140 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:00:23.0713 1140 lltdio - ok
14:00:23.0807 1140 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:00:23.0807 1140 LSI_FC - ok
14:00:23.0869 1140 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:00:23.0869 1140 LSI_SAS - ok
14:00:23.0932 1140 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:00:23.0932 1140 LSI_SCSI - ok
14:00:24.0041 1140 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:00:24.0057 1140 luafv - ok
14:00:24.0119 1140 MBAMSwissArmy - ok
14:00:24.0181 1140 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:00:24.0181 1140 mdmxsdk - ok
14:00:24.0259 1140 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:00:24.0275 1140 megasas - ok
14:00:24.0447 1140 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:00:24.0462 1140 Modem - ok
14:00:24.0556 1140 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:00:24.0571 1140 monitor - ok
14:00:24.0634 1140 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:00:24.0649 1140 mouclass - ok
14:00:24.0712 1140 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
14:00:24.0712 1140 mouhid - ok
14:00:24.0837 1140 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:00:24.0837 1140 MountMgr - ok
14:00:24.0930 1140 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:00:24.0946 1140 mpio - ok
14:00:25.0039 1140 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:00:25.0055 1140 mpsdrv - ok
14:00:25.0117 1140 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:00:25.0133 1140 Mraid35x - ok
14:00:25.0273 1140 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:00:25.0289 1140 MRxDAV - ok
14:00:25.0367 1140 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:00:25.0398 1140 mrxsmb - ok
14:00:25.0507 1140 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:00:25.0523 1140 mrxsmb10 - ok
14:00:25.0585 1140 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:00:25.0617 1140 mrxsmb20 - ok
14:00:25.0819 1140 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:00:25.0835 1140 msahci - ok
14:00:26.0007 1140 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:00:26.0022 1140 msdsm - ok
14:00:26.0116 1140 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:00:26.0131 1140 Msfs - ok
14:00:26.0209 1140 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:00:26.0209 1140 msisadrv - ok
14:00:26.0334 1140 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:00:26.0350 1140 MSKSSRV - ok
14:00:26.0412 1140 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:00:26.0428 1140 MSPCLOCK - ok
14:00:26.0506 1140 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:00:26.0521 1140 MSPQM - ok
14:00:26.0599 1140 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:00:26.0615 1140 MsRPC - ok
14:00:26.0693 1140 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:00:26.0709 1140 mssmbios - ok
14:00:26.0833 1140 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:00:26.0849 1140 MSTEE - ok
14:00:26.0911 1140 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:00:26.0943 1140 Mup - ok
14:00:27.0021 1140 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:00:27.0052 1140 NativeWifiP - ok
14:00:27.0145 1140 NAVENG (ef04748a7a7266edbdbe02b161a0685d) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
14:00:27.0161 1140 NAVENG - ok
14:00:27.0223 1140 NAVEX15 (09f3bfdc47718459b42d696cb671f65f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
14:00:27.0270 1140 NAVEX15 - ok
14:00:27.0379 1140 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:00:27.0442 1140 NDIS - ok
14:00:27.0551 1140 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:00:27.0551 1140 NdisTapi - ok
14:00:27.0613 1140 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:00:27.0613 1140 Ndisuio - ok
14:00:27.0691 1140 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:00:27.0723 1140 NdisWan - ok
14:00:27.0801 1140 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:00:27.0832 1140 NDProxy - ok
14:00:27.0910 1140 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:00:27.0941 1140 NetBIOS - ok
14:00:28.0003 1140 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:00:28.0019 1140 netbt - ok
14:00:28.0222 1140 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
14:00:28.0253 1140 NETw3v32 - ok
14:00:28.0534 1140 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
14:00:28.0705 1140 NETw5v32 - ok
14:00:28.0783 1140 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:00:28.0799 1140 nfrd960 - ok
14:00:28.0877 1140 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:00:28.0893 1140 Npfs - ok
14:00:28.0955 1140 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:00:28.0955 1140 nsiproxy - ok
14:00:29.0080 1140 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:00:29.0142 1140 Ntfs - ok
14:00:29.0236 1140 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:00:29.0236 1140 ntrigdigi - ok
14:00:29.0345 1140 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:00:29.0361 1140 Null - ok
14:00:29.0423 1140 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:00:29.0439 1140 nvraid - ok
14:00:29.0501 1140 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:00:29.0501 1140 nvstor - ok
14:00:29.0563 1140 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:00:29.0579 1140 nv_agp - ok
14:00:29.0657 1140 NwlnkFlt - ok
14:00:29.0688 1140 NwlnkFwd - ok
14:00:29.0797 1140 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:00:29.0813 1140 ohci1394 - ok
14:00:29.0969 1140 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:00:29.0985 1140 Parport - ok
14:00:30.0078 1140 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:00:30.0078 1140 partmgr - ok
14:00:30.0125 1140 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:00:30.0141 1140 Parvdm - ok
14:00:30.0281 1140 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:00:30.0297 1140 pci - ok
14:00:30.0343 1140 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys
14:00:30.0359 1140 pciide - ok
14:00:30.0468 1140 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
14:00:30.0484 1140 pcmcia - ok
14:00:30.0609 1140 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:00:30.0671 1140 PEAUTH - ok
14:00:30.0827 1140 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:00:30.0843 1140 PptpMiniport - ok
14:00:30.0936 1140 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:00:30.0952 1140 Processor - ok
14:00:31.0092 1140 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:00:31.0092 1140 PSched - ok
14:00:31.0170 1140 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
14:00:31.0186 1140 PxHelp20 - ok
14:00:31.0311 1140 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:00:31.0326 1140 ql2300 - ok
14:00:31.0389 1140 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:00:31.0389 1140 ql40xx - ok
14:00:31.0498 1140 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:00:31.0498 1140 QWAVEdrv - ok
14:00:31.0576 1140 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:00:31.0576 1140 RasAcd - ok
14:00:31.0701 1140 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:00:31.0716 1140 Rasl2tp - ok
14:00:31.0779 1140 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:00:31.0810 1140 RasPppoe - ok
14:00:31.0872 1140 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:00:31.0888 1140 RasSstp - ok
14:00:31.0981 1140 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:00:32.0013 1140 rdbss - ok
14:00:32.0153 1140 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:00:32.0169 1140 RDPCDD - ok
14:00:32.0262 1140 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:00:32.0293 1140 rdpdr - ok
14:00:32.0340 1140 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:00:32.0356 1140 RDPENCDD - ok
14:00:32.0449 1140 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:00:32.0465 1140 RDPWD - ok
14:00:32.0605 1140 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:00:32.0637 1140 rspndr - ok
14:00:32.0746 1140 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:00:32.0761 1140 SASDIFSV - ok
14:00:32.0777 1140 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:00:32.0777 1140 SASKUTIL - ok
14:00:32.0839 1140 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:00:32.0839 1140 sbp2port - ok
14:00:32.0933 1140 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:00:32.0933 1140 secdrv - ok
14:00:33.0058 1140 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:00:33.0058 1140 Serenum - ok
14:00:33.0136 1140 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:00:33.0136 1140 Serial - ok
14:00:33.0229 1140 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:00:33.0229 1140 sermouse - ok
14:00:33.0370 1140 setup_9.0.0.722_13.05.2011_04-14drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\0248095.sys
14:00:33.0370 1140 setup_9.0.0.722_13.05.2011_04-14drv - ok
14:00:33.0448 1140 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:00:33.0448 1140 sffdisk - ok
14:00:33.0557 1140 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:00:33.0557 1140 sffp_mmc - ok
14:00:33.0604 1140 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:00:33.0604 1140 sffp_sd - ok
14:00:33.0666 1140 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:00:33.0666 1140 sfloppy - ok
14:00:33.0744 1140 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:00:33.0744 1140 sisagp - ok
14:00:33.0822 1140 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:00:33.0838 1140 SiSRaid2 - ok
14:00:33.0916 1140 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:00:33.0931 1140 SiSRaid4 - ok
14:00:34.0072 1140 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:00:34.0087 1140 Smb - ok
14:00:34.0197 1140 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
14:00:34.0212 1140 SNC - ok
14:00:34.0321 1140 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:00:34.0337 1140 SPBBCDrv - ok
14:00:34.0446 1140 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:00:34.0446 1140 spldr - ok
14:00:34.0555 1140 SRTSP (15e29eb26dd53eb6385629f4622b5519) C:\Windows\system32\Drivers\SRTSP.SYS
14:00:34.0571 1140 SRTSP - ok
14:00:34.0633 1140 SRTSPL (fd0c0333fae09dbd1170e0d607eca5c8) C:\Windows\system32\Drivers\SRTSPL.SYS
14:00:34.0649 1140 SRTSPL - ok
14:00:34.0711 1140 SRTSPX (7e60a4a4035be470f47c6806da57db99) C:\Windows\system32\Drivers\SRTSPX.SYS
14:00:34.0727 1140 SRTSPX - ok
14:00:34.0805 1140 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:00:34.0821 1140 srv - ok
14:00:34.0961 1140 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:00:34.0977 1140 srv2 - ok
14:00:35.0070 1140 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:00:35.0086 1140 srvnet - ok
14:00:35.0195 1140 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:00:35.0195 1140 swenum - ok
14:00:35.0289 1140 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:00:35.0289 1140 Symc8xx - ok
14:00:35.0413 1140 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:00:35.0429 1140 SymEvent - ok
14:00:35.0507 1140 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
14:00:35.0523 1140 SYMREDRV - ok
14:00:35.0632 1140 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
14:00:35.0647 1140 SYMTDI - ok
14:00:35.0710 1140 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:00:35.0710 1140 Sym_hi - ok
14:00:35.0819 1140 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:00:35.0835 1140 Sym_u3 - ok
14:00:35.0959 1140 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:00:35.0975 1140 Tcpip - ok
14:00:36.0069 1140 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:00:36.0084 1140 Tcpip6 - ok
14:00:36.0147 1140 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:00:36.0162 1140 tcpipreg - ok
14:00:36.0271 1140 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:00:36.0287 1140 TDPIPE - ok
14:00:36.0349 1140 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:00:36.0365 1140 TDTCP - ok
14:00:36.0459 1140 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:00:36.0474 1140 tdx - ok
14:00:36.0552 1140 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:00:36.0552 1140 TermDD - ok
14:00:36.0693 1140 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys
14:00:36.0693 1140 ti21sony - ok
14:00:36.0771 1140 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:00:36.0786 1140 tssecsrv - ok
14:00:36.0880 1140 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:00:36.0880 1140 tunmp - ok
14:00:36.0927 1140 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:00:36.0942 1140 tunnel - ok
14:00:37.0036 1140 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:00:37.0036 1140 uagp35 - ok
14:00:37.0129 1140 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:00:37.0145 1140 udfs - ok
14:00:37.0207 1140 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:00:37.0207 1140 uliagpkx - ok
14:00:37.0301 1140 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:00:37.0301 1140 uliahci - ok
14:00:37.0410 1140 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:00:37.0410 1140 UlSata - ok
14:00:37.0457 1140 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:00:37.0473 1140 ulsata2 - ok
14:00:37.0551 1140 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:00:37.0566 1140 umbus - ok
14:00:37.0644 1140 usbbus - ok
14:00:37.0738 1140 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:00:37.0753 1140 usbccgp - ok
14:00:37.0816 1140 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:00:37.0816 1140 usbcir - ok
14:00:37.0894 1140 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:00:37.0909 1140 usbehci - ok
14:00:37.0972 1140 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:00:37.0987 1140 usbhub - ok
14:00:38.0081 1140 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:00:38.0081 1140 usbohci - ok
14:00:38.0206 1140 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:00:38.0206 1140 usbprint - ok
14:00:38.0268 1140 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:00:38.0268 1140 USBSTOR - ok
14:00:38.0331 1140 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:00:38.0346 1140 usbuhci - ok
14:00:38.0424 1140 ute3otu3 - ok
14:00:38.0611 1140 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:00:38.0627 1140 vga - ok
14:00:38.0721 1140 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:00:38.0736 1140 VgaSave - ok
14:00:38.0799 1140 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:00:38.0799 1140 viaagp - ok
14:00:38.0861 1140 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:00:38.0861 1140 ViaC7 - ok
14:00:38.0955 1140 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:00:38.0955 1140 viaide - ok
14:00:39.0079 1140 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:00:39.0079 1140 volmgr - ok
14:00:39.0142 1140 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:00:39.0157 1140 volmgrx - ok
14:00:39.0220 1140 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:00:39.0235 1140 volsnap - ok
14:00:39.0345 1140 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:00:39.0360 1140 vsmraid - ok
14:00:39.0501 1140 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:00:39.0501 1140 WacomPen - ok
14:00:39.0579 1140 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:00:39.0594 1140 Wanarp - ok
14:00:39.0610 1140 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:00:39.0610 1140 Wanarpv6 - ok
14:00:39.0703 1140 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:00:39.0719 1140 Wd - ok
14:00:39.0797 1140 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:00:39.0797 1140 Wdf01000 - ok
14:00:39.0953 1140 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys
14:00:39.0969 1140 WimFltr - ok
14:00:40.0078 1140 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:00:40.0125 1140 winachsf - ok
14:00:40.0249 1140 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:00:40.0249 1140 WmiAcpi - ok
14:00:40.0390 1140 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:00:40.0405 1140 WpdUsb - ok
14:00:40.0468 1140 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:00:40.0468 1140 ws2ifsl - ok
14:00:40.0530 1140 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:00:40.0546 1140 WUDFRd - ok
14:00:40.0624 1140 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
14:00:40.0639 1140 XAudio - ok
14:00:40.0733 1140 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
14:00:40.0764 1140 yukonwlh - ok
14:00:40.0795 1140 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:00:40.0858 1140 \Device\Harddisk0\DR0 - ok
14:00:40.0873 1140 Boot (0x1200) (aa449271f417a1a775190ea81ed63572) \Device\Harddisk0\DR0\Partition0
14:00:40.0873 1140 \Device\Harddisk0\DR0\Partition0 - ok
14:00:40.0873 1140 ============================================================
14:00:40.0873 1140 Scan finished
14:00:40.0873 1140 ============================================================
14:00:40.0905 3788 Detected object count: 0
14:00:40.0905 3788 Actual detected object count: 0
14:00:51.0871 3880 Deinitialize success
  • 0

#4
soccerpall86

soccerpall86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-25 14:02:22
-----------------------------
14:02:22.507 OS Version: Windows 6.0.6002 Service Pack 2
14:02:22.507 Number of processors: 2 586 0xE08
14:02:22.507 ComputerName: ADAM-PC UserName: Adam
14:02:26.687 Initialize success
14:07:54.473 AVAST engine defs: 11122500
14:09:08.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:09:08.029 Disk 0 Vendor: FUJITSU_MHW2120BH 00000012 Size: 114473MB BusType: 3
14:09:08.029 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000068
14:09:08.039 Disk 1 Vendor: ( Size: 114473MB BusType: 0
14:09:08.039 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000069
14:09:08.049 Disk 2 Vendor: ( Size: 114473MB BusType: 0
14:09:10.288 Disk 0 MBR read successfully
14:09:10.288 Disk 0 MBR scan
14:09:10.288 Disk 0 Windows VISTA default MBR code
14:09:10.304 Disk 0 MBR hidden
14:09:10.304 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6285 MB offset 2048
14:09:10.319 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108186 MB offset 12873728
14:09:10.429 Disk 0 scanning sectors +234439600
14:09:11.021 Disk 0 scanning C:\Windows\system32\drivers
14:09:29.544 Service scanning
14:09:31.234 Modules scanning
14:09:39.060 Scan finished successfully
14:10:29.206 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
14:10:29.226 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122503

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/25/2011 2:22:19 PM
mbam-log-2011-12-25 (14-22-19).txt

Scan type: Quick scan
Objects scanned: 169003
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL logfile created on: 12/25/2011 2:25:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = G:\fixspyware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.40% Memory free
4.21 Gb Paging File | 3.12 Gb Available in Paging File | 74.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.65 Gb Total Space | 54.61 Gb Free Space | 51.69% Space Free | Partition Type: NTFS
Drive F: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.74 Gb Total Space | 0.15 Gb Free Space | 3.89% Space Free | Partition Type: FAT32

Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/25 10:31:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\fixspyware\OTL.com
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/15 15:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006/11/28 12:58:40 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2006/11/24 20:58:38 | 000,919,672 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/11/24 13:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/11/24 13:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2006/10/31 13:32:10 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/09/26 17:48:36 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/09/26 17:46:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/09/20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/08/23 15:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2006/12/13 16:19:34 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/07 20:48:10 | 000,009,376 | ---- | M] () -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc


========== Win32 Services (SafeList) ==========

SRV - [2011/12/15 16:43:19 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/23 16:21:20 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/24 13:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/11/13 20:31:22 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/10/31 13:32:10 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/31 13:32:10 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/10/27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/10/25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/24 13:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/10/13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/10/11 21:36:02 | 000,741,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/10/11 18:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2006/10/11 18:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/10/09 14:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2006/10/09 14:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/10/04 21:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/10/04 21:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/04 21:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/09/26 17:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/09/26 17:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/09/21 12:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2006/09/20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/09/17 00:08:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/08/29 00:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/08/23 15:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/20 21:00:12 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\02480951.sys -- (02480951)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/01/23 16:23:03 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\02480952.sys -- (02480952)
DRV - [2009/10/09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\0248095.sys -- (setup_9.0.0.722_13.05.2011_04-14drv)
DRV - [2009/03/04 14:49:22 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2006/11/30 22:13:46 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/11/30 22:13:46 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/11/13 22:07:45 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/13 08:32:52 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/10 16:50:53 | 000,227,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/11/10 16:43:38 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/06 04:00:00 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/11/06 04:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/06 04:00:00 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006/11/06 03:09:26 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006/11/03 20:23:02 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/03 20:23:00 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/03 20:22:56 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/10/24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006/10/18 14:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 13:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/06 16:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...iv_eg_self_main


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/23 19:17:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/25 13:44:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOSecurity] C:\Program Files\Sony\VAIO Security Center\VSC.exe ()
O4 - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005..\Run: [Akamai NetSession Interface] C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52E6A162-7BFC-44BC-B657-722AD3F1F773}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/25 14:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/25 14:13:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/25 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/25 13:59:53 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\tdsskiller.exe
[2011/12/25 13:49:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 13:49:08 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\temp
[2011/12/25 13:10:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 13:10:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 13:10:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 13:10:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/25 13:10:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 13:10:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 13:08:54 | 004,351,768 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
[2011/12/20 14:33:36 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/20 14:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/20 14:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/12/20 14:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/20 13:40:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/18 16:57:26 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/18 16:31:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/18 16:31:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/18 16:31:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/18 16:31:17 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/18 16:31:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/18 16:31:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/18 15:22:58 | 000,000,000 | ---D | C] -- C:\Users\Adam\{a667790d-589a-4c50-bff9-9531345c4ade}
[2011/12/18 15:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/12/18 15:11:03 | 000,000,000 | ---D | C] -- C:\Users\Adam\Documents\bitpim
[2011/12/18 15:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitPim
[2011/12/18 15:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\BitPim
[2011/12/15 16:13:34 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 16:13:33 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 16:13:23 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 16:11:08 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 16:10:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 16:10:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/01 21:05:35 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\DDMSettings

========== Files - Modified Within 30 Days ==========

[2011/12/25 14:27:42 | 000,659,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/25 14:27:42 | 000,125,692 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/25 14:13:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 14:10:29 | 000,000,512 | ---- | M] () -- C:\Users\Adam\Desktop\MBR.dat
[2011/12/25 14:00:02 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\tdsskiller.exe
[2011/12/25 13:44:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/25 13:22:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 13:22:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/25 13:22:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/25 13:22:16 | 2135,097,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/25 13:09:14 | 004,351,768 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
[2011/12/20 21:00:12 | 000,128,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\02480951.sys
[2011/12/20 14:33:08 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/20 13:47:40 | 000,000,366 | ---- | M] () -- C:\Users\Adam\Documents\backup_reg_122011.reg
[2011/12/18 16:57:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/18 16:48:19 | 000,399,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/01 21:59:16 | 000,014,336 | ---- | M] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 19:30:26 | 001,032,291 | ---- | M] () -- C:\Users\Adam\Documents\11.20Norelco$5-$30.pdf

========== Files Created - No Company Name ==========

[2011/12/25 14:13:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 14:10:29 | 000,000,512 | ---- | C] () -- C:\Users\Adam\Desktop\MBR.dat
[2011/12/25 13:10:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 13:10:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 13:10:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/25 13:10:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 13:10:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/20 14:33:08 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/20 13:47:40 | 000,000,366 | ---- | C] () -- C:\Users\Adam\Documents\backup_reg_122011.reg
[2011/11/25 19:30:26 | 001,032,291 | ---- | C] () -- C:\Users\Adam\Documents\11.20Norelco$5-$30.pdf
[2011/08/25 10:26:11 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2011/03/09 03:08:05 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/14 08:33:43 | 000,000,680 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2010/12/02 23:03:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/27 04:30:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/27 04:30:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/01 19:45:14 | 000,014,336 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 16:46:20 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2010/01/23 16:45:14 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/12/18 23:22:07 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2006/12/18 22:39:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2006/12/18 22:26:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/12/18 22:26:47 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/13 18:10:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2006/12/13 16:17:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/12/13 16:16:20 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/30 22:13:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/11/30 22:13:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/30 22:12:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,399,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,659,788 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,125,692 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.) With Vista it is common to see it complain that it couldn't fix everything.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#6
soccerpall86

soccerpall86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thank You for all the help so far


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/12/2011 4:04:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2011 9:01:47 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 9:01:47 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 9:01:47 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Log: 'System' Date/Time: 25/12/2011 9:01:47 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 25/12/2011 9:01:47 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 25/12/2011 9:00:56 PM
Type: Error Category: 0
Event: 13 Source: ACPI
: The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2011 8:58:29 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/12/2011 4:07:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/12/2011 9:00:38 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance VAIO_VEDB is not valid.

Log: 'Application' Date/Time: 25/12/2011 8:58:16 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3611841592-3193749199-4096638779-1005_Classes:
Process 2844 (\Device\HarddiskVolume2\Windows\System32\WUDFHost.exe) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005_CLASSES


Log: 'Application' Date/Time: 25/12/2011 8:58:14 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3611841592-3193749199-4096638779-1005:
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\SystemCertificates\Root
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Policies\Microsoft\SystemCertificates
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Policies\Microsoft\SystemCertificates
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Policies\Microsoft\SystemCertificates
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Policies\Microsoft\SystemCertificates
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\SystemCertificates\My
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\SystemCertificates\trust
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\SystemCertificates\Disallowed
Process 2552 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3611841592-3193749199-4096638779-1005\Software\Microsoft\SystemCertificates\CA
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I'm getting tired of this infection. Bad enough that it causes all this trouble but it also removes BFE (Base Filtering Engine) from the registry. I suppose it does that to keep the firewall from getting in its way.

Follow the instructions on Post #13 here.
http://www.geekstogo...ost__p__2090351

When you run sc query bfe it should say:

SERVICE_NAME: bfe
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING                                                    <==Does it say Running or Stopped?
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0



If ti says Stopped then:

Then Open up the Services window (Start, right click on Computer and select Manage then Services and Applications then Services) and find the IPsec Policy Agent. Right click on it and select Properties then click on the LogOn Tab. It should show that it logs on with Network Service. Does it?

Look at the same thing in BFE. It should say it logs on in Local Service.

Continue for the other services that depend on BFE

IKE and AuthIP IPsec Keying Modules Local Service (just checked, no password given)

Internet Connection Sharing (ICS) Local Service (just checked, no password given)

Routing and Remote Access Local Service (just checked, no password given)

Windows Firewall Local Service with password <==This one is typically not there at all. If that is the case then:

Follow the instructions on Post #34 on http://www.geekstogo...ost__p__2098894
  • 0

#8
soccerpall86

soccerpall86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
merged the reg file, then attempted the next step :

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>net start BFE
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>net start bfe
The service name is invalid.

More help is available by typing NET HELPMSG 2185.


C:\Windows\system32>sc query bfe
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Windows\system32>
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Doesn't sound like the merge worked. Maybe because yours is Vista and is not 64 bit. Stupid of me.

Delete the old key:

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Download the attached bfe32.zip file and save it then right click on it and Extract All then right click on bfe32.reg and MERGE.

If you get an error please note it.

If the WIndows Firewall service is also missing then also do the same to the attached mpssvc32.zip.
  • 0

#10
soccerpall86

soccerpall86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Followed instructions, recieved the same error. I should note that both times I merged the reg file, it said it was completed succesfully.
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Right click on (MY) Computer and select Manage (Continue) then Services and Applications then Services. Do you see the Base Filtering Engine service? Do you see the Windows Firewall service?
  • 0

#12
soccerpall86

soccerpall86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I do not see either of those
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Copy both lines:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s >> "%userprofile%\Desktop\junk.txt"
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s >> "%userprofile%\Desktop\junk.txt"


Start, (All) Programs, Accessories, Right click on Command Prompt and Run As Admin.

Right click and Paste or Edit then Paste. When the second line appears hit Enter.

Attach the junk.txt file that should now be on your desktop.
  • 0

#14
soccerpall86

soccerpall86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic
es\bfe /s >> "%userprofile%\Desktop\junk.txt"

C:\Windows\system32>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic
es\mpssvc /s >> "%userprofile%\Desktop\junk.txt"
ERROR: The system was unable to find the specified registry key or value.

C:\Windows\system32>
C:\Windows\system32>

Attached Files

  • Attached File  junk.txt   56.24KB   88 downloads

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Go back to post #9 in this thread and download and save mpssvc32.zip. Right click on it and Extract All then right click on mpssvc32.reg and Merge.
Reboot.

See if Window Firewall is now in the services window.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP